diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 804d33e..0e95119 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2982,6 +2982,11 @@ "https://www.kaspersky.com/blog/financial-trojans-2019/25690/", "https://www.welivesecurity.com/2015/04/09/operation-buhtrap/", "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf" + ], + "targeted-sector": [ + "Bank", + "Payment", + "Finance" ] }, "uuid": "b737c51f-b579-49d5-a907-743b2e6d03cb", @@ -3002,6 +3007,11 @@ "synonyms": [ "FIN4", "G0085" + ], + "targeted-sector": [ + "Health", + "Finance", + "Pharmacy" ] }, "uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57", @@ -3020,7 +3030,10 @@ "description": "This group's activity was first observed in November 2013. It leverages a banking Trojan more commonly known as Shylock which aims to compromise online banking credentials and credentials related to Bitcoin wallets.", "meta": { "attribution-confidence": "50", - "country": "RU" + "country": "RU", + "targeted-sector": [ + "Bank" + ] }, "uuid": "7dd7a8df-9012-4d14-977f-b3f9f71266b4", "value": "SHARK SPIDER" @@ -3032,6 +3045,10 @@ "country": "RU", "refs": [ "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf" + ], + "targeted-sector": [ + "Manufacturing", + "Industrial" ] }, "uuid": "db774b7d-a0ee-4375-b24e-fd278f5ab2fd", @@ -3264,6 +3281,10 @@ "APT-C-35", "SectorE02", "Orange Kala" + ], + "targeted-sector": [ + "Government, Administration", + "Security Service" ] }, "related": [ @@ -3364,6 +3385,14 @@ "synonyms": [ "SyrianElectronicArmy", "SEA" + ], + "targeted-sector": [ + "Country", + "Defense", + "Opposition", + "Political party", + "News - Media", + "Government, Administration" ] }, "uuid": "4265d44e-8372-4ed0-b428-b331a5443d7d", @@ -3403,6 +3432,11 @@ "TMP.Lapis", "Green Havildar", "COPPER FIELDSTONE" + ], + "targeted-sector": [ + "Activists", + "Civil society", + "Military" ] }, "related": [ @@ -3447,6 +3481,12 @@ "synonyms": [ "FruityArmor", "G0038" + ], + "targeted-sector": [ + "Activists", + "Dissidents", + "Journalist", + "Civil society" ] }, "related": [ @@ -3516,6 +3556,10 @@ "G0040", "Orange Athos", "Thirsty Gemini" + ], + "targeted-sector": [ + "Finance", + "Diplomacy" ] }, "related": [ @@ -3558,6 +3602,9 @@ "synonyms": [ "G0029", "Golfing Taurus" + ], + "targeted-sector": [ + "Activists" ] }, "related": [ @@ -3683,6 +3730,9 @@ "Sauron", "Project Sauron", "G0041" + ], + "targeted-sector": [ + "Intelligence" ] }, "related": [ @@ -3727,6 +3777,9 @@ ], "synonyms": [ "G0036" + ], + "targeted-sector": [ + "Bank" ] }, "related": [ @@ -3825,7 +3878,10 @@ "description": "Libyan Scorpions is a malware operation in use since September 2015 and operated by a politically motivated group whose main objective is intelligence gathering, spying on influentials and political figures and operate an espionage campaign within Libya.", "meta": { "attribution-confidence": "50", - "country": "LY" + "country": "LY", + "targeted-sector": [ + "Intelligence" + ] }, "uuid": "815cbe98-e157-4078-9caa-c5a25dd64731", "value": "Libyan Scorpions" @@ -3911,6 +3967,15 @@ "ATK40", "G0049", "Evasive Serpens" + ], + "targeted-sector": [ + "Chemical", + "Energy", + "engineering", + "Finance", + "Government, Administration", + "Telecoms", + "Other" ] }, "related": [ @@ -4059,6 +4124,10 @@ ], "suspected-victims": [ "Ukraine" + ], + "targeted-sector": [ + "Think Tanks", + "Government, Administration" ] }, "uuid": "3d5192f2-f235-46fd-aa68-dd00cc17d632", @@ -4069,6 +4138,9 @@ "meta": { "refs": [ "https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/" + ], + "targeted-sector": [ + "Energy" ] }, "related": [