MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[threat-actors] Add SongXY

Browse source
This commit is contained in:
Mathieu4141 2024-10-07 03:58:02 -07:00
parent 182102f738
commit 2137a86586
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
clusters/threat-actor.json
View file

@ -16957,6 +16957,17 @@
}, },
"uuid": "a798eb63-b0b2-4da5-8a9e-d6e821f775eb", "uuid": "a798eb63-b0b2-4da5-8a9e-d6e821f775eb",
"value": "CeranaKeeper" "value": "CeranaKeeper"
},
{
"description": "SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2018-0798 vulnerability in Microsoft Equation Editor. In one instance, they sent a document containing a link to an attacker-controlled server, which automatically triggered upon opening, allowing them to gather information about the target's system configuration.",
"meta": {
"refs": [
"https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/",
"http://www.ptsecurity.com/upload/corporate/ww-en/analytics/APT-Attacks-eng.pdf"
]
},
"uuid": "439a65b0-c4b4-4a09-a9c9-2c70476574ab",
"value": "SongXY"
} }
], ],
"version": 316 "version": 316