mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
[threat-actors] Add TAG-56
This commit is contained in:
parent
91e5c37a40
commit
775451488d
1 changed files with 12 additions and 0 deletions
|
@ -12906,6 +12906,18 @@
|
||||||
},
|
},
|
||||||
"uuid": "7f24740c-9370-4968-a92e-667ef2591abe",
|
"uuid": "7f24740c-9370-4968-a92e-667ef2591abe",
|
||||||
"value": "Water Labbu"
|
"value": "Water Labbu"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "TAG-56 is a threat actor group that shares similarities with the APT42 group. They use tactics such as fake registration pages and spearphishing to target victims, often using encrypted chat platforms like WhatsApp or Telegram. TAG-56 is believed to be part of a broader campaign led by an Iran-nexus threat activity group. They have been observed using shared web hosts and recycled code, indicating a preference for acquiring purpose-built infrastructure rather than establishing their own.",
|
||||||
|
"meta": {
|
||||||
|
"country": "IR",
|
||||||
|
"refs": [
|
||||||
|
"https://socradar.io/dark-web-profile-apt42-iranian-cyber-espionage-group/",
|
||||||
|
"https://www.recordedfuture.com/suspected-iran-nexus-tag-56-uses-uae-forum-lure-for-credential-theft-against-us-think-tank"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "7cae7378-5595-4d1e-be63-e13216162a20",
|
||||||
|
"value": "TAG-56"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 293
|
"version": 293
|
||||||
|
|
Loading…
Reference in a new issue