From bfd1812cef5a852f5d5257aebb3ffba89cd0bd80 Mon Sep 17 00:00:00 2001 From: Thomas Dupuy Date: Tue, 27 Sep 2022 00:11:20 +0000 Subject: [PATCH 1/2] Add Void Balaur. --- clusters/threat-actor.json | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 7cd030f..161960f 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -9797,7 +9797,35 @@ ], "uuid": "ecf4d7cb-9bf7-4d9d-8450-c99e885b9aac", "value": "BITWISE SPIDER" + }, + { + "description": "Void Balaur is a highly active hack-for-hire / cyber mercenary group with a wide range of known target types across the globe. Their services have been observed for sale to the public online since at least 2016. Services include the collection of private data and access to specific online email and social media services, such as Gmail, Outlook, Telegram, Yandex, Facebook, Instagram, and business emails.", + "meta": { + "refs": [ + "https://www.sentinelone.com/labs/the-sprawling-infrastructure-of-a-careless-mercenary/", + "https://blog.google/threat-analysis-group/countering-hack-for-hire-groups/", + "https://documents.trendmicro.com/assets/white_papers/wp-void-balaur-tracking-a-cybermercenarys-activities.pdf", + "https://www.amnesty.org/en/latest/research/2020/03/targeted-surveillance-attacks-in-uzbekistan-an-old-threat-with-new-techniques/", + "https://equalit.ie/deflect-labs-report-6/" + ], + "cfr-suspected-victims": [ + "Brazil", + "Central African Republic", + "Georgia", + "Kazakhstan", + "Moldova", + "Russia", + "Spain", + "Sudan", + "Taiwan", + "Ukraine", + "United Kingdom", + "United States" + ] + }, + "uuid": "ca310f0a-1131-4c67-b0a7-f1cd4ce0f87f", + "value": "Void Balaur" } ], - "version": 247 + "version": 248 } From c3b65a2d15451a57a68871d51549801fe2a99b08 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 27 Sep 2022 08:18:13 +0200 Subject: [PATCH 2/2] chg: [threat-actor] JSON fix --- clusters/threat-actor.json | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 161960f..a689f2a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -9801,26 +9801,26 @@ { "description": "Void Balaur is a highly active hack-for-hire / cyber mercenary group with a wide range of known target types across the globe. Their services have been observed for sale to the public online since at least 2016. Services include the collection of private data and access to specific online email and social media services, such as Gmail, Outlook, Telegram, Yandex, Facebook, Instagram, and business emails.", "meta": { + "cfr-suspected-victims": [ + "Brazil", + "Central African Republic", + "Georgia", + "Kazakhstan", + "Moldova", + "Russia", + "Spain", + "Sudan", + "Taiwan", + "Ukraine", + "United Kingdom", + "United States" + ], "refs": [ "https://www.sentinelone.com/labs/the-sprawling-infrastructure-of-a-careless-mercenary/", "https://blog.google/threat-analysis-group/countering-hack-for-hire-groups/", "https://documents.trendmicro.com/assets/white_papers/wp-void-balaur-tracking-a-cybermercenarys-activities.pdf", "https://www.amnesty.org/en/latest/research/2020/03/targeted-surveillance-attacks-in-uzbekistan-an-old-threat-with-new-techniques/", "https://equalit.ie/deflect-labs-report-6/" - ], - "cfr-suspected-victims": [ - "Brazil", - "Central African Republic", - "Georgia", - "Kazakhstan", - "Moldova", - "Russia", - "Spain", - "Sudan", - "Taiwan", - "Ukraine", - "United Kingdom", - "United States" ] }, "uuid": "ca310f0a-1131-4c67-b0a7-f1cd4ce0f87f",