mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
[threat-actors] Add RUBYCARP
This commit is contained in:
parent
9f33bdc13c
commit
64533dba91
1 changed files with 11 additions and 0 deletions
|
@ -15609,6 +15609,17 @@
|
||||||
},
|
},
|
||||||
"uuid": "20927a3f-d011-4e22-8268-0938d6816a13",
|
"uuid": "20927a3f-d011-4e22-8268-0938d6816a13",
|
||||||
"value": "CoralRaider"
|
"value": "CoralRaider"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "RUBYCARP is a financially-motivated threat actor group likely based in Romania, with a history of at least 10 years of activity. They operate a botnet using public exploits and brute force attacks, communicating via public and private IRC networks. RUBYCARP targets vulnerabilities in frameworks like Laravel and WordPress, as well as conducting phishing operations to steal financial assets. They use a variety of tools, including the Perl Shellbot, for post-exploitation activities and have a diverse set of illicit income streams.",
|
||||||
|
"meta": {
|
||||||
|
"country": "RO",
|
||||||
|
"refs": [
|
||||||
|
"https://sysdig.com/blog/rubycarp-romanian-botnet-group/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "2742b229-02f4-40d0-9b99-91844a2b030e",
|
||||||
|
"value": "RUBYCARP"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 305
|
"version": 305
|
||||||
|
|
Loading…
Reference in a new issue