[threat-actors] Add Mustard Tempest

This commit is contained in:
Mathieu4141 2024-02-01 11:01:57 -08:00
parent 05cf259436
commit 4388309aa0

View file

@ -14227,6 +14227,21 @@
}, },
"uuid": "fa76ce6a-f434-4d4a-817f-c4bd0a3f803c", "uuid": "fa76ce6a-f434-4d4a-817f-c4bd0a3f803c",
"value": "Carmine Tsunami" "value": "Carmine Tsunami"
},
{
"description": "Mustard Tempest is a threat actor that primarily uses malvertising as their main technique to gain access to and profile networks. They deploy FakeUpdates, disguised as browser updates or software packages, to lure targets into downloading a ZIP file containing a JavaScript file. Once executed, the JavaScript framework acts as a loader for other malware campaigns, often Cobalt Strike payloads. Mustard Tempest has been associated with the cybercrime syndicate Mustard Tempest, also known as EvilCorp, and has been involved in ransomware attacks using payloads such as WastedLocker, PhoenixLocker, and Macaw.",
"meta": {
"refs": [
"https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/",
"http://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/"
],
"synonyms": [
"DEV-0206",
"Purple Vallhund"
]
},
"uuid": "3ce9610b-2435-4c41-80d1-3f95a5ff2984",
"value": "Mustard Tempest"
} }
], ],
"version": 298 "version": 298