Merge pull request #959 from r0ny123/cn

Updated threat actor references
2024-04-16 20:25:14 +02:00 · 2024-04-16 20:25:14 +02:00 · 40cadf2865
parent ea04301290 ff07821cca
commit 40cadf2865
1 changed files with 45 additions and 9 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -5631,7 +5631,8 @@
          "PLA Navy",
          "MAVERICK PANDA",
          "BRONZE EDISON",
-          "Sykipot"
+          "SODIUM",
+          "Salmon Typhoon"
        ]
      },
      "uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b",
@ -7069,7 +7070,10 @@
          "https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader",
          "https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european",
          "https://unit42.paloaltonetworks.com/stately-taurus-targets-philippines-government-cyberespionage/",
-          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html"
+          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html",
+          "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW",
+          "https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_2_LT4.pdf",
+          "https://thecyberwire.com/podcasts/microsoft-threat-intelligence/4/notes"
        ],
        "synonyms": [
          "BRONZE PRESIDENT",
@ -7080,7 +7084,10 @@
          "Earth Preta",
          "TA416",
          "Stately Taurus",
-          "LuminousMoth"
+          "LuminousMoth",
+          "Polaris",
+          "TANTALUM",
+          "Twill Typhoon"
        ]
      },
      "uuid": "78bf726c-a9e6-11e8-9e43-77249a2f7339",
@ -8103,7 +8110,23 @@
          "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf",
          "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi",
          "https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf",
-          "https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists"
+          "https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists",
+          "https://www.fortinet.com/blog/psirt-blogs/importance-of-patching-an-analysis-of-the-exploitation-of-n-day-vulnerabilities",
+          "https://intrusiontruth.wordpress.com/2023/05/11/article-1-whats-cracking-at-the-kerui-cracking-academy",
+          "https://intrusiontruth.wordpress.com/2023/05/12/the-illustrious-graduates-of-wuhan-kerui",
+          "https://intrusiontruth.wordpress.com/2023/05/13/all-roads-lead-back-to-wuhan-xiaoruizhi-science-and-technology-company",
+          "https://intrusiontruth.wordpress.com/2023/05/15/trouble-in-paradise",
+          "https://intrusiontruth.wordpress.com/2023/05/16/introducing-cheng-feng",
+          "https://intrusiontruth.wordpress.com/2023/05/17/missing-links",
+          "https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Common-TTPs-of-attacks-against-industrial-organizations-implants-for-remote-access-En.pdf",
+          "https://asec.ahnlab.com/ko/55070",
+          "https://intrusiontruth.wordpress.com/2023/07/04/wuhan-xiaoruizhi-class-of-19",
+          "https://intrusiontruth.wordpress.com/2023/07/07/one-man-and-his-lasers",
+          "https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2023-02-bfv-cyber-brief.pdf?__blob=publicationFile&v=6",
+          "https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived",
+          "https://www.justice.gov/opa/media/1345141/dl?inline",
+          "https://www.gov.uk/government/news/uk-holds-china-state-affiliated-organisations-and-individuals-responsible-for-malicious-cyber-activity",
+          "https://harfanglab.io/en/insidethelab/apt31-indictment-analysis/"
        ],
        "synonyms": [
          "ZIRCONIUM",
@ -10856,7 +10879,12 @@
          "https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools",
          "https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass",
          "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf",
-          "https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf"
+          "https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf",
+          "https://securelist.com/apt-annual-review-2021/105127",
+          "https://securelist.com/apt-trends-report-q2-2021/103517",
+          "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/jolly-jellyfish/NCSC-MAR-Jolly-Jellyfish.pdf",
+          "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/pdf/2022-year-in-retrospect-report.pdf",
+          "https://www.youtube.com/watch?v=-7Swd1ZetiQ"
        ],
        "synonyms": [
          "CHROMIUM",
@ -10867,7 +10895,9 @@
          "AQUATIC PANDA",
          "Red Dev 10",
          "RedHotel",
-          "Charcoal Typhoon"
+          "Charcoal Typhoon",
+          "BountyGlad",
+          "Red Scylla"
        ]
      },
      "related": [
@ -12336,7 +12366,8 @@
          "https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/"
        ],
        "synonyms": [
-          "BRONZE SILHOUETTE"
+          "BRONZE SILHOUETTE",
+          "VANGUARD PANDA"
        ]
      },
      "uuid": "f02679fa-5e85-4050-8eb5-c2677d93306f",
@ -12579,7 +12610,11 @@
          "https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/",
          "https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr",
          "https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/",
-          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html"
+          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html",
+          "https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/",
+          "https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/",
+          "https://www.youtube.com/watch?v=khywfhJv4H8",
+          "https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf"
        ]
      },
      "uuid": "5b30bcb8-4923-45cc-bc89-29651ca5d54e",
@ -14436,7 +14471,8 @@
          "https://www.crowdstrike.com/global-threat-report/"
        ],
        "synonyms": [
-          "Ethereal Panda"
+          "Ethereal Panda",
+          "Storm-0919"
        ]
      },
      "uuid": "50ee2b1b-979e-4507-8747-8597a95938f6",