From 3f50cf0175e488286ec917464194baf63a852fe6 Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Wed, 17 Aug 2022 11:19:30 -0700 Subject: [PATCH] Create a tool for Esile --- clusters/threat-actor.json | 1 - clusters/tool.json | 23 +++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 7c75955..8057870 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -890,7 +890,6 @@ "synonyms": [ "Spring Dragon", "ST Group", - "Esile", "DRAGONFISH", "BRONZE ELGIN", "ATK1", diff --git a/clusters/tool.json b/clusters/tool.json index 6360346..1a4bfc1 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -8484,6 +8484,29 @@ }, "uuid": "f43a3828-a3b6-11ec-80e1-55a8e5815c2c", "value": "BadPotato" + }, + { + "description": "The Esile campaign was named after certain strings found in the unpacked malware file that it sends out. All of the malware related to this campaign are detected as BKDR_ESILE variants.", + "meta": { + "refs": [ + "https://www.trendmicro.com/vinfo/de/security/news/cyber-attacks/esile-targeted-attack-campaign-hits-apac-governments", + "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/esile" + ], + "synonyms": [ + "BKDR_ESILE" + ] + }, + "related": [ + { + "dest-uuid": "32fafa69-fe3c-49db-afd4-aac2664bcf0d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "used-by" + } + ], + "uuid": "7d34ca56-ce69-465f-b8c8-ffd02c4b619d", + "value": "Esile" } ], "version": 150