mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
[threat-actors] Add PhantomControl
This commit is contained in:
parent
f0229fbdd2
commit
a6564bf61c
1 changed files with 12 additions and 0 deletions
|
@ -13904,6 +13904,18 @@
|
||||||
},
|
},
|
||||||
"uuid": "e6d16c22-0780-483c-9920-c1d9f27b10c8",
|
"uuid": "e6d16c22-0780-483c-9920-c1d9f27b10c8",
|
||||||
"value": "GREF"
|
"value": "GREF"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "PhantomControl is a sophisticated threat actor that emerged in November 2023. They utilize phishing emails as their initial infection vector and employ a ScreenConnect client to establish a connection for their malicious activities. Their arsenal includes a VBS script that hides its true intentions and reveals a complex mechanism involving PowerShell scripts and image-based data retrieval. PhantomControl has been associated with the Blind Eagle threat actors, showcasing their versatility and reach.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.esentire.com/blog/phantomcontrol-returns-with-ande-loader-and-swaetrat",
|
||||||
|
"https://www.esentire.com/blog/operation-phantomcontrol",
|
||||||
|
"https://securityonline.info/esentire-vs-phantom-unveiling-the-cyber-spooks-dance-of-darkness/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "a2208d56-8f08-4ca3-a304-8bdc334b5ebf",
|
||||||
|
"value": "PhantomControl"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 296
|
"version": 296
|
||||||
|
|
Loading…
Reference in a new issue