From 0ca98cd054b2cea51db158307cfee8272710dbf3 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Tue, 30 Jan 2024 10:32:26 -0800 Subject: [PATCH] [threat-actors] Add Blackwood --- clusters/threat-actor.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 09c327cd..31ea079f 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -14113,6 +14113,18 @@ }, "uuid": "bbb389f2-344f-4ca8-a9c9-902061f88deb", "value": "Cotton Sandstorm" + }, + { + "description": "Blackwood is a China-aligned APT group that has been active since at least 2018. They primarily engage in cyberespionage operations targeting individuals and companies in China, Japan, and the United Kingdom. Blackwood utilizes sophisticated techniques such as adversary-in-the-middle attacks to deliver their custom implant, NSPX30, through updates of legitimate software. They also have the capability to hide the location of their command and control servers by intercepting traffic generated by the implant.", + "meta": { + "country": "CN", + "refs": [ + "https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/", + "https://blog.sonicwall.com/en-us/2024/01/blackwood-apt-group-has-a-new-dll-loader/" + ] + }, + "uuid": "46e26e5c-ad74-45aa-a654-1afef67f4566", + "value": "Blackwood" } ], "version": 297