mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
[threat-actors] Add Storm-1674
This commit is contained in:
parent
0b571d7e76
commit
1589a943a9
1 changed files with 11 additions and 0 deletions
|
@ -14696,6 +14696,17 @@
|
|||
},
|
||||
"uuid": "3e595289-05b8-43fc-bd88-f8650436447f",
|
||||
"value": "Storm-0829"
|
||||
},
|
||||
{
|
||||
"description": "Storm-1674 is an access broker known for using tools based on the publicly available TeamsPhisher tool to distribute DarkGate malware. Storm-1674 campaigns have typically relied on phishing lures sent over Teams with malicious attachments, such as ZIP files containing a LNK file that ultimately drops DarkGate and Pikabot. In September 2023, Microsoft observed handoffs from Storm-1674 to ransomware operators that have led to Black Basta ransomware deployment.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/",
|
||||
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-widely-abused-msix-app-installer-disabled-by-microsoft-active-iocs/"
|
||||
]
|
||||
},
|
||||
"uuid": "eb7b5ed7-cf9d-4c72-8f89-a2ee070b89b6",
|
||||
"value": "Storm-1674"
|
||||
}
|
||||
],
|
||||
"version": 298
|
||||
|
|
Loading…
Reference in a new issue