mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
add MOUSEISLAND
This commit is contained in:
parent
5b3c395f10
commit
d5a9365aae
1 changed files with 11 additions and 1 deletions
|
@ -8549,7 +8549,17 @@
|
||||||
],
|
],
|
||||||
"uuid": "7d34ca56-ce69-465f-b8c8-ffd02c4b619d",
|
"uuid": "7d34ca56-ce69-465f-b8c8-ffd02c4b619d",
|
||||||
"value": "Esile"
|
"value": "Esile"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "MOUSEISLAND is a Microsoft Word macro downloader used as the first infection stage and is delivered inside a password-protected zip attached to a phishing email (Figure 2). Based on our intrusion data from responding to ICEDID related incidents, the secondary payload delivered by MOUSEISLAND has been PHOTOLOADER, which acts as an intermediary downloader to install ICEDID. Mandiant attributes the MOUSEISLAND distribution of PHOTOLOADER and other payloads to UNC2420, a distribution threat cluster created by Mandiant’s Threat Pursuit team. UNC2420 activity shares overlaps with the publicly reported nomenclature of “Shathak” or “TA551”.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.mandiant.com/resources/blog/melting-unc2198-icedid-to-ransomware-operations"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "2bea2cc9-c1cc-453d-a483-541b895867d1",
|
||||||
|
"value": "MOUSEISLAND"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 152
|
"version": 153
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue