Merge pull request #228 from Delta-Sierra/master

add Thrip as threat actor
2018-06-20 09:43:06 +02:00 · 2018-06-20 09:43:06 +02:00 · d3985085e4
parent 7a51f55a93 dcda058944
commit d3985085e4
1 changed files with 11 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -2701,6 +2701,16 @@
        ]
      },
      "uuid": "4af45fea-72d3-11e8-846c-d37699506c8d"
+    },
+    {
+      "value": "Thrip",
+      "description": "Symntec have been monitoring Thrip since 2013 when they uncovered a spying campaign being orchestrated from systems based in China. Since their initial discovery, the group has changed its tactics and broadened the range of tools it used. Initially, it relied heavily on custom malware, but in this most recent wave of attacks, which began in 2017, the group has switched to a mixture of custom malware and living off the land tools. All of these tools, with the exception of Mimikatz (which is almost always used maliciously), have legitimate uses.",
+      "meta": {
+        "refs": [
+          "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets"
+        ]
+      },
+      "uuid": "1533bc1a-745a-11e8-90e3-efa3e975fef3s"
    }
  ],
  "name": "Threat actor",
@ -2715,5 +2725,5 @@
  ],
  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
  "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 42
+  "version": 43
 }