mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team
This commit is contained in:
parent
b978bb1c86
commit
eebda5f955
1 changed files with 16 additions and 25 deletions
|
@ -3138,19 +3138,31 @@
|
||||||
"value": "Lazarus Group"
|
"value": "Lazarus Group"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
"description": "VICEROY TIGER is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors. Older activity targeted multiple sectors and countries; however, since 2015 this adversary appears to focus on entities in Pakistan with a particular focus on government and security organizations. This adversary consistently leverages spear phishing emails containing malicious Microsoft Office documents, malware designed to target the Android mobile platform, and phishing activity designed to harvest user credentials. In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APT's attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organization’s new attack activity, confirmed and exposed the gang’s targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"attribution-confidence": "50",
|
"attribution-confidence": "50",
|
||||||
"country": "IN",
|
"country": "IN",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://kung_foo.keybase.pub/papers_and_presentations/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf"
|
"https://kung_foo.keybase.pub/papers_and_presentations/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf",
|
||||||
|
"https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/",
|
||||||
|
"https://www.netscout.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia",
|
||||||
|
"https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/",
|
||||||
|
"https://www.crowdstrike.com/blog/viceroy-tiger-delivers-new-zero-day-exploit/index.html",
|
||||||
|
"https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/",
|
||||||
|
"https://unit42.paloaltonetworks.com/threat-assessment-hangover-threat-group/",
|
||||||
|
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
|
||||||
|
"https://blog.cyble.com/2021/07/22/donot-apt-group-delivers-a-spyware-variant-of-chat-app/",
|
||||||
|
"https://adversary.crowdstrike.com/en-US/adversary/viceroy-tiger"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Appin",
|
"OPERATION HANGOVER",
|
||||||
"OperationHangover"
|
"Donot Team",
|
||||||
|
"APT-C-35",
|
||||||
|
"SectorE02"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "e2b87f81-a6a1-4524-b03f-193c3191d239",
|
"uuid": "e2b87f81-a6a1-4524-b03f-193c3191d239",
|
||||||
"value": "Viceroy Tiger"
|
"value": "VICEROY TIGER"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -6179,27 +6191,6 @@
|
||||||
"uuid": "71a3b962-9a36-11e8-88f8-b31d20c6fa2a",
|
"uuid": "71a3b962-9a36-11e8-88f8-b31d20c6fa2a",
|
||||||
"value": "RedAlpha"
|
"value": "RedAlpha"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"description": "In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APT's attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organization’s new attack activity, confirmed and exposed the gang’s targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization",
|
|
||||||
"meta": {
|
|
||||||
"refs": [
|
|
||||||
"https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/",
|
|
||||||
"https://www.netscout.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia",
|
|
||||||
"https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/",
|
|
||||||
"https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/",
|
|
||||||
"https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-investigates-donot-team-cyberespionage-targeting-military-governments-in-south-asia/",
|
|
||||||
"https://github.com/eset/malware-ioc/tree/master/donot"
|
|
||||||
],
|
|
||||||
"synonyms": [
|
|
||||||
"DoNot Team",
|
|
||||||
"Donot Team",
|
|
||||||
"APT-C-35",
|
|
||||||
"SectorE02"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"uuid": "b9dc4e81-909f-4324-8b25-a0f359cd88e0",
|
|
||||||
"value": "APT-C-35"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"description": "This threat actor targets organizations in the finance, defense, aerospace, technology, health-care, and automotive sectors and media organizations in East Asia for the purpose of espionage. Believed to be responsible for the targeting of South Korean actors prior to the meeting of Donald J. Trump and Kim Jong-un",
|
"description": "This threat actor targets organizations in the finance, defense, aerospace, technology, health-care, and automotive sectors and media organizations in East Asia for the purpose of espionage. Believed to be responsible for the targeting of South Korean actors prior to the meeting of Donald J. Trump and Kim Jong-un",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
|
Loading…
Reference in a new issue