From 068dc40a782cee75791f4b6f3138e4c0d5745583 Mon Sep 17 00:00:00 2001 From: "Daniel Plohmann (jupiter)" Date: Mon, 5 Jun 2017 19:13:27 +0200 Subject: [PATCH] added WildNeutron (Morph, Butterfly, Sphinx Moth) --- clusters/threat-actor.json | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 24ba9df..f1362d6 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -1549,6 +1549,23 @@ "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/silverterrier-next-evolution-in-nigerian-cybercrime.pdf" ] } + }, + { + "value": "WildNeutron", + "description": "A corporate espionage group has compromised a string of major corporations over the past three years in order to steal confidential information and intellectual property. The gang, which Symantec calls Butterfly, is not-state sponsored, rather financially motivated. It has attacked multi-billion dollar companies operating in the internet, IT software, pharmaceutical, and commodities sectors. Twitter, Facebook, Apple, and Microsoft are among the companies who have publicly acknowledged attacks.", + "meta": { + "country": "", + "refs": [ + "https://www.symantec.com/connect/blogs/butterfly-profiting-high-level-corporate-attacks", + "https://securelist.com/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/", + "https://research.kudelskisecurity.com/2015/11/05/sphinx-moth-expanding-our-knowledge-of-the-wild-neutron-morpho-apt/" + ], + "synonyms": [ + "Butterfly", + "Morpho", + "Sphinx Moth" + ] + } } ], "name": "Threat actor", @@ -1563,5 +1580,5 @@ ], "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", - "version": 21 + "version": 22 }