Merge branch 'patch-1' of https://github.com/r0ny123/misp-galaxy into r0ny123-patch-1

This commit is contained in:
Alexandre Dulaunoy 2024-11-24 19:47:16 +01:00
commit 9951699f30
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD

View file

@ -4859,8 +4859,27 @@
"https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations", "https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations",
"https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign", "https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign",
"https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf", "https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf",
"https://www.darkreading.com/attacks-breaches/russian-apt-bluecharlie-swaps-infrastructure-to-evade-detection", "https://www.recordedfuture.com/research/bluecharlie-previously-tracked-as-tag-53-continues-to-deploy-new-infrastructure-in-2023",
"https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/" "https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/",
"https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf",
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/blue-callisto-orbits-around-us.html",
"https://www.ncsc.gov.uk/files/Advisory-Russian-FSB-cyber-actor-star-blizzard-continues-worldwide-spear-sphishing-campaigns.pdf",
"https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-global-elections",
"https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics",
"https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware",
"https://citizenlab.ca/2024/08/sophisticated-phishing-targets-russias-perceived-enemies-around-the-globe/",
"https://www.gov.uk/government/news/uk-exposes-attempted-russian-cyber-interference-in-politics-and-democratic-processes",
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/coldwastrel-space.html",
"https://citizenlab.ca/2024/10/disrupting-coldriver/",
"https://blogs.microsoft.com/on-the-issues/2024/10/03/protecting-democratic-institutions-from-cyber-threats/",
"https://www.justice.gov/opa/pr/justice-department-disrupts-russian-intelligence-spear-phishing-efforts",
"https://www.justice.gov/opa/pr/two-russian-nationals-working-russias-federal-security-service-charged-global-computer",
"https://www.justice.gov/opa/media/1327601/dl?inline",
"https://www.noticeofpleadings.com/starblizzard/",
"https://edeca.net/post/2024-06-26-an-interesting-callisto-yara-rule",
"https://blog.sekoia.io/calisto-show-interests-into-entities-involved-in-ukraine-war-support",
"https://blog.sekoia.io/one-year-after-the-cyber-implications-of-the-russo-ukrainian-war/",
"https://blog.sekoia.io/calisto-doxxing-sekoia-io-findings-concurs-to-reuters-investigation-on-fsb-related-andrey-korinets/"
], ],
"synonyms": [ "synonyms": [
"COLDRIVER", "COLDRIVER",
@ -4868,24 +4887,19 @@
"TA446", "TA446",
"GOSSAMER BEAR", "GOSSAMER BEAR",
"BlueCharlie", "BlueCharlie",
"Star Blizzard" "Star Blizzard",
"TAG-53",
"IRON FRONTIER",
"UNC4057",
"Blue Callisto"
], ],
"targeted-sector": [ "targeted-sector": [
"Government, Administration", "Government Administration",
"Military", "Military",
"Think Tanks", "Think Tanks",
"Journalist" "Journalist"
] ]
}, },
"related": [
{
"dest-uuid": "06630ccd-98ed-5aec-8083-e04c894bd2d6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f", "uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
"value": "Callisto" "value": "Callisto"
}, },
@ -11665,27 +11679,6 @@
"uuid": "171d0590-be92-443f-addb-af5dc2a8034d", "uuid": "171d0590-be92-443f-addb-af5dc2a8034d",
"value": "Evasive Panda" "value": "Evasive Panda"
}, },
{
"description": "A Russia-linked threat actor tracked as TAG-53 is running phishing campaigns impersonating various defense, aerospace, and logistic companies, according to The Record by Recorded Future. Recorded Futures Insikt Group identified overlaps with a threat actor tracked by other companies as Callisto Group, COLDRIVER, and SEABORGIUM.",
"meta": {
"refs": [
"https://blog.knowbe4.com/russian-threat-actor-impersonates-aerospace-and-defense-companies",
"https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations?utm_campaign=PostBeyond&utm_source=Twitter&utm_medium=359877&utm_term=Exposing+TAG-53%E2%80%99s+Credential+Harvesting+Infrastructure+Used+for+Russia-Aligned+Espionage+Operations",
"https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf"
]
},
"related": [
{
"dest-uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "overlaps"
}
],
"uuid": "e5865ca1-ec95-43e2-954a-d0f3507a9747",
"value": "TAG-53"
},
{ {
"description": "This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan.", "description": "This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan.",
"meta": { "meta": {