mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
Added BackdoorDiplomacy and Gelsemium.
This commit is contained in:
parent
4293503231
commit
772c5145c1
1 changed files with 56 additions and 1 deletions
|
@ -8778,7 +8778,62 @@
|
||||||
},
|
},
|
||||||
"uuid": "6c514d9d-e2fa-45a5-a938-9a461f69ad2d",
|
"uuid": "6c514d9d-e2fa-45a5-a938-9a461f69ad2d",
|
||||||
"value": "GOLD WINTER"
|
"value": "GOLD WINTER"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East since at least 2017.",
|
||||||
|
"meta": {
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"Libya",
|
||||||
|
"Namibia",
|
||||||
|
"Sudan",
|
||||||
|
"Albania",
|
||||||
|
"Croatia",
|
||||||
|
"Georgia",
|
||||||
|
"Poland",
|
||||||
|
"Iran",
|
||||||
|
"Qatar",
|
||||||
|
"Saudi Arabia",
|
||||||
|
"Sri Lanka",
|
||||||
|
"Uzbekistan"
|
||||||
|
],
|
||||||
|
"cfr-target-category": [
|
||||||
|
"Government",
|
||||||
|
"Telecomms"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"BackDip",
|
||||||
|
"CloudComputating",
|
||||||
|
"Quarian"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "6472be4d-c186-4c86-b3b7-7dc1b4d3a3d8",
|
||||||
|
"value": "BackdoorDiplomacy"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "The Gelsemium group has been active since at least 2014 and was described in the past by a few security companies. Gelsemium’s name comes from one possible translation ESET found while reading a report from VenusTech who dubbed the group 狼毒草 for the first time. It’s the name of a genus of flowering plants belonging to the family Gelsemiaceae, Gelsemium elegans is the species that contains toxic compounds like Gelsemine, Gelsenicine and Gelsevirine, which ESET choses as names for the three components of this malware family.",
|
||||||
|
"meta": {
|
||||||
|
"cfr-target-category": [
|
||||||
|
"Government",
|
||||||
|
"Electronics Manufacturers",
|
||||||
|
"Universities",
|
||||||
|
"Religious organization"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/",
|
||||||
|
"https://www.venustech.com.cn/uploads/2018/08/231401512426.pdf",
|
||||||
|
"https://hitcon.org/2016/pacific/0composition/pdf/1202/1202%20R0%200930%20an%20intelligance-driven%20approach%20to%20cyber%20defense.pdf",
|
||||||
|
"https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"狼毒草"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "2dd31182-bae1-48ed-8bb3-805a3df89783",
|
||||||
|
"value": "Gelsemium"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 203
|
"version": 204
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue