mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
[threat-actors] Add Storm-1084
This commit is contained in:
parent
73d23f6211
commit
6f61a3fc3e
1 changed files with 15 additions and 0 deletions
|
@ -14540,6 +14540,21 @@
|
||||||
},
|
},
|
||||||
"uuid": "0876c327-c82a-45f7-82fa-267c312ceb05",
|
"uuid": "0876c327-c82a-45f7-82fa-267c312ceb05",
|
||||||
"value": "Pink Sandstorm"
|
"value": "Pink Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Storm-1084 is a threat actor that has been observed collaborating with the MuddyWater group. They have used the DarkBit persona to mask their involvement in targeted attacks. Storm-1084 has been linked to destructive actions, including the encryption of on-premise devices and deletion of cloud resources. They have been observed using tools such as Rport, Ligolo, and a customized PowerShell backdoor. The extent of their autonomy or collaboration with other Iranian threat actors is currently unclear.",
|
||||||
|
"meta": {
|
||||||
|
"country": "IR",
|
||||||
|
"refs": [
|
||||||
|
"https://circleid.com/posts/20230824-signs-of-muddywater-developments-found-in-the-dns",
|
||||||
|
"https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-1084"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "2cc32087-f242-4091-8634-4554635b7a58",
|
||||||
|
"value": "Storm-1084"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 298
|
"version": 298
|
||||||
|
|
Loading…
Reference in a new issue