mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
add Cold River Threat actor
This commit is contained in:
parent
5d61a75886
commit
3bdbd6646b
1 changed files with 15 additions and 1 deletions
|
@ -6179,7 +6179,21 @@
|
||||||
},
|
},
|
||||||
"uuid": "d8e1762a-0063-48c2-9ea1-8d176d14b70f",
|
"uuid": "d8e1762a-0063-48c2-9ea1-8d176d14b70f",
|
||||||
"value": "STARDUST CHOLLIMA"
|
"value": "STARDUST CHOLLIMA"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "In short, “Cold River” is a sophisticated threat (actor) that utilizes DNS subdomain hijacking, certificate spoofing, and covert tunneled command and control traffic in combination with complex and convincing lure documents and custom implants.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.lastline.com/labsblog/threat-actor-cold-river-network-traffic-analysis-and-a-deep-dive-on-agent-drable/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Nahr Elbard",
|
||||||
|
"Nahr el bared"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "7d99d2f7-adf0-44e4-9044-d18ff6842a16",
|
||||||
|
"value": "Cold River"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 86
|
"version": 87
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue