mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
[threat-actors] Add Caramel Tsunami
This commit is contained in:
parent
ac0fdd61ea
commit
d1dae2085b
1 changed files with 19 additions and 0 deletions
|
@ -14254,6 +14254,25 @@
|
|||
},
|
||||
"uuid": "7db46444-2d27-4922-8a21-98f8509476dc",
|
||||
"value": "UNC4990"
|
||||
},
|
||||
{
|
||||
"description": "Caramel Tsunami is a threat actor that specializes in spyware attacks. They have recently resurfaced with an updated toolset and zero-day exploits, targeting specific victims through watering hole attacks. Candiru has been observed exploiting vulnerabilities in popular browsers like Google Chrome and using third-party signed drivers to gain access to the Windows kernel. They have also been linked to other spyware vendors and have been associated with extensive abuses of their surveillance tools.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://decoded.avast.io/threatresearch/avast-q2-2022-threat-report/",
|
||||
"https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/",
|
||||
"https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/",
|
||||
"https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/",
|
||||
"https://www.welivesecurity.com/2021/11/16/strategic-web-compromises-middle-east-pinch-candiru/",
|
||||
"https://www.microsoft.com/en-us/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/"
|
||||
],
|
||||
"synonyms": [
|
||||
"SOURGUM",
|
||||
"Candiru"
|
||||
]
|
||||
},
|
||||
"uuid": "062938a2-6fa1-4217-ad73-f5e0b5186966",
|
||||
"value": "Caramel Tsunami"
|
||||
}
|
||||
],
|
||||
"version": 298
|
||||
|
|
Loading…
Reference in a new issue