diff --git a/clusters/microsoft-activity-group.json b/clusters/microsoft-activity-group.json index 5063270..51a3d7c 100644 --- a/clusters/microsoft-activity-group.json +++ b/clusters/microsoft-activity-group.json @@ -340,6 +340,870 @@ ], "uuid": "d7247cf9-13b6-4781-b789-a5f33521633b", "value": "NOBELIUM" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "CN", + "synonyms": [ + "APT41", + "BARIUM" + ] + }, + "uuid": "2fc42ffc-dd1a-560e-ac97-05e8fa27bbe5", + "value": "Brass Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "CN", + "synonyms": [ + "CHROMIUM", + "ControlX" + ] + }, + "uuid": "3f8b7c98-7484-523f-9d58-181274e6fc8f", + "value": "Charcoal Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "CN", + "synonyms": [ + "DEV-0322" + ] + }, + "uuid": "0bebd962-191a-5671-b5b0-f6de7c8180fc", + "value": "Circle Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "CN", + "synonyms": [ + "APT40", + "GADOLINIUM", + "Kryptonite Panda", + "Leviathan", + "TEMP.Periscope" + ] + }, + "uuid": "dbc45b46-5b64-50d4-b0f1-d7de888d4e85", + "value": "Gingham Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "CN", + "synonyms": [ + "GALLIUM" + ] + }, + "uuid": "ae4036de-c901-5f21-808a-f5c071ef509b", + "value": "Granite Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "CN", + "synonyms": [ + "DEV-0234" + ] + }, + "uuid": "aa45a89c-4c2b-5f6b-9a3d-51abccaa9623", + "value": "Lilac Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "CN", + "synonyms": [ + "APT5", + "Keyhole Panda", + "MANGANESE", + "TABCTENG" + ] + }, + "uuid": "fa562b27-d3ff-5e7c-9079-c957eb01a0e0", + "value": "Mulberry Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "CN", + "synonyms": [ + "APT15", + "NICKEL", + "Vixen Panda", + "ke3chang" + ] + }, + "uuid": "66571167-13fe-5817-93e0-54ae8f206fdc", + "value": "Nylon Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "CN", + "synonyms": [ + "APT30", + "LotusBlossom", + "RADIUM" + ] + }, + "uuid": "b3c378fc-1ce3-5a46-a32e-f55a584c6536", + "value": "Raspberry Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "CN", + "synonyms": [ + "HAFNIUM" + ] + }, + "uuid": "9728610a-17cb-5cac-9322-ef19ae296a29", + "value": "Silk Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "CN", + "synonyms": [ + "APT31", + "ZIRCONIUM" + ] + }, + "uuid": "27eb4928-b3e6-5ae1-bbb6-f73bce8d7c69", + "value": "Violet Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "Bronze Starlight", + "DEV-0401", + "Emperor Dragonfly" + ] + }, + "uuid": "43fe584d-88e5-5f2b-a9fd-a866e62040bb", + "value": "Cinnamon Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0950", + "FIN11", + "TA505" + ] + }, + "uuid": "b27dcdee-14b1-5842-86b3-32eacec94584", + "value": "Lace Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0206", + "Purple Vallhund" + ] + }, + "uuid": "1b1524f4-16b0-5b85-aea4-844babea4ccb", + "value": "Mustard Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0193", + "UNC2053", + "Wizard Spider" + ] + }, + "uuid": "120dc1ae-e850-5059-a4fb-520748ca6881", + "value": "Periwinkle Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "Choziosi loader", + "Chrome Loader", + "ClickPirate", + "DEV-0796" + ] + }, + "uuid": "3c9a0350-8d17-5624-872c-fe44969a5888", + "value": "Phlox Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0237", + "FIN12" + ] + }, + "uuid": "567ea386-a78f-5550-ae7c-9c9eacdf45af", + "value": "Pistachio Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "Carbon Spider", + "ELBRUS", + "FIN7" + ] + }, + "uuid": "9471ad21-0553-5483-bf7c-e6ad9c062c79", + "value": "Sangria Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "CHIMBORAZO", + "TA505" + ] + }, + "uuid": "c85120d0-c397-5d30-9d57-3b019090acd5", + "value": "Spandex Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0537", + "LAPSUS$" + ] + }, + "uuid": "d4dfb329-822c-5db3-a078-a8c0f77924da", + "value": "Strawberry Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0832" + ] + }, + "uuid": "a01da064-988c-5ad3-92c6-9537adb6a5f0", + "value": "Vanilla Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0504" + ] + }, + "uuid": "0662a721-a92e-50b3-a5ac-0c4142ac9aeb", + "value": "Velvet Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "PARINACOTA", + "Wadhrama" + ] + }, + "uuid": "5939e42e-06d0-5719-8072-62f0fc0821e8", + "value": "Wine Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Group