mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
[threat-actors] Add Witchetty
This commit is contained in:
parent
eb43d9faf2
commit
84fec96df9
1 changed files with 16 additions and 0 deletions
|
@ -12370,6 +12370,22 @@
|
||||||
},
|
},
|
||||||
"uuid": "b813c6a2-f8c7-4071-83bd-24c181ff2bd4",
|
"uuid": "b813c6a2-f8c7-4071-83bd-24c181ff2bd4",
|
||||||
"value": "RedStinger"
|
"value": "RedStinger"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Witchetty was first documented by ESET in April 2022, who concluded that it was one of three sub-groups of TA410, a broad cyber-espionage operation with some links to the Cicada group (aka APT10). Witchetty’s activity was characterized by the use of two pieces of malware, a first-stage backdoor known as X4 and a second-stage payload known as LookBack. ESET reported that the group had targeted governments, diplomatic missions, charities, and industrial/manufacturing organizations.",
|
||||||
|
"meta": {
|
||||||
|
"aliases": [
|
||||||
|
"LookingFrog"
|
||||||
|
],
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-witchetty-apt-group-active-iocs",
|
||||||
|
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage",
|
||||||
|
"https://www.welivesecurity.com/2022/04/27/lookback-ta410-umbrella-cyberespionage-ttps-activity/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "202f5481-7bae-4a0b-b117-0642ea1dbe65",
|
||||||
|
"value": "Witchetty"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 289
|
"version": 289
|
||||||
|
|
Loading…
Reference in a new issue