mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
[threat-actors] Add TA570
This commit is contained in:
parent
5f274f58c9
commit
c52ac53765
1 changed files with 27 additions and 0 deletions
|
@ -10034,6 +10034,33 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"value": "Moskalvzapoe"
|
"value": "Moskalvzapoe"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "One of the most active Qbot malware affiliates, Proofpoint has tracked the large cybercrime threat actor TA570 since 2018.",
|
||||||
|
"meta": {
|
||||||
|
"references": [
|
||||||
|
"https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware",
|
||||||
|
"https://therecord.media/hackers-using-follina-windows-zero-day-to-spread-qbot-malware/",
|
||||||
|
"https://isc.sans.edu/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"very-likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "edc5e045-5401-42bb-ad92-52b5b2ee0de9",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"very-likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"value": "TA570"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 258
|
"version": 258
|
||||||
|
|
Loading…
Reference in a new issue