{
    "type": "bundle",
    "id": "bundle--cfa888f4-d07f-4399-9774-9e7bed10e2f9",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-03-08T22:07:25.123Z",
            "name": "APT33",
            "description": "[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors. (Citation: FireEye APT33 Sept 2017) (Citation: FireEye APT33 Webinar Sept 2017)",
            "aliases": [
                "APT33",
                "HOLMIUM",
                "Elfin"
            ],
            "x_mitre_deprecated": false,
            "x_mitre_version": "1.4",
            "x_mitre_contributors": [
                "Dragos  Threat  Intelligence"
            ],
            "type": "intrusion-set",
            "id": "intrusion-set--fbd29c89-18ba-4c2d-b792-51c0adee049f",
            "created": "2018-04-18T17:59:24.739Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0064",
                    "external_id": "G0064"
                },
                {
                    "source_name": "APT33",
                    "description": "(Citation: FireEye APT33 Sept 2017) (Citation: FireEye APT33 Webinar Sept 2017)"
                },
                {
                    "source_name": "HOLMIUM",
                    "description": "(Citation: Microsoft Holmium June 2020)"
                },
                {
                    "source_name": "Elfin",
                    "description": "(Citation: Symantec Elfin Mar 2019)"
                },
                {
                    "source_name": "FireEye APT33 Webinar Sept 2017",
                    "description": "Davis, S. and Carr, N. (2017, September 21). APT33: New Insights into Iranian Cyber Espionage Group. Retrieved February 15, 2018.",
                    "url": "https://www.brighttalk.com/webcast/10703/275683"
                },
                {
                    "source_name": "Microsoft Holmium June 2020",
                    "description": "Microsoft Threat Protection Intelligence Team. (2020, June 18). Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint. Retrieved June 22, 2020.",
                    "url": "https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/"
                },
                {
                    "source_name": "FireEye APT33 Sept 2017",
                    "description": "O'Leary, J., et al. (2017, September 20). Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware. Retrieved February 15, 2018.",
                    "url": "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html"
                },
                {
                    "source_name": "Symantec Elfin Mar 2019",
                    "description": "Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.",
                    "url": "https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_domains": [
                "enterprise-attack",
                "ics-attack"
            ],
            "x_mitre_attack_spec_version": "3.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}