[threat-actors] Add REF2924

This commit is contained in:
Mathieu4141 2023-11-06 05:26:26 -08:00
parent 18811f8056
commit 4a3968e873

View file

@ -12463,6 +12463,18 @@
}, },
"uuid": "64234b2e-0c78-466d-8253-0df339f99f5f", "uuid": "64234b2e-0c78-466d-8253-0df339f99f5f",
"value": "REF5961" "value": "REF5961"
},
{
"description": "A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the researchers — in attacks against victims operating in southern and southeast Asia.According to a blog post by Elastic senior security research engineer Remco Sprooten, in that region of the world, network-based detection and prevention technologies are the de facto method for securing many environments.",
"meta": {
"country": "CN",
"refs": [
"https://www.elastic.co/security-labs/ref2924-howto-maintain-persistence-as-an-advanced-threat",
"https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set"
]
},
"uuid": "c46ed7e9-3949-4c57-ab14-177d88f27e2c",
"value": "REF2924"
} }
], ],
"version": 289 "version": 289