Merge pull request #273 from Delta-Sierra/master

update synonyms & attributions
2018-10-04 11:17:19 +02:00 · 2018-10-04 11:17:19 +02:00 · 276992f180
parent 123099cd6d 2893d715d6
commit 276992f180
2 changed files with 16 additions and 3 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -2069,9 +2069,11 @@
          "APT 28",
          "APT28",
          "Pawn Storm",
+          "PawnStorm",
          "Fancy Bear",
          "Sednit",
          "TsarTeam",
+          "Tsar Team",
          "TG-4127",
          "Group-4127",
          "STRONTIUM",
@ -4620,7 +4622,8 @@
          "Islamic State Hacking Division",
          "CCA",
          "United Cyber Caliphate",
-          "UUC"
+          "UUC",
+          "CyberCaliphate"
        ]
      },
      "uuid": "76f6ad4e-2ff3-4ccb-b81d-18162f290af0",
@ -5917,5 +5920,5 @@
      ]
    }
  ],
-  "version": 68
+  "version": 69
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -5863,7 +5863,17 @@
          "type": "similar"
        }
      ]
+    },
+    {
+      "value": "ZEBROCY",
+      "description": "ZEBROCY is a tool used by APT28, which has been observed since late 2015. The communications module used by ZEBROCY transmits using HTTP. The implant has key logging and file exfiltration functionality and utilises a file collection capability that identifies files with particular extensions.",
+      "meta": {
+        "refs": [
+          "https://www.ncsc.gov.uk/alerts/indicators-compromise-malware-used-apt28"
+        ]
+      },
+      "uuid": "8a2ae47a-c7b2-11e8-b223-ab4d8f78f3ef"
    }
  ],
-  "version": 90
+  "version": 91
 }