Update threat-actor.json

OilRig
2020-07-23 11:07:22 +02:00 · 2020-07-23 11:07:22 +02:00 · 86c54cbd8c
parent c174f613c5
commit 86c54cbd8c
1 changed files with 4 additions and 3 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -3828,8 +3828,8 @@
        "cfr-type-of-incident": "Espionage",
        "country": "IR",
        "refs": [
-          "http://www.clearskysec.com/oilrig/",
-          "http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability",
+          "https://www.clearskysec.com/oilrig/",
+          "https://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability",
          "https://unit42.paloaltonetworks.com/unit42-striking-oil-closer-look-adversary-infrastructure/",
          "https://unit42.paloaltonetworks.com/unit42-introducing-the-adversary-playbook-first-up-oilrig/",
          "https://unit42.paloaltonetworks.com/unit42-oopsie-oilrig-uses-threedollars-deliver-new-trojan/",
@ -3856,6 +3856,7 @@
          "https://www.clearskysec.com/oilrig/",
          "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/",
          "https://attack.mitre.org/groups/G0049/",
+          "https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/",
          "https://www.secureworks.com/research/threat-profiles/cobalt-gypsy"
        ],
        "synonyms": [
@ -8311,5 +8312,5 @@
      "value": "GALLIUM"
    }
  ],
-  "version": 169
+  "version": 170
 }