From eed81e9a724915df95f30d8b59c6722e3fc034a5 Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Thu, 18 Apr 2024 12:35:10 +0200 Subject: [PATCH] [threat-actors] r0ny123 review --- clusters/threat-actor.json | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index ec362ef..07c5154 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -8206,7 +8206,9 @@ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt", "https://unit42.paloaltonetworks.com/atoms/mangataurus/", "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf", - "https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf" + "https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf", + "https://www.trendmicro.com/en_us/research/24/d/earth-hundun-waterbear-deuterbear.html", + "https://blogs.jpcert.or.jp/en/2022/03/jsac2022report1.html" ], "synonyms": [ "CIRCUIT PANDA", @@ -8216,7 +8218,8 @@ "G0098", "T-APT-03", "Manga Taurus", - "Red Djinn" + "Red Djinn", + "Earth Hundun" ] }, "uuid": "320c42f7-eab7-4ef9-b09a-74396caa6c3e", @@ -12369,12 +12372,18 @@ "country": "CN", "refs": [ "https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations", - "https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/" + "https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/", + "https://unit42.paloaltonetworks.com/volt-typhoon-threat-brief/", + "https://www.dragos.com/threat/voltzite/" ], "synonyms": [ "BRONZE SILHOUETTE", "VANGUARD PANDA", - "UNC3236" + "UNC3236", + "Insidious Taurus", + "VOLTZITE", + "Dev-0391", + "Storm-0391" ] }, "uuid": "f02679fa-5e85-4050-8eb5-c2677d93306f", @@ -15626,17 +15635,6 @@ "uuid": "2742b229-02f4-40d0-9b99-91844a2b030e", "value": "RUBYCARP" }, - { - "description": "Earth Hundun is a cyberespionage threat actor targeting technology and government sectors in the Asia-Pacific region. They are known for using the Waterbear and Deuterbear malware, which have advanced evasion tactics and anti-analysis mechanisms. The group has been active since at least 2009 and continuously refines their malware to bypass antivirus software. Earth Hundun's attacks involve phishing emails, malware droppers, and backdoors to infiltrate organizations and gather intelligence.", - "meta": { - "refs": [ - "https://www.trendmicro.com/en_us/research/24/d/earth-hundun-waterbear-deuterbear.html", - "https://blogs.jpcert.or.jp/en/2022/03/jsac2022report1.html" - ] - }, - "uuid": "edd85e27-9d05-4bc7-9b2b-5422e909336a", - "value": "Earth Hundun" - }, { "description": "Starry Addax is a threat actor targeting human rights activists associated with the Sahrawi Arab Democratic Republic using a novel mobile malware called FlexStarling. They conduct phishing attacks to trick targets into installing malicious Android applications and serve credential-harvesting pages to Windows-based targets. Their infrastructure targets both Windows and Android users, with the campaign starting with spear-phishing emails containing requests to install specific mobile apps or related themes. The campaign is in its early stages, with potential for additional malware variants and infrastructure development.", "meta": {