[threat-actors] Add Dalbit

2024-11-22 23:07:19 +00:00 · 2023-11-07 10:37:08 -08:00 · 2023-11-07 10:37:08 -08:00 · f52382a29a
commit f52382a29a
parent 56f990d100
1 changed files with 14 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -12797,6 +12797,20 @@
      },
      "uuid": "87f1ab70-a102-4566-a09e-838b39c18a62",
      "value": "BlueBottle"
+    },
+    {
+      "description": "The group usually targets vulnerable servers to breach information including internal data from companies or encrypts files and demands money. Their targets of attack are usually Windows servers that are poorly managed or are not patched to the latest version. Besides these, there are also attack cases that targeted email servers or MS-SQL database servers.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://asec.ahnlab.com/en/56941/",
+          "https://asec.ahnlab.com/en/56236/",
+          "https://asec.ahnlab.com/en/47455/",
+          "https://blog.sekoia.io/my-teas-not-cold-an-overview-of-china-cyber-threat/"
+        ]
+      },
+      "uuid": "be4ea668-6a74-44d9-946e-e98e64a8855b",
+      "value": "Dalbit"
    }
  ],
  "version": 293