From a20f7fbe918311f2e14e66fd15d75cea053d717c Mon Sep 17 00:00:00 2001 From: Daniel Plohmann Date: Wed, 15 May 2019 22:43:33 +0200 Subject: [PATCH] adding APT31/ZIRCONIUM --- clusters/threat-actor.json | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 99b0e6f2..a903daec 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -6709,7 +6709,24 @@ }, "uuid": "5059b44d-2753-4977-b987-4922f09afe6b", "value": "Silent Librarian" + }, + { + "description": "FireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competetive in its field. Based on available data (April 2016), FireEye assesses that APT31 conducts network operations at the behest of the Chinese Government.", + "meta": { + "country": "CN", + "refs": [ + "https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/", + "https://duo.com/decipher/apt-groups-moving-down-the-supply-chain", + "https://github.com/GuardaCyber/APT-Groups-and-Operations/blob/master/Reports/FireEye%20Intel%20-%20APT31%20Threat%20Group%20Profile.pdf" + ], + "synonyms": [ + "APT 31", + "ZIRCONIUM" + ] + }, + "uuid": "6bf7e6b6-5917-45a6-9567-f0baba79768c", + "value": "APT31" } ], - "version": 109 + "version": 110 }