MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 07:17:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #718 from Mathieu4141/ta/ransom-house

Browse source 
Add `RansomHouse` group
This commit is contained in:
Alexandre Dulaunoy 2022-05-24 07:45:28 +02:00 committed by GitHub
commit ff280a9b44
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
clusters/threat-actor.json
View file

@ -2689,7 +2689,6 @@
"https://dragos.com/blog/crashoverride/CrashOverride-01.pdf", "https://dragos.com/blog/crashoverride/CrashOverride-01.pdf",
"https://www.us-cert.gov/ncas/alerts/TA17-163A", "https://www.us-cert.gov/ncas/alerts/TA17-163A",
"https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid", "https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid",
"https://www.cfr.org/interactive/cyber-operations/black-energy",
"https://web.archive.org/web/20141016132823/https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks", "https://web.archive.org/web/20141016132823/https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks",
"https://ics.sans.org/blog/2015/12/30/current-reporting-on-the-cyber-attack-in-ukraine-resulting-in-power-outage", "https://ics.sans.org/blog/2015/12/30/current-reporting-on-the-cyber-attack-in-ukraine-resulting-in-power-outage",
"https://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks/", "https://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks/",
@ -9319,6 +9318,19 @@
}, },
"uuid": "7ab283ac-b78f-42db-b564-0550b9637b0b", "uuid": "7ab283ac-b78f-42db-b564-0550b9637b0b",
"value": "TA579" "value": "TA579"
},
{
"description": "This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear if they conducted the attacks themselves, or if they bought leaked databases from third parties.",
"meta": {
"cfr-target-category": [
"Private sector"
],
"refs": [
"https://webz.io/dwp/new-ransomware-group-ransomhouse-is-it-real-or-fake/"
]
},
"uuid": "4d522fad-452c-46be-94ea-5803aec9b709",
"value": "RansomHouse"
} }
], ],
"version": 227 "version": 227