mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
[threat-actors] Add Mustard Tempest
This commit is contained in:
parent
05cf259436
commit
4388309aa0
1 changed files with 15 additions and 0 deletions
|
@ -14227,6 +14227,21 @@
|
||||||
},
|
},
|
||||||
"uuid": "fa76ce6a-f434-4d4a-817f-c4bd0a3f803c",
|
"uuid": "fa76ce6a-f434-4d4a-817f-c4bd0a3f803c",
|
||||||
"value": "Carmine Tsunami"
|
"value": "Carmine Tsunami"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Mustard Tempest is a threat actor that primarily uses malvertising as their main technique to gain access to and profile networks. They deploy FakeUpdates, disguised as browser updates or software packages, to lure targets into downloading a ZIP file containing a JavaScript file. Once executed, the JavaScript framework acts as a loader for other malware campaigns, often Cobalt Strike payloads. Mustard Tempest has been associated with the cybercrime syndicate Mustard Tempest, also known as EvilCorp, and has been involved in ransomware attacks using payloads such as WastedLocker, PhoenixLocker, and Macaw.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/",
|
||||||
|
"http://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0206",
|
||||||
|
"Purple Vallhund"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "3ce9610b-2435-4c41-80d1-3f95a5ff2984",
|
||||||
|
"value": "Mustard Tempest"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 298
|
"version": 298
|
||||||
|
|
Loading…
Reference in a new issue