From 97690426bfbc2572b6c6ca251f68cf1c09986476 Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Fri, 18 Mar 2022 16:41:10 +0100 Subject: [PATCH 1/7] update threat actors meta --- clusters/threat-actor.json | 177 ++++++++++++++++++++++++++++++------- 1 file changed, 143 insertions(+), 34 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 8e42f7a7..96163460 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -67,7 +67,8 @@ "Brown Fox", "GIF89a", "ShadyRAT", - "Shanghai Group" + "Shanghai Group", + "G0006" ] }, "related": [ @@ -278,8 +279,10 @@ "MSUpdater", "4HCrew", "SULPHUR", + "Sulphur", "SearchFire", - "TG-6952" + "TG-6952", + "G0024" ] }, "related": [ @@ -325,7 +328,9 @@ "Buckeye", "Boyusec", "BORON", - "BRONZE MAYFAIR" + "BRONZE MAYFAIR", + "Bronze Mayfair", + "G0022" ] }, "related": [ @@ -425,12 +430,16 @@ "BeeBus", "Group 22", "DynCalc", + "DynCALC", "Calc Team", "DNSCalc", "Crimson Iron", "APT12", "APT 12", - "BRONZE GLOBE" + "BRONZE GLOBE", + "Bronze GLOBE", + "G0005", + "CTG-8223" ] }, "related": [ @@ -465,7 +474,8 @@ ], "synonyms": [ "APT16", - "SVCMONDR" + "SVCMONDR", + "G0023" ] }, "uuid": "1f73e14f-b882-4032-a565-26dc653b0daf", @@ -504,7 +514,17 @@ "Hidden Lynx", "Tailgater Team", "Dogfish", - "BRONZE KEYSTONE" + "BRONZE KEYSTONE", + "Bronze KEYSTONE", + "TEMP.Avengers", + "Sneaky Panda", + "Barium", + "G0025", + "G0066", + "TG-8153", + "ATK 2", + "Elderwood", + "Group 72" ] }, "related": [ @@ -564,8 +584,11 @@ "TG-0416", "APT 18", "SCANDIUM", + "Scandium", + "G0026", "PLA Navy", - "APT18" + "APT18", + "Wekby" ] }, "related": [ @@ -726,12 +749,20 @@ "Deep Panda", "WebMasters", "APT 19", + "APT19", "KungFu Kittens", "Black Vine", "Group 13", "PinkPanther", "Sh3llCr3w", - "BRONZE FIRESTONE" + "BRONZE FIRESTONE", + "Bronze FIRESTONE", + "Sunshop Group", + "C0d0s0", + "G0009", + "G0073", + "TG-3551", + "Pupa" ] }, "related": [ @@ -1103,12 +1134,21 @@ "menuPass Team", "happyyongzi", "POTASSIUM", + "Potassium", "DustStorm", "Red Apollo", "CVNX", "HOGFISH", + "Hogfish", "Cloud Hopper", - "BRONZE RIVERSIDE" + "BRONZE RIVERSIDE", + "TA 429", + "G0045", + "ITG01", + "Bronze RIVERSIDE", + "CTG-5938", + "ATK 41", + "Cicada" ] }, "related": [ @@ -1132,9 +1172,10 @@ ], "synonyms": [ "APT 9", - "Flowerlady/Flowershow", + "APT9", "Flowerlady", - "Flowershow" + "Flowershow", + "Group 27 " ] }, "uuid": "401dd2c9-bd4f-4814-bb87-701e38f18d45", @@ -1233,7 +1274,12 @@ "Lurid", "Social Network Team", "Royal APT", - "BRONZE PALACE" + "BRONZE PALACE", + "Bronze PALACE", + "G0004", + "Bronze DAVENPORT", + "Bronze IDLEWOOD", + "CTG-9246" ] }, "uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8", @@ -1266,7 +1312,8 @@ "APT14", "APT 14", "QAZTeam", - "ALUMINUM" + "ALUMINUM", + "Aluminum" ] }, "related": [ @@ -2817,7 +2864,17 @@ "GOLD NIAGARA", "Calcium", "Carbanak", - "FIN 7" + "FIN 7", + "ELBRUS", + "G0046", + "ITG14", + "Magecart Group 7", + "Gold NIAGARA", + "Anunak", + "ATK 32", + "APT-C-11", + "Navigator", + "TelePort Crew" ] }, "related": [ @@ -2932,7 +2989,8 @@ "synonyms": [ "FIN4", "FIN 4", - "Wolf Spider" + "Wolf