mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
[threat-actors] r0ny123 review
This commit is contained in:
parent
b68e08de63
commit
eed81e9a72
1 changed files with 13 additions and 15 deletions
|
@ -8206,7 +8206,9 @@
|
|||
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt",
|
||||
"https://unit42.paloaltonetworks.com/atoms/mangataurus/",
|
||||
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf",
|
||||
"https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf"
|
||||
"https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf",
|
||||
"https://www.trendmicro.com/en_us/research/24/d/earth-hundun-waterbear-deuterbear.html",
|
||||
"https://blogs.jpcert.or.jp/en/2022/03/jsac2022report1.html"
|
||||
],
|
||||
"synonyms": [
|
||||
"CIRCUIT PANDA",
|
||||
|
@ -8216,7 +8218,8 @@
|
|||
"G0098",
|
||||
"T-APT-03",
|
||||
"Manga Taurus",
|
||||
"Red Djinn"
|
||||
"Red Djinn",
|
||||
"Earth Hundun"
|
||||
]
|
||||
},
|
||||
"uuid": "320c42f7-eab7-4ef9-b09a-74396caa6c3e",
|
||||
|
@ -12369,12 +12372,18 @@
|
|||
"country": "CN",
|
||||
"refs": [
|
||||
"https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations",
|
||||
"https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/"
|
||||
"https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/",
|
||||
"https://unit42.paloaltonetworks.com/volt-typhoon-threat-brief/",
|
||||
"https://www.dragos.com/threat/voltzite/"
|
||||
],
|
||||
"synonyms": [
|
||||
"BRONZE SILHOUETTE",
|
||||
"VANGUARD PANDA",
|
||||
"UNC3236"
|
||||
"UNC3236",
|
||||
"Insidious Taurus",
|
||||
"VOLTZITE",
|
||||
"Dev-0391",
|
||||
"Storm-0391"
|
||||
]
|
||||
},
|
||||
"uuid": "f02679fa-5e85-4050-8eb5-c2677d93306f",
|
||||
|
@ -15626,17 +15635,6 @@
|
|||
"uuid": "2742b229-02f4-40d0-9b99-91844a2b030e",
|
||||
"value": "RUBYCARP"
|
||||
},
|
||||
{
|
||||
"description": "Earth Hundun is a cyberespionage threat actor targeting technology and government sectors in the Asia-Pacific region. They are known for using the Waterbear and Deuterbear malware, which have advanced evasion tactics and anti-analysis mechanisms. The group has been active since at least 2009 and continuously refines their malware to bypass antivirus software. Earth Hundun's attacks involve phishing emails, malware droppers, and backdoors to infiltrate organizations and gather intelligence.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.trendmicro.com/en_us/research/24/d/earth-hundun-waterbear-deuterbear.html",
|
||||
"https://blogs.jpcert.or.jp/en/2022/03/jsac2022report1.html"
|
||||
]
|
||||
},
|
||||
"uuid": "edd85e27-9d05-4bc7-9b2b-5422e909336a",
|
||||
"value": "Earth Hundun"
|
||||
},
|
||||
{
|
||||
"description": "Starry Addax is a threat actor targeting human rights activists associated with the Sahrawi Arab Democratic Republic using a novel mobile malware called FlexStarling. They conduct phishing attacks to trick targets into installing malicious Android applications and serve credential-harvesting pages to Windows-based targets. Their infrastructure targets both Windows and Android users, with the campaign starting with spear-phishing emails containing requests to install specific mobile apps or related themes. The campaign is in its early stages, with potential for additional malware variants and infrastructure development.",
|
||||
"meta": {
|
||||
|
|
Loading…
Reference in a new issue