MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 16:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Remove duplicated APT-C-27

Browse source
This commit is contained in:
Mathieu Beligon 2022-08-18 15:34:08 -07:00
parent 937b5640cf
commit ec988c97d0
2 changed files with 16 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
clusters/threat-actor.json
View file

@ -7113,10 +7113,17 @@
"description": "On March 17, 2019, 360 Threat Intelligence Center captured a target attack sample against the Middle East by exploiting WinRAR vulnerability (CVE-2018-20250[6]), and it seems that the attack is carried out by the Goldmouse APT group (APT-C-27). There is a decoy Word document inside the archive regarding terrorist attacks to lure the victim into decompressing. When the archive gets decompressed on the vulnerable computer, the embedded njRAT backdoor (Telegram Desktop.exe) will be extracted to the startup folder and then triggered into execution if the victim restarts the computer or performs re-login. After that, the attacker is capable to control the compromised device.", "description": "On March 17, 2019, 360 Threat Intelligence Center captured a target attack sample against the Middle East by exploiting WinRAR vulnerability (CVE-2018-20250[6]), and it seems that the attack is carried out by the Goldmouse APT group (APT-C-27). There is a decoy Word document inside the archive regarding terrorist attacks to lure the victim into decompressing. When the archive gets decompressed on the vulnerable computer, the embedded njRAT backdoor (Telegram Desktop.exe) will be extracted to the startup folder and then triggered into execution if the victim restarts the computer or performs re-login. After that, the attacker is capable to control the compromised device.",
"meta": { "meta": {
"refs": [ "refs": [
"https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/" "https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/",
"https://ti.360.net/blog/articles/analysis-of-apt-c-27/",
"https://www.pbwcz.cz/Reporty/20180723_CSE_APT27_Syria_v1.pdf"
],
"since": "2014",
"suspected-victims": [
"Middle East"
], ],
"synonyms": [ "synonyms": [
"GoldMouse" "GoldMouse",
"Golden RAT"
] ]
}, },
"uuid": "ee7f535d-cc3e-40f3-99f3-c97963cfa250", "uuid": "ee7f535d-cc3e-40f3-99f3-c97963cfa250",
@ -7825,21 +7832,6 @@
"uuid": "feb0cfef-0472-4108-83d7-1a322d8ab86b", "uuid": "feb0cfef-0472-4108-83d7-1a322d8ab86b",
"value": "APT-C-34" "value": "APT-C-34"
}, },
{
"description": "Since November 2014, the Golden Rat Organization (APT-C-27) has launched an organized, planned and targeted long-term uninterrupted attack on the Syrian region. The attack platform has gradually expanded from the beginning of the Windows platform to the Android platform.",
"meta": {
"refs": [
"https://ti.360.net/blog/articles/analysis-of-apt-c-27/",
"https://www.pbwcz.cz/Reporty/20180723_CSE_APT27_Syria_v1.pdf"
],
"since": "2014",
"synonyms": [
"APT-C-27"
]
},
"uuid": "790cc0e7-4132-4e41-9b6c-11ff757400c0",
"value": "Golden RAT"
},
{ {
"description": "Luoxk is a malware campaign targeting web servers throughout Asia, Europe and North America.", "description": "Luoxk is a malware campaign targeting web servers throughout Asia, Europe and North America.",
"meta": { "meta": {

7
clusters/tool.json
View file

@ -414,6 +414,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "ee7f535d-cc3e-40f3-99f3-c97963cfa250",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
} }
], ],
"uuid": "a860d257-4a39-47ec-9230-94cac67ebf7e", "uuid": "a860d257-4a39-47ec-9230-94cac67ebf7e",