add Malteiro

2022-12-16 16:43:50 +01:00 · 2022-12-16 16:43:50 +01:00 · 3f4edb480b
parent 5931f51d7a
commit 3f4edb480b
2 changed files with 43 additions and 1 deletions
--- a/clusters/banker.json
+++ b/clusters/banker.json
@ -1195,7 +1195,29 @@
      },
      "uuid": "fa574138-a3bd-4ebc-a5f7-3b465df7106f",
      "value": "Dark Tequila"
+    },
+    {
+      "description": "Distributed by Malteiro",
+      "meta": {
+        "refs": [
+          "https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/"
+        ],
+        "synonyms": [
+          "URSA"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "ba57c28a-47d0-46ba-a933-9aed69f7b84f",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "delivered-by"
+        }
+      ],
+      "uuid": "d27eea57-e55f-40b1-9690-55c2c8500876",
+      "value": "Malteiro"
    }
  ],
-  "version": 17
+  "version": 18
 }
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -9964,6 +9964,26 @@
      ],
      "uuid": "e5865ca1-ec95-43e2-954a-d0f3507a9747",
      "value": "TAG-53"
+    },
+    {
+      "description": "This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan.",
+      "meta": {
+        "refs": [
+          "https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/",
+          "https://blog.scilabs.mx/cyber-threat-profile-malteiro/"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "d27eea57-e55f-40b1-9690-55c2c8500876",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "delivers"
+        }
+      ],
+      "uuid": "ba57c28a-47d0-46ba-a933-9aed69f7b84f",
+      "value": "Malteiro"
    }
  ],
  "version": 256