MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 14:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #995 from Mathieu4141/threat-actors/4c1ff26b-8695-45ec-8c36-adcbdb2add7c

Browse source 
[threat actors] Add 2 actors
This commit is contained in:
Alexandre Dulaunoy 2024-06-25 15:30:04 +02:00 committed by GitHub
commit a439501ad5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -535,7 +535,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
Category: *actor* - source: *MISP Project* - total: *701* elements
Category: *actor* - source: *MISP Project* - total: *703* elements
[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]

24
clusters/threat-actor.json
View file

@ -16272,6 +16272,30 @@
},
"uuid": "06a615dc-fa13-4d6a-ac8b-3d2a8c9501c4",
"value": "BlueHornet"
},
{
"description": "Hellhounds is an APT group targeting organizations in Russia, using a modified version of Pupy RAT called Decoy Dog. They gain initial access through vulnerable web services and trusted relationships, with a focus on the public sector and IT companies. The group has been active since at least 2019, maintaining covert presence inside compromised organizations by modifying open-source projects to evade detection. Hellhounds have successfully targeted at least 48 victims, including a telecom operator where they disrupted services.",
"meta": {
"refs": [
"https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/hellhounds-operation-lahat-part-2/",
"https://ics-cert.kaspersky.com/publications/reports/2024/04/02/apt-and-financial-attacks-on-industrial-organizations-in-h2-2023/"
]
},
"uuid": "46ef6903-deac-415a-afaf-97e3ce067d7e",
"value": "HellHounds"
},
{
"description": "IntelBroker is a threat actor known for orchestrating high-profile data breaches targeting companies like Apple, Zscaler, and Facebook Marketplace. They have a reputation for selling access to compromised systems and data on underground forums like BreachForums. IntelBroker has claimed responsibility for breaches involving government agencies such as Europol, the U.S. Department of Transportation, and the Pentagon, leaking sensitive information and classified documents. The actor has been linked to breaches at companies like Acuity, General Electric, and Home Depot, showcasing a pattern of targeting critical infrastructure and major corporations.",
"meta": {
"refs": [
"https://www.cysecurity.news/2024/06/infamous-hacker-intelbroker-breaches.html",
"https://www.malwarebytes.com/blog/news/2024/06/was-t-mobile-compromised-by-a-zero-day-in-jira",
"https://securityaffairs.com/164263/cyber-crime/pandabuy-extorted-again.html",
"https://meterpreter.org/cybersecurity-firm-hacked-sensitive-data-on-sale/"
]
},
"uuid": "849d16c8-eaa3-46e7-9c1c-179ef680922e",
"value": "IntelBroker"
}
],
"version": 312