[threat-actors] Add TunnelSnake

This commit is contained in:
Mathieu4141 2023-12-01 16:21:53 -08:00
parent dbbb075b1c
commit 6c2cb8979f

View file

@ -13602,6 +13602,18 @@
},
"uuid": "89f5a5cb-514f-46db-8959-6bb9aa991e9f",
"value": "WildPressure"
},
{
"description": "The TunnelSnake campaign demonstrates the activity of a sophisticated actor that invests significant resources in designing an evasive toolset and infiltrating networks of high-profile organizations. By leveraging Windows drivers, covert communications channels and proprietary malware, the group behind it maintains a considerable level of stealth. That said, some of its TTPs, like the usage of a commodity webshell and open-source legacy code for loading unsigned drivers, may get detected and in fact were flagged by Kaspersky's product, giving them visibility into the groups operation.",
"meta": {
"country": "CN",
"refs": [
"https://www.redpacketsecurity.com/operation-tunnelsnake/",
"https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/"
]
},
"uuid": "f0bb3d3a-c012-4d12-b621-51192977f190",
"value": "TunnelSnake"
}
],
"version": 295