mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
chg: [threat-actor] add earth baxia
This commit is contained in:
parent
c93cd265bc
commit
8108d2b1fe
1 changed files with 14 additions and 0 deletions
|
@ -16688,6 +16688,20 @@
|
||||||
},
|
},
|
||||||
"uuid": "071d271a-313f-442d-9bf0-10e6eeba0a8e",
|
"uuid": "071d271a-313f-442d-9bf0-10e6eeba0a8e",
|
||||||
"value": "HikkI-Chan"
|
"value": "HikkI-Chan"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Earth Baxia is a threat actor opearting ot of China, targeting government organizations in Taiwan and potentially across the APAC region, using spear-phishing emails and exploiting the GeoServer vulnerability CVE-2024-36401 for remote code execution, deploying customized Cobalt Strike components with altered signatures, leveraging GrimResource and AppDomainManager injection techniques to deliver additional payloads, and utilizing a new backdoor named EAGLEDOOR for multi-protocol communication and payload delivery.",
|
||||||
|
"meta": {
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://www.tgsoft.it/news/news_archivio.asp?id=1568",
|
||||||
|
"https://jp.security.ntt/tech_blog/appdomainmanager-injection",
|
||||||
|
"https://www.trendmicro.com/en_us/research/24/i/earth-baxia-spear-phishing-and-geoserver-exploit.html",
|
||||||
|
"https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/i/earth-baxia-uses-spear-phishing-and-geoserver-exploit-to-target-apac/IOCs%20-%20Earth%20Baxia%20Uses%20Spear-Phishing%20and%20GeoServer%20Exploit%20to%20Target%20APAC.txt"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "d0c2cd99-64d5-406f-abd7-16b9e27966a7",
|
||||||
|
"value": "Earth Baxia"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 313
|
"version": 313
|
||||||
|
|
Loading…
Reference in a new issue