[threat-actors] Add ShroudedSnooper

This commit is contained in:
Mathieu Beligon 2023-11-07 14:47:12 +01:00
parent 2111f50968
commit 798cebc970

View file

@ -12610,6 +12610,17 @@
}, },
"uuid": "391573c5-9c21-4984-b6b8-97d42623d6cc", "uuid": "391573c5-9c21-4984-b6b8-97d42623d6cc",
"value": "1937CN" "value": "1937CN"
},
{
"description": "In September 2023, Cisco Talos identified a new malware family that it calls HTTPSnoop being deployed against telecommunications providers in the Middle East. They also discovered a sister implant to 'HTTPSnoop, that they are naming PipeSnoop, which can accept arbitrary shellcode from a named pipe and execute it on the infected endpoint. Based on these findings, the researchers assess with high confidence that both implants belong to a new intrusion set that it named ShroudedSnooper.",
"meta": {
"refs": [
"https://blog.talosintelligence.com/introducing-shrouded-snooper/",
"https://www.sentinelone.com/labs/the-israel-hamas-war-cyber-domain-state-sponsored-activity-of-interest/"
]
},
"uuid": "3437c5a5-4c42-4665-99df-b17bc57a7ba6",
"value": "ShroudedSnooper"
} }
], ],
"version": 292 "version": 292