From a817324cd4bd124a121fb08dcb998b45b10ddeaf Mon Sep 17 00:00:00 2001 From: Daniel Plohmann Date: Wed, 2 Mar 2022 15:50:39 +0100 Subject: [PATCH 1/2] adding threat actor "Moses Staff" --- clusters/threat-actor.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index dc2a67b..ed4952f 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -8951,7 +8951,24 @@ }, "uuid": "a57e5bf5-d7f4-43a1-9c15-8a44cdb95079", "value": "TA2541" - } + }, + { + "description": "Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation appears to be to harm Israeli companies by leaking sensitive, stolen data.", + "meta": { + "country": "IR", + "refs": [ + "https://twitter.com/campuscodi/status/1450455259202166799", + "https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/", + "https://www.cybereason.com/blog/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations", + "https://www.fortinet.com/blog/threat-research/guard-your-drive-from-driveguard" + ], + "synonyms": [ + "Moses Staff" + ] + }, + "uuid": "d45dd940-b38d-4b2c-9f2f-3e4a0eac841c", + "value": "MosesStaff" + }, ], - "version": 212 + "version": 213 } From 896a4514617d9fc8416bdb60999455c7bf7ac94a Mon Sep 17 00:00:00 2001 From: Daniel Plohmann Date: Wed, 2 Mar 2022 21:22:28 +0100 Subject: [PATCH 2/2] fixed with linted JSON. --- clusters/threat-actor.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index ed4952f..3d3b2f8 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -8968,7 +8968,7 @@ }, "uuid": "d45dd940-b38d-4b2c-9f2f-3e4a0eac841c", "value": "MosesStaff" - }, + } ], "version": 213 }