Spider", + "G0085" ] }, "uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57", @@ -3682,7 +3740,14 @@ "MageCart Group 6", "White Giant", "GOLD FRANKLIN", - "FIN 6" + "FIN 6", + "G0037", + "ITG08", + "Magecart Group 6", + "Gold FRANKLIN", + "White Giant", + "ATK 88", + "APT-C-01" ] }, "related": [ @@ -4607,7 +4672,9 @@ "https://attack.mitre.org/groups/G0061" ], "synonyms": [ - "FIN 8" + "FIN 8", + "G0061", + "ATK113" ] }, "related": [ @@ -4705,7 +4772,8 @@ "https://attack.mitre.org/groups/G0062/" ], "synonyms": [ - "TA 459" + "TA 459", + "G0062" ] }, "related": [ @@ -4775,6 +4843,7 @@ { "description": "We have observed one APT group, which we call APT5, particularly focused on telecommunications and technology companies. More than half of the organizations we have observed being targeted or breached by APT5 operate in these sectors. Several times, APT5 has targeted organizations and personnel based in Southeast Asia. APT5 has been active since at least 2007. It appears to be a large threat group that consists of several subgroups, often with distinct tactics and infrastructure. APT5 has targeted or breached organizations across multiple industries, but its focus appears to be on telecommunications and technology companies, especially information about satellite communications. \nAPT5 targeted the network of an electronics firm that sells products for both industrial and military applications. The group subsequently stole communications related to the firm’s business relationship with a national military, including inventories and memoranda about specific products they provided. \nIn one case in late 2014, APT5 breached the network of an international telecommunications company. The group used malware with keylogging capabilities to monitor the computer of an executive who manages the company’s relationships with other telecommunications companies", "meta": { + "country": "CN", "refs": [ "https://www.fireeye.com/current-threats/apt-groups.html", "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-southeast-asia-threat-landscape.pdf", @@ -4782,7 +4851,19 @@ ], "synonyms": [ "MANGANESE", - "BRONZE FLEETWOOD" + "BRONZE FLEETWOOD", + "APT 5", + "UNC2630", + "Poisoned Flight", + "Keyhole Panda", + "Pitty Panda", + "Manganese", + "G0011", + "Bronze FLEETWOOD", + "TG-2754", + "PittyTiger", + "DPD", + "TEMP.Bottle" ] }, "uuid": "a47b79ae-7a0c-4308-9efc-294af19cc795", @@ -5113,7 +5194,11 @@ "APT4", "APT 4", "BRONZE EDISON", - "Sykipot" + "Bronze EDISON", + "Sykipot", + "Samurai Panda", + "TG-0623", + "Wisp Team" ] }, "uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", @@ -6710,7 +6795,9 @@ "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/" ], "synonyms": [ - "Indrik Spider" + "Indrik Spider", + "G0119", + "Gold DRAKE" ] }, "uuid": "658314bc-3bb8-48d2-913a-c528607b75c8", @@ -6851,7 +6938,13 @@ "Dudear", "TA 505", "Graceful Spider", - "TEMP.Warlock" + "TEMP.Warlock", + "Chimborazo", + "G0092", + "Hive0065", + "Gold TAHOE", + "ATK 103", + "SectorJ04" ] }, "uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f", @@ -6914,7 +7007,10 @@ "TA542", "GOLD CRESTWOOD", "Mummy Spider", - "TA 542" + "TA 542", + "Gold CRESTWOOD", + "ATK104", + "Mealybug" ] }, "uuid": "c93281be-f6cd-4cd0-a5a3-defde9d77d8b", @@ -7247,7 +7343,10 @@ "COBALT DICKENS", "Mabna Institute", "TA407", - "TA 407" + "TA 407", + "Yellow Nabu", + "SilentLibrarian", + "Silent Librarian" ] }, "uuid": "5059b44d-2753-4977-b987-4922f09afe6b", @@ -7348,7 +7447,8 @@ "https://attack.mitre.org/groups/G0053/" ], "synonyms": [ - "FIN 5" + "FIN 5", + "G0053" ] }, "uuid": "44dc2f9c-8c28-11e9-9b9a-7fdced8cbf70", @@ -7376,7 +7476,8 @@ "https://attack.mitre.org/groups/G0051/" ], "synonyms": [ - "FIN 10" + "FIN 10", + "G0051" ] }, "uuid": "f2d02410-8c2c-11e9-8df1-a31c1fb33d79", @@ -7657,7 +7758,8 @@ "synonyms": [ "Temp.Hex", "Vicious Panda", - "TA 428" + "TA 428", + "Bronze DUDLEY" ] }, "uuid": "5533d062-18ab-4c70-9472-0eac03f95a1d", @@ -7780,7 +7882,8 @@ ], "synonyms": [ "LookBack", - "TA 410" + "TA 410", + "TALONITE" ] }, "uuid": "5cd95926-0098-435e-892d-9c9f61763ad7", @@ -8092,7 +8195,8 @@ "GOLD ESSEX", "TA544", "TA 544", - "Narwhal Spider" + "Narwhal Spider", + "Gold ESSEX" ] }, "uuid": "fda9cdea-0017-495e-879d-0f348db2aa07", @@ -8384,7 +8488,8 @@ "TEMP.Warlock", "FIN 11", "UNC902", - "Graceful Spider" + "Graceful Spider", + "Gold Evergreen" ] }, "uuid": "c01aadc6-1087-4e8e-8d5c-a27eba409fe3", @@ -8540,7 +8645,8 @@ "synonyms": [ "UNC1151", "TA 445", - "TA445" + "TA445", + "UAC-0051" ] }, "uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5", @@ -8759,7 +8865,8 @@ "Shakthak", "TA551", "TA 551", - "Lunar Spider" + "Lunar Spider", + "G0127" ] }, "uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1", @@ -9058,7 +9165,8 @@ ], "synonyms": [ "Scully Spider", - "TA 547" + "TA 547", + "TH-163" ] }, "uuid": "29fbc8d4-1e6e-4edc-9887-bdf47f36e4c1", @@ -9071,7 +9179,8 @@ "https://www.thaicert.or.th/downloads/files/Threat_Group_Cards_v2.0.pdf" ], "synonyms": [ - "TH-163" + "TH-163", + "TA 554" ] }, "uuid": "36f1a1b8-e03a-484f-95a3-005345679cbe", From 0f7803b0911bb112d1ba454e5513d9e167761061 Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Fri, 1 Apr 2022 16:00:27 +0200 Subject: [PATCH 2/7] update threat actors meta --- clusters/threat-actor.json | 228 +++++++++++++++++++++++++++++++++---- 1 file changed, 205 insertions(+), 23 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 96163460..f0d87661 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -668,10 +668,14 @@ "LEAD", "WICKED SPIDER", "WICKED PANDA", + "Wicked Panda", "BARIUM", "BRONZE ATLAS", "BRONZE EXPORT", - "Red Kelpie" + "Red Kelpie", + "G0044", + "G0096", + "TG-2633" ] }, "related": [ @@ -1068,7 +1072,13 @@ "ZipToken", "Iron Tiger", "BRONZE UNION", - "Lucky Mouse" + "Bronze Union", + "Lucky Mouse", + "LuckyMouse", + "Emissary Panda", + "G0027", + "ATK 15", + "ATK15" ] }, "related": [ @@ -1610,7 +1620,10 @@ "APT20", "APT 20", "TH3Bug", - "Twivy" + "Twivy", + "APT 8", + "APT8", + "G0116" ] }, "uuid": "8bcd855f-a4c1-453a-bede-ff36582f4f40", @@ -1692,7 +1705,9 @@ "KeyBoy", "TropicTrooper", "Tropic Trooper", - "BRONZE HOBART" + "BRONZE HOBART", + "Bronze Hobart", + "G0081" ] }, "uuid": "7f16d1f5-04ee-4d99-abf0-87e1f23f9fee", @@ -2015,9 +2030,16 @@ "APT 33", "Elfin", "MAGNALLIUM", + "Magnallium", "Refined Kitten", "HOLMIUM", - "COBALT TRINITY" + "Holmium", + "COBALT TRINITY", + "COBALT Trinity", + "TA 451", + "G0064", + "ATK 35", + "Group 83" ] }, "related": [ @@ -2228,7 +2250,18 @@ "APT35", "APT 35", "TEMP.Beanie", - "Ghambar" + "Ghambar", + "TA 453", + "NewsBeef", + "Charming Kitten", + "Phosphorus", + "G0003", + "G0059", + "COBALT illusion", + "Timberworm", + "C-Major", + "Newscaster", + "TunnelVision" ] }, "related": [ @@ -2301,6 +2334,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b8967b3c-3bc9-11e8-8701-8b1ead8c099e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", @@ -2435,6 +2475,7 @@ "Fancy Bear", "Sednit", "SNAKEMACKEREL", + "Snakemackerel", "TsarTeam", "Tsar Team", "TG-4127", @@ -2443,10 +2484,20 @@ "TAG_0700", "Swallowtail", "IRON TWILIGHT", + "Iron Twilight", "Group 74", "SIG40", "Grizzly Steppe", - "apt_sofacy" + "apt_sofacy", + "TA 422", + "Strontium", + "G0007", + "ITG05", + "ATK 5", + "ATK5", + "Swallowtail", + "T-APT-12", + "APT-C-20" ] }, "related": [ @@ -2513,6 +2564,7 @@ "CozyDuke", "EuroAPT", "CozyBear", + "Cozy Bear", "CozyCar", "Cozer", "Office Monkeys", @@ -2524,8 +2576,15 @@ "SeaDuke", "Hammer Toss", "YTTRIUM", + "Yttrium", "Iron Hemlock", - "Grizzly Steppe" + "Grizzly Steppe", + "TA 421", + "CloudLook", + "G0016", + "ITG11", + "ATK7", + "ATK 7" ] }, "related": [ @@ -3166,7 +3225,20 @@ "Nickel Academy", "APT-C-26", "NICKEL GLADSTONE", - "COVELLITE" + "COVELLITE", + "Stardust Chollima", + "G0082", + "G0032", + "ITG03", + "Hive0080", + "CTG-6459", + "Lazarus", + "ATK 117", + "T-APT-15", + "Klipodenc", + "SectorA01", + "BeagleBoyz", + "NESTEGG" ] }, "related": [ @@ -3332,8 +3404,11 @@ "APT36", "APT 36", "TMP.Lapis", + "TEMP.Lapis", "Green Havildar", - "COPPER FIELDSTONE" + "COPPER FIELDSTONE", + "G0134", + "APT-C-56" ] }, "related": [ @@ -3431,7 +3506,14 @@ "Sarit", "Quilted Tiger", "APT-C-09", - "ZINC EMERSON" + "ZINC EMERSON", + "Confucius", + "ATK 11", + "TG-4410", + "G0040", + "G0089", + "Viceroy Tiger", + "Dropping Elephant" ] }, "related": [ @@ -3627,7 +3709,13 @@ "https://www.cfr.org/interactive/cyber-operations/apt-30" ], "synonyms": [ - "APT30" + "APT30", + "Naikon", + "Override Panda", + "G0019", + "G0013", + "BRONZE STERLING", + "CTG-5326" ] }, "related": [ @@ -3847,7 +3935,13 @@ "Helix Kitten", "APT 34", "APT34", - "IRN2" + "IRN2", + "TA 452", + "G0049", + "G0116", + "ITG13", + "ATK 40", + "Chrysene" ] }, "related": [ @@ -4513,7 +4607,11 @@ "Ocean Buffalo", "POND LOACH", "TIN WOODLAWN", - "BISMUTH" + "Tin Woodlawn", + "Woodlawn", + "BISMUTH", + "G0050", + "SectorF01" ] }, "related": [ @@ -4825,7 +4923,9 @@ "synonyms": [ "CactusPete", "Karma Panda", - "BRONZE HUNTLEY" + "BRONZE HUNTLEY", + "Bronze HUNTLEY", + "G0131" ] }, "uuid": "0ab7c8de-fc23-4793-99aa-7ee336199e26", @@ -4879,7 +4979,11 @@ ], "synonyms": [ "APT22", - "BRONZE OLIVE" + "BRONZE OLIVE", + "Bronze Olive", + "Group 46", + "Suckfly", + "G0039" ] }, "uuid": "7a2457d6-148a-4ce1-9e79-aa43352ee842", @@ -4944,7 +5048,14 @@ "Hippo Team", "JerseyMikes", "Turbine Panda", - "BRONZE EXPRESS" + "BRONZE