Merge pull request #781 from Mathieu4141/threat-actors/fix-neodymium

[threat-actors] Fix G0055 (NEODYMIUM) alias
2022-09-30 06:39:31 +02:00 · 2022-09-30 06:39:31 +02:00 · 409c82f40c
parent 588184bacd 74c6835d18
commit 409c82f40c
1 changed files with 5 additions and 3 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -3719,12 +3719,10 @@
        "refs": [
          "https://www.microsoft.com/security/blog/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/",
          "https://www.virusbulletin.com/conference/vb2016/abstracts/last-minute-paper-strongpity-waterhole-attacks-targeting-italian-and-belgian-encryption-users",
-          "https://attack.mitre.org/groups/G0055/",
          "https://attack.mitre.org/groups/G0056/"
        ],
        "synonyms": [
          "StrongPity",
-          "G0055",
          "G0056"
        ]
      },
@ -3751,7 +3749,11 @@
      "description": "NEODYMIUM is an activity group that is known to use a backdoor malware detected by Microsoft as Wingbird. This backdoor’s characteristics closely match FinFisher, a government-grade commercial surveillance package. Data about Wingbird activity indicate that it is typically used to attack individual computers instead of networks.",
      "meta": {
        "refs": [
-          "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/"
+          "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/",
+          "https://attack.mitre.org/groups/G0055/"
+        ],
+        "synonyms": [
+          "G0055"
        ]
      },
      "related": [