MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add Cold River Threat actor

Browse source
This commit is contained in:
Deborah Servili 2019-01-17 09:44:09 +01:00
parent 5d61a75886
commit 3bdbd6646b
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1
1 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
clusters/threat-actor.json
View file

@ -6179,7 +6179,21 @@
}, },
"uuid": "d8e1762a-0063-48c2-9ea1-8d176d14b70f", "uuid": "d8e1762a-0063-48c2-9ea1-8d176d14b70f",
"value": "STARDUST CHOLLIMA" "value": "STARDUST CHOLLIMA"
},
{
"description": "In short, “Cold River” is a sophisticated threat (actor) that utilizes DNS subdomain hijacking, certificate spoofing, and covert tunneled command and control traffic in combination with complex and convincing lure documents and custom implants.",
"meta": {
"refs": [
"https://www.lastline.com/labsblog/threat-actor-cold-river-network-traffic-analysis-and-a-deep-dive-on-agent-drable/"
],
"synonyms": [
"Nahr Elbard",
"Nahr el bared"
]
},
"uuid": "7d99d2f7-adf0-44e4-9044-d18ff6842a16",
"value": "Cold River"
} }
], ],
"version": 86 "version": 87
} }