mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
[threat-actors] Add Lilac Typhoon
This commit is contained in:
parent
646206e70a
commit
837ce84344
1 changed files with 16 additions and 0 deletions
|
@ -14352,6 +14352,22 @@
|
||||||
},
|
},
|
||||||
"uuid": "c4132d43-2405-43ca-9940-a6f78e007861",
|
"uuid": "c4132d43-2405-43ca-9940-a6f78e007861",
|
||||||
"value": "Vanilla Tempest"
|
"value": "Vanilla Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Lilac Typhoon is a threat actor attributed to China. They have been identified as exploiting the Atlassian Confluence RCE vulnerability CVE-2022-26134, which allows for remote code execution. This vulnerability has been used in cryptojacking campaigns and is included in commercial exploit frameworks. Lilac Typhoon has also been involved in deploying various payloads such as Cobalt Strike, web shells, botnets, coin miners, and ransomware.",
|
||||||
|
"meta": {
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://securityboulevard.com/2022/10/analysis-of-cisa-releases-advisory-on-top-cves-exploited-chinese-state-sponsored-groups/",
|
||||||
|
"https://riskybiznews.substack.com/p/risky-biz-news-google-shuts-down",
|
||||||
|
"https://twitter.com/MsftSecIntel/status/1535417776290111489"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0234"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "b80be7a7-6d06-4da7-8ae0-302a198e7c73",
|
||||||
|
"value": "Lilac Typhoon"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 298
|
"version": 298
|
||||||
|
|
Loading…
Reference in a new issue