From 52ae97718d520ad800cc2fa8631e44cfbf44dab5 Mon Sep 17 00:00:00 2001 From: Sebdraven Date: Tue, 30 Mar 2021 15:11:09 +0200 Subject: [PATCH 1/2] Update threat-actor.json add a synonym to Haffnium --- clusters/threat-actor.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index acf1649..d0f5239 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -8496,7 +8496,12 @@ "https://www.huntress.com/blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers", "https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/Execution/exchange-iis-worker-dropping-webshell.md", "https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server", - "https://www.nextron-systems.com/2021/03/06/scan-for-hafnium-exploitation-evidence-with-thor-lite" + "https://www.nextron-systems.com/2021/03/06/scan-for-hafnium-exploitation-evidence-with-thor-lite", + "https://www.thedailybeast.com/how-chinas-devastating-microsoft-hack-puts-us-all-at-risk" + ], + + "synonyms": [ + "TURBINE PANDA" ] }, "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5", From ce8a9442eb39b6291f5db5417319de1594bbf96c Mon Sep 17 00:00:00 2001 From: sebdraven Date: Tue, 30 Mar 2021 13:12:21 +0000 Subject: [PATCH 2/2] validation jsons --- clusters/threat-actor.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index d0f5239..950039c 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -8499,8 +8499,7 @@ "https://www.nextron-systems.com/2021/03/06/scan-for-hafnium-exploitation-evidence-with-thor-lite", "https://www.thedailybeast.com/how-chinas-devastating-microsoft-hack-puts-us-all-at-risk" ], - - "synonyms": [ + "synonyms": [ "TURBINE PANDA" ] },