From 7289782aae93f14cb5f9ddc62616b7f294aa8bc6 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Wed, 31 Jul 2024 02:14:11 -0700 Subject: [PATCH] [threat-actors] Add UNC4393 --- clusters/threat-actor.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index a2e493d..79ba1d4 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16491,6 +16491,16 @@ }, "uuid": "0b71d2db-93fe-49b5-a9fd-7f8c94b86637", "value": "SAMBASPIDER" + }, + { + "description": "UNC4393 is a financially motivated threat actor primarily using BASTA ransomware. They have been active since early 2022 and have targeted over 40 organizations across various industries. UNC4393 has shown a willingness to cooperate with other threat clusters for initial access and has evolved from using existing tools to developing custom malware. They focus on efficient data exfiltration and multi-faceted extortion, often utilizing tools like COGSCAN and RCLONE for reconnaissance and data theft.", + "meta": { + "refs": [ + "https://cloud.google.com/blog/topics/threat-intelligence/unc4393-goes-gently-into-silentnight" + ] + }, + "uuid": "8191e28a-fb2d-4d50-b992-b877807a2f37", + "value": "UNC4393" } ], "version": 312