mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
chg: [threat-actor] Add SideCopy
This commit is contained in:
parent
298bc784da
commit
dcb87b0dc6
1 changed files with 16 additions and 1 deletions
|
@ -8883,7 +8883,22 @@
|
||||||
},
|
},
|
||||||
"uuid": "60fa684d-c738-4b77-98fb-3f6605e2bb82",
|
"uuid": "60fa684d-c738-4b77-98fb-3f6605e2bb82",
|
||||||
"value": "FIN13"
|
"value": "FIN13"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "The SideCopy APT is a Pakistani threat actor that has been operating since at least 2019, mainly targeting South Asian countries and more specifically India and Afghanistan. Its name comes from its infection chain that tries to mimic that of the SideWinder APT. It has been reported that this actor has similarities with Transparent Tribe (APT36) and possibly is a subdivision of this actor. Cisco Talos and Seqrite have provided comprehensive reports on this actor’s activities.",
|
||||||
|
"meta": {
|
||||||
|
"country": "PK",
|
||||||
|
"refs": [
|
||||||
|
"https://www.seqrite.com/blog/operation-sidecopy/",
|
||||||
|
"https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/",
|
||||||
|
"https://www.telsy.com/sidecopy-apt-from-windows-to-nix/",
|
||||||
|
"https://blog.talosintelligence.com/2021/07/sidecopy.html",
|
||||||
|
"https://about.fb.com/news/2021/11/taking-action-against-hackers-in-pakistan-and-syria/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "f6d02ac3-3447-4892-b844-1ef31839e04f",
|
||||||
|
"value": "SideCopy"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 208
|
"version": 209
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue