From 61cb24a3fc2641d1e3035e58908243b8d0c0e45f Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Wed, 1 Mar 2023 16:37:42 -0800
Subject: [PATCH] [threat-actors] Add Nemesis Kitten

---
 clusters/threat-actor.json | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b0cf0aa..256840e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -10511,6 +10511,29 @@
       ],
       "uuid": "035fbd5c-e4a1-4c7b-80fb-f5a89a361aed",
       "value": "Karakurt"
+    },
+    {
+      "description": "Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including widespread vulnerability scanning, on behalf of the government of Iran.",
+      "meta": {
+        "country": "IR",
+        "references": [
+          "https://www.microsoft.com/en-us/security/blog/2022/09/07/profiling-dev-0270-phosphorus-ransomware-operations/"
+        ],
+        "synonyms": [
+          "Nemesis Kitten"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "b8967b3c-3bc9-11e8-8701-8b1ead8c099e",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "part-of"
+        }
+      ],
+      "uuid": "7b90319a-9f7b-466d-9f90-7fcc270ed505",
+      "value": "DEV-0270"
     }
   ],
   "version": 260