in development", + "synonyms": [ + "DEV-0257", + "UNC1151" + ] + }, + "uuid": "60ac9e2c-b3b2-5c6b-913e-935952e14c28", + "value": "Storm-0257" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "NEPTUNIUM", + "Vice Leaker" + ] + }, + "uuid": "b06ff51a-77e7-5b7f-9938-4a2d37bce5a4", + "value": "Cotton Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "CURIUM", + "TA456", + "Tortoise Shell" + ] + }, + "uuid": "b76e22b0-26a4-50ca-b876-09bc90a81b3b", + "value": "Crimson Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "DEV-0228" + ] + }, + "uuid": "badacab7-5097-5817-8516-d8a72de2a71b", + "value": "Cuboid Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "DEV-0343" + ] + }, + "uuid": "395473c6-be98-5369-82d1-cdbc97b3fddc", + "value": "Gray Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "APT34", + "Cobalt Gypsy", + "EUROPIUM", + "OilRig" + ] + }, + "uuid": "b6260d6d-a2f7-5b79-8132-5c456a225f53", + "value": "Hazel Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "Fox Kitten", + "PioneerKitten", + "RUBIDIUM", + "UNC757" + ] + }, + "uuid": "0757856a-1313-57d8-bb6c-f4c537e110da", + "value": "Lemon Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "MERCURY", + "MuddyWater", + "SeedWorm", + "Static Kitten", + "TEMP.Zagros" + ] + }, + "uuid": "da68ca6d-250f-50f1-a585-240475fdbb35", + "value": "Mango Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "DEV-0500", + "Moses Staff" + ] + }, + "uuid": "ef415059-e150-5324-877e-44b65ab022f5", + "value": "Marigold Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "APT35", + "Charming Kitten", + "PHOSPHORUS" + ] + }, + "uuid": "400cd1b8-52b7-5a5c-984f-9b4af35ea231", + "value": "Mint Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "APT33", + "HOLMIUM", + "Refined Kitten" + ] + }, + "uuid": "4c0f085a-70b1-5ee6-a45a-dc368f03e701", + "value": "Peach Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "AMERICIUM", + "Agrius", + "BlackShadow", + "Deadwood", + "SharpBoys" + ] + }, + "uuid": "cca311c0-dc91-5aee-b282-5e412040dac3", + "value": "Pink Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "DEV-0146", + "ZeroCleare" + ] + }, + "uuid": "562049d7-78f5-5a65-b7db-c509c9f483f7", + "value": "Pumpkin Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "IR", + "synonyms": [ + "BOHRIUM" + ] + }, + "uuid": "4426d375-1435-5ccc-8c1f-f8688bd11f80", + "value": "Smoke Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "LB", + "synonyms": [ + "POLONIUM" + ] + }, + "uuid": "ce5357da-0e15-5022-bd4f-74aa689d0b2e", + "value": "Plaid Rain" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "KP", + "synonyms": [ + "Labyrinth Chollima", + "Lazarus", + "ZINC" + ] + }, + "uuid": "9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8", + "value": "Diamond Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "KP", + "synonyms": [ + "Kimsuky", + "THALLIUM", + "Velvet Chollima" + ] + }, + "uuid": "44be06b1-e17a-5ea6-a0a2-067933a7af77", + "value": "Emerald Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "KP", + "synonyms": [ + "Konni", + "OSMIUM" + ] + }, + "uuid": "5163b2d9-7521-5225-a7a8-88d881fbc406", + "value": "Opal Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "KP", + "synonyms": [ + "LAWRENCIUM" + ] + }, + "uuid": "1c5c67ad-c241-5103-99d0-daab5a554b0d", + "value": "Pearl Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "KP", + "synonyms": [ + "CERIUM" + ] + }, + "uuid": "c29e7262-6a6f-501d-8c00-57f75f2172a3", + "value": "Ruby Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "KP", + "synonyms": [ + "BlueNoroff", + "COPERNICIUM", + "Genie Spider" + ] + }, + "uuid": "3a32c54d-d86a-55de-b16a-d9a08a5cf49b", + "value": "Sapphire Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "KP", + "synonyms": [ + "DEV-0530", + "H0lyGh0st" + ] + }, + "uuid": "ab314f1c-8d07-5edb-bb32-64d1105f74ff", + "value": "Storm-0530" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Private Sector Offensive