MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2025-03-21 08:39:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

merge KNOCKOUT SPIDER -> Evilnum

Browse source 
Based on newer public reporting grouping these.
This commit is contained in:
Daniel Plohmann 2024-02-08 10:38:04 +01:00 committed by GitHub
parent d7c003ed9c
commit 8a359dbd43
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
clusters/threat-actor.json
View file

@ -9207,13 +9207,17 @@
"https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/", "https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/",
"https://www.proofpoint.com/us/blog/threat-insight/buy-sell-steal-evilnum-targets-cryptocurrency-forex-commodities", "https://www.proofpoint.com/us/blog/threat-insight/buy-sell-steal-evilnum-targets-cryptocurrency-forex-commodities",
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-evilnum-apt-group-active-iocs-7", "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-evilnum-apt-group-active-iocs-7",
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-evilnum-apt-group-targeting-financial-sector" "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-evilnum-apt-group-targeting-financial-sector",
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf",
"https://www.hivepro.com/wp-content/uploads/2022/08/Vulnerabilities-Threats-that-Matter-25th-to-31st-July.pdf",
"https://medium.com/bitso-engineering/profiling-disrupting-an-apt-spear-phishing-campaign-targeting-slack-users-in-the-financial-sector-9389533d5fc2"
], ],
"synonyms": [ "synonyms": [
"DeathStalker", "DeathStalker",
"TA4563", "TA4563",
"EvilNum", "EvilNum",
"Jointworm" "Jointworm",
"KNOCKOUT SPIDER"
] ]
}, },
"uuid": "b6f3150f-2240-4c57-9dda-5144c5077058", "uuid": "b6f3150f-2240-4c57-9dda-5144c5077058",
@ -9624,16 +9628,6 @@
"uuid": "3570552c-c46f-428e-9472-744a14e6ece7", "uuid": "3570552c-c46f-428e-9472-744a14e6ece7",
"value": "GOLD DUPONT" "value": "GOLD DUPONT"
}, },
{
"description": "KNOCKOUT SPIDER has conducted low-volume spear-phishing campaigns focused on companies involved in cryptocurrency.",
"meta": {
"refs": [
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf"
]
},
"uuid": "0fb7b53a-77d5-44c5-b500-1d612f262172",
"value": "KNOCKOUT SPIDER"
},
{ {
"description": "SOLAR SPIDERs phishing campaigns deliver the JSOutProx RAT to financial institutions across Africa, the Middle East, South Asia and Southeast Asia.", "description": "SOLAR SPIDERs phishing campaigns deliver the JSOutProx RAT to financial institutions across Africa, the Middle East, South Asia and Southeast Asia.",
"meta": { "meta": {
@ -14989,5 +14983,5 @@
"value": "Operation Emmental" "value": "Operation Emmental"
} }
], ],
"version": 299 "version": 300
} }