From 86c54cbd8c6456acdd396376e5665c434c57c28a Mon Sep 17 00:00:00 2001 From: StefanKelm Date: Thu, 23 Jul 2020 11:07:22 +0200 Subject: [PATCH] Update threat-actor.json OilRig --- clusters/threat-actor.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 0eebf82d..f8c7cb69 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -3828,8 +3828,8 @@ "cfr-type-of-incident": "Espionage", "country": "IR", "refs": [ - "http://www.clearskysec.com/oilrig/", - "http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability", + "https://www.clearskysec.com/oilrig/", + "https://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability", "https://unit42.paloaltonetworks.com/unit42-striking-oil-closer-look-adversary-infrastructure/", "https://unit42.paloaltonetworks.com/unit42-introducing-the-adversary-playbook-first-up-oilrig/", "https://unit42.paloaltonetworks.com/unit42-oopsie-oilrig-uses-threedollars-deliver-new-trojan/", @@ -3856,6 +3856,7 @@ "https://www.clearskysec.com/oilrig/", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/", "https://attack.mitre.org/groups/G0049/", + "https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/", "https://www.secureworks.com/research/threat-profiles/cobalt-gypsy" ], "synonyms": [ @@ -8311,5 +8312,5 @@ "value": "GALLIUM" } ], - "version": 169 + "version": 170 }