mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 06:47:18 +00:00
[threat-actors] Add SilkSpecter
This commit is contained in:
parent
8aeb150619
commit
74323acdfe
1 changed files with 11 additions and 0 deletions
|
@ -17411,6 +17411,17 @@
|
|||
},
|
||||
"uuid": "9eeb11a0-3fcf-4036-844a-2500c72f8b69",
|
||||
"value": "TAG-112"
|
||||
},
|
||||
{
|
||||
"description": "SilkSpecter is a Chinese financially motivated threat actor that orchestrates phishing campaigns targeting e-commerce shoppers, particularly during peak shopping seasons. They exploit legitimate payment processors like Stripe to exfiltrate Cardholder Data and Personally Identifiable Information through convincing fake e-commerce sites created using the oemapps SaaS platform. Their phishing infrastructure relies on Chinese-hosted CDN servers and utilizes deceptive elements such as the \"trusttollsvg\" icon and a \"/homeapi/collect\" endpoint to track victim interactions. Analysts have linked SilkSpecter to over 89 IP addresses and more than 4,000 domain names associated with phishing activities, predominantly using .top, .shop, .store, and .vip TLDs.",
|
||||
"meta": {
|
||||
"country": "CN",
|
||||
"refs": [
|
||||
"https://blog.eclecticiq.com/inside-intelligence-center-financially-motivated-chinese-threat-actor-silkspecter-targeting-black-friday-shoppers"
|
||||
]
|
||||
},
|
||||
"uuid": "0f4c942f-9491-4844-b782-4ee65033c7e0",
|
||||
"value": "SilkSpecter"
|
||||
}
|
||||
],
|
||||
"version": 320
|
||||
|
|
Loading…
Reference in a new issue