MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add TunnelSnake

Browse source
This commit is contained in:
Mathieu4141 2023-12-01 16:21:53 -08:00
parent dbbb075b1c
commit 6c2cb8979f
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
clusters/threat-actor.json
View file

@ -13602,6 +13602,18 @@
}, },
"uuid": "89f5a5cb-514f-46db-8959-6bb9aa991e9f", "uuid": "89f5a5cb-514f-46db-8959-6bb9aa991e9f",
"value": "WildPressure" "value": "WildPressure"
},
{
"description": "The TunnelSnake campaign demonstrates the activity of a sophisticated actor that invests significant resources in designing an evasive toolset and infiltrating networks of high-profile organizations. By leveraging Windows drivers, covert communications channels and proprietary malware, the group behind it maintains a considerable level of stealth. That said, some of its TTPs, like the usage of a commodity webshell and open-source legacy code for loading unsigned drivers, may get detected and in fact were flagged by Kaspersky's product, giving them visibility into the groups operation.",
"meta": {
"country": "CN",
"refs": [
"https://www.redpacketsecurity.com/operation-tunnelsnake/",
"https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/"
]
},
"uuid": "f0bb3d3a-c012-4d12-b621-51192977f190",
"value": "TunnelSnake"
} }
], ],
"version": 295 "version": 295