From d0c6b7b46dfb15dae2239a9fa1fe68dc2b3e027e Mon Sep 17 00:00:00 2001
From: Thomas Dupuy <thom4s.d@gmail.com>
Date: Thu, 13 Aug 2020 15:57:33 -0400
Subject: [PATCH] Update Tonto Team/CactusPete threat actor

---
 clusters/threat-actor.json | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index c138622..58ae36c 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -175,18 +175,6 @@
       "uuid": "9e71024e-817f-45b0-92a0-d886c30bc929",
       "value": "Dust Storm"
     },
-    {
-      "description": "Adversary targeting dissident groups in China and its surroundings.",
-      "meta": {
-        "attribution-confidence": "50",
-        "country": "CN",
-        "refs": [
-          "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
-        ]
-      },
-      "uuid": "06e659ff-ece8-4e6c-a110-d9692ac6d8ee",
-      "value": "Karma Panda"
-    },
     {
       "meta": {
         "attribution-confidence": "50",
@@ -4780,10 +4768,29 @@
     {
       "meta": {
         "attribution-confidence": "50",
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-suspected-victims": [
+          "Eastern Europe",
+          "Japan",
+          "South Korea",
+          "Taiwan",
+          "US"
+        ],
+        "cfr-target-category": [
+          "Military",
+          "Government",
+          "Private sector"
+        ],
         "country": "CN",
         "refs": [
-          "https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403?emailToken=JRrydPtyYnqTg9EyZsw31FwuZ7JNEOKCXF7LaW/HM1DLsjnUp6e6wLgph560pnmiTAN/5ssf7moyADPQj2p2Gc+YkL1yi0zhIiUM9M6aj1HTYQ==",
-          "https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/"
+          "https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/",
+          "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf",
+          "https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/",
+          "https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403"
+        ],
+        "synonyms": [
+          "CactusPete",
+          "Karma Panda"
         ]
       },
       "uuid": "0ab7c8de-fc23-4793-99aa-7ee336199e26",
@@ -8328,5 +8335,5 @@
       "value": "GALLIUM"
     }
   ],
-  "version": 172
+  "version": 173
 }