[threat-actors] Add Storm-1674

This commit is contained in:
Mathieu4141 2024-02-01 11:02:05 -08:00
parent 0b571d7e76
commit 1589a943a9

View file

@ -14696,6 +14696,17 @@
}, },
"uuid": "3e595289-05b8-43fc-bd88-f8650436447f", "uuid": "3e595289-05b8-43fc-bd88-f8650436447f",
"value": "Storm-0829" "value": "Storm-0829"
},
{
"description": "Storm-1674 is an access broker known for using tools based on the publicly available TeamsPhisher tool to distribute DarkGate malware. Storm-1674 campaigns have typically relied on phishing lures sent over Teams with malicious attachments, such as ZIP files containing a LNK file that ultimately drops DarkGate and Pikabot. In September 2023, Microsoft observed handoffs from Storm-1674 to ransomware operators that have led to Black Basta ransomware deployment.",
"meta": {
"refs": [
"https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/",
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-widely-abused-msix-app-installer-disabled-by-microsoft-active-iocs/"
]
},
"uuid": "eb7b5ed7-cf9d-4c72-8f89-a2ee070b89b6",
"value": "Storm-1674"
} }
], ],
"version": 298 "version": 298