MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 16:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add Storm Cloud

Browse source
This commit is contained in:
Mathieu4141 2023-11-20 09:29:06 -08:00
parent c4142b2ee7
commit 4c9063b772
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
clusters/threat-actor.json
View file

@ -13317,6 +13317,18 @@
}, },
"uuid": "ad8b73df-c526-4a32-b52f-c7c3c4c058d2", "uuid": "ad8b73df-c526-4a32-b52f-c7c3c4c058d2",
"value": "OldGremlin" "value": "OldGremlin"
},
{
"description": "Storm Cloud is a Chinese espionage threat actor known for targeting organizations across Asia, particularly Tibetan organizations and individuals. They use a variety of malware families, including GIMMICK and GOSLU, which are feature-rich and multi-platform. Storm Cloud leverages public cloud hosting services like Google Drive for command-and-control channels, making it difficult to detect their activities.",
"meta": {
"country": "CN",
"refs": [
"https://www.volexity.com/blog/2020/03/31/storm-cloud-unleashed-tibetan-community-focus-of-highly-targeted-fake-flash-campaign/",
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-gimmick-malware-active-iocs"
]
},
"uuid": "3baec27f-3827-4a38-82c8-7195a18193f9",
"value": "Storm Cloud"
} }
], ],
"version": 294 "version": 294