MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 00:37:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #996 from Mathieu4141/threat-actors/fc7ade34-5d19-4089-acce-65f8e103952b
Some checks failed
Python application / build (3.10) (push) Has been cancelled
Details
Python application / build (3.8) (push) Has been cancelled
Details
Python application / build (3.9) (push) Has been cancelled
Details

Browse source 
[threat actors] Add 2 actors
This commit is contained in:
Alexandre Dulaunoy 2024-07-01 17:15:18 +02:00 committed by GitHub
commit 52ed6c0f50
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 27 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -535,7 +535,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
Category: *actor* - source: *MISP Project* - total: *703* elements
Category: *actor* - source: *MISP Project* - total: *705* elements
[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]

26
clusters/threat-actor.json
View file

@ -16296,6 +16296,32 @@
},
"uuid": "849d16c8-eaa3-46e7-9c1c-179ef680922e",
"value": "IntelBroker"
},
{
"description": "DRAGONBRIDGE is a Chinese state-sponsored threat actor known for engaging in information operations to promote the political interests of the People's Republic of China. They have been observed using AI-generated images and videos to spread propaganda on social media platforms. The group has targeted various countries and regions, including the US, Taiwan, and Japan, with narratives promoting pro-PRC viewpoints. DRAGONBRIDGE has been linked to campaigns discrediting the US political system, sowing division between allies, and criticizing specific companies and individuals.",
"meta": {
"country": "CN",
"refs": [
"https://cloud.google.com/blog/topics/threat-intelligence/prc-dragonbridge-influence-elections/",
"https://quointelligence.eu/2024/06/european-election-at-risk-analysis/",
"https://blog.google/threat-analysis-group/over-50000-instances-of-dragonbridge-activity-disrupted-in-2022/"
],
"synonyms": [
"Spamouflage Dragon"
]
},
"uuid": "a4d55f94-d842-400a-acb6-dfee1c446257",
"value": "Dragonbridge"
},
{
"description": "Boolka is a threat actor known for infecting websites with malicious JavaScript scripts for data exfiltration. They have been carrying out opportunistic SQL injection attacks since at least 2022. Boolka has developed a malware delivery platform based on the BeEF framework and has been distributing the BMANAGER trojan. Their activities demonstrate a progression from basic website infections to more sophisticated malware operations.",
"meta": {
"refs": [
"https://www.group-ib.com/blog/boolka/"
]
},
"uuid": "99ad0cef-c53a-44d5-85d4-5459e59a06d5",
"value": "Boolka"
}
],
"version": 312