mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
[threat-actors] Add Carmine Tsunami
This commit is contained in:
parent
1b6a5e8b17
commit
0e47e27879
1 changed files with 16 additions and 0 deletions
|
@ -14206,6 +14206,22 @@
|
|||
},
|
||||
"uuid": "ef0d776a-51de-4965-ba1c-69ed256e0e5d",
|
||||
"value": "Pearl Sleet"
|
||||
},
|
||||
{
|
||||
"description": "Carmine Tsunami is a threat actor linked to an Israel-based private sector offensive actor called QuaDream. QuaDream sells a platform called REIGN to governments for law enforcement purposes, which includes exploits, malware, and infrastructure for data exfiltration from mobile devices. Carmine Tsunami is associated with the iOS malware called KingsPawn and has targeted civil society victims, including journalists, political opposition figures, and NGO workers, in various regions. They utilize domain registrars and inexpensive cloud hosting providers, often using single domains per IP address and deploying free Let's Encrypt SSL certificates.",
|
||||
"meta": {
|
||||
"country": "IL",
|
||||
"refs": [
|
||||
"https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/",
|
||||
"https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers/"
|
||||
],
|
||||
"synonyms": [
|
||||
"DEV-0196",
|
||||
"QuaDream"
|
||||
]
|
||||
},
|
||||
"uuid": "fa76ce6a-f434-4d4a-817f-c4bd0a3f803c",
|
||||
"value": "Carmine Tsunami"
|
||||
}
|
||||
],
|
||||
"version": 298
|
||||
|
|
Loading…
Reference in a new issue