Merge pull request #211 from eCrimeLabs/master

Added links in relation to Threat-actor info from Dragos
2018-05-15 16:17:56 +02:00 · 2018-05-15 16:17:56 +02:00 · 3a7c4e3c57
parent 9b888f238a 1ab4e4f4cf
commit 3a7c4e3c57
1 changed files with 14 additions and 7 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -1896,7 +1896,8 @@
      "meta": {
        "refs": [
          "https://dragos.com/blog/crashoverride/CrashOverride-01.pdf",
-          "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf"
+          "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
        ],
        "synonyms": [
          "Sandworm"
@ -2556,7 +2557,8 @@
      "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
      "meta": {
        "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/blog/20180510Allanite.html"
        ],
        "mode-of-operation": "Watering-hole and phishing leading to ICS recon and screenshot collection",
        "since": "2017",
@ -2573,7 +2575,8 @@
      "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
      "meta": {
        "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
        ],
        "mode-of-operation": "IT compromise, information gathering and recon against industrial orgs",
        "since": "2017",
@ -2591,7 +2594,8 @@
      "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
      "meta": {
        "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
        ],
        "mode-of-operation": "IT compromise with hardened anti-analysis malware against industrial orgs",
        "since": "2017",
@ -2609,7 +2613,8 @@
      "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
      "meta": {
        "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
        ],
        "mode-of-operation": "Deep ICS environment information gathering, operator credentials, industrial process details",
        "since": "2016",
@ -2627,7 +2632,8 @@
      "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
      "meta": {
        "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
        ],
        "mode-of-operation": "Electric grid disruption and long-term persistence",
        "since": "2016",
@ -2644,7 +2650,8 @@
      "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
      "meta": {
        "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
        ],
        "mode-of-operation": "IT network limited, information gathering against industrial orgs",
        "since": "2016",