added ELECTRUM to threat-actor.json (afaik not confirmed as an alias atm)

2025-01-18 18:46:17 +00:00 · 2017-06-13 13:25:16 +02:00 · 2017-06-13 13:25:16 +02:00 · ff4f428bc1
commit ff4f428bc1
parent 9924a8875c
1 changed files with 11 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -1565,6 +1565,16 @@
          "https://blogs.technet.microsoft.com/mmpc/2016/04/26/digging-deep-for-platinum/"
        ]
      }
+    },
+    {
+      "value": "ELECTRUM",
+      "description": "Dragos, Inc. tracks the adversary group behind CRASHOVERRIDE as ELECTRUM and assesses with high confidence through confidential sources that ELECTRUM has direct ties to the Sandworm team. Our intelligence ICS WorldView customers have received a comprehensive report and this industry report will not get into sensitive technical details but instead focus on information needed for defense and impact awareness.",
+      "meta": {
+        "refs": [
+          "https://dragos.com/blog/crashoverride/CrashOverride-01.pdf",
+          "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf"
+        ]
+      }
    }
  ],
  "name": "Threat actor",
@ -1579,5 +1589,5 @@
  ],
  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
  "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 23
+  "version": 24
 }