fix: [threat-actor] JQ all the things + version updated

2023-10-20 12:00:48 +02:00 · 2023-10-20 12:00:48 +02:00 · 416cd6706a
parent ec9dc0f2e3
commit 416cd6706a
1 changed files with 20 additions and 20 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -213,11 +213,7 @@
      "description": "Grayling activity was first observed in early 2023, when a number of victims were identified with distinctive malicious DLL side-loading activity. Grayling appears to target organisations in Asia, however one unknown organisation in the United States was also targeted. Industries targeted include Biomedical, Government and Information Technology. Grayling use a variety of tools during their attacks, including well known tools such as Cobalt Strike and Havoc and also some others.",
      "meta": {
        "attribution-confidence": "50",
-        "country": "CN",
        "cfr-suspected-state-sponsor": "China",
-        "refs": [
-          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks"
-        ],
        "cfr-suspected-victims": [
          "Taiwan",
          "United States",
@ -228,6 +224,10 @@
          "Biomedical",
          "Government",
          "Information technology"
+        ],
+        "country": "CN",
+        "refs": [
+          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks"
        ]
      },
      "uuid": "6714de29-4dd8-463c-99a3-77c9e80fa47d",
@ -7554,6 +7554,21 @@
    {
      "description": "Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.",
      "meta": {
+        "cfr-suspected-victims": [
+          "Ecuador",
+          "Colombia",
+          "Spain",
+          "Panama",
+          "Chile"
+        ],
+        "cfr-target-category": [
+          "Petroleum",
+          "Manufacturing",
+          "Financial",
+          "Private sector",
+          "Government"
+        ],
+        "cfr-type-of-incident": "Espionage",
        "refs": [
          "https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/",
          "https://www.ecucert.gob.ec/wp-content/uploads/2022/03/alerta-APTs-2022-03-23.pdf",
@ -7563,21 +7578,6 @@
          "https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/",
          "https://attack.mitre.org/groups/G0099/"
        ],
-        "cfr-suspected-victims": [
-          "Ecuador",
-          "Colombia",
-          "Spain",
-          "Panama",
-          "Chile"
-        ],
-        "cfr-type-of-incident": "Espionage",
-        "cfr-target-category": [
-          "Petroleum",
-          "Manufacturing",
-          "Financial",
-          "Private sector",
-          "Government"
-        ],
        "synonyms": [
          "Blind Eagle"
        ]
@ -12049,5 +12049,5 @@
      "value": "Void Rabisu"
    }
  ],
-  "version": 286
+  "version": 287
 }