MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 16:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add CL-STA-0043

Browse source
This commit is contained in:
Mathieu4141 2023-11-17 02:59:55 -08:00
parent d3836318a2
commit ed0d3c6f57
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
clusters/threat-actor.json
View file

@ -13138,6 +13138,17 @@
}, },
"uuid": "8959fbb4-95f0-485d-bba2-db9140b95386", "uuid": "8959fbb4-95f0-485d-bba2-db9140b95386",
"value": "UNC4841" "value": "UNC4841"
},
{
"description": "CL-STA-0043 is a highly skilled and sophisticated threat actor, believed to be a nation-state, targeting governmental entities in the Middle East and Africa. They exploit vulnerabilities in on-premises Internet Information Services and Microsoft Exchange servers to infiltrate target networks. They engage in reconnaissance, locate vital assets, and have been observed using native Windows tools for privilege escalation.",
"meta": {
"refs": [
"https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-june-2023/",
"https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-uncovering-a-new-activity-group-targeting-governments-in-the-middle-east-and-africa/"
]
},
"uuid": "5d0aee14-f18a-44da-a44d-28d950f06b9c",
"value": "CL-STA-0043"
} }
], ],
"version": 294 "version": 294