MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 14:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[threat-actors] Add TA2536

Browse source
This commit is contained in:
Mathieu Beligon 2023-02-13 13:45:37 -08:00
parent 20c31a5d10
commit d34e894d2d
1 changed files with 54 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
clusters/threat-actor.json
View file

@ -10189,6 +10189,60 @@
}
],
"value": "TA577"
},
{
"country": "NG",
"description": "TA2536, which has been active since at least 2015, is likely Nigerian based on its unique linguistic style, tactics and tools. It uses keyloggers such as HawkEye and distinctive stylometric features in typo-squatted domains that resemble legitimate names and the use of recurring names and substrings in email addresses.",
"meta": {
"references": [
"https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1"
],
},
"related": [
{
"dest-uuid": "f9aa9004-8811-4091-a471-38f81dbcadc4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "b88e29cf-79d9-42bc-b369-0383b5e04380",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "2894aee2-e0ec-417a-811e-74a68ab967b2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "4793a29b-1191-4750-810e-9301a6576fc4",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "8378b417-605e-4196-b31f-a0c96d75aa50",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "31615066-dbff-4134-b467-d97a337b408b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
}
],
"value": "TA2536"
}
],
"version": 258