mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
[threat-actors] Add Unfading Sea Haze
This commit is contained in:
parent
f1bbd96d84
commit
4e6fa2191a
1 changed files with 12 additions and 0 deletions
|
@ -16019,6 +16019,18 @@
|
||||||
},
|
},
|
||||||
"uuid": "9d218bb3-fc59-43e0-a273-a0a0fb5c463e",
|
"uuid": "9d218bb3-fc59-43e0-a273-a0a0fb5c463e",
|
||||||
"value": "RansomHub"
|
"value": "RansomHub"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Unfading Sea Haze is a threat actor focused on espionage, targeting government and military organizations in the South China Sea region since 2018. They employ spear-phishing emails with malicious attachments to gain initial access, followed by the deployment of custom malware such as Gh0st RAT variants and SharpJSHandler. The group utilizes scheduled tasks and manipulates local administrator accounts for persistence, while also incorporating Remote Monitoring and Management tools into their attacks. Unfading Sea Haze demonstrates a sophisticated and patient approach, remaining undetected for years and showing adaptability through evolving exfiltration tactics and malware arsenal.",
|
||||||
|
"meta": {
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://www.securityweek.com/newly-detected-chinese-group-targeting-military-government-entities/",
|
||||||
|
"https://www.bleepingcomputer.com/news/security/unfading-sea-haze-hackers-hide-on-military-and-govt-networks-for-6-years/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "58e75098-8edc-48ce-b1de-c1a8647e33d3",
|
||||||
|
"value": "Unfading Sea Haze"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 310
|
"version": 310
|
||||||
|
|
Loading…
Reference in a new issue