From 416cd6706ae471ed8eab950c3d7769d032ff2c62 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 20 Oct 2023 12:00:48 +0200
Subject: [PATCH] fix: [threat-actor] JQ all the things + version updated

---
 clusters/threat-actor.json | 40 +++++++++++++++++++-------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b1836dd..afb158a 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -213,11 +213,7 @@
       "description": "Grayling activity was first observed in early 2023, when a number of victims were identified with distinctive malicious DLL side-loading activity. Grayling appears to target organisations in Asia, however one unknown organisation in the United States was also targeted. Industries targeted include Biomedical, Government and Information Technology. Grayling use a variety of tools during their attacks, including well known tools such as Cobalt Strike and Havoc and also some others.",
       "meta": {
         "attribution-confidence": "50",
-        "country": "CN",
         "cfr-suspected-state-sponsor": "China",
-        "refs": [
-          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks"
-        ],
         "cfr-suspected-victims": [
           "Taiwan",
           "United States",
@@ -228,6 +224,10 @@
           "Biomedical",
           "Government",
           "Information technology"
+        ],
+        "country": "CN",
+        "refs": [
+          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks"
         ]
       },
       "uuid": "6714de29-4dd8-463c-99a3-77c9e80fa47d",
@@ -7554,6 +7554,21 @@
     {
       "description": "Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.",
       "meta": {
+        "cfr-suspected-victims": [
+          "Ecuador",
+          "Colombia",
+          "Spain",
+          "Panama",
+          "Chile"
+        ],
+        "cfr-target-category": [
+          "Petroleum",
+          "Manufacturing",
+          "Financial",
+          "Private sector",
+          "Government"
+        ],
+        "cfr-type-of-incident": "Espionage",
         "refs": [
           "https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/",
           "https://www.ecucert.gob.ec/wp-content/uploads/2022/03/alerta-APTs-2022-03-23.pdf",
@@ -7563,21 +7578,6 @@
           "https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/",
           "https://attack.mitre.org/groups/G0099/"
         ],
-        "cfr-suspected-victims": [
-          "Ecuador",
-          "Colombia",
-          "Spain",
-          "Panama",
-          "Chile"
-        ],
-        "cfr-type-of-incident": "Espionage",
-        "cfr-target-category": [
-          "Petroleum",
-          "Manufacturing",
-          "Financial",
-          "Private sector",
-          "Government"
-        ],
         "synonyms": [
           "Blind Eagle"
         ]
@@ -12049,5 +12049,5 @@
       "value": "Void Rabisu"
     }
   ],
-  "version": 286
+  "version": 287
 }