From dcde7060789071a1d73601a1816636ff5ae1eade Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Thu, 26 Oct 2023 13:14:20 +0200 Subject: [PATCH] [threat-actors] Add Camaro Dragon --- clusters/threat-actor.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index afb158a..80133a3 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12047,6 +12047,18 @@ ], "uuid": "9766d52e-0e5d-4997-9c31-7f2291dcda9e", "value": "Void Rabisu" + }, + { + "description": "In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang Panda and LuminousMoth, whose focus is primarily on Southeast Asian countries and their close peers.", + "meta": { + "country": "CN", + "references": [ + "https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/", + "https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/" + ] + }, + "uuid": "9ee446fd-b0cd-4662-9cd1-a60b429192db", + "value": "Camaro Dragon" } ], "version": 287