mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
added Red Nue
This commit is contained in:
parent
082039b3b0
commit
932fcf1871
1 changed files with 18 additions and 0 deletions
|
@ -9963,6 +9963,24 @@
|
||||||
},
|
},
|
||||||
"uuid": "68d8c25b-8595-4c20-a5c7-a11a2a34b717",
|
"uuid": "68d8c25b-8595-4c20-a5c7-a11a2a34b717",
|
||||||
"value": "Vicious Panda"
|
"value": "Vicious Panda"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Red Nue, active since at least 2017, is known for its use of the multi-platform LootRAt backdoor, also known as ReverseWindow. LootRAT has variants for Windows and Macintosh (reported in open source as Demsty), as well as an Android variant known as SpyDealer. Red Nue has also used another Windows backdoor known as WinDealer since at least 2019, when it deployed it to targets as part of a watering hole campaign on a Chinese news website for the Chinese diaspora community. Parts of Asia feature heavily in Red Nue's victimology.",
|
||||||
|
"meta": {
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf",
|
||||||
|
"https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_301_shui-leon_en.pdf",
|
||||||
|
"https://blogs.jpcert.or.jp/en/2021/10/windealer.html",
|
||||||
|
"https://securelist.com/windealer-dealing-on-the-side/105946",
|
||||||
|
"https://blogs.blackberry.com/en/2022/06/threat-thursday-china-based-apt-plays-auto-updater-card-to-deliver-windealer-malware"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"LuoYu"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "c73c8a76-1e44-44d6-b955-79f3a73582a1",
|
||||||
|
"value": "Red Nue"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 233
|
"version": 233
|
||||||
|
|
Loading…
Reference in a new issue