From 1ab4e4f4cf2ae430573eea39511868a4e1f2878d Mon Sep 17 00:00:00 2001 From: Dennis Rand Date: Tue, 15 May 2018 12:06:48 +0000 Subject: [PATCH] Added data related to Dragos Adverseries --- clusters/threat-actor.json | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 13b3926..257473f 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -1891,7 +1891,8 @@ "meta": { "refs": [ "https://dragos.com/blog/crashoverride/CrashOverride-01.pdf", - "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf" + "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf", + "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf" ], "synonyms": [ "Sandworm" @@ -2551,7 +2552,8 @@ "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).", "meta": { "refs": [ - "https://dragos.com/adversaries.html" + "https://dragos.com/adversaries.html", + "https://dragos.com/blog/20180510Allanite.html" ], "mode-of-operation": "Watering-hole and phishing leading to ICS recon and screenshot collection", "since": "2017", @@ -2568,7 +2570,8 @@ "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).", "meta": { "refs": [ - "https://dragos.com/adversaries.html" + "https://dragos.com/adversaries.html", + "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf" ], "mode-of-operation": "IT compromise, information gathering and recon against industrial orgs", "since": "2017", @@ -2586,7 +2589,8 @@ "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).", "meta": { "refs": [ - "https://dragos.com/adversaries.html" + "https://dragos.com/adversaries.html", + "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf" ], "mode-of-operation": "IT compromise with hardened anti-analysis malware against industrial orgs", "since": "2017", @@ -2604,7 +2608,8 @@ "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).", "meta": { "refs": [ - "https://dragos.com/adversaries.html" + "https://dragos.com/adversaries.html", + "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf" ], "mode-of-operation": "Deep ICS environment information gathering, operator credentials, industrial process details", "since": "2016", @@ -2622,7 +2627,8 @@ "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).", "meta": { "refs": [ - "https://dragos.com/adversaries.html" + "https://dragos.com/adversaries.html", + "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf" ], "mode-of-operation": "Electric grid disruption and long-term persistence", "since": "2016", @@ -2639,7 +2645,8 @@ "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).", "meta": { "refs": [ - "https://dragos.com/adversaries.html" + "https://dragos.com/adversaries.html", + "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf" ], "mode-of-operation": "IT network limited, information gathering against industrial orgs", "since": "2016", @@ -2689,5 +2696,5 @@ ], "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", - "version": 39 + "version": 40 }