From a224c7ce5e281b2dbbb98748a6ed975733ec1c88 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 28 Feb 2017 09:17:33 +0100 Subject: [PATCH] add: Gamaredon Group added --- clusters/threat-actor.json | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 3dd6952..bdcd282 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -1375,6 +1375,15 @@ "https://www.symantec.com/connect/blogs/greenbug-cyberespionage-group-targeting-middle-east-possible-links-shamoon" ] } + }, + { + "value": "Gamaredon Group", + "description": "Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities.", + "meta": { + "refs": [ + "http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution" + ] + } } ], "name": "Threat actor", @@ -1389,5 +1398,5 @@ ], "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", - "version": 15 + "version": 16 }