From 1d05f17507568f428fdf3d2d6bdffd16faa411e1 Mon Sep 17 00:00:00 2001 From: StefanKelm Date: Tue, 6 Oct 2020 12:45:43 +0200 Subject: [PATCH] Update threat-actor.json XDSpy --- clusters/threat-actor.json | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 95394ed..b058994 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -8390,7 +8390,19 @@ }, "uuid": "bfb0bc20-5bdf-47ff-b07f-dbd9a3cb9772", "value": "Fox Kitten" + }, + { + "description": "Rare is the APT group that goes largely undetected for nine years, but XDSpy is just that; a previously undocumented espionage group that has been active since 2011. It has attracted very little public attention, with the exception of an advisory from the Belarusian CERT in February 2020. In the interim, the group has compromised many government agencies and private companies in Eastern Europe and the Balkans.", + "meta": { + "refs": [ + "https://www.welivesecurity.com/2020/10/02/xdspy-stealing-government-secrets-since-2011/", + "https://vblocalhost.com/uploads/VB2020-Faou-Labelle.pdf", + "https://github.com/eset/malware-ioc/tree/master/xdspy/" + ] + }, + "uuid": "b205584e-db93-433a-b97a-7f2e19d8c188", + "value": "XDSpy" } ], - "version": 182 + "version": 183 }