MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2025-02-17 01:06:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add DEV-0147 https://twitter.com/MsftSecIntel/status/1625181255754039318

Browse source
This commit is contained in:
Rony 2023-02-25 20:18:09 +00:00
parent cf727f034c
commit 50624af741
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
clusters/threat-actor.json
View file

@ -10270,6 +10270,22 @@
], ],
"uuid": "9687a6a9-0a66-4373-b546-60553857a442", "uuid": "9687a6a9-0a66-4373-b546-60553857a442",
"value": "TA2536" "value": "TA2536"
},
{
"description": "DEV-0147 is a China-based cyber espionage actor was observed compromising diplomatic targets in South America, a notable expansion of the group's data exfiltration operations that traditionally targeted gov't agencies and think tanks in Asia and Europe. DEV-0147 is known to use tools like ShadowPad, a remote access trojan associated with other China-based actors, to maintain persistent access, and QuasarLoader, a webpack loader, to deploy additional malware. DEV-0147's attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for recon and lateral movement, and the use of Cobalt Strike for command and control and data exfiltration.",
"meta": {
"cfr-suspected-victims": [
"South America",
"Asia",
"European Union"
],
"country": "CN",
"references": [
"https://twitter.com/MsftSecIntel/status/1625181255754039318"
]
},
"uuid": "85f20141-1c8e-49ac-b963-eaa1fb1f4018",
"value": "DEV-0147"
} }
], ],
"version": 260 "version": 260