From 3f4edb480baf9fb54952fe4a61df391ac819e732 Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Fri, 16 Dec 2022 16:43:50 +0100 Subject: [PATCH] add Malteiro --- clusters/banker.json | 24 +++++++++++++++++++++++- clusters/threat-actor.json | 20 ++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/clusters/banker.json b/clusters/banker.json index 38a2f19..c099f15 100644 --- a/clusters/banker.json +++ b/clusters/banker.json @@ -1195,7 +1195,29 @@ }, "uuid": "fa574138-a3bd-4ebc-a5f7-3b465df7106f", "value": "Dark Tequila" + }, + { + "description": "Distributed by Malteiro", + "meta": { + "refs": [ + "https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/" + ], + "synonyms": [ + "URSA" + ] + }, + "related": [ + { + "dest-uuid": "ba57c28a-47d0-46ba-a933-9aed69f7b84f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "delivered-by" + } + ], + "uuid": "d27eea57-e55f-40b1-9690-55c2c8500876", + "value": "Malteiro" } ], - "version": 17 + "version": 18 } diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 3aa75c7..2c01817 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -9964,6 +9964,26 @@ ], "uuid": "e5865ca1-ec95-43e2-954a-d0f3507a9747", "value": "TAG-53" + }, + { + "description": "This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan.", + "meta": { + "refs": [ + "https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/", + "https://blog.scilabs.mx/cyber-threat-profile-malteiro/" + ] + }, + "related": [ + { + "dest-uuid": "d27eea57-e55f-40b1-9690-55c2c8500876", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "delivers" + } + ], + "uuid": "ba57c28a-47d0-46ba-a933-9aed69f7b84f", + "value": "Malteiro" } ], "version": 256