MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[threat-actors] Add Moshen Dragon

Browse source
This commit is contained in:
Mathieu4141 2023-11-20 09:29:05 -08:00
parent d477275a53
commit 93d9db10a3
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
clusters/threat-actor.json
View file

@ -13277,6 +13277,17 @@
},
"uuid": "43236d8e-27ee-40f1-ad15-a2ad23738a76",
"value": "N4ughtysecTU"
},
{
"description": "Moshen Dragon is a Chinese-aligned cyberespionage threat actor operating in Central Asia. They have been observed deploying multiple malware triads and utilizing DLL search order hijacking to sideload ShadowPad and PlugX variants. The threat actor also employs various tools, including an LSA notification package and a passive backdoor known as GUNTERS. Their activities involve targeting the telecommunication sector and leveraging Impacket for lateral movement and data exfiltration.",
"meta": {
"country": "CN",
"refs": [
"https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/"
]
},
"uuid": "41243ff2-e4f1-4605-9259-ab494c1c8c04",
"value": "Moshen Dragon"
}
],
"version": 294