From e18fdf42da69992f3062a9c9898fe5a9e2ca4537 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Wed, 20 Jun 2018 09:30:15 +0200 Subject: [PATCH 1/2] add Thrip as threat actor --- clusters/threat-actor.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 691ed44e..deca7761 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2701,6 +2701,16 @@ ] }, "uuid": "4af45fea-72d3-11e8-846c-d37699506c8d" + }, + { + "value": "Thrip", + "description": "Symntec have been monitoring Thrip since 2013 when they uncovered a spying campaign being orchestrated from systems based in China. Since their initial discovery, the group has changed its tactics and broadened the range of tools it used. Initially, it relied heavily on custom malware, but in this most recent wave of attacks, which began in 2017, the group has switched to a mixture of custom malware and living off the land tools. All of these tools, with the exception of Mimikatz (which is almost always used maliciously), have legitimate uses.", + "meta": { + "refs": [ + "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets" + ] + }, + "uuid": "1533bc1a-745a-11e8-90e3-efa3e975fef3s" } ], "name": "Threat actor", From dcda058944fdb732d02786b4a64898265cec1723 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Wed, 20 Jun 2018 09:36:36 +0200 Subject: [PATCH 2/2] update verion --- clusters/threat-actor.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index deca7761..0d8182aa 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2725,5 +2725,5 @@ ], "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", - "version": 42 + "version": 43 }