fix: [threat-actor] JQ all the things + version updated

MISP · Oct 20, 2023 · 416cd67 · 416cd67
1 parent ec9dc0f
commit 416cd67
Showing 1 changed file with 15 additions and 15 deletions.
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
@@ -213,11 +213,7 @@
       "description": "Grayling activity was first observed in early 2023, when a number of victims were identified with distinctive malicious DLL side-loading activity. Grayling appears to target organisations in Asia, however one unknown organisation in the United States was also targeted. Industries targeted include Biomedical, Government and Information Technology. Grayling use a variety of tools during their attacks, including well known tools such as Cobalt Strike and Havoc and also some others.",
       "meta": {
         "attribution-confidence": "50",
-        "country": "CN",
         "cfr-suspected-state-sponsor": "China",
-        "refs": [
-          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks"
-        ],
         "cfr-suspected-victims": [
           "Taiwan",
           "United States",
@@ -228,6 +224,10 @@
           "Biomedical",
           "Government",
           "Information technology"
+        ],
+        "country": "CN",
+        "refs": [
+          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks"
         ]
       },
       "uuid": "6714de29-4dd8-463c-99a3-77c9e80fa47d",
@@ -7554,30 +7554,30 @@
     {
       "description": "Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.",
       "meta": {
-        "refs": [
-          "https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/",
-          "https://www.ecucert.gob.ec/wp-content/uploads/2022/03/alerta-APTs-2022-03-23.pdf",
-          "https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia",
-          "https://lab52.io/blog/apt-c-36-recent-activity-analysis/",
-          "https://www.trendmicro.com/en_ph/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html",
-          "https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/",
-          "https://attack.mitre.org/groups/G0099/"
-        ],
         "cfr-suspected-victims": [
           "Ecuador",
           "Colombia",
           "Spain",
           "Panama",
           "Chile"
         ],
-        "cfr-type-of-incident": "Espionage",
         "cfr-target-category": [
           "Petroleum",
           "Manufacturing",
           "Financial",
           "Private sector",
           "Government"
         ],
+        "cfr-type-of-incident": "Espionage",
+        "refs": [
+          "https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/",
+          "https://www.ecucert.gob.ec/wp-content/uploads/2022/03/alerta-APTs-2022-03-23.pdf",
+          "https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia",
+          "https://lab52.io/blog/apt-c-36-recent-activity-analysis/",
+          "https://www.trendmicro.com/en_ph/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html",
+          "https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/",
+          "https://attack.mitre.org/groups/G0099/"
+        ],
         "synonyms": [
           "Blind Eagle"
         ]
@@ -12049,5 +12049,5 @@
       "value": "Void Rabisu"
     }
   ],
-  "version": 286
+  "version": 287
 }