Merge pull request #346 from danielplohmann/patch-3

Two more actor names from GTR2019
2019-02-20 08:55:53 +01:00 · 2019-02-20 08:55:53 +01:00 · a4820561e1
parent 864bc25e9f 0cd79994cc
commit a4820561e1
1 changed files with 20 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -6351,6 +6351,26 @@
      },
      "uuid": "89a05f9f-a6dc-4426-8c15-a8d5ef6d8524",
      "value": "Tiny Spider"
+    },
+    {
+      "description": "According to CrowdStrike, this actor is using BokBok/IcedID, potentially buying distribution through Emotet infections.",
+      "meta": {
+        "refs": [
+          "https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/"
+        ]
+      },
+      "uuid": "0db4c708-f33d-4d46-906d-12fdf7415f62",
+      "value": "Lunar Spider"
+    },
+    {
+      "description": "In July 2018, the source code of Pegasus, RATPAK SPIDER’s malware framework, was anonymously leaked. This malware has been linked to the targeting of Russia’s financial sector. Associated malware, Buhtrap, which has been leaked previously, was observed this year in connection with SWC campaigns that also targeted Russian users.",
+      "meta": {
+        "refs": [
+          "https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/"
+        ]
+      },
+      "uuid": "ec3fda76-8c1c-4019-8109-3f92e6b15633",
+      "value": "Ratpak Spider"
    }
  ],
  "version": 91