mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
[threat-actors] Add Earth Krahang
This commit is contained in:
parent
bef50816a4
commit
38d0804f9c
1 changed files with 12 additions and 0 deletions
|
@ -15367,6 +15367,18 @@
|
||||||
},
|
},
|
||||||
"uuid": "d4004926-bf12-4cfe-b141-563c8ffb304a",
|
"uuid": "d4004926-bf12-4cfe-b141-563c8ffb304a",
|
||||||
"value": "Earth Kapre"
|
"value": "Earth Kapre"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Earth Krahang is an APT group targeting government organizations worldwide. They use spear-phishing emails, weak internet-facing servers, and custom backdoors like Cobalt Strike, RESHELL, and XDealer to conduct cyber espionage. The group creates VPN servers on infected systems, employs brute force attacks on email accounts, and exploits compromised government infrastructure to attack other governments. Earth Krahang has been linked to another China-linked actor, Earth Lusca, and is believed to be part of a specialized task force for cyber espionage against government institutions.",
|
||||||
|
"meta": {
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-china-linked-earth-krahang-apt-breached-70-organizations-in-23-nations-active-iocs",
|
||||||
|
"https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "8cfc9653-51bc-40f1-a267-78a1b8c763f6",
|
||||||
|
"value": "Earth Krahang"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 304
|
"version": 304
|
||||||
|
|
Loading…
Reference in a new issue