Update threat-actor.json

adding UNC3524 to the actor galaxy cluster.
This commit is contained in:
Daniel Plohmann 2022-05-04 13:21:56 +02:00 committed by GitHub
parent 87c1e34ce8
commit 06c293072c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -9183,7 +9183,18 @@
}, },
"uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f", "uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",
"value": "SaintBear" "value": "SaintBear"
},
{
"description": "Mandiant observed this group operating since December 2019. Its techniques partially overlap with multiple Russian-based espionage actors (APT28 and APT29). They are described as having a high level of operational security, low malware footprint, adept evasive skills, and a large Internet of Things (IoT) device botnet at their disposal.",
"meta": {
"cfr-type-of-incident": "Espionage",
"refs": [
"https://www.mandiant.com/resources/unc3524-eye-spy-email"
]
},
"uuid": "bee8b09c-07e5-4c12-94d6-266ebcb1ec24",
"value": "UNC3524"
} }
], ],
"version": 219 "version": 220
} }