add drakhydrus ref

This commit is contained in:
Deborah Servili 2019-01-11 10:17:07 +01:00
parent cddfd5fcd1
commit 90d2bf7bc1
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1

View file

@ -5547,7 +5547,8 @@
"description": "In July 2018, Unit 42 analyzed a targeted attack using a novel file type against at least one government agency in the Middle East. It was carried out by a previously unpublished threat group we track as DarkHydrus. Based on our telemetry, we were able to uncover additional artifacts leading us to believe this adversary group has been in operation with their current playbook since early 2016. This attack diverged from previous attacks we observed from this group as it involved spear-phishing emails sent to targeted organizations with password protected RAR archive attachments that contained malicious Excel Web Query files (.iqy).", "description": "In July 2018, Unit 42 analyzed a targeted attack using a novel file type against at least one government agency in the Middle East. It was carried out by a previously unpublished threat group we track as DarkHydrus. Based on our telemetry, we were able to uncover additional artifacts leading us to believe this adversary group has been in operation with their current playbook since early 2016. This attack diverged from previous attacks we observed from this group as it involved spear-phishing emails sent to targeted organizations with password protected RAR archive attachments that contained malicious Excel Web Query files (.iqy).",
"meta": { "meta": {
"refs": [ "refs": [
"https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/" "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/",
"https://mobile.twitter.com/360TIC/status/1083289987339042817"
] ]
}, },
"uuid": "ce2c2dfd-2445-4fbc-a747-9e7092e383f9", "uuid": "ce2c2dfd-2445-4fbc-a747-9e7092e383f9",