Merge pull request #38 from chrisdoman/master

Added references
2017-03-01 14:54:35 +01:00 · 2017-03-01 14:54:35 +01:00 · 876ae24454
parent a224c7ce5e 9e5c983a65
commit 876ae24454
1 changed files with 32 additions and 8 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -170,7 +170,7 @@
          "https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dubnium-2"
        ]
      },
-      "value": "darkhotel"
+      "value": "DarkHotel"
    },
    {
      "meta": {
@ -470,7 +470,10 @@
          "PittyTiger",
          "MANGANESE"
        ],
-        "country": "CN"
+        "country": "CN",
+        "refs": [
+          "http://blog.airbuscybersecurity.com/post/2014/07/The-Eye-of-the-Tiger2"
+        ]
      },
      "value": "Pitty Panda",
      "description": "The Pitty Tiger group has been active since at least 2011. They have been seen using HeartBleed vulnerability in order to directly get valid credentials"
@ -545,6 +548,9 @@
    {
      "meta": {
        "country": "CN",
+        "refs": [
+          "http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/"
+        ],
        "synonyms": [
          "APT20",
          "APT 20",
@ -583,6 +589,9 @@
    {
      "meta": {
        "country": "CN",
+        "refs": [
+          "https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india"
+        ],
        "synonyms": [
          "APT23",
          "KeyBoy"
@ -599,6 +608,9 @@
          "AjaxSecurityTeam",
          "Ajax Security Team",
          "Group 26"
+        ],
+        "refs": [
+          "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf"
        ]
      },
      "value": "Flying Kitten",
@ -628,6 +640,9 @@
          "Parastoo",
          "Group 83",
          "Newsbeef"
+        ],
+        "refs": [
+          "https://en.wikipedia.org/wiki/Operation_Newscaster"
        ]
      },
      "value": "Charming Kitten",
@ -831,6 +846,9 @@
          "Carbon Spider"
        ],
        "country": "RU",
+        "refs": [
+          "https://en.wikipedia.org/wiki/Carbanak"
+        ],
        "motive": "Cybercrime"
      },
      "description": "Groups targeting financial organizations or people with significant financial assets.",
@ -931,7 +949,10 @@
          "Appin",
          "OperationHangover"
        ],
-        "country": "IN"
+        "country": "IN",
+        "refs": [
+          "http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf"
+        ]
      },
      "value": "Viceroy Tiger"
    },
@ -958,6 +979,9 @@
      "value": "SNOWGLOBE",
      "meta": {
        "country": "FR",
+        "refs": [
+          "https://securelist.com/blog/research/69114/animals-in-the-apt-farm/"
+        ],
        "synonyms": [
          "Animal Farm"
        ]
@ -1135,12 +1159,12 @@
          "https://attack.mitre.org/wiki/Group/G0013"
        ],
        "synonyms": [
-          "APT 30"
+          "APT30"
        ],
        "country": "CN"
      },
-      "value": "APT30",
-      "description": "APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches."
+      "value": "APT 30",
+      "description": "APT 30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches."
    },
    {
      "meta": {
@ -1398,5 +1422,5 @@
  ],
  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
  "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 16
-}
+  "version": 17
+}