mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
merging TG2003 / Elephant Beetle into FIN13
as indicated in the respective resources published by the organizations using these aliases.
This commit is contained in:
parent
2330c17602
commit
bc20a463c8
1 changed files with 9 additions and 15 deletions
|
@ -9136,7 +9136,14 @@
|
|||
"meta": {
|
||||
"country": "RU",
|
||||
"refs": [
|
||||
"https://www.mandiant.com/resources/fin13-cybercriminal-mexico"
|
||||
"https://www.mandiant.com/resources/fin13-cybercriminal-mexico",
|
||||
"https://blog.sygnia.co/elephant-beetle-an-organized-financial-theft-operation",
|
||||
"https://f.hubspotusercontent30.net/hubfs/8776530/Sygnia-%20Elephant%20Beetle_Jan2022.pdf",
|
||||
"https://www.netwitness.com/wp-content/uploads/FIN13-Elephant-Beetle-NetWitness.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"TG2003",
|
||||
"Elephant Beetle"
|
||||
]
|
||||
},
|
||||
"uuid": "60fa684d-c738-4b77-98fb-3f6605e2bb82",
|
||||
|
@ -9485,19 +9492,6 @@
|
|||
"uuid": "6cce6ecc-e6f5-4ae5-b8c5-cf633b7cf973",
|
||||
"value": "ModifiedElephant"
|
||||
},
|
||||
{
|
||||
"description": "Financially motivated threat group targeting and infiltrating organizations from the finance and commerce sector in Latin America.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://f.hubspotusercontent30.net/hubfs/8776530/Sygnia-%20Elephant%20Beetle_Jan2022.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"TG2003"
|
||||
]
|
||||
},
|
||||
"uuid": "64930954-db40-4d97-8fc4-76079d239e15",
|
||||
"value": "Elephant Beetle"
|
||||
},
|
||||
{
|
||||
"description": "EXOTIC LILY is a resourceful, financially motivated group whose activities appear to be closely linked with data exfiltration and deployment of human-operated ransomware such as Conti and Diavol. In early September 2021, the group has been obeserved exploiting a 0day in Microsoft MSHTML (CVE-2021-40444). Investigation lead researchers to believe that they are an Initial Access Broker (IAB) who appear to be working with the Russian cyber crime gang known as FIN12 (Mandiant, FireEye) / WIZARD SPIDER (CrowdStrike). This threat actor deploys tactics, techniques and procedures (TTPs) that are traditionally associated with more targeted attacks, like spoofing companies and employees as a means of gaining trust of a targeted organization through email campaigns that are believed to be sent by real human operators using little-to-no automation. Additionally and rather uniquely, they leverage legitimate file-sharing services like WeTransfer, TransferNow and OneDrive to deliver the payload, namely BUMBLEEBEE and BAZARLOADER, further evading detection mechanisms. This level of human-interaction is rather unusual for cyber crime groups focused on mass scale operations.",
|
||||
"meta": {
|
||||
|
@ -10012,5 +10006,5 @@
|
|||
"value": "Returned Libra"
|
||||
}
|
||||
],
|
||||
"version": 237
|
||||
"version": 238
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue