MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 07:17:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #970 from Mathieu4141/threat-actors/f2209789-2fa7-4909-9abd-6c6d32bb9213

Browse source 
[threat-actors] Add 1 actor and 1 alias
This commit is contained in:
Alexandre Dulaunoy 2024-05-02 17:30:45 +02:00 committed by GitHub
commit 66499aaa60
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
clusters/threat-actor.json
View file

@ -10497,7 +10497,9 @@
"https://unit42.paloaltonetworks.com/atoms/nascentursa/", "https://unit42.paloaltonetworks.com/atoms/nascentursa/",
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/", "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/",
"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/" "https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/",
"https://circleid.com/posts/20230412-probing-lorec53-phishing-through-the-dns-microscope",
"https://nsfocusglobal.com/wp-content/uploads/2021/11/Analysis-Report-on-Lorec53-Group.pdf"
], ],
"synonyms": [ "synonyms": [
"UNC2589", "UNC2589",
@ -10508,7 +10510,8 @@
"FROZENVISTA", "FROZENVISTA",
"Storm-0587", "Storm-0587",
"DEV-0587", "DEV-0587",
"Saint Bear" "Saint Bear",
"Lorec53"
] ]
}, },
"uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f", "uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",
@ -15932,6 +15935,16 @@
}, },
"uuid": "d6882fb9-d1e4-4cec-889c-5423c772d199", "uuid": "d6882fb9-d1e4-4cec-889c-5423c772d199",
"value": "USDoD" "value": "USDoD"
},
{
"description": "Water Orthrus is a threat actor known for distributing CopperStealer and CopperPhish malware. They target Microsoft 365 users with phishing campaigns to steal credit card information. The actor has evolved their malware to include rootkits for stealthy installations and has shifted their focus from personal information to cryptocurrency and credit card data. Water Orthrus has been linked to the Scranos campaign reported in 2019.",
"meta": {
"refs": [
"https://www.trendmicro.com/en_us/research/23/e/water-orthrus-new-campaigns-deliver-rootkit-and-phishing-modules.html"
]
},
"uuid": "19ddf2b0-9cfb-430f-8919-49205cbec863",
"value": "Water Orthrus"
} }
], ],
"version": 308 "version": 308