EXPRESS", + "Bronze Express", + "KungFu Kittens", + "WebMasters", + "Black Vine", + "Group 13", + "Shell Crew", + "PinkPanther" ] }, "related": [ @@ -5800,7 +5911,15 @@ "Red Eyes", "Ricochet Chollima", "ScarCruft", - "Venus 121" + "Venus 121", + "TEMP.Reaper", + "Thallium", + "G0067", + "ITG10", + "ATK 4", + "Hermit", + "Geumseong121", + "Hidden Cobra" ] }, "related": [ @@ -5886,8 +6005,16 @@ "APT 40", "APT40", "BRONZE MOHAWK", + "Bronze Mohawk", "GADOLINIUM", - "Kryptonite Panda" + "Gadolinium", + "Kryptonite Panda", + "G0065", + "ITG09", + "ATK29", + "Flaccid Rose", + "Nanhaishu", + "Mudcarp" ] }, "related": [ @@ -5915,6 +6042,15 @@ "Newscaster Team" ] }, + "related": [ + { + "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b8967b3c-3bc9-11e8-8701-8b1ead8c099e", "value": "APT35" }, @@ -6079,6 +6215,7 @@ "Private sector" ], "cfr-type-of-incident": "Espionage", + "country": "RU", "mode-of-operation": "Deep ICS environment information gathering, operator credentials, industrial process details", "refs": [ "https://dragos.com/adversaries.html", @@ -6089,7 +6226,10 @@ "synonyms": [ "Dragonfly 2.0", "Dragonfly2", - "Berserker Bear" + "Berserker Bear", + "Berserk Bear", + "G0074", + "Dymalloy" ], "victimology": "Turkey, Europe, US" }, @@ -6531,6 +6671,12 @@ "refs": [ "https://www.bellingcat.com/news/mena/2017/06/12/bahamut-pursuing-cyber-espionage-actor-middle-east/", "https://www.bellingcat.com/resources/case-studies/2017/10/27/bahamut-revisited-cyber-espionage-middle-east-south-asia/" + ], + "synonyms": [ + "G0112", + "Urpage", + "EHDevel", + "WindShift" ] }, "uuid": "dc3edacc-bb24-11e8-81fb-8c16458922a7", @@ -7079,7 +7225,11 @@ "APT 39", "Chafer", "REMIX KITTEN", - "COBALT HICKMAN" + "Remix Kitten", + "COBALT HICKMAN", + "TA 454", + "G0087", + "ITG07" ] }, "uuid": "c2c64bd3-a325-446f-91a8-b4c0f173a30b", @@ -7381,9 +7531,13 @@ ], "synonyms": [ "APT 31", + "APT31", "ZIRCONIUM", + "Zirconium", "JUDGMENT PANDA", - "BRONZE VINEWOOD" + "Judgment Panda", + "BRONZE VINEWOOD", + "G0128" ] }, "uuid": "6bf7e6b6-5917-45a6-9567-f0baba79768c", @@ -7927,6 +8081,7 @@ { "description": "For the first time, the activity of the Calypso group was detected by specialists of PT Expert Security Center in March 2019, during the work to detect cyber threats. As a result, many malware samples of this group were obtained, affected organizations and control servers of intruders were identified. According to our data, the group has been active since at least September 2016. The main goal of the group is to steal confidential data, the main victims are government agencies from Brazil, India, Kazakhstan, Russia, Thailand, Turkey. Our data suggest that the group has Asian roots. Description translated from Russian.", "meta": { + "country": "CN", "refs": [ "https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf" ], @@ -9225,7 +9380,34 @@ }, "uuid": "d45dd940-b38d-4b2c-9f2f-3e4a0eac841c", "value": "MosesStaff" + }, + { + "description": "The group’s existence came to light during Context’s investigation of a number of attacks against multinational enterprises that compromise smaller