Merge branch 'r0ny123-master'

2020-06-12 09:26:51 +02:00 · 2020-06-12 09:26:51 +02:00 · 8c3c224e6a
parent 7ade356d5b 0cb36249a4
commit 8c3c224e6a
1 changed files with 24 additions and 18 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -1158,13 +1158,6 @@
            "estimative-language:likelihood-probability=\"likely\""
          ],
          "type": "similar"
-        },
-        {
-          "dest-uuid": "8dda51ef-9a30-48f7-b0fd-5b6f0a62262d",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "suspected-link"
        }
      ],
      "uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c",
@ -7427,7 +7420,7 @@
          "https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/",
          "https://duo.com/decipher/apt-groups-moving-down-the-supply-chain",
          "https://redalert.nshc.net/2019/12/03/threat-actor-targeting-hong-kong-activists",
-          "https:/twitter.com/bkMSFT/status/1201876664667582466",
+          "https://twitter.com/bkMSFT/status/1201876664667582466",
          "https://www.secureworks.com/research/threat-profiles/bronze-vinewood"
        ],
        "synonyms": [
@ -7916,16 +7909,9 @@
      },
      "related": [
        {
-          "dest-uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c",
+          "dest-uuid": "e400b6c5-77cf-453d-ba0f-44575583ac6c",
          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "suspected-link"
-        },
-        {
-          "dest-uuid": "6085aad0-1d95-11ea-a140-078d42aced40",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
+            "estimative-language:likelihood-probability=\"almost-certain\""
          ],
          "type": "similar"
        }
@ -8340,7 +8326,27 @@
      },
      "uuid": "d1c25b0e-e4c5-4b7c-b790-2e185cb2f07e",
      "value": "COBALT KATANA"
+    },
+    {
+      "description": "GALLIUM, is a threat actor believed to be targeting telecommunication providers over the world, mostly South-East Asia, Europe and Africa. To compromise targeted networks, GALLIUM target unpatched internet-facing services using publicly available exploits and have been known to target vulnerabilities in WildFly/JBoss.",
+      "meta": {
+        "refs": [
+          "https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/",
+          "https://www.youtube.com/watch?v=fBFm2fiEPTg"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "8dda51ef-9a30-48f7-b0fd-5b6f0a62262d",
+          "tags": [
+            "estimative-language:likelihood-probability=\"almost-certain\""
+          ],
+          "type": "similar"
+        }
+      ],
+      "uuid": "e400b6c5-77cf-453d-ba0f-44575583ac6c",
+      "value": "GALLIUM"
    }
  ],
-  "version": 163
+  "version": 164
 }