From 193b474ad2881aac96ef67c6a84f6a3afc4d4732 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 25 Jan 2018 15:41:47 +0100 Subject: [PATCH] add: Nexus Zeta is no stranger when it comes to implementing SOAP relatedrelated exploit ;-) --- clusters/threat-actor.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 123bc158..dab86b1e 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2264,6 +2264,10 @@ }, "value": "Dark Caracal", "description": "Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut. At present, we have knowledge of hundreds of gigabytes of exfiltrated data, in 21+ countries, across thousands of victims. Stolen data includes enterprise intellectual property and personally identifiable information." + }, + { + "value": "Nexus Zeta", + "description": "Nexus Zeta is no stranger when it comes to implementing SOAP related exploits. The threat actor has already been observed in implementing two other known SOAP related exploits, CVE-2014–8361 and CVE-2017–17215 in his Satori botnet project. A third SOAP exploit, TR-069 bug has also been observed previously in IoT botnets. This makes EDB 38722 the fourth SOAP related exploit which is discovered in the wild by IoT botnets." } ], "name": "Threat actor", @@ -2278,5 +2282,5 @@ ], "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", - "version": 31 + "version": 33 }