MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 15:27:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #241 from 3c7/threat-actor/darkhydrus

Browse source 
Added DarkHydrus
This commit is contained in:
Andras Iklody 2018-08-06 08:39:16 +02:00 committed by GitHub
commit 38f559a3ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
clusters/threat-actor.json
View file

@ -3777,6 +3777,16 @@
"https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/" "https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/"
] ]
} }
},
{
"value": "DarkHydrus",
"description": "In July 2018, Unit 42 analyzed a targeted attack using a novel file type against at least one government agency in the Middle East. It was carried out by a previously unpublished threat group we track as DarkHydrus. Based on our telemetry, we were able to uncover additional artifacts leading us to believe this adversary group has been in operation with their current playbook since early 2016. This attack diverged from previous attacks we observed from this group as it involved spear-phishing emails sent to targeted organizations with password protected RAR archive attachments that contained malicious Excel Web Query files (.iqy).",
"uuid": "ce2c2dfd-2445-4fbc-a747-9e7092e383f9",
"meta": {
"refs": [
"https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
]
}
} }
], ],
"name": "Threat actor", "name": "Threat actor",