Add ToddyCat Threat actor

This commit is contained in:
Mathieu Beligon 2022-06-21 15:09:23 +02:00
parent 373fcb8530
commit d79c5bd1ab

View file

@ -9504,7 +9504,42 @@
}, },
"uuid": "4d522fad-452c-46be-94ea-5803aec9b709", "uuid": "4d522fad-452c-46be-94ea-5803aec9b709",
"value": "RansomHouse" "value": "RansomHouse"
},
{
"description": "ToddyCat is responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. There is still little information about this actor, but its main distinctive signs are two formerly unknown tools that Kaspersky call Samurai backdoor and Ninja Trojan.",
"meta": {
"cfr-suspected-victims": [
"Afghanistan",
"India",
"Indonesia",
"Iran",
"Kyrgyzstan",
"Malaysia",
"Pakistan",
"Russia",
"Slovakia",
"Taiwan",
"Thailand",
"United Kingdom",
"Uzbekistan",
"Vietnam"
],
"cfr-target-category": [
"Military",
"Government"
],
"refs": [
"https://www.bleepingcomputer.com/news/security/new-toddycat-apt-group-targets-exchange-servers-in-asia-europe/",
"https://securelist.com/toddycat/106799/",
"https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/"
],
"synonyms": [
"Websiic"
]
},
"uuid": "091a0b69-74de-44b6-bb12-16b7a8fd078b",
"value": "ToddyCat"
} }
], ],
"version": 228 "version": 229
} }