mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
[threat-actors] Add Denim Tsunami
This commit is contained in:
parent
58f3cc2e11
commit
732d00998b
1 changed files with 17 additions and 0 deletions
|
@ -14137,6 +14137,23 @@
|
|||
},
|
||||
"uuid": "46e26e5c-ad74-45aa-a654-1afef67f4566",
|
||||
"value": "Blackwood"
|
||||
},
|
||||
{
|
||||
"description": "Denim Tsunami is a threat actor group that has been involved in targeted attacks against European and Central American customers. They have been observed using multiple Windows and Adobe 0-day exploits, including one for CVE-2022-22047, which is a privilege escalation vulnerability. Denim Tsunami developed a custom malware called Subzero, which has capabilities such as keylogging, capturing screenshots, data exfiltration, and running remote shells. They have also been associated with the Austrian spyware distributor DSIRF.",
|
||||
"meta": {
|
||||
"country": "AT",
|
||||
"refs": [
|
||||
"https://www.thezdi.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation",
|
||||
"https://socradar.io/threats-of-commercialized-malware-knotweed/",
|
||||
"https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/"
|
||||
],
|
||||
"synonyms": [
|
||||
"KNOTWEED",
|
||||
"DSIRF"
|
||||
]
|
||||
},
|
||||
"uuid": "79a347d9-1938-4550-8836-98e4ed95f77c",
|
||||
"value": "Denim Tsunami"
|
||||
}
|
||||
],
|
||||
"version": 298
|
||||
|
|
Loading…
Reference in a new issue