[threat-actors] Add PROPHET SPIDER

2023-03-02 10:19:24 -08:00 · 2023-03-02 10:19:24 -08:00 · 4bbee8c1e7
parent 61cb24a3fc
commit 4bbee8c1e7
1 changed files with 28 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -10534,6 +10534,34 @@
      ],
      "uuid": "7b90319a-9f7b-466d-9f90-7fcc270ed505",
      "value": "DEV-0270"
+    },
+    {
+      "description": "PROPHET SPIDER is an eCrime actor, active since at least May 2017, that primarily gains access to victims by compromising vulnerable web servers, which commonly involves leveraging a variety of publicly disclosed vulnerabilities. The adversary has likely functioned as an access broker — handing off access to a third party to deploy ransomware — in multiple instances.",
+      "meta": {
+        "country": "",
+        "references": [
+          "https://www.crowdstrike.com/blog/prophet-spider-exploits-oracle-weblogic-to-facilitate-ransomware-activity/",
+          "https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "cd84bc53-8684-4921-89c7-2cf49512bf61",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "b5814e05-532a-4262-a8da-82fd0d7605ee",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        }
+      ],
+      "uuid": "eb0b100c-8a4e-4859-b6f8-eebd66c3d20c",
+      "value": "Prophet Spider"
    }
  ],
  "version": 260