Skip to content

Commit

Permalink
Update threat-actor.json
Browse files Browse the repository at this point in the history 
add a synonym to Haffnium
  • Loading branch information
@sebdraven
sebdraven committed Mar 30, 2021
1 parent b082977 commit 52ae977
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion clusters/threat-actor.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8496,7 +8496,12 @@
"https://www.huntress.com/blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers",
"https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/Execution/exchange-iis-worker-dropping-webshell.md",
"https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server",
"https://www.nextron-systems.com/2021/03/06/scan-for-hafnium-exploitation-evidence-with-thor-lite"
"https://www.nextron-systems.com/2021/03/06/scan-for-hafnium-exploitation-evidence-with-thor-lite",
"https://www.thedailybeast.com/how-chinas-devastating-microsoft-hack-puts-us-all-at-risk"
],

"synonyms": [
"TURBINE PANDA"
]
},
"uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",
Expand Down

2 comments on commit 52ae977

@adulau
Copy link
Member

@adulau adulau commented on 52ae977 Mar 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sebdraven what's your point of view regarding the overlap/synonym?

My take on this: HAFNIUM and AXIOM have also overlap just like APT26/TURBINE PANDA. But is it synonym? Difficult to say. I would be in favour of removing the synonym.

@sebdraven
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep. I agree with your point and @r0ny123 has the same point of view with his PR ;) https://github.com/MISP/misp-galaxy/pulls/r0ny123

It think for the moment we can remove Turbine Panda like a synonym of Haffnium.

Please sign in to comment.