mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
[threat-actors] Add Winter Vivern aliases
This commit is contained in:
parent
4e61e7275a
commit
82b347682c
1 changed files with 7 additions and 2 deletions
|
@ -12584,16 +12584,21 @@
|
|||
{
|
||||
"description": "Winter Vivern is a cyberespionage group first revealed by DomainTools in 2021. It is thought to have been active since at least 2020 and it targets governments in Europe and Central Asia. To compromise its targets, the group uses malicious documents, phishing websites, and a custom PowerShell backdoor.",
|
||||
"meta": {
|
||||
"country": "RU",
|
||||
"refs": [
|
||||
"https://www.sentinelone.com/labs/winter-vivern-uncovering-a-wave-of-global-espionage/",
|
||||
"https://www.domaintools.com/resources/blog/winter-vivern-a-look-at-re-crafted-government-maldocs",
|
||||
"https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/",
|
||||
"https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability",
|
||||
"https://socprime.com/blog/uac-0114-group-aka-winter-vivern-attack-detection-hackers-launch-malicious-phishing-campaigns-targeting-government-entities-of-ukraine-and-poland/"
|
||||
"https://socprime.com/blog/uac-0114-group-aka-winter-vivern-attack-detection-hackers-launch-malicious-phishing-campaigns-targeting-government-entities-of-ukraine-and-poland/",
|
||||
"https://cybersecuritynews.com/russian-hackers-xss-flaw/",
|
||||
"https://www.recordedfuture.com/russia-aligned-tag-70-targets-european-government-and-military-mail"
|
||||
],
|
||||
"synonyms": [
|
||||
"UAC-0114",
|
||||
"TA473"
|
||||
"TA473",
|
||||
"TAG-70",
|
||||
"TA-473"
|
||||
]
|
||||
},
|
||||
"uuid": "b7497d28-02de-4722-8b97-1fc53e1d1b68",
|
||||
|
|
Loading…
Reference in a new issue