From 11c2f43c9fd9af3d9793f0ab3beb1f7b1c56ebe9 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 13 Jun 2019 11:26:42 +0200 Subject: [PATCH] tryto fix duplicate --- clusters/threat-actor.json | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 9cdbdf7..a9c32cd 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2111,16 +2111,15 @@ "cfr-type-of-incident": "Espionage", "country": "IR", "refs": [ - "http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf", - "https://www.secureworks.com/research/the-curious-case-of-mia-ash", - "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/", - "https://www.cfr.org/interactive/cyber-operations/operation-cleaver", "https://www.cfr.org/interactive/cyber-operations/magic-hound", + "https://www.secureworks.com/research/the-curious-case-of-mia-ash", + "https://www.cfr.org/interactive/cyber-operations/operation-cleaver", + "http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf", + "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/", "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf", "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing", "https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/", "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations", - "https://www.secureworks.com/research/the-curious-case-of-mia-ash", "https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/", "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf", "https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf", @@ -2134,7 +2133,6 @@ "2889", "TG-2889", "Cobalt Gypsy", - "Ghambar", "Rocket_Kitten", "Cutting Kitten", "Group 41", @@ -2897,15 +2895,15 @@ "refs": [ "https://threatpost.com/operation-blockbuster-coalition-ties-destructive-attacks-to-lazarus-group/116422/", "https://www.us-cert.gov/ncas/alerts/TA17-164A", - "https://securelist.com/lazarus-under-the-hood/77908/", - "http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf", - "https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity", "https://www.us-cert.gov/ncas/alerts/TA17-318A", "https://www.us-cert.gov/ncas/alerts/TA17-318B", + "https://securelist.com/operation-applejeus/87553/", + "https://securelist.com/lazarus-under-the-hood/77908/", + "https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity", + "http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf", "https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-up-to-no-good-again/", "https://www.cfr.org/interactive/cyber-operations/lazarus-group", "https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret", - "https://securelist.com/operation-applejeus/87553/", "https://www.cfr.org/interactive/cyber-operations/compromise-cryptocurrency-exchanges-south-korea", "https://www.bleepingcomputer.com/news/security/lazarus-group-deploys-its-first-mac-malware-in-cryptocurrency-exchange-hack/", "https://content.fireeye.com/apt/rpt-apt38", @@ -2920,17 +2918,15 @@ "https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/", - "https://securelist.com/operation-applejeus/87553/", + "https://www.us-cert.gov/ncas/analysis-reports/AR19-129A", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/", "https://securelist.com/cryptocurrency-businesses-still-being-targeted-by-lazarus/90019/", "https://www.theregister.co.uk/2019/04/10/lazarus_group_malware/", - "https://www.us-cert.gov/ncas/analysis-reports/AR19-129A", "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf", "https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and", "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations", "https://www.kaspersky.com/about/press-releases/2017_chasing-lazarus-a-hunt-for-the-infamous-hackers-to-prevent-large-bank-robberies", "https://medium.com/threat-intel/lazarus-attacks-wannacry-5fdeddee476c", - "https://content.fireeye.com/apt/rpt-apt38", "https://attack.mitre.org/groups/G0032/", "https://threatpost.com/lazarus-apt-spinoff-linked-to-banking-hacks/124746/", "https://www.symantec.com/connect/blogs/duuzer-back-door-trojan-targets-south-korea-take-over-computers", @@ -5545,7 +5541,6 @@ "https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html", "https://www.recordedfuture.com/chinese-threat-actor-tempperiscope/", "https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html", - "https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html", "https://attack.mitre.org/groups/G0065/" ], "synonyms": [