mirror of
https://github.com/MISP/misp-galaxy.git
synced 2025-01-19 02:56:16 +00:00
Deborah Servili
GitHub
commit
efa2f43c0f
2 changed files with 34 additions and 3 deletions
|
|
@ -671,8 +671,12 @@
|
||||||
"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-july-wicked-spider/"
|
"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-july-wicked-spider/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
|
"Winnti Umbrella",
|
||||||
"Winnti Group",
|
"Winnti Group",
|
||||||
"Tailgater Team",
|
"Tailgater Team",
|
||||||
|
"Suckfly",
|
||||||
|
"APT41",
|
||||||
|
"APT 41",
|
||||||
"Group 72",
|
"Group 72",
|
||||||
"Group72",
|
"Group72",
|
||||||
"Tailgater",
|
"Tailgater",
|
||||||
|
|
@ -7747,7 +7751,17 @@
|
||||||
},
|
},
|
||||||
"uuid": "5cd95926-0098-435e-892d-9c9f61763ad7",
|
"uuid": "5cd95926-0098-435e-892d-9c9f61763ad7",
|
||||||
"value": "LookBack"
|
"value": "LookBack"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with Chinese-affiliated threat actors, such as APT10. This multi-wave attacks focused on obtaining data of specific, high-value targets and resulted in a complete takeover of the network.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "8dda51ef-9a30-48f7-b0fd-5b6f0a62262d",
|
||||||
|
"value": "Operation Soft Cell"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 135
|
"version": 137
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -663,7 +663,10 @@
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Etso",
|
"Etso",
|
||||||
"SUQ",
|
"SUQ",
|
||||||
"Agent.ALQHI"
|
"Agent.ALQHI",
|
||||||
|
"RbDoor",
|
||||||
|
"RibDoor",
|
||||||
|
"HIGHNOON"
|
||||||
],
|
],
|
||||||
"type": [
|
"type": [
|
||||||
"Backdoor"
|
"Backdoor"
|
||||||
|
|
@ -5352,6 +5355,10 @@
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://cdn.securelist.com/files/2017/08/ShadowPad_technical_description_PDF.pdf"
|
"https://cdn.securelist.com/files/2017/08/ShadowPad_technical_description_PDF.pdf"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"POISONPLUG",
|
||||||
|
"Barlaiy"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
|
@ -7859,7 +7866,17 @@
|
||||||
"description": "Legitimate tool - tool used to scan IPv4/IPv6 networks and remotely execute PowerShell commands.",
|
"description": "Legitimate tool - tool used to scan IPv4/IPv6 networks and remotely execute PowerShell commands.",
|
||||||
"uuid": "bbba3a35-5064-4e60-ad4b-0ba16cc81a23",
|
"uuid": "bbba3a35-5064-4e60-ad4b-0ba16cc81a23",
|
||||||
"value": "Netscan"
|
"value": "Netscan"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Malware embedded in Asus Live Update in 2018. ShadowHammer triggers its malicious behavior only if the computer it is running on has a network adapter with the MAC address whitelisted by the attacker.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "c1815516-aa2a-43d2-9136-78a8feb054b6",
|
||||||
|
"value": "ShadowHammer"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 126
|
"version": 127
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue