MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 00:37:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add CeranaKeeper

Browse source
This commit is contained in:
Mathieu4141 2024-10-07 03:58:02 -07:00
parent dfe6e6dfab
commit 182102f738
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
clusters/threat-actor.json
View file

@ -16946,6 +16946,17 @@
},
"uuid": "b3a4c34f-0ad6-4083-938a-958deb34b6c7",
"value": "Awaken Likho"
},
{
"description": "CeranaKeeper is a China-aligned APT that has been active since at least early 2022, primarily targeting governmental institutions in Asian countries. The group employs custom backdoors like TONESHELL and OneDoor, leveraging cloud services such as Dropbox and OneDrive for data exfiltration. CeranaKeeper utilizes techniques like side-loading, brute-force attacks, and the deployment of BAT scripts to extend its reach within compromised networks. Their operations are characterized by a relentless pursuit of sensitive data, adapting their toolset and methods to evade detection.",
"meta": {
"country": "CN",
"refs": [
"https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/"
]
},
"uuid": "a798eb63-b0b2-4da5-8a9e-d6e821f775eb",
"value": "CeranaKeeper"
}
],
"version": 316