MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2025-01-18 18:46:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add EC2 Grouper

Browse source
This commit is contained in:
Mathieu4141 2025-01-09 03:10:46 -08:00
parent 3eb10afba9
commit 380e9c1e86
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
clusters/threat-actor.json
View file

@ -17644,6 +17644,16 @@
}, },
"uuid": "80872d9a-1d0c-4c12-9543-feca1fbd2ac2", "uuid": "80872d9a-1d0c-4c12-9543-feca1fbd2ac2",
"value": "CoughingDown" "value": "CoughingDown"
},
{
"description": "EC2 Grouper is a prolific threat actor known for leveraging AWS tools for PowerShell to conduct automated attacks in cloud environments. They typically utilize the CreateSecurityGroup API to establish remote access and exhibit a consistent security group naming convention. Credential acquisition is believed to stem from compromised cloud access keys, often sourced from public code repositories. Notably, their activities do not include calls to AuthorizeSecurityGroupIngress, suggesting a selective approach to escalation.",
"meta": {
"refs": [
"https://www.fortinet.com/blog/threat-research/catching-ec2-grouper-no-indicators-required"
]
},
"uuid": "7f7b20e7-e704-4b47-b230-b5d232493fce",
"value": "EC2 Grouper"
} }
], ],
"version": 322 "version": 322