MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

added APT-C-27 / GoldMouse

Browse source
This commit is contained in:
Daniel Plohmann 2019-03-21 18:06:03 +01:00 committed by GitHub
parent 6be42e6a1a
commit e0bb3d76a6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
clusters/threat-actor.json
View file

@ -6632,7 +6632,20 @@
},
"uuid": "35c40ce2-57c0-479e-8a56-efbb8695e395",
"value": "Operation Comando"
},
{
"description": "On March 17, 2019, 360 Threat Intelligence Center captured a target attack sample against the Middle East by exploiting WinRAR vulnerability (CVE-2018-20250[6]), and it seems that the attack is carried out by the Goldmouse APT group (APT-C-27). There is a decoy Word document inside the archive regarding terrorist attacks to lure the victim into decompressing. When the archive gets decompressed on the vulnerable computer, the embedded njRAT backdoor (Telegram Desktop.exe) will be extracted to the startup folder and then triggered into execution if the victim restarts the computer or performs re-login. After that, the attacker is capable to control the compromised device.",
"meta": {
"refs": [
"https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/"
],
"synonyms": [
"GoldMouse"
]
},
"uuid": "5b776efb-c334-4cd2-92c7-7123f06726ae",
"value": "APT-C-27"
}
],
"version": 103
"version": 104
}