mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
add DangerousSavanna campaign
This commit is contained in:
parent
77db2370b1
commit
0440db12e9
1 changed files with 21 additions and 1 deletions
|
@ -9714,7 +9714,27 @@
|
||||||
},
|
},
|
||||||
"uuid": "fa1fdccb-1a06-4607-bd45-1a7df4db02d7",
|
"uuid": "fa1fdccb-1a06-4607-bd45-1a7df4db02d7",
|
||||||
"value": "Aoqin Dragon"
|
"value": "Aoqin Dragon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Malicious campaign called DangerousSavanna has been targeting multiple major financial service groups in French-speaking Africa for the last two years. The threat actors behind this campaign use spear-phishing as a means of initial infection, sending emails with malicious attachments to the employees of financial institutions in at least five different French-speaking countries: Ivory Coast, Morocco, Cameroon, Senegal, and Togo.\nDangerousSavanna tends to install relatively unsophisticated software tools in the infected environments. These tools are both self-written and based on open-source projects such as Metasploit, PoshC2, DWservice, and AsyncRAT. The threat actors’ creativity is on display in the initial infection stage, as they persistently pursue the employees of the targeted companies, constantly changing infection chains that utilize a wide range of malicious file types, from self-written executable loaders and malicious documents, to ISO, LNK, JAR and VBE files in various combinations. The evolving infection chains by the threat actor reflect the changes in the threat landscape seen over the past few years as infection vectors became more and more sophisticated and diverse.",
|
||||||
|
"meta": {
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"Ivory Coast",
|
||||||
|
"Morocco",
|
||||||
|
"Cameroon",
|
||||||
|
"Senegal",
|
||||||
|
"Togo"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://research.checkpoint.com/2022/dangeroussavanna-two-year-long-campaign-targets-financial-institutions-in-french-speaking-africa/"
|
||||||
|
],
|
||||||
|
"threat-actor-classification": [
|
||||||
|
"campaign"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "1bb64526-cc51-475a-b6bc-af30df9f2fb6",
|
||||||
|
"value": "DangerousSavanna"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 245
|
"version": 246
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue