More CN groups

2016-02-28 08:37:59 +01:00 · 2016-02-28 08:37:59 +01:00 · d11967c1b3
parent a45e032343
commit d11967c1b3
1 changed files with 21 additions and 3 deletions
--- a/elements/apt-groups.json
+++ b/elements/apt-groups.json
@ -1,16 +1,34 @@
 {
  "version" : 1,
-  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups can be confused with their initial operation or campaign.",
+  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
  "authors": ["Alexandre Dulaunoy", "Florian Roth", "Various"],
  "type": "APT Groups",
-  "groups"  : ["Comment Crew","Sofacy","APT 29","Turla Group","Energetic Bear","Sandworm","Anunak","TeamSpy Crew","BuhTrap"],
+  "groups"  : ["Comment Crew","Putter Panda","Sofacy","APT 29","Turla Group","Energetic Bear","Sandworm","Anunak","TeamSpy Crew","BuhTrap","Putter Panda","UPS","IXESHE"],
  "details" : [
                        {
                        "group": "Comment Crew",
                        "description": "PLA Unit 61398 (Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks",
                        "refs": ["https://en.wikipedia.org/wiki/PLA_Unit_61398", "http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf"],
                        "country": "CN",
-                        "synonyms": ["Comment Panda", "PLA Unit 61398", "APT 1", "Advanced Persistent Threat 1", "Byzantine Candor"]
+                        "synonyms": ["Comment Panda","PLA Unit 61398", "APT 1","Advanced Persistent Threat 1","Byzantine Candor","Group 3","TG-8223"]
+                        },
+                        {
+                        "group": "Putter Panda",
+                        "refs": ["http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf"],
+                        "country": "CN",
+                        "synonyms": ["PLA Unit 61486", "APT 2", "Group 36"]
+                        },
+                        {
+                        "group": "UPS",
+                        "refs": ["https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html"],
+                        "country": "CN",
+                        "synonyms": ["Gothic Panda","TG-0110","APT 3","Group 6"]
+                        },
+                        {
+                        "group": "IXESHE",
+                        "refs": ["http://www.crowdstrike.com/blog/whois-numbered-panda/"],
+                        "country": "CN",
+                        "synonyms": ["Numbered Panda", "TG-2754", "BeeBus", "Group 22", "DynCalc", "Crimson Iron"]
                        },
                        {
                        "group": "Sofacy",