Merge pull request #725 from Mathieu4141/threat-actors/add-toddy-cat

Add ToddyCat Threat actor
This commit is contained in:
Alexandre Dulaunoy 2022-06-22 10:14:45 +02:00 committed by GitHub
commit 26ba6ace82
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -9504,7 +9504,42 @@
}, },
"uuid": "4d522fad-452c-46be-94ea-5803aec9b709", "uuid": "4d522fad-452c-46be-94ea-5803aec9b709",
"value": "RansomHouse" "value": "RansomHouse"
},
{
"description": "ToddyCat is responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. There is still little information about this actor, but its main distinctive signs are two formerly unknown tools that Kaspersky call Samurai backdoor and Ninja Trojan.",
"meta": {
"cfr-suspected-victims": [
"Afghanistan",
"India",
"Indonesia",
"Iran",
"Kyrgyzstan",
"Malaysia",
"Pakistan",
"Russia",
"Slovakia",
"Taiwan",
"Thailand",
"United Kingdom",
"Uzbekistan",
"Vietnam"
],
"cfr-target-category": [
"Military",
"Government"
],
"refs": [
"https://www.bleepingcomputer.com/news/security/new-toddycat-apt-group-targets-exchange-servers-in-asia-europe/",
"https://securelist.com/toddycat/106799/",
"https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/"
],
"synonyms": [
"Websiic"
]
},
"uuid": "091a0b69-74de-44b6-bb12-16b7a8fd078b",
"value": "ToddyCat"
} }
], ],
"version": 228 "version": 229
} }