update threat actor galaxy based on https://www.fireeye.com/content/d…

…am/collateral/en/mtrends-2018.pdf
MISP · Apr 9, 2018 · 8596ff3 · 8596ff3
1 parent aae5364
commit 8596ff3
Showing 1 changed file with 36 additions and 3 deletions.
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
@@ -1834,7 +1834,8 @@
           "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html",
           "https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/",
           "https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/",
-          "https://www.brighttalk.com/webcast/10703/261205"
+          "https://www.brighttalk.com/webcast/10703/261205",
+          "https://github.com/eset/malware-research/tree/master/oceanlotus"
         ]
       },
       "value": "APT32",
@@ -2490,7 +2491,39 @@
           "TEMP.Periscope"
         ],
         "country": "CN"
-      }
+      },
+      "uuid": "5b4b6980-3bc7-11e8-84d6-879aaac37dd9"
+    },
+    {
+      "value": "APT34",
+      "description": "Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries. Repeated targeting of Middle Eastern financial, energy and government organizations leads FireEye to assess that those sectors are a primary concern of APT34. The use of infrastructure tied to Iranian operations, timing and alignment with the national interests of Iran also lead FireEye to assess that APT34 acts on behalf of the Iranian government.",
+      "meta": {
+        "refs": [
+          "https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf",
+          "https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/  ",
+          "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html"
+        ],
+        "synonyms": [
+          "APT 34"
+        ],
+        "country": "IR"
+      },
+      "uuid": "73a521f6-3bc7-11e8-9e30-df7c90e50dda"
+    },
+    {
+      "value": "APT35",
+      "description": "FireEye has identified APT35 operations dating back to 2014. APT35, also known as the Newscaster Team, is a threat group sponsored by the Iranian government that conducts long term, resource-intensive operations to collect strategic intelligence. APT35 typically targets U.S. and the Middle Eastern military, diplomatic and government personnel, organizations in the media, energy and defense industrial base (DIB), and engineering, business services and telecommunications sectors.",
+      "meta": {
+        "refs": [
+          "https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf"
+        ],
+        "synonyms": [
+          "APT 35",
+          "Newscaster Team"
+        ],
+        "country": "IR"
+      },
+      "uuid": "b8967b3c-3bc9-11e8-8701-8b1ead8c099e"
     }
   ],
   "name": "Threat actor",
@@ -2505,5 +2538,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 35
+  "version": 36
 }