From da11e5ca0969bf54c3b10cc47145335a72bcd583 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Tue, 12 Nov 2024 06:58:59 -0800 Subject: [PATCH] [threat-actors] Add APT73 --- clusters/threat-actor.json | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index c2336066..0298ce3a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -17359,6 +17359,27 @@ }, "uuid": "09aa3edb-e956-43f0-9fcb-a3154b47d202", "value": "WageMole" + }, + { + "description": "APT73 is a ransomware group that has publicly identified 12 victims and launched its data leak site on April 25th. The DLS bears a striking resemblance to that of LockBit, likely to leverage LockBit's reputation and attract potential affiliates. The rationale for this design mimicry is unclear, but it may be intended to signal operational parity with LockBit to inspire trust among low-level criminals. APT73 was formed by an alleged former LockBit affiliate following law enforcement's \"Operation Cronos\" in February 2024.", + "meta": { + "refs": [ + "https://quointelligence.eu/2024/06/analyzing-shift-in-ransomware-dynamics/", + "https://www.redpacketsecurity.com/apt73-ransomware-victim-www-baldinger-ag-ch/", + "https://www.redpacketsecurity.com/apt73-ransomware-victim-www-scopeset-de/", + "https://www.redpacketsecurity.com/apt73-ransomware-victim-hpecds-com/", + "https://www.redpacketsecurity.com/apt73-ransomware-victim-www-trinitesolutions-com/", + "https://www.redpacketsecurity.com/apt73-ransomware-victim-modplan-co-uk/", + "https://www.redpacketsecurity.com/apt73-ransomware-victim-mgfsourcing-com/", + "https://www.redpacketsecurity.com/apt73-ransomware-victim-www-legilog-fr/", + "https://www.redpacketsecurity.com/apt73-ransomware-victim-sokkakreatif-com/" + ], + "synonyms": [ + "Eraleig" + ] + }, + "uuid": "84bf7b38-e120-44c9-bfdd-82740593a6c6", + "value": "APT73" } ], "version": 320