mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 08:47:18 +00:00
adding ClearSky alias for Volatile Cedar
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."
This commit is contained in:
parent
815e5c4fe4
commit
d61e7d2fac
1 changed files with 4 additions and 2 deletions
|
@ -3918,12 +3918,14 @@
|
|||
"refs": [
|
||||
"https://blog.checkpoint.com/2015/03/31/volatilecedar/",
|
||||
"https://blog.checkpoint.com/2015/06/09/new-data-volatile-cedar/",
|
||||
"https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/"
|
||||
"https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/",
|
||||
"https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"Reuse team",
|
||||
"Malware reusers",
|
||||
"Dancing Salome"
|
||||
"Dancing Salome",
|
||||
"Lebanese Cedar"
|
||||
]
|
||||
},
|
||||
"uuid": "cf421ce6-ddfe-419a-bc65-6a9fc953232a",
|
||||
|
|
Loading…
Reference in a new issue