mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
update microsoft activity groups
This commit is contained in:
parent
d48216031a
commit
be672b8d3a
1 changed files with 10 additions and 1 deletions
|
@ -277,7 +277,16 @@
|
|||
],
|
||||
"uuid": "00edb40d-2fed-4d36-98b1-c85fc2bb1168",
|
||||
"value": "PARINACOTA"
|
||||
},
|
||||
{
|
||||
"value": "GADOLINIUM",
|
||||
"description": "GADOLINIUM is a nation-state activity group that has been compromising targets for nearly a decade with a worldwide focus on the maritime and health industries. As with most threat groups, GADOLINIUM tracks the tools and techniques of security practitioners looking for new techniques they can use or modify to create new exploit methods.\nHistorically, GADOLINIUM used custom-crafted malware families that analysts can identify and defend against. In response, over the last year GADOLINIUM has begun to modify portions of its toolchain to use open-source toolkits to obfuscate their activity and make it more difficult for analysts to track. Because cloud services frequently offer a free trial or one-time payment (PayGo) account offerings, malicious actors have found ways to take advantage of these legitimate business offerings. By establishing free or PayGo accounts, they can use cloud-based technology to create a malicious infrastructure that can be established quickly then taken down before detection or given up at little cost.",
|
||||
"meta": {
|
||||
"refs":[
|
||||
"https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"version": 8
|
||||
"version": 9
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue