diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 3d588a2a..bc6288a4 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -10560,14 +10560,18 @@ "value": "Void Balaur" }, { - "description": "APT-Q-12", + "description": "APT-C-60", "meta": { "refs": [ - "https://mp.weixin.qq.com/s/Hzq4_tWmunDpKfHTlZNM-A" + "https://mp.weixin.qq.com/s/Hzq4_tWmunDpKfHTlZNM-A", + "https://cert.360.cn/report/detail?id=6c9a1b56e4ceb84a8ab9e96044429adc" + ], + "synonyms": [ + "APT-Q-12" ] }, "uuid": "6a83b2bf-0c51-4c9b-89b0-35df7cab1dd5", - "value": "APT-Q-12" + "value": "APT-C-60" }, { "description": "RomCom", @@ -11410,7 +11414,32 @@ ], "uuid": "fceed509-938e-4f9e-acd4-76e6c28dc6f1", "value": "RedDelta" + }, + { + "description": "Worok is a cyber espionage group, mostly targeting Central Asia. The group toolset includes a C++ loader named CLRLoad, a PowerShell backdoor named PowHeartBeat, and a C# loader named PNGLoad.", + "meta": { + "attribution-confidence": "50", + "cfr-suspected-state-sponsor": "China", + "cfr-suspected-victims": [ + "East Asia", + "Central Asia", + "Southeast Asia", + "The Middle East", + "Southern Africa" + ], + "cfr-target-category": [ + "Government", + "Energy Company" + ], + "cfr-type-of-incident": "Espionage", + "country": "CN", + "refs": [ + "https://www.welivesecurity.com/2022/09/06/worok-big-picture/" + ] + }, + "uuid": "77742419-aa71-4bc2-94c6-29c394b350e7", + "value": "Worok" } ], - "version": 275 + "version": 276 }