From be0dd94c905ef8f1ce096a4c2e46733614eefd6a Mon Sep 17 00:00:00 2001 From: Nex Date: Mon, 17 Sep 2018 16:26:14 +0200 Subject: [PATCH] Synced country codes with suspected state sponsor --- clusters/threat-actor.json | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index a0031f0..1527d78 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -338,6 +338,7 @@ "Private sector" ], "cfr-type-of-incident": "Espionage", + "country": "KP", "refs": [ "https://securelist.com/blog/research/71713/darkhotels-attacks-in-2015/", "https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dubnium-2", @@ -2833,6 +2834,7 @@ "Military" ], "cfr-type-of-incident": "Espionage", + "country": "IN", "refs": [ "https://securelist.com/blog/research/75328/the-dropping-elephant-actor/", "http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries", @@ -3029,6 +3031,7 @@ "Military" ], "cfr-type-of-incident": "Espionage", + "country": "US", "refs": [ "https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/", "https://www.cfr.org/interactive/cyber-operations/project-sauron" @@ -3802,6 +3805,7 @@ "Civil society" ], "cfr-type-of-incident": "Espionage", + "country": "VN", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html", "https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/", @@ -4462,6 +4466,7 @@ "Private sector" ], "cfr-type-of-incident": "Espionage", + "country": "ES", "refs": [ "https://securelist.com/blog/research/58254/the-caretomask-apt-frequently-asked-questions/", "https://www.cfr.org/interactive/cyber-operations/careto" @@ -4820,6 +4825,7 @@ "Government" ], "cfr-type-of-incident": "Espionage", + "country": "IR", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/", "https://www.cfr.org/interactive/cyber-operations/muddywater" @@ -5261,6 +5267,7 @@ "Private sector" ], "cfr-type-of-incident": "Espionage", + "country": "IR", "mode-of-operation": "IT network limited, information gathering against industrial orgs", "refs": [ "https://dragos.com/adversaries.html", @@ -5412,7 +5419,8 @@ "cfr-target-category": [ "Government", "Civil society" - ] + ], + "country": "CN" }, "uuid": "79c7c7e0-79d5-11e8-9b9c-1ff96be20c0b", "value": "RANCOR" @@ -5497,7 +5505,8 @@ "cfr-target-category": [ "Government", "Private sector" - ] + ], + "country": "CN" }, "uuid": "3f3ff6de-a6a7-11e8-92b4-3743eb1c7762" }, @@ -5587,7 +5596,8 @@ "cfr-type-of-incident": "Espionage", "cfr-target-category": [ "Private sector" - ] + ], + "country": "CN" }, "uuid": "9cebfaa8-a797-11e8-99e0-3ffa312b9a10", "related": [ @@ -5628,7 +5638,8 @@ "cfr-type-of-incident": "Espionage", "cfr-target-category": [ "Civil society" - ] + ], + "country": "CN" }, "uuid": "36ee04f4-a9df-11e8-b92b-d7ddfd3a8896", "related": [ @@ -5655,7 +5666,8 @@ "cfr-type-of-incident": "Espionage", "cfr-target-category": [ "Civil society" - ] + ], + "country": "CN" }, "uuid": "78bf726c-a9e6-11e8-9e43-77249a2f7339" }, @@ -5699,7 +5711,8 @@ "cfr-target-category": [ "Government", "Civil society" - ] + ], + "country": "PK" }, "uuid": "f82b352e-a9f8-11e8-8be8-fbcf6eddd58c" },