threat actors update

This commit is contained in:
jstnk9 2023-10-20 11:51:13 +02:00
parent 800928af06
commit ec9dc0f2e3

View file

@ -209,6 +209,30 @@
"uuid": "8a8f39df-74b3-4946-ab64-f84968bababe", "uuid": "8a8f39df-74b3-4946-ab64-f84968bababe",
"value": "DIZZY PANDA" "value": "DIZZY PANDA"
}, },
{
"description": "Grayling activity was first observed in early 2023, when a number of victims were identified with distinctive malicious DLL side-loading activity. Grayling appears to target organisations in Asia, however one unknown organisation in the United States was also targeted. Industries targeted include Biomedical, Government and Information Technology. Grayling use a variety of tools during their attacks, including well known tools such as Cobalt Strike and Havoc and also some others.",
"meta": {
"attribution-confidence": "50",
"country": "CN",
"cfr-suspected-state-sponsor": "China",
"refs": [
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks"
],
"cfr-suspected-victims": [
"Taiwan",
"United States",
"Vietnam",
"Solomon Islands"
],
"cfr-target-category": [
"Biomedical",
"Government",
"Information technology"
]
},
"uuid": "6714de29-4dd8-463c-99a3-77c9e80fa47d",
"value": "Grayling"
},
{ {
"description": "Putter Panda were the subject of an extensive report by CrowdStrike, which stated: 'The CrowdStrike Intelligence team has been tracking this particular unit since2012, under the codename PUTTER PANDA, and has documented activity dating back to 2007. The report identifies Chen Ping, aka cpyy, and the primary location of Unit 61486.'", "description": "Putter Panda were the subject of an extensive report by CrowdStrike, which stated: 'The CrowdStrike Intelligence team has been tracking this particular unit since2012, under the codename PUTTER PANDA, and has documented activity dating back to 2007. The report identifies Chen Ping, aka cpyy, and the primary location of Unit 61486.'",
"meta": { "meta": {
@ -7531,7 +7555,28 @@
"description": "Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.", "description": "Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.",
"meta": { "meta": {
"refs": [ "refs": [
"https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" "https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/",
"https://www.ecucert.gob.ec/wp-content/uploads/2022/03/alerta-APTs-2022-03-23.pdf",
"https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia",
"https://lab52.io/blog/apt-c-36-recent-activity-analysis/",
"https://www.trendmicro.com/en_ph/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html",
"https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/",
"https://attack.mitre.org/groups/G0099/"
],
"cfr-suspected-victims": [
"Ecuador",
"Colombia",
"Spain",
"Panama",
"Chile"
],
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Petroleum",
"Manufacturing",
"Financial",
"Private sector",
"Government"
], ],
"synonyms": [ "synonyms": [
"Blind Eagle" "Blind Eagle"