MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[threat-actors] Add GhostEmperor

Browse source
This commit is contained in:
Mathieu4141 2024-02-05 09:20:11 -08:00
parent cff0da0b3a
commit c97fc15d59
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
clusters/threat-actor.json
View file

@ -14847,6 +14847,18 @@
}, },
"uuid": "083acee6-6969-4c74-80c2-5d442936aa97", "uuid": "083acee6-6969-4c74-80c2-5d442936aa97",
"value": "RevengeHotels" "value": "RevengeHotels"
},
{
"description": "GhostEmperor is a Chinese-speaking threat actor that targets government entities and telecom companies in Southeast Asia. They employ a Windows kernel-mode rootkit called Demodex to gain remote control over their targeted servers. The actor demonstrates a high level of sophistication and uses various anti-forensic and anti-analysis techniques to evade detection. They have been active for a significant period of time and continue to pose a threat to their targets.",
"meta": {
"country": "CN",
"refs": [
"https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation",
"https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/"
]
},
"uuid": "3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb",
"value": "GhostEmperor"
} }
], ],
"version": 299 "version": 299