Merge pull request #866 from Mathieu4141/actors/add-storm-0324

[threat-actors] Add Storm-0324
2025-01-31 08:58:26 +00:00 · 2023-09-16 11:02:33 +02:00 · 2023-09-16 11:02:33 +02:00 · 5d78834520
commit 5d78834520
parent 458ae78a72 e2fd005821
1 changed files with 25 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -11741,6 +11741,31 @@
      },
      "uuid": "01ac8b25-492e-444b-891b-968f2694e7b2",
      "value": "MoustachedBouncer"
+    },
+    {
+      "description": "The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment.",
+      "meta": {
+        "references": [
+          "https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/",
+          "https://www.proofpoint.com/us/blog/threat-insight/jssloader-recoded-and-reloaded"
+        ],
+        "synonyms": [
+          "DEV-0324",
+          "Sagrid",
+          "TA543"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "5db89188-568d-40d2-9320-5fb4a06fbd51",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        }
+      ],
+      "uuid": "8cb6f57b-9ebb-45a6-a89f-9efdb8065d70",
+      "value": "Storm-0324"
    }
  ],
  "version": 282