[threat-actors] Keep meta from old Xenotime

2022-09-13 11:40:17 -07:00 · 2022-09-13 11:40:17 -07:00 · e1f5d3b5d8
parent 273c7c9b97
commit e1f5d3b5d8
1 changed files with 5 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -7109,6 +7109,8 @@
    {
      "description": "TEMP.Veles is a Russia-based threat group that has targeted critical infrastructure. The group has been observed utilizing TRITON, a malware framework designed to manipulate industrial safety systems.",
      "meta": {
+        "capabilities": "TRISIS, custom credential harvesting",
+        "mode-of-operation": "Focused on physical destruction and long-term persistence",
        "refs": [
          "https://dragos.com/resource/trisis-analyzing-safety-system-targeting-malware/",
          "https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html",
@ -7116,11 +7118,13 @@
          "https://cyberthreat.thalesgroup.com/attackers/ATK91",
          "https://www.dragos.com/threat/xenotime/"
        ],
+        "since": "2014",
        "synonyms": [
          "Xenotime",
          "G0088",
          "ATK91"
-        ]
+        ],
+        "victimology": "Oil and Gas, Middle East"
      },
      "uuid": "90abfc42-91c6-11e9-89b1-af58de8f7ec2",
      "value": "TEMP.Veles"