From a08ddaf548da8dd60d0f6090754d953b1754e3b0 Mon Sep 17 00:00:00 2001 From: Rony Date: Sat, 2 Apr 2022 01:14:18 +0530 Subject: [PATCH] Add Avivore & HAZY TIGER/Bitter --- clusters/threat-actor.json | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 64241ba6..d980ee7e 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -9037,6 +9037,35 @@ "uuid": "d45dd940-b38d-4b2c-9f2f-3e4a0eac841c", "value": "MosesStaff" }, + { + "description": "The group’s existence came to light during Context’s investigation of a number of attacks against multinational enterprises that compromise smaller engineering services and consultancies working in their supply chains.", + "meta": { + "country": "CN", + "refs": [ + "https://www.computerweekly.com/news/252471769/New-threat-group-behind-Airbus-cyber-attacks-claim-researchers", + "https://www.contextis.com/en/news/context-identifies-new-avivore-threat-group", + "https://www.contextis.com/en/blog/avivore" + ] + }, + "uuid": "8045fc09-13d6-4f90-b239-ed5060b9297b", + "value": "Avivore" + }, + { + "description": "The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released in 2014 were based on the AndroRAT framework. Over time, they switched to a custom version that has been known as BitterRAT ever since.", + "meta": { + "country": "IN", + "refs": [ + "https://www.bitdefender.com/files/News/CaseStudies/study/352/Bitdefender-PR-Whitepaper-BitterAPT-creat4571-en-EN-GenericUse.pdf" + ], + "synonyms": [ + "Bitter", + "T-APT-17", + "APT-C-08" + ] + }, + "uuid": "1e9bd6fe-e009-41ce-8e92-ad78c73ee772", + "value": "HAZY TIGER" + }, { "description": "An actor group conducting large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements.", "meta": {