From 0367e16ce023adc02aab03ac0b3878e47d892ba8 Mon Sep 17 00:00:00 2001 From: Daniel Plohmann Date: Wed, 31 Jul 2019 14:35:09 +0200 Subject: [PATCH] adding secureworks actor names for energetic bear and teamspy --- clusters/threat-actor.json | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 7d2cd7f..2afccbf 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2634,7 +2634,8 @@ "https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks", "https://www.kaspersky.com/resource-center/threats/crouching-yeti-energetic-bear-malware-threat", "https://www.sans.org/reading-room/whitepapers/ICS/impact-dragonfly-malware-industrial-control-systems-36672", - "https://attack.mitre.org/groups/G0035/" + "https://attack.mitre.org/groups/G0035/", + "https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector" ], "synonyms": [ "Dragonfly", @@ -2642,7 +2643,8 @@ "Group 24", "Havex", "CrouchingYeti", - "Koala Team" + "Koala Team", + "IRON LIBERTY" ] }, "related": [ @@ -2857,13 +2859,15 @@ "https://www.cfr.org/interactive/cyber-operations/team-spy-crew", "https://threatpost.com/researchers-uncover-teamspy-attack-campaign-targeting-government-research-targets-032013/77646/", "https://www.crysys.hu/publications/files/teamspy.pdf", - "https://d2538mqrb7brka.cloudfront.net/wp-content/uploads/sites/43/2018/03/20134928/theteamspystory_final_t2.pdf" + "https://d2538mqrb7brka.cloudfront.net/wp-content/uploads/sites/43/2018/03/20134928/theteamspystory_final_t2.pdf", + "https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector" ], "synonyms": [ "TeamSpy", "Team Bear", "Berserk Bear", - "Anger Bear" + "Anger Bear", + "IRON LYRIC" ] }, "related": [ @@ -7624,5 +7628,5 @@ "value": "SWEED" } ], - "version": 122 + "version": 124 }