From 5da5df6384fcc69bfee5adf1db8ef1c4a17d8954 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 15 May 2017 09:18:28 +0200 Subject: [PATCH] APT32 added --- clusters/threat-actor.json | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 5d281ee..5a8cf09 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -1521,6 +1521,21 @@ }, "value": "Callisto", "description": "The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions." + }, + { + "meta": { + "synonyms": [ + "OceanLotus Group", + "Ocean Lotus", + "APT-32", + "APT 32" + ], + "refs": [ + "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html" + ] + }, + "value": "APT32", + "description": "Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. FireEye assesses that APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests." } ], "name": "Threat actor", @@ -1535,5 +1550,5 @@ ], "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", - "version": 19 + "version": 20 }