mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
chg: [threat-actor] The Gordon Group added
ref: https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/
This commit is contained in:
parent
a0dfdd65ae
commit
b3701b6b34
1 changed files with 12 additions and 1 deletions
|
@ -3759,6 +3759,7 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "The Big Bang",
|
"value": "The Big Bang",
|
||||||
|
"uuid": "475df014-556a-41db-ad6a-ff509dd202a1",
|
||||||
"description": "While it is not clear exactly what the attacker is looking for, what is clear is that once he finds it, a second stage of the attack awaits, fetching additional modules and/or malware from the Command and Control server. This then is a surveillance attack in progress and has been dubbed ‘Big Bang’ due to the attacker’s fondness for the ‘Big Bang Theory’ TV show, after which some of the malware’s modules are named.",
|
"description": "While it is not clear exactly what the attacker is looking for, what is clear is that once he finds it, a second stage of the attack awaits, fetching additional modules and/or malware from the Command and Control server. This then is a surveillance attack in progress and has been dubbed ‘Big Bang’ due to the attacker’s fondness for the ‘Big Bang Theory’ TV show, after which some of the malware’s modules are named.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
|
@ -3766,6 +3767,16 @@
|
||||||
"https://blog.talosintelligence.com/2017/06/palestine-delphi.html"
|
"https://blog.talosintelligence.com/2017/06/palestine-delphi.html"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "The Gorgon Group",
|
||||||
|
"description": "Unit 42 researchers have been tracking Subaat, an attacker, since 2017. Recently Subaat drew our attention due to renewed targeted attack activity. Part of monitoring Subaat included realizing the actor was possibly part of a larger crew of individuals responsible for carrying out targeted attacks against worldwide governmental organizations. Technical analysis on some of the attacks as well as attribution links with Pakistan actors have been already depicted by 360 and Tuisec, in which they found interesting connections to a larger group of attackers Unit 42 researchers have been tracking, which we are calling Gorgon Group.",
|
||||||
|
"uuid": "e47c2c4d-706b-4098-92a2-b93e7103e131",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"name": "Threat actor",
|
"name": "Threat actor",
|
||||||
|
@ -3780,5 +3791,5 @@
|
||||||
],
|
],
|
||||||
"description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
|
"description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
|
||||||
"uuid": "7cdff317-a673-4474-84ec-4f1754947823",
|
"uuid": "7cdff317-a673-4474-84ec-4f1754947823",
|
||||||
"version": 48
|
"version": 49
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue