mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
Merge pull request #969 from Mathieu4141/threat-actors/74b921ec-6404-4d0c-b49b-169be387d1f9
[threat actors] add 2 actors
This commit is contained in:
commit
e97c01101a
1 changed files with 26 additions and 0 deletions
|
@ -15917,6 +15917,32 @@
|
||||||
},
|
},
|
||||||
"uuid": "97a10d3b-5cb5-4df9-856c-515994f3e953",
|
"uuid": "97a10d3b-5cb5-4df9-856c-515994f3e953",
|
||||||
"value": "ArcaneDoor"
|
"value": "ArcaneDoor"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called \"Line Runner\" and \"Line Dancer.\" The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"UAT4356"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "3d94ef07-9fd6-4d64-bf1e-f1316f2686a4",
|
||||||
|
"value": "STORM-1849"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "USDoD is a threat actor known for leaking large databases of personal information, including from companies like Airbus and the U.S. Environmental Protection Agency. They have a history of engaging in high-profile data breaches, such as exposing data from the FBI's InfraGard program. USDoD has also been involved in web scraping to obtain information from websites like LinkedIn.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/",
|
||||||
|
"https://www.cysecurity.news/2023/09/transunion-refutes-data-breach-reports.html",
|
||||||
|
"https://socradar.io/unmasking-usdod-the-enigma-of-the-cyber-realm/",
|
||||||
|
"https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "d6882fb9-d1e4-4cec-889c-5423c772d199",
|
||||||
|
"value": "USDoD"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 308
|
"version": 308
|
||||||
|
|
Loading…
Reference in a new issue