Merge pull request #211 from eCrimeLabs/master

Added links in relation to Threat-actor info from Dragos

clusters/threat-actor.json

@@ -1896,7 +1896,8 @@
       "meta": {
         "refs": [
           "https://dragos.com/blog/crashoverride/CrashOverride-01.pdf",
-          "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf"
+          "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
         ],
         "synonyms": [
           "Sandworm"
@@ -2556,7 +2557,8 @@
       "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
       "meta": {
         "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/blog/20180510Allanite.html"
         ],
         "mode-of-operation": "Watering-hole and phishing leading to ICS recon and screenshot collection",
         "since": "2017",
@@ -2573,7 +2575,8 @@
       "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
       "meta": {
         "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
         ],
         "mode-of-operation": "IT compromise, information gathering and recon against industrial orgs",
         "since": "2017",
@@ -2591,7 +2594,8 @@
       "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
       "meta": {
         "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
         ],
         "mode-of-operation": "IT compromise with hardened anti-analysis malware against industrial orgs",
         "since": "2017",
@@ -2609,7 +2613,8 @@
       "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
       "meta": {
         "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
         ],
         "mode-of-operation": "Deep ICS environment information gathering, operator credentials, industrial process details",
         "since": "2016",
@@ -2627,7 +2632,8 @@
       "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
       "meta": {
         "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
         ],
         "mode-of-operation": "Electric grid disruption and long-term persistence",
         "since": "2016",
@@ -2644,7 +2650,8 @@
       "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
       "meta": {
         "refs": [
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf"
         ],
         "mode-of-operation": "IT network limited, information gathering against industrial orgs",
         "since": "2016",