mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
Merge pull request #778 from Mathieu4141/threat-actors/fix-malware-reuser-duplicate
[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts
This commit is contained in:
commit
800006e6ab
1 changed files with 26 additions and 10 deletions
|
@ -3604,34 +3604,50 @@
|
||||||
"value": "OilRig"
|
"value": "OilRig"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive .",
|
"description": "Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive.",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
"country": "LB",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://blog.checkpoint.com/2015/03/31/volatilecedar/",
|
"https://blog.checkpoint.com/2015/03/31/volatilecedar/",
|
||||||
"https://blog.checkpoint.com/2015/06/09/new-data-volatile-cedar/",
|
"https://blog.checkpoint.com/2015/06/09/new-data-volatile-cedar/",
|
||||||
"https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/",
|
"https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/",
|
||||||
"https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf"
|
"https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf",
|
||||||
|
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-cedar-technical-report.pdf"
|
||||||
|
],
|
||||||
|
"suspected-victims": [
|
||||||
|
"Middle East",
|
||||||
|
"Israel",
|
||||||
|
"Lebanon",
|
||||||
|
"Saudi Arabia"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Reuse team",
|
|
||||||
"Malware reusers",
|
|
||||||
"Dancing Salome",
|
|
||||||
"Lebanese Cedar"
|
"Lebanese Cedar"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "0155c3b1-8c7c-4176-aeda-68678dd99992",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"very-likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "cf421ce6-ddfe-419a-bc65-6a9fc953232a",
|
"uuid": "cf421ce6-ddfe-419a-bc65-6a9fc953232a",
|
||||||
"value": "Volatile Cedar"
|
"value": "Volatile Cedar"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "Threat Group conducting cyber espionage while re-using tools from other teams; like those of Hacking Team, and vmprotect to obfuscate.",
|
"description": "Dancing Salome is the Kaspersky codename for an APT actor with a primary focus on ministries of foreign affairs, think tanks, and Ukraine. What makes Dancing Salome interesting and relevant is the attacker’s penchant for leveraging HackingTeam RCS implants compiled after the public breach.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"synonyms": [
|
"refs": [
|
||||||
"Reuse team",
|
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170728/Guerrero-Saade-Raiu-VB2017.pdf"
|
||||||
"Dancing Salome"
|
],
|
||||||
|
"suspected-victims": [
|
||||||
|
"Ukraine"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "3d5192f2-f235-46fd-aa68-dd00cc17d632",
|
"uuid": "3d5192f2-f235-46fd-aa68-dd00cc17d632",
|
||||||
"value": "Malware reusers"
|
"value": "Dancing Salome"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "Microsoft Threat Intelligence identified similarities between this recent attack and previous 2012 attacks against tens of thousands of computers belonging to organizations in the energy sector. Microsoft Threat Intelligence refers to the activity group behind these attacks as TERBIUM, following our internal practice of assigning rogue actors chemical element names.",
|
"description": "Microsoft Threat Intelligence identified similarities between this recent attack and previous 2012 attacks against tens of thousands of computers belonging to organizations in the energy sector. Microsoft Threat Intelligence refers to the activity group behind these attacks as TERBIUM, following our internal practice of assigning rogue actors chemical element names.",
|
||||||
|
|
Loading…
Reference in a new issue