diff --git a/clusters/microsoft-activity-group.json b/clusters/microsoft-activity-group.json index 9a460902..dd428dcd 100644 --- a/clusters/microsoft-activity-group.json +++ b/clusters/microsoft-activity-group.json @@ -322,10 +322,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT41", "BARIUM" @@ -336,10 +336,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "CHROMIUM", "ControlX" @@ -350,10 +350,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "DEV-0322" ] @@ -363,10 +363,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT40", "GADOLINIUM", @@ -380,10 +380,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "GALLIUM" ] @@ -393,10 +393,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "DEV-0234" ] @@ -406,10 +406,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT5", "Keyhole Panda", @@ -422,10 +422,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT15", "NICKEL", @@ -438,10 +438,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT30", "LotusBlossom", @@ -453,10 +453,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "HAFNIUM" ] @@ -466,10 +466,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT31", "ZIRCONIUM" @@ -666,10 +666,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "NEPTUNIUM", "Vice Leaker" @@ -680,10 +680,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "CURIUM", "TA456", @@ -695,10 +695,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "DEV-0228" ] @@ -708,10 +708,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "DEV-0343" ] @@ -721,10 +721,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "APT34", "Cobalt Gypsy", @@ -737,10 +737,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "Fox Kitten", "PioneerKitten", @@ -753,10 +753,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "MERCURY", "MuddyWater", @@ -770,10 +770,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "DEV-0500", "Moses Staff" @@ -784,10 +784,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "APT35", "Charming Kitten", @@ -799,10 +799,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "APT33", "HOLMIUM", @@ -814,10 +814,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "AMERICIUM", "Agrius", @@ -831,10 +831,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "DEV-0146", "ZeroCleare" @@ -845,10 +845,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "BOHRIUM" ] @@ -858,10 +858,10 @@ }, { "meta": { + "country": "LB", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "LB", "synonyms": [ "POLONIUM" ] @@ -871,10 +871,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "Labyrinth Chollima", "Lazarus", @@ -886,10 +886,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "Kimsuky", "THALLIUM", @@ -901,10 +901,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "Konni", "OSMIUM" @@ -915,10 +915,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "LAWRENCIUM" ] @@ -928,10 +928,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "CERIUM" ] @@ -941,10 +941,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "BlueNoroff", "COPERNICIUM", @@ -956,10 +956,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "DEV-0530", "H0lyGh0st" @@ -1026,10 +1026,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "ACTINIUM", "Gamaredon", @@ -1042,10 +1042,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "DEV-0586" ] @@ -1055,10 +1055,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "APT28", "Fancy Bear", @@ -1070,10 +1070,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "BROMINE", "Crouching Yeti", @@ -1085,10 +1085,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "APT29", "Cozy Bear", @@ -1100,10 +1100,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "IRIDIUM", "Sandworm" @@ -1114,10 +1114,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "Callisto", "Reuse Team", @@ -1129,10 +1129,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "DEV-0665" ] @@ -1142,10 +1142,10 @@ }, { "meta": { + "country": "KR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KR", "synonyms": [ "DUBNIUM", "Dark Hotel", @@ -1157,10 +1157,10 @@ }, { "meta": { + "country": "TR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "TR", "synonyms": [ "SILICON", "Sea Turtle" @@ -1171,10 +1171,10 @@ }, { "meta": { + "country": "VN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "VN", "synonyms": [ "APT32", "BISMUTH",