From e15a4a6525c4df462c3353714189844eeff31f1f Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Mon, 6 Apr 2020 15:25:22 +0200
Subject: [PATCH 1/2] fixing/removing some more dead links

---
 clusters/threat-actor.json | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e7a6f0c..3393b37 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2185,7 +2185,7 @@
           "https://www.cfr.org/interactive/cyber-operations/magic-hound",
           "https://www.secureworks.com/research/the-curious-case-of-mia-ash",
           "https://www.cfr.org/interactive/cyber-operations/operation-cleaver",
-          "http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf",
+          "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf",
           "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/",
           "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf",
           "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing",
@@ -2703,8 +2703,6 @@
         "cfr-type-of-incident": "Espionage",
         "country": "RU",
         "refs": [
-          "http://www.isightpartners.com/2014/10/cve-2014-4114/",
-          "http://www.isightpartners.com/2016/01/ukraine-and-sandworm-team/",
           "https://dragos.com/blog/crashoverride/CrashOverride-01.pdf",
           "https://www.us-cert.gov/ncas/alerts/TA17-163A",
           "https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid",
@@ -3494,7 +3492,7 @@
           "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf",
           "https://attack.mitre.org/wiki/Groups",
           "https://www.forcepoint.com/de/blog/x-labs/trojanized-adobe-installer-used-install-dragonok-s-new-custom-backdoor",
-          "http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor",
+          "https://github.com/m0n0ph1/APT_CyberCriminal_Campagin_Collections-1/blob/master/2017/2017.02.15.deep-dive-dragonok-rambo-backdoor/Deep%20Dive%20on%20the%20DragonOK%20Rambo%20Backdoor%20_%20Morphick%20Cyber%20Security.pdf",
           "https://www.cfr.org/interactive/cyber-operations/moafee",
           "https://unit42.paloaltonetworks.com/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/",
           "https://unit42.paloaltonetworks.com/unit42-dragonok-updates-toolset-targets-multiple-geographic-regions/",
@@ -4386,7 +4384,6 @@
         "country": "CN",
         "refs": [
           "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/",
-          "http://www.kaspersky.com/about/news/virus/2015/Blue-Termite-A-Sophisticated-Cyber-Espionage-Campaign-is-After-High-Profile-Japanese-Targets",
           "https://www.cfr.org/interactive/cyber-operations/blue-termite"
         ],
         "synonyms": [
@@ -5451,7 +5448,7 @@
           "http://blog.talosintelligence.com/2017/06/palestine-delphi.html",
           "https://www.threatconnect.com/blog/kasperagent-malware-campaign/",
           "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/sexually-explicit-material-used-as-lures-in-cyber-attacks?linkId=12425812",
-          "<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064309/The-Desert-Falcons-targeted-attacks.pdf"
+          "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064309/The-Desert-Falcons-targeted-attacks.pdf"
         ],
         "synonyms": [
           "Desert Falcon",
@@ -6801,8 +6798,7 @@
       "description": "Malware experts at CSE Cybsec uncovered a massive malvertising campaign dubbed EvilTraffic leveraging tens of thousands compromised websites. Crooks exploited some CMS vulnerabilities to upload and execute arbitrary PHP pages used to generate revenues via advertising.",
       "meta": {
         "refs": [
-          "http://securityaffairs.co/wordpress/68059/cyber-crime/eviltraffic-malvertising-campaign.html",
-          "http://csecybsec.com/download/zlab/20180121_CSE_Massive_Malvertising_Report.pdf"
+          "http://securityaffairs.co/wordpress/68059/cyber-crime/eviltraffic-malvertising-campaign.html"
         ],
         "synonyms": [
           "Operation EvilTraffic"

From aba625dee5d5ec2dae3d0edaa94c89c7168d534a Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Tue, 7 Apr 2020 08:49:33 +0200
Subject: [PATCH 2/2] removed duplicate entry

---
 clusters/threat-actor.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 3393b37..4469057 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2187,7 +2187,6 @@
           "https://www.cfr.org/interactive/cyber-operations/operation-cleaver",
           "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf",
           "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/",
-          "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf",
           "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing",
           "https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/",
           "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations",