mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 08:47:18 +00:00
[threat-actors] Add TA455
This commit is contained in:
parent
74323acdfe
commit
56a2a330d1
1 changed files with 11 additions and 0 deletions
|
@ -17422,6 +17422,17 @@
|
||||||
},
|
},
|
||||||
"uuid": "0f4c942f-9491-4844-b782-4ee65033c7e0",
|
"uuid": "0f4c942f-9491-4844-b782-4ee65033c7e0",
|
||||||
"value": "SilkSpecter"
|
"value": "SilkSpecter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "TA455 is an Iranian APT group targeting the aerospace industry through a campaign known as the “Iranian Dream Job Campaign,” utilizing deceptive job offers to lure victims. They employ spearphishing tactics with malicious ZIP files containing the executable “secur32[.]dll” and disguise their C2 communications within the traffic of reputable services like Cloudflare and GitHub. The group intentionally mimics the TTPs of the North Korean Lazarus group to mislead investigators and complicate attribution. Their multi-stage infection strategy enhances the likelihood of success while evading detection.",
|
||||||
|
"meta": {
|
||||||
|
"country": "IR",
|
||||||
|
"refs": [
|
||||||
|
"https://informationsecuritybuzz.com/iranian-dream-job-aerospace/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "c2f1f2e3-9573-49be-b01e-6ffff9a9571b",
|
||||||
|
"value": "TA455"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 320
|
"version": 320
|
||||||
|
|
Loading…
Reference in a new issue