mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
[threat-actors] Add TunnelSnake
This commit is contained in:
parent
dbbb075b1c
commit
6c2cb8979f
1 changed files with 12 additions and 0 deletions
|
@ -13602,6 +13602,18 @@
|
||||||
},
|
},
|
||||||
"uuid": "89f5a5cb-514f-46db-8959-6bb9aa991e9f",
|
"uuid": "89f5a5cb-514f-46db-8959-6bb9aa991e9f",
|
||||||
"value": "WildPressure"
|
"value": "WildPressure"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "The TunnelSnake campaign demonstrates the activity of a sophisticated actor that invests significant resources in designing an evasive toolset and infiltrating networks of high-profile organizations. By leveraging Windows drivers, covert communications channels and proprietary malware, the group behind it maintains a considerable level of stealth. That said, some of its TTPs, like the usage of a commodity webshell and open-source legacy code for loading unsigned drivers, may get detected and in fact were flagged by Kaspersky's product, giving them visibility into the group’s operation.",
|
||||||
|
"meta": {
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://www.redpacketsecurity.com/operation-tunnelsnake/",
|
||||||
|
"https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "f0bb3d3a-c012-4d12-b621-51192977f190",
|
||||||
|
"value": "TunnelSnake"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 295
|
"version": 295
|
||||||
|
|
Loading…
Reference in a new issue