engineering services and consultancies working in their supply chains.", + "meta": { + "country": "CN", + "refs": [ + "https://www.computerweekly.com/news/252471769/New-threat-group-behind-Airbus-cyber-attacks-claim-researchers" + ] + }, + "uuid": "8045fc09-13d6-4f90-b239-ed5060b9297b", + "value": "Avivore" + }, + { + "description": "The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released in 2014 were based on the AndroRAT framework. Over time, they switched to a custom version that has been known as BitterRAT ever since.", + "meta": { + "country": "IN", + "refs": [ + "https://www.bitdefender.com/files/News/CaseStudies/study/352/Bitdefender-PR-Whitepaper-BitterAPT-creat4571-en-EN-GenericUse.pdf" + ], + "synonyms": [ + "BitterAPT", + "T-APT-17", + "APT-C-08" + ] + }, + "uuid": "1e9bd6fe-e009-41ce-8e92-ad78c73ee772", + "value": "Bitter" } ], - "version": 214 + "version": 216 } From dcc396108ccfe7e6614010463f9f8c8e33ca55bb Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Fri, 1 Apr 2022 16:36:47 +0200 Subject: [PATCH 3/7] fix duplicate --- clusters/threat-actor.json | 1 - 1 file changed, 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 27de3da7..8f9d3d62 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -3840,7 +3840,6 @@ "ITG08", "Magecart Group 6", "Gold FRANKLIN", - "White Giant", "ATK 88", "APT-C-01" ] From 7c3e8ac068dd9fa7a0e019487dfe3b33321f0bf3 Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Fri, 1 Apr 2022 16:40:40 +0200 Subject: [PATCH 4/7] fix duplicate --- clusters/threat-actor.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 8f9d3d62..8f5028a2 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -3837,8 +3837,6 @@ "GOLD FRANKLIN", "FIN 6", "G0037", - "ITG08", - "Magecart Group 6", "Gold FRANKLIN", "ATK 88", "APT-C-01" From 909fc09992f846021e4d189694f535ee6871e936 Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Fri, 1 Apr 2022 16:44:47 +0200 Subject: [PATCH 5/7] duplicate --- clusters/threat-actor.json | 1 - 1 file changed, 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 8f5028a2..cd2f81cf 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -3225,7 +3225,6 @@ "APT-C-26", "NICKEL GLADSTONE", "COVELLITE", - "Stardust Chollima", "G0082", "G0032", "ITG03", From fb557fd3a25e3ff03c24971e0e216ec3a17638c0 Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Fri, 1 Apr 2022 16:47:50 +0200 Subject: [PATCH 6/7] dup --- clusters/threat-actor.json | 1 - 1 file changed, 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index cd2f81cf..9d5755ca 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2570,7 +2570,6 @@ "Office Monkeys", "OfficeMonkeys", "APT29", - "Cozy Bear", "The Dukes", "Minidionis", "SeaDuke", From 73f71c8b154e25c979db2d2a75a1eaa0460bdaee Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Fri, 1 Apr 2022 16:51:27 +0200 Subject: [PATCH 7/7] dup --- clusters/threat-actor.json | 1 - 1 file changed, 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 9d5755ca..4c96b73d 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2495,7 +2495,6 @@ "ITG05", "ATK 5", "ATK5", - "Swallowtail", "T-APT-12", "APT-C-20" ]