replaced various broken links with reachable equivalents

clusters/threat-actor.json

@@ -165,7 +165,7 @@
         "attribution-confidence": "50",
         "country": "CN",
         "refs": [
-          "http://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf"
+          "https://dokumen.tips/documents/detecting-and-responding-pandas-and-bears.html"
         ]
       },
       "uuid": "7195b51f-500e-4034-a851-bf34a2728dc8",
@@ -187,7 +187,7 @@
         "attribution-confidence": "50",
         "country": "CN",
         "refs": [
-          "http://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf"
+          "https://dokumen.tips/documents/detecting-and-responding-pandas-and-bears.html"
         ]
       },
       "uuid": "432b0304-768f-4fb9-9762-e745ef524ec7",
@@ -606,7 +606,7 @@
           "https://www.bleepingcomputer.com/news/security/us-arrests-chinese-man-involved-with-sakula-malware-used-in-opm-and-anthem-hacks/",
           "https://gizmodo.com/u-s-indicts-chinese-hacker-spies-in-conspiracy-to-stea-1830111695",
           "https://www.cyberscoop.com/anthem-breach-indictment-chinese-national/",
-          "https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/black-vine-cyberespionage-group-15-en.pdf",
+          "https://docs.broadcom.com/doc/the-black-vine-cyberespionage-group",
           "https://attack.mitre.org/groups/G0009/",
           "https://www.secureworks.com/research/threat-profiles/bronze-firestone",
           "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks",
@@ -873,7 +873,7 @@
           "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf",
           "https://web.archive.org/web/20140129192702/https://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
           "https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/",
-          "https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/",
+          "https://www.bitdefender.com/files/News/CaseStudies/study/185/Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse.pdf",
           "https://www.cfr.org/interactive/cyber-operations/iron-tiger",
           "https://www.bleepingcomputer.com/news/security/chinese-cyber-espionage-group-hacked-government-data-center/",
           "https://www.secureworks.com/research/bronze-union",
@@ -1328,7 +1328,7 @@
         "country": "CN",
         "refs": [
           "https://www.cfr.org/interactive/cyber-operations/sneaky-panda",
-          "https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/elderwood-project-12-en.pdf",
+          "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=3b0d679a-3707-4075-a2a9-37d1af16d411&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
           "https://attack.mitre.org/groups/G0066/"
         ],
         "synonyms": [
@@ -1871,7 +1871,7 @@
         "attribution-confidence": "50",
         "country": "IR",
         "refs": [
-          "http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
+          "https://web.archive.org/web/20161020180305/http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
           "https://carnegieendowment.org/2018/01/04/iran-s-cyber-ecosystem-who-are-threat-actors-pub-75140"
         ],
         "synonyms": [
@@ -2455,7 +2455,7 @@
           "https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/",
           "https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/",
           "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/",
-          "https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/waterbug-attack-group-16-en.pdf",
+          "https://docs.broadcom.com/doc/waterbug-attack-group",
           "https://www.theguardian.com/technology/2014/aug/07/turla-hackers-spying-governments-researcher-kaspersky-symantec",
           "https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/",
           "https://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf",
@@ -2548,7 +2548,7 @@
         "country": "RU",
         "refs": [
           "https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet",
-          "http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
+          "https://web.archive.org/web/20161020180305/http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
           "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf",
           "http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans",
           "https://threatpost.com/energy-watering-hole-attack-used-lightsout-exploit-kit/104772/",
@@ -2634,7 +2634,7 @@
           "https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid",
           "https://web.archive.org/web/20141016132823/https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks",
           "https://ics.sans.org/blog/2015/12/30/current-reporting-on-the-cyber-attack-in-ukraine-resulting-in-power-outage",
-          "https://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks",
+          "https://web.archive.org/web/20141224060545/http://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks/",
           "https://attack.mitre.org/groups/G0034",
           "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
           "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf",
@@ -3108,7 +3108,7 @@
         "attribution-confidence": "50",
         "country": "IN",
         "refs": [
-          "https://kung_foo.keybase.pub/papers_and_presentations/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf",
+          "https://github.com/jack8daniels2/threat-INTel/blob/master/2013/Unveiling-an-Indian-Cyberattack-Infrastructure-appendixes.pdf",
           "https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/",
           "https://www.netscout.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia",
           "https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/",
@@ -4472,7 +4472,7 @@
       "meta": {
         "country": "RU",
         "refs": [
-          "https://www.f-secure.com/documents/996508/1030745/callisto-group",
+          "https://web.archive.org/web/20170417102235/https://www.f-secure.com/documents/996508/1030745/callisto-group",
           "https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe",
           "https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe",
           "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
@@ -5024,7 +5024,7 @@
     {
       "meta": {
         "refs": [
-          "https://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf"
+          "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
         ]
       },
       "uuid": "7ad01582-d6a7-4a40-a0ee-7727e268cd15",
@@ -7236,7 +7236,7 @@
         "refs": [
           "https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/",
           "https://ti.360.net/blog/articles/analysis-of-apt-c-27/",
-          "https://www.pbwcz.cz/Reporty/20180723_CSE_APT27_Syria_v1.pdf"
+          "https://web.archive.org/web/20180827024318/http://csecybsec.com/download/zlab/20180723_CSE_APT27_Syria_v1.pdf"
         ],
         "since": "2014",
         "suspected-victims": [
@@ -9462,7 +9462,7 @@
         "refs": [
           "https://www.computerweekly.com/news/252471769/New-threat-group-behind-Airbus-cyber-attacks-claim-researchers",
           "https://www.contextis.com/en/news/context-identifies-new-avivore-threat-group",
-          "https://www.contextis.com/en/blog/avivore"
+          "https://web.archive.org/web/20191208223958/https://www.contextis.com/en/blog/avivore"
         ]
       },
       "uuid": "8045fc09-13d6-4f90-b239-ed5060b9297b",
@@ -10167,7 +10167,7 @@
           "https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group",
           "https://www.sentinelone.com/labs/solarwinds-understanding-detecting-the-supernova-webshell-trojan",
           "https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a",
-          "https://us-cert.cisa.gov/ncas/analysis-reports/ar21-112"
+          "https://www.cisa.gov/news-events/analysis-reports/ar21-112a"
         ]
       },
       "uuid": "3f04dbbc-69bc-409b-82a1-6135f0b6a41c",