From 22d3ea5ebfa3394785cf5bcd9de6cba8581d01dc Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Thu, 1 Feb 2024 11:02:02 -0800 Subject: [PATCH] [threat-actors] Add Storm-1044 --- clusters/threat-actor.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index d709522..85fe4e9 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -14486,6 +14486,19 @@ }, "uuid": "5f71a9ea-511d-4fdd-9807-271ef613f488", "value": "Opal Sleet" + }, + { + "description": "Storm-1044 has been identified as part of a cyber campaign in collaboration with Twisted Spider. They employ a strategic approach, targeting specific endpoints using an initial access trojan called DanaBot. Once they gain access, Storm-1044 initiates lateral movement through Remote Desktop Protocol sign-in attempts, passing control to Twisted Spider. Twisted Spider then compromises the endpoints by introducing the CACTUS ransomware. Microsoft has detected ongoing malvertising attacks involving Storm-1044, leading to the deployment of CACTUS ransomware.", + "meta": { + "refs": [ + "https://twitter.com/MsftSecIntel/status/1730383711437283757" + ], + "synonyms": [ + "DEV-1044" + ] + }, + "uuid": "5ec7a98e-9725-4f87-8a6e-91e2b4ba04ac", + "value": "Storm-1044" } ], "version": 298