From 583f1d2fc20d9caad03ca045b912840fba1e5f31 Mon Sep 17 00:00:00 2001 From: StefanKelm Date: Wed, 17 Jun 2020 11:56:29 +0200 Subject: [PATCH 1/3] Update threat-actor.json TA505 --- clusters/threat-actor.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index e841a8f..4b1c439 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -7012,6 +7012,10 @@ "https://threatpost.com/ta505-servhelper-malware/140792/", "https://blog.yoroi.company/research/the-stealthy-email-stealer-in-the-ta505-arsenal/", "https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/", + "https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader", + "https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/", + "https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-s-box-of-chocolate-597672", + "https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-returns-with-a-new-bag-of-tricks-602104", "https://www.secureworks.com/research/threat-profiles/gold-tahoe" ], "synonyms": [ @@ -8348,5 +8352,5 @@ "value": "GALLIUM" } ], - "version": 164 + "version": 165 } From 92bc206879a65f89b6aba34501af323841053bf1 Mon Sep 17 00:00:00 2001 From: StefanKelm Date: Tue, 23 Jun 2020 14:54:09 +0200 Subject: [PATCH 2/3] Update threat-actor.json APT30 --- clusters/threat-actor.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 4b1c439..42d990c 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -3681,6 +3681,7 @@ "cfr-type-of-incident": "Espionage", "country": "CN", "refs": [ + "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/eagle-eye-is-back-apt30/", "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf", "https://attack.mitre.org/wiki/Group/G0013", "https://www.cfr.org/interactive/cyber-operations/apt-30" @@ -8352,5 +8353,5 @@ "value": "GALLIUM" } ], - "version": 165 + "version": 166 } From 14665429d745c9414073d870ad28f58fbc7cfa41 Mon Sep 17 00:00:00 2001 From: StefanKelm Date: Thu, 25 Jun 2020 16:23:00 +0200 Subject: [PATCH 3/3] Update threat-actor.json APT31 --- clusters/threat-actor.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 42d990c..b486d1a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -7426,6 +7426,8 @@ "https://duo.com/decipher/apt-groups-moving-down-the-supply-chain", "https://redalert.nshc.net/2019/12/03/threat-actor-targeting-hong-kong-activists", "https://twitter.com/bkMSFT/status/1201876664667582466", + "https://www.secureworks.com/research/bronz-vinewood-uses-hanaloader-to-target-government-supply-chain", + "https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains", "https://www.secureworks.com/research/threat-profiles/bronze-vinewood" ], "synonyms": [ @@ -8353,5 +8355,5 @@ "value": "GALLIUM" } ], - "version": 166 + "version": 167 }