From e481e9bb50d634f86944e52f0075bd537da31fb5 Mon Sep 17 00:00:00 2001 From: Daniel Plohmann Date: Thu, 13 Feb 2020 17:44:45 +0100 Subject: [PATCH] adding APT-C-12 --- clusters/threat-actor.json | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 6ced57c..00da6c4 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -7923,7 +7923,32 @@ }, "uuid": "443faf38-ad93-4421-8a53-47ad84b195fa", "value": "DePriMon" + }, + { + "description": "According to 360 TIC the actor has carried out continuous cyber espionage activities since 2011 on key units and departments of the Chinese government, military industry, scientific research, and finance. The organization focuses on information related to the nuclear industry and scientific research. The targets were mainly concentrated in mainland China...[M]ore than 670 malware samples have been collected from the group, including more than 60 malicious plugins specifically for lateral movement; more than 40 C2 domain names and IPs related to the organization have also been discovered.", + "meta": { + "cfr-target-category": [ + "Private sector", + "Government", + "Military", + "Scientific Research", + "Finance" + ], + "cfr-type-of-incident": "Espionage", + "refs": [ + "https://mp.weixin.qq.com/s/S-hiGFNC6WXGrkjytAVbpA", + "https://bitofhex.com/2020/02/10/sapphire-mushroom-lnk-files/" + ], + "suspected-victims": "China", + "synonyms": [ + "Sapphire Mushroom", + "Blue Mushroom", + "NuclearCrisis" + ] + }, + "uuid": "53771ca5-f1cb-47b6-a92a-53a485307cf7", + "value": "APT-C-12" } ], - "version": 153 + "version": 154 }