MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2025-01-18 10:36:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add CoughingDown

Browse source
This commit is contained in:
Mathieu4141 2025-01-09 03:10:46 -08:00
parent 1a706d11ea
commit 3eb10afba9
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
clusters/threat-actor.json
View file

@ -17634,6 +17634,16 @@
},
"uuid": "43e2a6bc-0b62-456a-b5ae-a40770b8b8e1",
"value": "Natohub"
},
{
"description": "CoughingDown is a threat group attributed to various cyber campaigns, including the deployment of the EAGERBEE backdoor, which utilizes service manipulation and privilege escalation techniques. The group has been linked to malware infrastructure that abuses legitimate services like MSDTC, IKEEXT, and SessionEnv to load malicious DLLs, including oci.dll. Analysis of supply-chain attacks, particularly involving Trojanized packages, has revealed similarities between CoughingDown malware and post-compromise tools used in these incidents. Evidence such as consistent service creation and C2 domain overlap further supports the connection between EAGERBEE and CoughingDown.",
"meta": {
"refs": [
"https://securelist.com/eagerbee-backdoor/115175/"
]
},
"uuid": "80872d9a-1d0c-4c12-9543-feca1fbd2ac2",
"value": "CoughingDown"
}
],
"version": 322