MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 14:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #1007 from Mathieu4141/threat-actors/9f13f000-33d7-4e23-a87f-877399772e86
Some checks failed
Python application / build (3.10) (push) Has been cancelled
Details
Python application / build (3.8) (push) Has been cancelled
Details
Python application / build (3.9) (push) Has been cancelled
Details

Browse source 
[threat actors] Add 3 actors
This commit is contained in:
Alexandre Dulaunoy 2024-07-27 17:33:27 +02:00 committed by GitHub
commit 22d350172f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 33 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -591,7 +591,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
Category: *actor* - source: *MISP Project* - total: *713* elements
Category: *actor* - source: *MISP Project* - total: *716* elements
[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]

32
clusters/threat-actor.json
View file

@ -16423,6 +16423,38 @@
},
"uuid": "9565bf78-7c9c-41cd-9ed0-58031f6d8978",
"value": "UAC-0063"
},
{
"description": "Stargazer Goblin is a threat actor group that operates the Stargazers Ghost Network on GitHub, distributing malware and malicious links through multiple accounts. They utilize compromised and created accounts to evade detection and quickly replace banned components to continue their operations. The group has been estimated to have earned approximately $100,000 from their malicious activities, offering a Distribution as a Service platform for other threat actors to distribute their malware. Stargazer Goblin has been involved in distributing various malware families, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine.",
"meta": {
"refs": [
"https://research.checkpoint.com/2024/stargazers-ghost-network/"
]
},
"uuid": "a86e4a0d-95cf-4ce0-b26c-d1fbb7cc84bc",
"value": "Stargazer Goblin"
},
{
"description": "UAC-0102 is a threat actor group targeting UKR.NET users through phishing attacks. They distribute emails with HTML file attachments that redirect users to a fraudulent website to steal authentication data. Security teams can use Sigma rules to detect their phishing campaigns and leverage IOCs provided by CERT-UA to hunt for their activity in SIEM or EDR environments.",
"meta": {
"refs": [
"https://socprime.com/blog/uac-0102-phishing-attack-detection-hackers-steal-authentication-data-impersonating-the-ukr-net-web-service/",
"https://cert.gov.ua/article/4928679"
]
},
"uuid": "7dd2e8ee-4232-43f5-9866-006160f19aea",
"value": "UAC-0102"
},
{
"description": "APT45 is a North Korean cyber threat actor that has been active since at least 2009. They have conducted espionage campaigns targeting government agencies and defense industries, as well as financially-motivated operations, including ransomware development. APT45 has targeted critical infrastructure, financial organizations, nuclear research facilities, and healthcare and pharmaceutical companies. They use a mix of publicly available tools, modified malware, and custom malware families in their operations.",
"meta": {
"country": "KP",
"refs": [
"https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine"
]
},
"uuid": "02768be6-853c-4239-8fb1-823427489a86",
"value": "APT45"
}
],
"version": 312