From 475dc882964838e1b9172abd5a0441db5c3a3756 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Thu, 1 Feb 2024 11:02:01 -0800 Subject: [PATCH] [threat-actors] Add Storm-1295 --- clusters/threat-actor.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 0c3e757..5b20d5a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -14437,6 +14437,20 @@ }, "uuid": "dd012c50-4f4f-4485-ac52-294a341f03e5", "value": "Phlox Tempest" + }, + { + "description": "Storm-1295 is a threat actor group that operates the Greatness phishing-as-a-service platform. They utilize synchronous relay servers to present targets with a replica of a sign-in page, resembling traditional phishing attacks. Their adversary-in-the-middle capability allows Storm-1295 to offer their services to other attackers. Active since mid-2022, Storm-1295 is tracked by Microsoft and is known for their involvement in the Greatness PhaaS platform.", + "meta": { + "refs": [ + "https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/monthly-news-july-2023/ba-p/3860740", + "https://twitter.com/MsftSecIntel/status/1696273952870367320" + ], + "synonyms": [ + "DEV-1295" + ] + }, + "uuid": "5f485e47-18ad-4302-85a1-0a390fe90dc1", + "value": "Storm-1295" } ], "version": 298