Removed duplicates

clusters/threat-actor.json

@@ -5025,16 +5025,6 @@
       "uuid": "b8967b3c-3bc9-11e8-8701-8b1ead8c099e",
       "value": "APT35"
     },
-    {
-      "description": "Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high profile organizations. The objective of the attacks is clearly espionage – they involve gaining access to top legislative, executive and judicial bodies around the world.",
-      "meta": {
-        "refs": [
-          "https://securelist.com/operation-parliament-who-is-doing-what/85237/"
-        ]
-      },
-      "uuid": "20f2d3a4-3ee7-11e8-8e78-837fd23517e0",
-      "value": "Operation Parliament"
-    },
     {
       "description": "Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large international corporations that operate within the healthcare sector in the United States, Europe, and Asia.\nFirst identified in January 2015, Orangeworm has also conducted targeted attacks against organizations in related industries as part of a larger supply-chain attack in order to reach their intended victims. Known victims include healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry, likely for the purpose of corporate espionage.",
       "meta": {
@@ -5389,16 +5379,6 @@
       "uuid": "4af45fea-72d3-11e8-846c-d37699506c8d",
       "value": "LuckyMouse"
     },
-    {
-      "description": "Symantec have been monitoring Thrip since 2013 when they uncovered a spying campaign being orchestrated from systems based in China. Since their initial discovery, the group has changed its tactics and broadened the range of tools it used. Initially, it relied heavily on custom malware, but in this most recent wave of attacks, which began in 2017, the group has switched to a mixture of custom malware and living off the land tools. All of these tools, with the exception of Mimikatz (which is almost always used maliciously), have legitimate uses.",
-      "meta": {
-        "refs": [
-          "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets"
-        ]
-      },
-      "uuid": "1533bc1a-745a-11e8-90e3-efa3e975fef3s",
-      "value": "Thrip"
-    },
     {
       "description": "The Rancor group’s attacks use two primary malware families which are naming DDKONG and PLAINTEE. DDKONG is used throughout the campaign and PLAINTEE appears to be new addition to these attackers’ toolkit.  Countries Unit 42 has identified as targeted by Rancor with these malware families include, but are not limited to Singapore and Cambodia.",
       "meta": {
@@ -5514,7 +5494,8 @@
       "description": "This threat actor uses spear-phishing techniques to target parliaments, government ministries, academics, and media organizations, primarily in the Middle East, for the purpose of espionage.",
       "meta": {
         "refs": [
-          "https://www.cfr.org/interactive/cyber-operations/operation-parliament"
+          "https://www.cfr.org/interactive/cyber-operations/operation-parliament",
+          "https://securelist.com/operation-parliament-who-is-doing-what/85237/"
         ],
         "cfr-suspected-victims": [
           "Palestine",
@@ -5675,7 +5656,8 @@
       "description": "This threat actor targets organizations in the satellite communications, telecommunications, geospatial-imaging, and defense sectors in the United States and Southeast Asia for espionage purposes.",
       "meta": {
         "refs": [
-          "https://www.cfr.org/interactive/cyber-operations/thrip"
+          "https://www.cfr.org/interactive/cyber-operations/thrip",
+          "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets"
         ],
         "cfr-suspected-victims": [
           "United States"