chg [threat-actors] Add TA866

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2024-11-22 14:57:18 +00:00 · 2023-03-08 21:44:16 -06:00 · 2023-03-08 21:44:16 -06:00 · 2d30785af5
commit 2d30785af5
parent 57f3e46273
1 changed files with 49 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -10564,7 +10564,55 @@
      ],
      "uuid": "eb0b100c-8a4e-4859-b6f8-eebd66c3d20c",
      "value": "Prophet Spider"
+    },
+    {
+      "description": "According to Proofpoint, TA866 is a newly identified threat actor that distributes malware via email utilizing both commodity and custom tools. While most of the activity observed occurred since October 2022, Proofpoint researchers identified multiple activity clusters since 2019 that overlap with TA866 activity. Most of the activity recently observed by Proofpoint suggests recent campaigns are financially motivated, however assessment of historic related activities suggests a possible, additional espionage objective.",
+      "meta": {
+        "motive": "mainly financially motivated, additional espionage objective.",
+        "references": [
+          "https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "f3b7e302-152b-4c4e-85c2-82733b78d13f",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "49ca568f-b6e4-49ff-963e-796f8207d185",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "9eb2a417-2bb6-496c-816b-bccb3f3074f6",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "5c7fa5e1-352a-41c3-8e55-744e5fa88793",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "7b956ff0-9021-499c-82a4-24b958cb32d9",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        }
+      ],
+      "uuid": "a3c22f46-5135-4b39-a33f-92906ac12c31",
+      "value": "TA866"
    }
  ],
-  "version": 261
+  "version": 262
 }