Merge branch 'master' into master

2019-02-14 16:29:04 +01:00 · 2019-02-14 16:29:04 +01:00 · 5bf18ffd23
parent 9c450a80d4 ad0ef66b0a
commit 5bf18ffd23
2 changed files with 31 additions and 9 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -363,7 +363,8 @@
          "Luder",
          "Nemim",
          "Tapaoux",
-          "Pioneer"
+          "Pioneer",
+          "Shadow Crane"
        ]
      },
      "related": [
@ -2933,7 +2934,8 @@
          "Chinastrats",
          "Patchwork",
          "Monsoon",
-          "Sarit"
+          "Sarit",
+          "Quilted Tiger"
        ]
      },
      "related": [
@ -3913,7 +3915,8 @@
          "APT-C-00",
          "SeaLotus",
          "APT-32",
-          "APT 32"
+          "APT 32",
+          "Ocean Buffalo"
        ]
      },
      "related": [
@ -4118,12 +4121,14 @@
        "refs": [
          "https://www.helpnetsecurity.com/2016/11/22/cobalt-hackers-synchronized-atm-heists/",
          "https://www.bleepingcomputer.com/news/security/cobalt-hacking-group-tests-banks-in-russia-and-romania/",
-          "https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish"
+          "https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish",
+          "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-september-cobalt-spider/"
        ],
        "synonyms": [
          "Cobalt group",
          "Cobalt gang",
-          "GOLD KINGSWOOD"
+          "GOLD KINGSWOOD",
+          "Cobalt Spider"
        ]
      },
      "uuid": "01967480-c49b-4d4a-a7fa-aef0eaf535fe",
@ -4245,7 +4250,8 @@
        "synonyms": [
          "APT26",
          "Hippo Team",
-          "JerseyMikes"
+          "JerseyMikes",
+          "Turbine Panda"
        ]
      },
      "related": [
@ -4521,7 +4527,8 @@
          "https://www.cfr.org/interactive/cyber-operations/kimsuky"
        ],
        "synonyms": [
-          "Kimsuky"
+          "Kimsuky",
+          "Velvet Chollima"
        ]
      },
      "uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
@ -4934,7 +4941,8 @@
          "https://www.cfr.org/interactive/cyber-operations/muddywater"
        ],
        "synonyms": [
-          "TEMP.Zagros"
+          "TEMP.Zagros",
+          "Static Kitten"
        ]
      },
      "related": [
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -7528,6 +7528,20 @@
      },
      "uuid": "4473f19e-ad0f-4191-bb7f-a28ef7ae3be3",
      "value": "Bushaloader"
+    },
+    {
+      "description": "Backdoor",
+      "meta": {
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-adds-updated-tools-to-its-arsenal/",
+          "https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html"
+        ],
+        "synonyms": [
+          "UPPERCUT"
+        ]
+      },
+      "uuid": "588b97ff-3434-4aa1-a5fd-815e1bb0178b",
+      "value": "ANEL"
    }
  ],
  "version": 109