From fa57354471a5d09a35da5bec56341404a756fed0 Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Wed, 1 Mar 2023 15:40:23 -0800 Subject: [PATCH] [threat-actors] Add Chamelgang --- clusters/threat-actor.json | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 8d236d22..98be953d 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -10405,6 +10405,44 @@ ], "uuid": "c1d44f44-425e-48fd-b78b-84b988da8bc3", "value": "TA453" + }, + { + "description": "In Q2 2021, the PT Expert Security Center incident response team conducted an investigation in an energy company. The investigation revealed that the company's network had been compromised by an unknown group for the purpose of data theft. They gave the group the name ChamelGang (from the word \"chameleon\"), because the group disguised its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google.", + "meta": { + "cfr-suspected-victims": [ + "India", + "Japan", + "Nepal", + "Russia", + "Taiwan", + "US" + ], + "cfr-target-category": [ + "Aviation", + "Energy" + ], + "references": [ + "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/" + ] + }, + "related": [ + { + "dest-uuid": "b91e1d34-cabd-404f-84d2-51a4f9840ffb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "uses" + }, + { + "dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "uses" + } + ], + "uuid": "eafdd27f-a3e2-4bb1-ae03-bf9ca5ff0355", + "value": "Chamelgang" } ], "version": 260