mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
[threat-actors] Add SongXY
This commit is contained in:
parent
182102f738
commit
2137a86586
1 changed files with 11 additions and 0 deletions
|
@ -16957,6 +16957,17 @@
|
||||||
},
|
},
|
||||||
"uuid": "a798eb63-b0b2-4da5-8a9e-d6e821f775eb",
|
"uuid": "a798eb63-b0b2-4da5-8a9e-d6e821f775eb",
|
||||||
"value": "CeranaKeeper"
|
"value": "CeranaKeeper"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2018-0798 vulnerability in Microsoft Equation Editor. In one instance, they sent a document containing a link to an attacker-controlled server, which automatically triggered upon opening, allowing them to gather information about the target's system configuration.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/",
|
||||||
|
"http://www.ptsecurity.com/upload/corporate/ww-en/analytics/APT-Attacks-eng.pdf"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "439a65b0-c4b4-4a09-a9c9-2c70476574ab",
|
||||||
|
"value": "SongXY"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 316
|
"version": 316
|
||||||
|
|
Loading…
Reference in a new issue