Merge pull request #691 from r0ny123/indian-adversaries

Update to Indian Adversaries
2022-03-15 12:28:16 +01:00 · 2022-03-15 12:28:16 +01:00 · 7fd5715715
parent a6da498a4d eebda5f955
commit 7fd5715715
1 changed files with 16 additions and 25 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -3133,19 +3133,31 @@
      "value": "Lazarus Group"
    },
    {
+      "description": "VICEROY TIGER is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors. Older activity targeted multiple sectors and countries; however, since 2015 this adversary appears to focus on entities in Pakistan with a particular focus on government and security organizations. This adversary consistently leverages spear phishing emails containing malicious Microsoft Office documents, malware designed to target the Android mobile platform, and phishing activity designed to harvest user credentials. In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APT's attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organization’s new attack activity, confirmed and exposed the gang’s targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization.",
      "meta": {
        "attribution-confidence": "50",
        "country": "IN",
        "refs": [
-          "https://kung_foo.keybase.pub/papers_and_presentations/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf"
+          "https://kung_foo.keybase.pub/papers_and_presentations/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf",
+          "https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/",
+          "https://www.netscout.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia",
+          "https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/",
+          "https://www.crowdstrike.com/blog/viceroy-tiger-delivers-new-zero-day-exploit/index.html",
+          "https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/",
+          "https://unit42.paloaltonetworks.com/threat-assessment-hangover-threat-group/",
+          "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
+          "https://blog.cyble.com/2021/07/22/donot-apt-group-delivers-a-spyware-variant-of-chat-app/",
+          "https://adversary.crowdstrike.com/en-US/adversary/viceroy-tiger"
        ],
        "synonyms": [
-          "Appin",
-          "OperationHangover"
+          "OPERATION HANGOVER",
+          "Donot Team",
+          "APT-C-35",
+          "SectorE02"
        ]
      },
      "uuid": "e2b87f81-a6a1-4524-b03f-193c3191d239",
-      "value": "Viceroy Tiger"
+      "value": "VICEROY TIGER"
    },
    {
      "meta": {
@ -6163,27 +6175,6 @@
      "uuid": "71a3b962-9a36-11e8-88f8-b31d20c6fa2a",
      "value": "RedAlpha"
    },
-    {
-      "description": "In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APT's attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organization’s new attack activity, confirmed and exposed the gang’s targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization",
-      "meta": {
-        "refs": [
-          "https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/",
-          "https://www.netscout.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia",
-          "https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/",
-          "https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/",
-          "https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-investigates-donot-team-cyberespionage-targeting-military-governments-in-south-asia/",
-          "https://github.com/eset/malware-ioc/tree/master/donot"
-        ],
-        "synonyms": [
-          "DoNot Team",
-          "Donot Team",
-          "APT-C-35",
-          "SectorE02"
-        ]
-      },
-      "uuid": "b9dc4e81-909f-4324-8b25-a0f359cd88e0",
-      "value": "APT-C-35"
-    },
    {
      "description": "This threat actor targets organizations in the finance, defense, aerospace, technology, health-care, and automotive sectors and media organizations in East Asia for the purpose of espionage. Believed to be responsible for the targeting of South Korean actors prior to the meeting of Donald J. Trump and Kim Jong-un",
      "meta": {