mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
[threat-actors] Add Cuboid Sandstorm
This commit is contained in:
parent
38fea405f5
commit
f1d514afc4
1 changed files with 14 additions and 0 deletions
|
@ -14173,6 +14173,20 @@
|
||||||
},
|
},
|
||||||
"uuid": "46104ded-49f5-4440-bd25-e05c1126f0ba",
|
"uuid": "46104ded-49f5-4440-bd25-e05c1126f0ba",
|
||||||
"value": "Blue Tsunami"
|
"value": "Blue Tsunami"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Cuboid Sandstorm is an Iranian threat actor that targeted an Israel-based IT company in July 2021. They gained access to the company's network and used it to compromise downstream customers in the defense, energy, and legal sectors in Israel. The group also utilized custom implants, including a remote access Trojan disguised as RuntimeBroker.exe or svchost.exe, to establish persistence on victim hosts.",
|
||||||
|
"meta": {
|
||||||
|
"country": "IR",
|
||||||
|
"refs": [
|
||||||
|
"https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0228"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "a4004712-f74b-4c8c-b1fb-bb7229bc2da1",
|
||||||
|
"value": "Cuboid Sandstorm"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 298
|
"version": 298
|
||||||
|
|
Loading…
Reference in a new issue