From d05b29c1af47824dc2ef14e5cb4838725fef190a Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Tue, 16 Aug 2022 17:15:30 -0700
Subject: [PATCH] [threat-actors] Remove duplicate APT33

---
 clusters/threat-actor.json | 62 +++++++++-----------------------------
 1 file changed, 14 insertions(+), 48 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index fd0711b3..28c65f75 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -1947,7 +1947,19 @@
       "description": "Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government.",
       "meta": {
         "attribution-confidence": "50",
+        "capabilities": "STONEDRILL wiper, variants of TURNEDUP malware",
+        "cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
+        "cfr-suspected-victims": [
+          "United States",
+          "Saudi Arabia",
+          "South Korea"
+        ],
+        "cfr-target-category": [
+          "Private sector"
+        ],
+        "cfr-type-of-incident": "Espionage",
         "country": "IR",
+        "mode-of-operation": "IT network limited, information gathering against industrial orgs",
         "refs": [
           "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html",
           "https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/",
@@ -1966,7 +1978,8 @@
           "COBALT TRINITY",
           "G0064",
           "ATK35"
-        ]
+        ],
+        "victimology": "Petrochemical, Aerospace, Saudi Arabia"
       },
       "related": [
         {
@@ -6125,53 +6138,6 @@
       "uuid": "a08ab076-33c1-4350-b021-650c34277f2d",
       "value": "DYMALLOY"
     },
-    {
-      "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
-      "meta": {
-        "attribution-confidence": "50",
-        "capabilities": "STONEDRILL wiper, variants of TURNEDUP malware",
-        "cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
-        "cfr-suspected-victims": [
-          "United States",
-          "Saudi Arabia",
-          "South Korea"
-        ],
-        "cfr-target-category": [
-          "Private sector"
-        ],
-        "cfr-type-of-incident": "Espionage",
-        "country": "IR",
-        "mode-of-operation": "IT network limited, information gathering against industrial orgs",
-        "refs": [
-          "https://dragos.com/adversaries.html",
-          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
-          "https://www.cfr.org/interactive/cyber-operations/apt-33"
-        ],
-        "since": "2016",
-        "synonyms": [
-          "APT33"
-        ],
-        "victimology": "Petrochemical, Aerospace, Saudi Arabia"
-      },
-      "related": [
-        {
-          "dest-uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        },
-        {
-          "dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        }
-      ],
-      "uuid": "accd848b-b8f4-46ba-a408-9063b35cfbf2",
-      "value": "MAGNALLIUM"
-    },
     {
       "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
       "meta": {