diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 1067ab0..6b5c86b 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -3681,6 +3681,7 @@ "cfr-type-of-incident": "Espionage", "country": "CN", "refs": [ + "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/eagle-eye-is-back-apt30/", "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf", "https://attack.mitre.org/wiki/Group/G0013", "https://www.cfr.org/interactive/cyber-operations/apt-30" @@ -7012,6 +7013,10 @@ "https://threatpost.com/ta505-servhelper-malware/140792/", "https://blog.yoroi.company/research/the-stealthy-email-stealer-in-the-ta505-arsenal/", "https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/", + "https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader", + "https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/", + "https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-s-box-of-chocolate-597672", + "https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-returns-with-a-new-bag-of-tricks-602104", "https://www.secureworks.com/research/threat-profiles/gold-tahoe" ], "synonyms": [ @@ -7421,6 +7426,8 @@ "https://duo.com/decipher/apt-groups-moving-down-the-supply-chain", "https://redalert.nshc.net/2019/12/03/threat-actor-targeting-hong-kong-activists", "https://twitter.com/bkMSFT/status/1201876664667582466", + "https://www.secureworks.com/research/bronz-vinewood-uses-hanaloader-to-target-government-supply-chain", + "https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains", "https://www.secureworks.com/research/threat-profiles/bronze-vinewood" ], "synonyms": [ @@ -8349,5 +8356,5 @@ "value": "GALLIUM" } ], - "version": 164 + "version": 167 }