Merge pull request #467 from Delta-Sierra/master

Few updates
2019-10-31 14:31:16 +01:00 · 2019-10-31 14:31:16 +01:00 · efa2f43c0f
parent d32022b241 bee9b80898
commit efa2f43c0f
2 changed files with 34 additions and 3 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -671,8 +671,12 @@
          "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-july-wicked-spider/"
        ],
        "synonyms": [
+          "Winnti Umbrella",
          "Winnti Group",
          "Tailgater Team",
+          "Suckfly",
+          "APT41",
+          "APT 41",
          "Group 72",
          "Group72",
          "Tailgater",
@ -7747,7 +7751,17 @@
      },
      "uuid": "5cd95926-0098-435e-892d-9c9f61763ad7",
      "value": "LookBack"
+    },
+    {
+      "description": "In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with Chinese-affiliated threat actors, such as APT10.  This multi-wave attacks focused on obtaining data of specific, high-value targets and resulted in a complete takeover of the network.",
+      "meta": {
+        "refs": [
+          "https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers"
+        ]
+      },
+      "uuid": "8dda51ef-9a30-48f7-b0fd-5b6f0a62262d",
+      "value": "Operation Soft Cell"
    }
  ],
-  "version": 135
+  "version": 137
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -663,7 +663,10 @@
        "synonyms": [
          "Etso",
          "SUQ",
-          "Agent.ALQHI"
+          "Agent.ALQHI",
+          "RbDoor",
+          "RibDoor",
+          "HIGHNOON"
        ],
        "type": [
          "Backdoor"
@ -5352,6 +5355,10 @@
      "meta": {
        "refs": [
          "https://cdn.securelist.com/files/2017/08/ShadowPad_technical_description_PDF.pdf"
+        ],
+        "synonyms": [
+          "POISONPLUG",
+          "Barlaiy"
        ]
      },
      "related": [
@ -7859,7 +7866,17 @@
      "description": "Legitimate tool - tool used to scan IPv4/IPv6 networks and remotely execute PowerShell commands.",
      "uuid": "bbba3a35-5064-4e60-ad4b-0ba16cc81a23",
      "value": "Netscan"
+    },
+    {
+      "description": "Malware embedded in Asus Live Update in 2018. ShadowHammer triggers its malicious behavior only if the computer it is running on has a network adapter with the MAC address whitelisted by the attacker.",
+      "meta": {
+        "refs": [
+          "https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf"
+        ]
+      },
+      "uuid": "c1815516-aa2a-43d2-9136-78a8feb054b6",
+      "value": "ShadowHammer"
    }
  ],
-  "version": 126
+  "version": 127
 }