mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 00:37:18 +00:00
[threat-actors] Add CeranaKeeper
This commit is contained in:
parent
dfe6e6dfab
commit
182102f738
1 changed files with 11 additions and 0 deletions
|
@ -16946,6 +16946,17 @@
|
||||||
},
|
},
|
||||||
"uuid": "b3a4c34f-0ad6-4083-938a-958deb34b6c7",
|
"uuid": "b3a4c34f-0ad6-4083-938a-958deb34b6c7",
|
||||||
"value": "Awaken Likho"
|
"value": "Awaken Likho"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "CeranaKeeper is a China-aligned APT that has been active since at least early 2022, primarily targeting governmental institutions in Asian countries. The group employs custom backdoors like TONESHELL and OneDoor, leveraging cloud services such as Dropbox and OneDrive for data exfiltration. CeranaKeeper utilizes techniques like side-loading, brute-force attacks, and the deployment of BAT scripts to extend its reach within compromised networks. Their operations are characterized by a relentless pursuit of sensitive data, adapting their toolset and methods to evade detection.",
|
||||||
|
"meta": {
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "a798eb63-b0b2-4da5-8a9e-d6e821f775eb",
|
||||||
|
"value": "CeranaKeeper"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 316
|
"version": 316
|
||||||
|
|
Loading…
Reference in a new issue