mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
[threat-actors] Add SongXY
This commit is contained in:
parent
182102f738
commit
2137a86586
1 changed files with 11 additions and 0 deletions
|
@ -16957,6 +16957,17 @@
|
|||
},
|
||||
"uuid": "a798eb63-b0b2-4da5-8a9e-d6e821f775eb",
|
||||
"value": "CeranaKeeper"
|
||||
},
|
||||
{
|
||||
"description": "SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2018-0798 vulnerability in Microsoft Equation Editor. In one instance, they sent a document containing a link to an attacker-controlled server, which automatically triggered upon opening, allowing them to gather information about the target's system configuration.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/",
|
||||
"http://www.ptsecurity.com/upload/corporate/ww-en/analytics/APT-Attacks-eng.pdf"
|
||||
]
|
||||
},
|
||||
"uuid": "439a65b0-c4b4-4a09-a9c9-2c70476574ab",
|
||||
"value": "SongXY"
|
||||
}
|
||||
],
|
||||
"version": 316
|
||||
|
|
Loading…
Reference in a new issue