From 4a3968e87363181437deb5ab2a49e89b1cb76924 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Mon, 6 Nov 2023 05:26:26 -0800 Subject: [PATCH] [threat-actors] Add REF2924 --- clusters/threat-actor.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 4ef2ac3..0fc7a86 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12463,6 +12463,18 @@ }, "uuid": "64234b2e-0c78-466d-8253-0df339f99f5f", "value": "REF5961" + }, + { + "description": "A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the researchers — in attacks against victims operating in southern and southeast Asia.According to a blog post by Elastic senior security research engineer Remco Sprooten, in that region of the world, network-based detection and prevention technologies are the de facto method for securing many environments.", + "meta": { + "country": "CN", + "refs": [ + "https://www.elastic.co/security-labs/ref2924-howto-maintain-persistence-as-an-advanced-threat", + "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" + ] + }, + "uuid": "c46ed7e9-3949-4c57-ab14-177d88f27e2c", + "value": "REF2924" } ], "version": 289