[threat-actors] Add CosmicBeetle

This commit is contained in:
Mathieu4141 2024-10-02 02:04:56 -07:00
parent 50b2ad7c23
commit e6072c5823

View file

@ -16895,6 +16895,16 @@
},
"uuid": "f6a60403-4bcc-4fc6-ac07-abb913c1f080",
"value": "Storm-0501"
},
{
"description": "CosmicBeetle is a threat actor known for deploying the ScRansom ransomware, which has replaced its previous variant, Scarab. The actor utilizes a custom toolset called Spacecolon, consisting of ScHackTool, ScInstaller, and ScService, to gain initial access through RDP brute forcing and exploiting vulnerabilities like CVE-2020-1472 and FortiOS SSL-VPN. CosmicBeetle has been observed impersonating the LockBit ransomware gang to leverage its reputation and has shown a tendency to leave artifacts on compromised systems. The group primarily targets SMBs globally, employing techniques such as credential dumping and data destruction.",
"meta": {
"refs": [
"https://www.welivesecurity.com/en/eset-research/cosmicbeetle-steps-up-probation-period-ransomhub/"
]
},
"uuid": "9686ff2b-01e0-46eb-9169-9e8d115be345",
"value": "CosmicBeetle"
}
],
"version": 315