[threat-actors] Remove duplicate APT33

2024-11-22 14:57:18 +00:00 · 2022-08-16 17:15:30 -07:00 · 2022-08-16 17:15:30 -07:00 · d05b29c1af
commit d05b29c1af
parent 65c9490b77
1 changed files with 14 additions and 48 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -1947,7 +1947,19 @@
      "description": "Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government.",
      "meta": {
        "attribution-confidence": "50",
+        "capabilities": "STONEDRILL wiper, variants of TURNEDUP malware",
+        "cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
+        "cfr-suspected-victims": [
+          "United States",
+          "Saudi Arabia",
+          "South Korea"
+        ],
+        "cfr-target-category": [
+          "Private sector"
+        ],
+        "cfr-type-of-incident": "Espionage",
        "country": "IR",
+        "mode-of-operation": "IT network limited, information gathering against industrial orgs",
        "refs": [
          "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html",
          "https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/",
@ -1966,7 +1978,8 @@
          "COBALT TRINITY",
          "G0064",
          "ATK35"
-        ]
+        ],
+        "victimology": "Petrochemical, Aerospace, Saudi Arabia"
      },
      "related": [
        {
@ -6125,53 +6138,6 @@
      "uuid": "a08ab076-33c1-4350-b021-650c34277f2d",
      "value": "DYMALLOY"
    },
-    {
-      "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
-      "meta": {
-        "attribution-confidence": "50",
-        "capabilities": "STONEDRILL wiper, variants of TURNEDUP malware",
-        "cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
-        "cfr-suspected-victims": [
-          "United States",
-          "Saudi Arabia",
-          "South Korea"
-        ],
-        "cfr-target-category": [
-          "Private sector"
-        ],
-        "cfr-type-of-incident": "Espionage",
-        "country": "IR",
-        "mode-of-operation": "IT network limited, information gathering against industrial orgs",
-        "refs": [
-          "https://dragos.com/adversaries.html",
-          "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
-          "https://www.cfr.org/interactive/cyber-operations/apt-33"
-        ],
-        "since": "2016",
-        "synonyms": [
-          "APT33"
-        ],
-        "victimology": "Petrochemical, Aerospace, Saudi Arabia"
-      },
-      "related": [
-        {
-          "dest-uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        },
-        {
-          "dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        }
-      ],
-      "uuid": "accd848b-b8f4-46ba-a408-9063b35cfbf2",
-      "value": "MAGNALLIUM"
-    },
    {
      "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
      "meta": {