mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
[threat-actors] Add Storm-0506
This commit is contained in:
parent
f5687c0162
commit
cd621af35c
1 changed files with 11 additions and 0 deletions
|
@ -16465,6 +16465,17 @@
|
||||||
},
|
},
|
||||||
"uuid": "1725e1c3-9870-4f66-8962-753c4ed3e086",
|
"uuid": "1725e1c3-9870-4f66-8962-753c4ed3e086",
|
||||||
"value": "TA4903"
|
"value": "TA4903"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Storm-0569 is an initial access broker that distributes BATLOADER using search engine optimization (SEO) poisoning with websites that spoof Zoom, TeamViewer, Tableau, and AnyDesk. It uses the loader malware to inject the Cobalt Strike payload and transfers access to Storm-0506 for the deployment of the Black Basta ransomware.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/",
|
||||||
|
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-widely-abused-msix-app-installer-disabled-by-microsoft-active-iocs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "d1ad4392-c85a-4f07-9818-a86f805a49f6",
|
||||||
|
"value": "Storm-0506"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 312
|
"version": 312
|
||||||
|
|
Loading…
Reference in a new issue