mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
threat actors update
This commit is contained in:
parent
800928af06
commit
ec9dc0f2e3
1 changed files with 46 additions and 1 deletions
|
@ -209,6 +209,30 @@
|
||||||
"uuid": "8a8f39df-74b3-4946-ab64-f84968bababe",
|
"uuid": "8a8f39df-74b3-4946-ab64-f84968bababe",
|
||||||
"value": "DIZZY PANDA"
|
"value": "DIZZY PANDA"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"description": "Grayling activity was first observed in early 2023, when a number of victims were identified with distinctive malicious DLL side-loading activity. Grayling appears to target organisations in Asia, however one unknown organisation in the United States was also targeted. Industries targeted include Biomedical, Government and Information Technology. Grayling use a variety of tools during their attacks, including well known tools such as Cobalt Strike and Havoc and also some others.",
|
||||||
|
"meta": {
|
||||||
|
"attribution-confidence": "50",
|
||||||
|
"country": "CN",
|
||||||
|
"cfr-suspected-state-sponsor": "China",
|
||||||
|
"refs": [
|
||||||
|
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks"
|
||||||
|
],
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"Taiwan",
|
||||||
|
"United States",
|
||||||
|
"Vietnam",
|
||||||
|
"Solomon Islands"
|
||||||
|
],
|
||||||
|
"cfr-target-category": [
|
||||||
|
"Biomedical",
|
||||||
|
"Government",
|
||||||
|
"Information technology"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "6714de29-4dd8-463c-99a3-77c9e80fa47d",
|
||||||
|
"value": "Grayling"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"description": "Putter Panda were the subject of an extensive report by CrowdStrike, which stated: 'The CrowdStrike Intelligence team has been tracking this particular unit since2012, under the codename PUTTER PANDA, and has documented activity dating back to 2007. The report identifies Chen Ping, aka cpyy, and the primary location of Unit 61486.'",
|
"description": "Putter Panda were the subject of an extensive report by CrowdStrike, which stated: 'The CrowdStrike Intelligence team has been tracking this particular unit since2012, under the codename PUTTER PANDA, and has documented activity dating back to 2007. The report identifies Chen Ping, aka cpyy, and the primary location of Unit 61486.'",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -7531,7 +7555,28 @@
|
||||||
"description": "Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.",
|
"description": "Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/"
|
"https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/",
|
||||||
|
"https://www.ecucert.gob.ec/wp-content/uploads/2022/03/alerta-APTs-2022-03-23.pdf",
|
||||||
|
"https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia",
|
||||||
|
"https://lab52.io/blog/apt-c-36-recent-activity-analysis/",
|
||||||
|
"https://www.trendmicro.com/en_ph/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html",
|
||||||
|
"https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/",
|
||||||
|
"https://attack.mitre.org/groups/G0099/"
|
||||||
|
],
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"Ecuador",
|
||||||
|
"Colombia",
|
||||||
|
"Spain",
|
||||||
|
"Panama",
|
||||||
|
"Chile"
|
||||||
|
],
|
||||||
|
"cfr-type-of-incident": "Espionage",
|
||||||
|
"cfr-target-category": [
|
||||||
|
"Petroleum",
|
||||||
|
"Manufacturing",
|
||||||
|
"Financial",
|
||||||
|
"Private sector",
|
||||||
|
"Government"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Blind Eagle"
|
"Blind Eagle"
|
||||||
|
|
Loading…
Reference in a new issue