Actor", + "synonyms": [ + "Candiru", + "SOURGUM" + ] + }, + "uuid": "1b15288c-ff19-5f52-8c4b-6185de934ff8", + "value": "Caramel Tsunami" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Private Sector Offensive Actor", + "synonyms": [ + "DSIRF", + "KNOTWEED" + ] + }, + "uuid": "9a4a662a-84a9-5b86-b241-7c5eef9cea4d", + "value": "Denim Tsunami" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Private Sector Offensive Actor", + "synonyms": [ + "DEV-0336", + "NSO Group" + ] + }, + "uuid": "af54315b-3561-5046-8b9b-c3e9e05c0f77", + "value": "Night Tsunami" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Private Sector Offensive Actor", + "synonyms": [ + "CyberRoot", + "DEV-0605" + ] + }, + "uuid": "2263b6c9-861a-5971-b882-9ea4a84fcf74", + "value": "Wisteria Tsunami" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "RU", + "synonyms": [ + "ACTINIUM", + "Gamaredon", + "Primitive Bear", + "UNC530" + ] + }, + "uuid": "fc77a775-d06f-5efc-a6fa-0b2af01902a7", + "value": "Aqua Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "RU", + "synonyms": [ + "DEV-0586" + ] + }, + "uuid": "7f190457-6829-55c4-9b6b-bccdadb747cb", + "value": "Cadet Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "RU", + "synonyms": [ + "APT28", + "Fancy Bear", + "STRONTIUM" + ] + }, + "uuid": "8d84d7b0-7716-5ab3-a3a4-f373dd148347", + "value": "Forest Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "RU", + "synonyms": [ + "BROMINE", + "Crouching Yeti", + "Energetic Bear" + ] + }, + "uuid": "45d0f984-2b63-517b-922a-12924bcf4f68", + "value": "Ghost Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "RU", + "synonyms": [ + "APT29", + "Cozy Bear", + "NOBELIUM" + ] + }, + "uuid": "31982812-c8bf-5e85-b0ba-0c64a7d05d20", + "value": "Midnight Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "RU", + "synonyms": [ + "IRIDIUM", + "Sandworm" + ] + }, + "uuid": "473eb51c-36cb-5e3a-8347-2f57df809be9", + "value": "Seashell Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "RU", + "synonyms": [ + "Callisto", + "Reuse Team", + "SEABORGIUM" + ] + }, + "uuid": "06630ccd-98ed-5aec-8083-e04c894bd2d6", + "value": "Star Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "RU", + "synonyms": [ + "DEV-0665" + ] + }, + "uuid": "79f8646f-d127-51b7-b502-b096b445c322", + "value": "Sunglow Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "KR", + "synonyms": [ + "DUBNIUM", + "Dark Hotel", + "Tapaoux" + ] + }, + "uuid": "0a4ddab3-a1a6-5372-b11f-5edc25c0e548", + "value": "Zigzag Hail" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "TR", + "synonyms": [ + "SILICON", + "Sea Turtle" + ] + }, + "uuid": "fc91881e-92c0-5a63-a0b9-b253958a594e", + "value": "Marbled Dust" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "country": "VN", + "synonyms": [ + "APT32", + "BISMUTH", + "OceanLotus" + ] + }, + "uuid": "37808cab-cbb3-560b-bebd-375fa328ea1e", + "value": "Canvas Cyclone" } ], "version": 13 diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index dcceae3..64a7990 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -841,7 +841,8 @@ "https://unit42.paloaltonetworks.com/atoms/iron-taurus/", "https://www.mandiant.com/resources/insights/apt-groups", "https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf", - "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/" + "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/", + "https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html" ], "synonyms": [ "GreedyTaotie", @@ -856,7 +857,8 @@ "BRONZE UNION", "Lucky Mouse", "G0027", - "Iron Taurus" + "Iron Taurus", + "Earth Smilodon" ] }, "related": [ @@ -7470,7 +7472,8 @@ "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf", "https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf", "https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf", - "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/" + "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/", + "https://services.google.com/fh/files/blogs/gcat_threathorizons_full_apr2023.pdf" ], "synonyms": [ "G0096", @@ -7486,7 +7489,8 @@ "Red Kelpie", "G0044", "Earth Baku", - "Amoeba" + "Amoeba", + "HOODOO" ] }, "related": [