diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 81ffca6f..05709293 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -651,9 +651,7 @@ "Winnti Group", "Suckfly", "APT41", - "APT 41", "Group72", - "Group 72", "Blackfly", "LEAD", "WICKED SPIDER", @@ -897,7 +895,8 @@ "DRAGONFISH", "BRONZE ELGIN", "ATK1", - "G0030" + "G0030", + "Red Salamander" ] }, "related": [ @@ -1409,7 +1408,9 @@ "synonyms": [ "IceFog", "Dagger Panda", - "Trident" + "Trident", + "RedFoxtrot", + "Red Wendigo" ] }, "uuid": "32c534b9-abec-4823-b223-a810f897b47b", @@ -6327,8 +6328,12 @@ "description": "Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. The campaigns, which we are collectively naming RedAlpha, combine light reconnaissance, selective targeting, and diverse malicious tooling. We discovered this activity as the result of pivoting off of a new malware sample observed targeting the Tibetan community based in India.", "meta": { "refs": [ - "https://www.recordedfuture.com/redalpha-cyber-campaigns/", + "https://www.recordedfuture.com/chinese-cyberespionage-operations", "https://go.recordedfuture.com/hubfs/reports/cta-2018-0626.pdf" + ], + "synonyms": [ + "DeepCliff", + "Red Dev 3" ] }, "uuid": "71a3b962-9a36-11e8-88f8-b31d20c6fa2a", @@ -7425,7 +7430,8 @@ "synonyms": [ "ZIRCONIUM", "JUDGMENT PANDA", - "BRONZE VINEWOOD" + "BRONZE VINEWOOD", + "Red keres" ] }, "uuid": "6bf7e6b6-5917-45a6-9567-f0baba79768c", @@ -7483,7 +7489,8 @@ "Palmerworm", "G0098", "T-APT-03", - "Manga Taurus" + "Manga Taurus", + "Red Djinn" ] }, "uuid": "320c42f7-eab7-4ef9-b09a-74396caa6c3e", @@ -7821,10 +7828,6 @@ "country": "CN", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology" - ], - "synonyms": [ - "Temp.Hex", - "Vicious Panda" ] }, "uuid": "5533d062-18ab-4c70-9472-0eac03f95a1d", @@ -8667,7 +8670,8 @@ "synonyms": [ "ATK233", "G0125", - "Operation Exchange Marauder" + "Operation Exchange Marauder", + "Red Dev 13" ] }, "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5", @@ -9722,13 +9726,15 @@ "https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan", "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi", "https://media-exp1.licdn.com/dms/document/C561FAQHhWFRcWmdCPw/feedshare-document-pdf-analyzed/0/1639591145314?e=1658966400&v=beta&t=_uCcyEVg6b_VDiBTvWQIXtBOdQ1GQAAydqGyq62KA3E", - "https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf" + "https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf", + "https://www.pwc.co.uk/issues/cyber-security-services/research/chasing-shadows.html" ], "synonyms": [ "CHROMIUM", "ControlX", "TAG-22", - "FISHMONGER" + "FISHMONGER", + "Red Dev 10" ] }, "uuid": "39150b30-61af-4d9c-9682-1595e145f3c1",