From ac7d60fe03298b1a4d1363b72d23c5be76ca030c Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Fri, 1 Nov 2024 10:43:27 -0700 Subject: [PATCH] [threat-actors] Add AridViper aliases --- clusters/threat-actor.json | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 04127c1a..9fd47e41 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -6108,6 +6108,7 @@ "value": "APT6" }, { + "description": "AridViper is a state-sponsored APT primarily targeting military personnel, journalists, and dissidents in the Middle East, with a focus on Israel and Palestine. The group employs custom-developed mobile malware, including variants like AridSpy, GnatSpy, and Micropsia, often delivered through spear-phishing emails and deceptive applications. Their operations involve sophisticated social engineering tactics, including the use of fake social media profiles and weaponized apps masquerading as legitimate services. AridViper's activities are characterized by a blend of technical sophistication and psychological manipulation, aiming to exfiltrate sensitive data from compromised systems.", "meta": { "cfr-suspected-state-sponsor": "Palestine", "cfr-suspected-victims": [ @@ -6145,15 +6146,13 @@ "https://www.threatconnect.com/blog/kasperagent-malware-campaign/", "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/sexually-explicit-material-used-as-lures-in-cyber-attacks?linkId=12425812", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064309/The-Desert-Falcons-targeted-attacks.pdf", - "https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf" + "https://www.sentinelone.com/labs/gaza-cybergang-unified-front-targeting-hamas-opposition/" ], "synonyms": [ "Desert Falcon", - "Renegade Jackal", - "DESERTVARNISH", - "UNC718", "Arid Viper", - "APT-C-23" + "APT-C-23", + "Bearded Barbie" ] }, "uuid": "0cfff0f4-868c-40a1-b9b4-0d153c0b33b6",