mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
[threat-actors] Add GhostEmperor
This commit is contained in:
parent
cff0da0b3a
commit
c97fc15d59
1 changed files with 12 additions and 0 deletions
|
@ -14847,6 +14847,18 @@
|
||||||
},
|
},
|
||||||
"uuid": "083acee6-6969-4c74-80c2-5d442936aa97",
|
"uuid": "083acee6-6969-4c74-80c2-5d442936aa97",
|
||||||
"value": "RevengeHotels"
|
"value": "RevengeHotels"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "GhostEmperor is a Chinese-speaking threat actor that targets government entities and telecom companies in Southeast Asia. They employ a Windows kernel-mode rootkit called Demodex to gain remote control over their targeted servers. The actor demonstrates a high level of sophistication and uses various anti-forensic and anti-analysis techniques to evade detection. They have been active for a significant period of time and continue to pose a threat to their targets.",
|
||||||
|
"meta": {
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation",
|
||||||
|
"https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb",
|
||||||
|
"value": "GhostEmperor"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 299
|
"version": 299
|
||||||
|
|
Loading…
Reference in a new issue