mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 10:17:18 +00:00
[threat-actors] Add CosmicBeetle
This commit is contained in:
parent
50b2ad7c23
commit
e6072c5823
1 changed files with 10 additions and 0 deletions
|
@ -16895,6 +16895,16 @@
|
||||||
},
|
},
|
||||||
"uuid": "f6a60403-4bcc-4fc6-ac07-abb913c1f080",
|
"uuid": "f6a60403-4bcc-4fc6-ac07-abb913c1f080",
|
||||||
"value": "Storm-0501"
|
"value": "Storm-0501"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "CosmicBeetle is a threat actor known for deploying the ScRansom ransomware, which has replaced its previous variant, Scarab. The actor utilizes a custom toolset called Spacecolon, consisting of ScHackTool, ScInstaller, and ScService, to gain initial access through RDP brute forcing and exploiting vulnerabilities like CVE-2020-1472 and FortiOS SSL-VPN. CosmicBeetle has been observed impersonating the LockBit ransomware gang to leverage its reputation and has shown a tendency to leave artifacts on compromised systems. The group primarily targets SMBs globally, employing techniques such as credential dumping and data destruction.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.welivesecurity.com/en/eset-research/cosmicbeetle-steps-up-probation-period-ransomhub/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "9686ff2b-01e0-46eb-9169-9e8d115be345",
|
||||||
|
"value": "CosmicBeetle"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 315
|
"version": 315
|
||||||
|
|
Loading…
Reference in a new issue