From da77ee6a61e73d90c4e2b831fefc20572d90f44d Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Fri, 28 Jun 2024 02:17:32 -0700 Subject: [PATCH 1/3] [threat-actors] Add Dragonbridge --- clusters/threat-actor.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index edd2021..71c6405 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16296,6 +16296,22 @@ }, "uuid": "849d16c8-eaa3-46e7-9c1c-179ef680922e", "value": "IntelBroker" + }, + { + "description": "DRAGONBRIDGE is a Chinese state-sponsored threat actor known for engaging in information operations to promote the political interests of the People's Republic of China. They have been observed using AI-generated images and videos to spread propaganda on social media platforms. The group has targeted various countries and regions, including the US, Taiwan, and Japan, with narratives promoting pro-PRC viewpoints. DRAGONBRIDGE has been linked to campaigns discrediting the US political system, sowing division between allies, and criticizing specific companies and individuals.", + "meta": { + "country": "CN", + "refs": [ + "https://cloud.google.com/blog/topics/threat-intelligence/prc-dragonbridge-influence-elections/", + "https://quointelligence.eu/2024/06/european-election-at-risk-analysis/", + "https://blog.google/threat-analysis-group/over-50000-instances-of-dragonbridge-activity-disrupted-in-2022/" + ], + "synonyms": [ + "Spamouflage Dragon" + ] + }, + "uuid": "a4d55f94-d842-400a-acb6-dfee1c446257", + "value": "Dragonbridge" } ], "version": 312 From c82f1a4dc8ced3d5ca4d859d30a038b2b9740513 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Fri, 28 Jun 2024 02:17:32 -0700 Subject: [PATCH 2/3] [threat-actors] Add Boolka --- clusters/threat-actor.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 71c6405..10baf5a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16312,6 +16312,16 @@ }, "uuid": "a4d55f94-d842-400a-acb6-dfee1c446257", "value": "Dragonbridge" + }, + { + "description": "Boolka is a threat actor known for infecting websites with malicious JavaScript scripts for data exfiltration. They have been carrying out opportunistic SQL injection attacks since at least 2022. Boolka has developed a malware delivery platform based on the BeEF framework and has been distributing the BMANAGER trojan. Their activities demonstrate a progression from basic website infections to more sophisticated malware operations.", + "meta": { + "refs": [ + "https://www.group-ib.com/blog/boolka/" + ] + }, + "uuid": "99ad0cef-c53a-44d5-85d4-5459e59a06d5", + "value": "Boolka" } ], "version": 312 From 855a7383d8c71484cee3a417d9fbf9bbd4e40cc5 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Fri, 28 Jun 2024 02:17:32 -0700 Subject: [PATCH 3/3] [threat actors] Update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4da4a97..4c990e9 100644 --- a/README.md +++ b/README.md @@ -535,7 +535,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements [Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group. -Category: *actor* - source: *MISP Project* - total: *703* elements +Category: *actor* - source: *MISP Project* - total: *705* elements [[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]