mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
[threat-actors] Add RansomHub
This commit is contained in:
parent
97fd1ed309
commit
f1bbd96d84
1 changed files with 12 additions and 0 deletions
|
@ -16007,6 +16007,18 @@
|
||||||
},
|
},
|
||||||
"uuid": "6149f3b6-510d-4e45-bf88-cd25c7193702",
|
"uuid": "6149f3b6-510d-4e45-bf88-cd25c7193702",
|
||||||
"value": "Alpha Spider"
|
"value": "Alpha Spider"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "RansomHub is a rapidly growing ransomware group believed to be an updated version of the older Knight ransomware. They have been linked to attacks exploiting the Zerologon vulnerability to gain initial access. RansomHub has attracted former affiliates of the ALPHV ransomware group and operates as a Ransomware-as-a-Service with a unique affiliate prepayment model. The group has been active in extorting victims and leaking sensitive data to pressure for ransom payments.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware",
|
||||||
|
"https://forescoutstage.wpengine.com/blog/analysis-a-new-ransomware-group-emerges-from-the-change-healthcare-cyber-attack/",
|
||||||
|
"https://www.sentinelone.com/blog/ransomware-evolution-how-cheated-affiliates-are-recycling-victim-data-for-profit/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "9d218bb3-fc59-43e0-a273-a0a0fb5c463e",
|
||||||
|
"value": "RansomHub"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 310
|
"version": 310
|
||||||
|
|
Loading…
Reference in a new issue