MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add STORM-1849

Browse source
This commit is contained in:
Mathieu4141 2024-04-26 09:01:34 -07:00
parent c8c55a84b7
commit 2bf2bad2a9
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
clusters/threat-actor.json
View file

@ -15917,6 +15917,19 @@
},
"uuid": "97a10d3b-5cb5-4df9-856c-515994f3e953",
"value": "ArcaneDoor"
},
{
"description": "UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called \"Line Runner\" and \"Line Dancer.\" The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.",
"meta": {
"refs": [
"https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/"
],
"synonyms": [
"UAT4356"
]
},
"uuid": "3d94ef07-9fd6-4d64-bf1e-f1316f2686a4",
"value": "STORM-1849"
}
],
"version": 308