El Machete added

2025-01-18 18:46:17 +00:00 · 2017-06-26 11:44:46 +02:00 · 2017-06-26 11:44:46 +02:00 · c0786dfb22
commit c0786dfb22
parent 57fee72504
1 changed files with 11 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -1591,6 +1591,16 @@
      },
      "description": "FIN8 is a financially motivated group targeting the retail, hospitality and entertainment industries. The actor had previously conducted several tailored spearphishing campaigns using the downloader PUNCHBUGGY and POS malware PUNCHTRACK.",
      "value": "FIN8"
+    },
+    {
+      "value": "El Machete",
+      "description": "El Machete is one of these threats that was first publicly disclosed and named by Kaspersky here. We’ve found that this group has continued to operate successfully, predominantly in Latin America, since 2014. All attackers simply moved to new C2 infrastructure, based largely around dynamic DNS domains, in addition to making minimal changes to the malware in order to evade signature-based detection.",
+      "meta": {
+        "refs": [
+          "https://securelist.com/blog/research/66108/el-machete/",
+          "https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.html"
+        ]
+      }
    }
  ],
  "name": "Threat actor",
@ -1605,5 +1615,5 @@
  ],
  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
  "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 24
+  "version": 25
 }