[threat-actors] Add FlyingYeti

2024-11-22 23:07:19 +00:00 · 2024-06-06 01:27:06 -07:00 · 2024-06-06 01:27:06 -07:00 · b5f257c4e1
commit b5f257c4e1
parent eec91d1465
1 changed files with 11 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -16045,6 +16045,17 @@
      },
      "uuid": "ee13ddb3-e8c0-4568-b56c-82d82c30f48b",
      "value": "StucxTeam"
+    },
+    {
+      "description": "FlyingYeti is a Russia-aligned threat actor targeting Ukrainian military entities. They conduct reconnaissance activities and launch phishing campaigns using malware like COOKBOX. FlyingYeti exploits the WinRAR vulnerability CVE-2023-38831 to infect targets with malicious payloads. Cloudforce One has successfully disrupted their operations and provided recommendations for defense against their phishing campaigns.",
+      "meta": {
+        "country": "RU",
+        "refs": [
+          "https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine"
+        ]
+      },
+      "uuid": "1dcbad05-c5b7-4ec3-8920-45f396554f7a",
+      "value": "FlyingYeti"
    }
  ],
  "version": 310