MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add UNC4540

Browse source
This commit is contained in:
Mathieu4141 2024-09-09 08:18:22 -07:00
parent f3fe0d59d3
commit d935c1e62a
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
clusters/threat-actor.json
View file

@ -16515,6 +16515,17 @@
}, },
"uuid": "34f2d3ad-e367-4058-a10b-1f7a4274c418", "uuid": "34f2d3ad-e367-4058-a10b-1f7a4274c418",
"value": "Hive0137" "value": "Hive0137"
},
{
"description": "UNC4540 is a suspected Chinese threat actor targeting unpatched SonicWall Secure Mobile Access appliances to deploy custom malware that establishes long-term persistence for cyber espionage. The malware is designed to steal hashed credentials, provide shell access, and persist through firmware upgrades, utilizing a variant of the TinyShell backdoor. Mandiant has tracked UNC4540's activities back to 2021, noting their focus on maintaining access to compromised devices. The group's tactics are consistent with patterns observed in other Chinese threat actor campaigns targeting network devices for zero-day exploits.",
"meta": {
"country": "CN",
"refs": [
"https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall"
]
},
"uuid": "e6b27374-5055-4c2c-950b-06b4fc75a210",
"value": "UNC4540"
} }
], ],
"version": 313 "version": 313