Merge branch 'master' into master

clusters/threat-actor.json

@@ -363,7 +363,8 @@
           "Luder",
           "Nemim",
           "Tapaoux",
-          "Pioneer"
+          "Pioneer",
+          "Shadow Crane"
         ]
       },
       "related": [
@@ -2933,7 +2934,8 @@
           "Chinastrats",
           "Patchwork",
           "Monsoon",
-          "Sarit"
+          "Sarit",
+          "Quilted Tiger"
         ]
       },
       "related": [
@@ -3913,7 +3915,8 @@
           "APT-C-00",
           "SeaLotus",
           "APT-32",
-          "APT 32"
+          "APT 32",
+          "Ocean Buffalo"
         ]
       },
       "related": [
@@ -4118,12 +4121,14 @@
         "refs": [
           "https://www.helpnetsecurity.com/2016/11/22/cobalt-hackers-synchronized-atm-heists/",
           "https://www.bleepingcomputer.com/news/security/cobalt-hacking-group-tests-banks-in-russia-and-romania/",
-          "https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish"
+          "https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish",
+          "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-september-cobalt-spider/"
         ],
         "synonyms": [
           "Cobalt group",
           "Cobalt gang",
-          "GOLD KINGSWOOD"
+          "GOLD KINGSWOOD",
+          "Cobalt Spider"
         ]
       },
       "uuid": "01967480-c49b-4d4a-a7fa-aef0eaf535fe",
@@ -4245,7 +4250,8 @@
         "synonyms": [
           "APT26",
           "Hippo Team",
-          "JerseyMikes"
+          "JerseyMikes",
+          "Turbine Panda"
         ]
       },
       "related": [
@@ -4521,7 +4527,8 @@
           "https://www.cfr.org/interactive/cyber-operations/kimsuky"
         ],
         "synonyms": [
-          "Kimsuky"
+          "Kimsuky",
+          "Velvet Chollima"
         ]
       },
       "uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
@@ -4934,7 +4941,8 @@
           "https://www.cfr.org/interactive/cyber-operations/muddywater"
         ],
         "synonyms": [
-          "TEMP.Zagros"
+          "TEMP.Zagros",
+          "Static Kitten"
         ]
       },
       "related": [

clusters/tool.json

@@ -7528,6 +7528,20 @@
       },
       "uuid": "4473f19e-ad0f-4191-bb7f-a28ef7ae3be3",
       "value": "Bushaloader"
+    },
+    {
+      "description": "Backdoor",
+      "meta": {
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-adds-updated-tools-to-its-arsenal/",
+          "https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html"
+        ],
+        "synonyms": [
+          "UPPERCUT"
+        ]
+      },
+      "uuid": "588b97ff-3434-4aa1-a5fd-815e1bb0178b",
+      "value": "ANEL"
     }
   ],
   "version": 109