mirror of https://github.com/MISP/misp-galaxy
parent
8ec38b97e4
commit
0dd2f95a50
|
@ -13785,6 +13785,46 @@
|
||||||
},
|
},
|
||||||
"uuid": "86dfe64e-7101-4d45-bb94-efc40c5e14fe",
|
"uuid": "86dfe64e-7101-4d45-bb94-efc40c5e14fe",
|
||||||
"value": "UNC2630"
|
"value": "UNC2630"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifically STORM-0866/Red Dev 40. Sandman is tracked as a distinct cluster, pending additional conclusive information. A notable characteristic is its use of the LuaDream backdoor. LuaDream is based on the Lua platform, a relatively rare occurrence in the cyberespionage domain, historically associated with APTs considered Western or Western-aligned.",
|
||||||
|
"meta": {
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"Middle East",
|
||||||
|
"Southeast Asian",
|
||||||
|
"France",
|
||||||
|
"Egypt",
|
||||||
|
"Sudan",
|
||||||
|
"South Sudan"
|
||||||
|
"Libya",
|
||||||
|
"Turkey",
|
||||||
|
"Saudi Arabia",
|
||||||
|
"Oman",
|
||||||
|
"Yemen",
|
||||||
|
"Sri Lanka",
|
||||||
|
"India",
|
||||||
|
"Pakistan",
|
||||||
|
"Iran",
|
||||||
|
"Afghanistan",
|
||||||
|
"Kuwait",
|
||||||
|
"Iraq",
|
||||||
|
"United Arab Emirates"
|
||||||
|
],
|
||||||
|
"cfr-target-category": [
|
||||||
|
"Government",
|
||||||
|
"Telecommunications"
|
||||||
|
],
|
||||||
|
"attribution-confidence": "50",
|
||||||
|
"country": "CN",
|
||||||
|
"cfr-suspected-state-sponsor": "China",
|
||||||
|
"cfr-type-of-incident": "Espionage",
|
||||||
|
"references": [
|
||||||
|
"https://www.sentinelone.com/labs/sandman-apt-china-based-adversaries-embrace-lua/",
|
||||||
|
"https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "00b84012-fa25-4942-ad64-c76be24828a8",
|
||||||
|
"value": "Sandman APT"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 295
|
"version": 295
|
||||||
|
|
Loading…
Reference in New Issue