Merge pull request #959 from r0ny123/cn

Updated threat actor references
pull/955/head
Alexandre Dulaunoy 2024-04-16 20:25:14 +02:00 committed by GitHub
commit 40cadf2865
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 45 additions and 9 deletions

View File

@ -5631,7 +5631,8 @@
"PLA Navy",
"MAVERICK PANDA",
"BRONZE EDISON",
"Sykipot"
"SODIUM",
"Salmon Typhoon"
]
},
"uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b",
@ -7069,7 +7070,10 @@
"https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader",
"https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european",
"https://unit42.paloaltonetworks.com/stately-taurus-targets-philippines-government-cyberespionage/",
"https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html"
"https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html",
"https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW",
"https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_2_LT4.pdf",
"https://thecyberwire.com/podcasts/microsoft-threat-intelligence/4/notes"
],
"synonyms": [
"BRONZE PRESIDENT",
@ -7080,7 +7084,10 @@
"Earth Preta",
"TA416",
"Stately Taurus",
"LuminousMoth"
"LuminousMoth",
"Polaris",
"TANTALUM",
"Twill Typhoon"
]
},
"uuid": "78bf726c-a9e6-11e8-9e43-77249a2f7339",
@ -8103,7 +8110,23 @@
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf",
"https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi",
"https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf",
"https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists"
"https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists",
"https://www.fortinet.com/blog/psirt-blogs/importance-of-patching-an-analysis-of-the-exploitation-of-n-day-vulnerabilities",
"https://intrusiontruth.wordpress.com/2023/05/11/article-1-whats-cracking-at-the-kerui-cracking-academy",
"https://intrusiontruth.wordpress.com/2023/05/12/the-illustrious-graduates-of-wuhan-kerui",
"https://intrusiontruth.wordpress.com/2023/05/13/all-roads-lead-back-to-wuhan-xiaoruizhi-science-and-technology-company",
"https://intrusiontruth.wordpress.com/2023/05/15/trouble-in-paradise",
"https://intrusiontruth.wordpress.com/2023/05/16/introducing-cheng-feng",
"https://intrusiontruth.wordpress.com/2023/05/17/missing-links",
"https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Common-TTPs-of-attacks-against-industrial-organizations-implants-for-remote-access-En.pdf",
"https://asec.ahnlab.com/ko/55070",
"https://intrusiontruth.wordpress.com/2023/07/04/wuhan-xiaoruizhi-class-of-19",
"https://intrusiontruth.wordpress.com/2023/07/07/one-man-and-his-lasers",
"https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2023-02-bfv-cyber-brief.pdf?__blob=publicationFile&v=6",
"https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived",
"https://www.justice.gov/opa/media/1345141/dl?inline",
"https://www.gov.uk/government/news/uk-holds-china-state-affiliated-organisations-and-individuals-responsible-for-malicious-cyber-activity",
"https://harfanglab.io/en/insidethelab/apt31-indictment-analysis/"
],
"synonyms": [
"ZIRCONIUM",
@ -10856,7 +10879,12 @@
"https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools",
"https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass",
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf",
"https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf"
"https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf",
"https://securelist.com/apt-annual-review-2021/105127",
"https://securelist.com/apt-trends-report-q2-2021/103517",
"https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/jolly-jellyfish/NCSC-MAR-Jolly-Jellyfish.pdf",
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/pdf/2022-year-in-retrospect-report.pdf",
"https://www.youtube.com/watch?v=-7Swd1ZetiQ"
],
"synonyms": [
"CHROMIUM",
@ -10867,7 +10895,9 @@
"AQUATIC PANDA",
"Red Dev 10",
"RedHotel",
"Charcoal Typhoon"
"Charcoal Typhoon",
"BountyGlad",
"Red Scylla"
]
},
"related": [
@ -12336,7 +12366,8 @@
"https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/"
],
"synonyms": [
"BRONZE SILHOUETTE"
"BRONZE SILHOUETTE",
"VANGUARD PANDA"
]
},
"uuid": "f02679fa-5e85-4050-8eb5-c2677d93306f",
@ -12579,7 +12610,11 @@
"https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/",
"https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr",
"https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/",
"https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html"
"https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html",
"https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/",
"https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/",
"https://www.youtube.com/watch?v=khywfhJv4H8",
"https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf"
]
},
"uuid": "5b30bcb8-4923-45cc-bc89-29651ca5d54e",
@ -14436,7 +14471,8 @@
"https://www.crowdstrike.com/global-threat-report/"
],
"synonyms": [
"Ethereal Panda"
"Ethereal Panda",
"Storm-0919"
]
},
"uuid": "50ee2b1b-979e-4507-8747-8597a95938f6",