Update Tonto Team/CactusPete threat actor

2020-08-13 15:57:33 -04:00 · 2020-08-13 15:57:33 -04:00 · d0c6b7b46d
parent 72554ed71c
commit d0c6b7b46d
1 changed files with 22 additions and 15 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -175,18 +175,6 @@
      "uuid": "9e71024e-817f-45b0-92a0-d886c30bc929",
      "value": "Dust Storm"
    },
-    {
-      "description": "Adversary targeting dissident groups in China and its surroundings.",
-      "meta": {
-        "attribution-confidence": "50",
-        "country": "CN",
-        "refs": [
-          "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
-        ]
-      },
-      "uuid": "06e659ff-ece8-4e6c-a110-d9692ac6d8ee",
-      "value": "Karma Panda"
-    },
    {
      "meta": {
        "attribution-confidence": "50",
@ -4780,10 +4768,29 @@
    {
      "meta": {
        "attribution-confidence": "50",
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-suspected-victims": [
+          "Eastern Europe",
+          "Japan",
+          "South Korea",
+          "Taiwan",
+          "US"
+        ],
+        "cfr-target-category": [
+          "Military",
+          "Government",
+          "Private sector"
+        ],
        "country": "CN",
        "refs": [
-          "https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403?emailToken=JRrydPtyYnqTg9EyZsw31FwuZ7JNEOKCXF7LaW/HM1DLsjnUp6e6wLgph560pnmiTAN/5ssf7moyADPQj2p2Gc+YkL1yi0zhIiUM9M6aj1HTYQ==",
-          "https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/"
+          "https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/",
+          "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf",
+          "https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/",
+          "https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403"
+        ],
+        "synonyms": [
+          "CactusPete",
+          "Karma Panda"
        ]
      },
      "uuid": "0ab7c8de-fc23-4793-99aa-7ee336199e26",
@ -8328,5 +8335,5 @@
      "value": "GALLIUM"
    }
  ],
-  "version": 172
+  "version": 173
 }