MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 14:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[threat-actors] Add UNC2630

Browse source
This commit is contained in:
Mathieu Beligon 2023-12-06 17:42:33 -08:00
parent 47f0b31a32
commit fdac01cd89
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
clusters/threat-actor.json
View file

@ -13757,6 +13757,18 @@
},
"uuid": "e3ff56b6-2663-46bd-9e5c-017a350896d9",
"value": "UAC-0050"
},
{
"description": "UNC2630 is a threat actor believed to be affiliated with the Chinese government. They engage in cyber espionage activities, targeting organizations aligned with Beijing's strategic objectives. UNC2630 demonstrates advanced tradecraft and employs various malware families, including SLOWPULSE and RADIALPULSE, to compromise Pulse Secure VPN appliances. They also utilize modified binaries and scripts to maintain persistence and move laterally within compromised networks.",
"meta": {
"country": "CN",
"refs": [
"https://www.fireeye.com/blog/threat-research/2021/05/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices.html",
"http://internal-www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
]
},
"uuid": "86dfe64e-7101-4d45-bb94-efc40c5e14fe",
"value": "UNC2630"
}
],
"version": 295