From a944be0d25a689c4a99f7cfe52eb3c53e919ed11 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Mon, 15 Jul 2024 08:06:23 -0700 Subject: [PATCH] [threat-actors] Add CRYSTALRAY --- clusters/threat-actor.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index d970464..83885f5 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16368,6 +16368,16 @@ }, "uuid": "df584835-97da-4e27-ab35-bcd3c5bf7815", "value": "Void Banshee" + }, + { + "description": "CRYSTALRAY is a threat actor known for leveraging open source tools like zmap and SSH-Snake to conduct widespread vulnerability scanning and exploitation. They target victims to collect and sell credentials, deploy cryptominers, and maintain persistence in compromised environments. CRYSTALRAY uses multiple backdoors to control access and spreads through victim networks using SSH-Snake. The actor also uses tools like Platypus for managing victims and extracting sensitive information from compromised systems.", + "meta": { + "refs": [ + "https://sysdig.com/blog/crystalray-rising-threat-actor-exploiting-oss-tools/" + ] + }, + "uuid": "feeab818-a9bd-4bff-9923-bf8421abd6c5", + "value": "CRYSTALRAY" } ], "version": 312