[threat-actors] Separate ITSecTeam from Cleaver

2025-02-17 01:06:22 +00:00 · 2022-06-30 14:30:31 +02:00 · 2022-06-30 14:30:31 +02:00 · d63c990dad
commit d63c990dad
parent b8d4ffdbde
1 changed files with 44 additions and 18 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -2098,25 +2098,13 @@
          "India",
          "Kuwait",
          "Qatar",
-          "Turkey",
-          "Bank of America",
-          "US Bancorp",
-          "Fifth Third Bank",
-          "Citigroup",
-          "PNC",
-          "BB&T",
-          "Wells Fargo",
-          "Capital One",
-          "HSBC"
+          "Turkey"
        ],
        "cfr-target-category": [
          "Private sector",
          "Government"
        ],
-        "cfr-type-of-incident": [
-          "Espionage",
-          "Denial of service"
-        ],
+        "cfr-type-of-incident": "Espionage",
        "country": "IR",
        "refs": [
          "https://www.cfr.org/interactive/cyber-operations/magic-hound",
@ -2132,7 +2120,6 @@
          "https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf",
          "https://attack.mitre.org/groups/G0059/",
          "https://attack.mitre.org/groups/G0003/",
-          "https://www.cfr.org/interactive/cyber-operations/itsecteam",
          "https://xorl.wordpress.com/2021/05/06/iran-cyber-operations-groups/"
        ],
        "synonyms": [
@ -2152,8 +2139,7 @@
          "TEMP.Beanie",
          "Ghambar",
          "G0059",
-          "G0003",
-          "ITSecTeam"
+          "G0003"
        ]
      },
      "related": [
@ -9476,7 +9462,47 @@
      },
      "uuid": "091a0b69-74de-44b6-bb12-16b7a8fd078b",
      "value": "ToddyCat"
+    },
+    {
+      "description": "One of the threat actors responsible for the denial of service attacks against U.S in 2012–2013. Three individuals associated with the group—believed to be have been working on behalf of Iran’s Islamic Revolutionary Guard Corps—were indicted by the Justice Department in 2016.",
+      "meta": {
+        "attribution-confidence": "50",
+        "cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
+        "cfr-suspected-victims": [
+          "United States",
+          "Bank of America",
+          "US Bancorp",
+          "Fifth Third Bank",
+          "Citigroup",
+          "PNC",
+          "BB&T",
+          "Wells Fargo",
+          "Capital One",
+          "HSBC",
+          "AT&T",
+          "NYSE"
+        ],
+        "cfr-type-of-incident": [
+          "Denial of service"
+        ],
+        "country": "IR",
+        "refs": [
+          "https://www.cfr.org/interactive/cyber-operations/itsecteam",
+          "https://www.justice.gov/usao-sdny/file/835061/download"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "linked-to"
+        }
+      ],
+      "uuid": "7a3f505b-10e9-4177-a96f-d476b55fd3dd",
+      "value": "ITSecTeam"
    }
  ],
-  "version": 229
+  "version": 230
 }