From 90d2bf7bc128e5fd3fb97258186c14a9e8cee0fe Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 11 Jan 2019 10:17:07 +0100 Subject: [PATCH] add drakhydrus ref --- clusters/threat-actor.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 7e5b280..9e443cf 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -5547,7 +5547,8 @@ "description": "In July 2018, Unit 42 analyzed a targeted attack using a novel file type against at least one government agency in the Middle East. It was carried out by a previously unpublished threat group we track as DarkHydrus. Based on our telemetry, we were able to uncover additional artifacts leading us to believe this adversary group has been in operation with their current playbook since early 2016. This attack diverged from previous attacks we observed from this group as it involved spear-phishing emails sent to targeted organizations with password protected RAR archive attachments that contained malicious Excel Web Query files (.iqy).", "meta": { "refs": [ - "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/" + "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/", + "https://mobile.twitter.com/360TIC/status/1083289987339042817" ] }, "uuid": "ce2c2dfd-2445-4fbc-a747-9e7092e383f9",