From 483f532613836e2adcdfd712c853abe3ab97daa4 Mon Sep 17 00:00:00 2001 From: Rony <49360849+r0ny123@users.noreply.github.com> Date: Tue, 24 Sep 2024 05:07:30 +0000 Subject: [PATCH] chg: [threat-actor] fix typo --- clusters/threat-actor.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 76e932d..69e020d 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16690,7 +16690,7 @@ "value": "HikkI-Chan" }, { - "description": "Earth Baxia is a threat actor opearting ot of China, targeting government organizations in Taiwan and potentially across the APAC region, using spear-phishing emails and exploiting the GeoServer vulnerability CVE-2024-36401 for remote code execution, deploying customized Cobalt Strike components with altered signatures, leveraging GrimResource and AppDomainManager injection techniques to deliver additional payloads, and utilizing a new backdoor named EAGLEDOOR for multi-protocol communication and payload delivery.", + "description": "Earth Baxia is a threat actor opearting out of China, targeting government organizations in Taiwan and potentially across the APAC region, using spear-phishing emails and exploiting the GeoServer vulnerability CVE-2024-36401 for remote code execution, deploying customized Cobalt Strike components with altered signatures, leveraging GrimResource and AppDomainManager injection techniques to deliver additional payloads, and utilizing a new backdoor named EAGLEDOOR for multi-protocol communication and payload delivery.", "meta": { "country": "CN", "refs": [