add notpetya and update jadeRAT

2024-11-26 16:57:18 +00:00 · 2018-09-19 15:06:43 +02:00 · 2018-09-19 15:06:43 +02:00 · 3f22dbd17d
commit 3f22dbd17d
parent 058f778e61
2 changed files with 44 additions and 4 deletions
--- a/clusters/rat.json
+++ b/clusters/rat.json
@ -20,10 +20,20 @@
      "value": "TeamViewer"
    },
    {
-      "description": "JadeRAT is just one example of numerous mobile surveillanceware families we've seen in recent months, indicating that actors are continuing to incorporate mobile tools in their attack chains.",
+      "description": "JadeRAT is just one example of numerous mobile surveillanceware families we've seen in recent months, indicating that actors are continuing to incorporate mobile tools in their attack chains. Threat actor, using a tool called JadeRAT, targets the mobile phones of ethnic minorities in China, notably Uighurs, for the purpose of espionage.   ",
      "meta": {
        "refs": [
-          "https://blog.lookout.com/mobile-threat-jaderat"
+          "https://blog.lookout.com/mobile-threat-jaderat",
+          "https://www.cfr.org/interactive/cyber-operations/jaderat"
+        ],
+        "cfr-suspected-victims": [
+          "Ethnic minorities in China"
+        ],
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-type-of-incident": "Espionage",
+        "cfr-target-category": [
+          "Government",
+          "Civil society"
        ]
      },
      "uuid": "1cc8963b-5ad4-4e19-8e9a-57b0ff1ef926",
@ -2914,5 +2924,5 @@
      "value": "Hallaj PRO RAT"
    }
  ],
-  "version": 14
+  "version": 15
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -5754,6 +5754,36 @@
        ]
      },
      "uuid": "df05f528-bb57-11e8-9fd4-8320e14151f2"
+    },
+    {
+      "value": "NotPetya",
+      "description": "Threat actors deploy a tool, called NotPetya, with the purpose of encrypting data on victims' machines and rendering it unusable. The malware was spread through tax software that companies and individuals require for filing taxes in Ukraine. Australia, Estonia, Denmark, Lithuania, Ukraine, the United Kingdom, and the United States issued statements attributing NotPetya to Russian state-sponsored actors. In June 2018, the United States sanctioned Russian organizations believed to have assisted the Russian state-sponsored actors with the operation.",
+      "meta": {
+        "refs": [
+          "https://www.cfr.org/interactive/cyber-operations/notpetya"
+        ],
+        "synonyms": [
+          "Not Petya"
+        ],
+        "cfr-suspected-victims": [
+          "Rosneft",
+          "Cie de Saint-Gobain",
+          "Mondelez",
+          "The government of Ukraine",
+          "WPP Plc.",
+          "SNCF",
+          "Port of Rosario",
+          "Maersk",
+          "Merck",
+          "Kyivenergo"
+        ],
+        "cfr-suspected-state-sponsor": "Russian Federation",
+        "cfr-type-of-incident": "Data destruction",
+        "cfr-target-category": [
+          "Government",
+          "Private sector"
+        ]
+      }
    }
  ],
  "version": 88