From 1acc51a7a61894bfc7827284e364bc0c8c24029e Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Thu, 18 Aug 2022 15:44:18 -0700 Subject: [PATCH] [threat-actors] Add more data about APT-C-27 --- clusters/threat-actor.json | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 78cf51e6..51ddb254 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -7110,8 +7110,9 @@ "value": "Operation Comando" }, { - "description": "On March 17, 2019, 360 Threat Intelligence Center captured a target attack sample against the Middle East by exploiting WinRAR vulnerability (CVE-2018-20250[6]), and it seems that the attack is carried out by the Goldmouse APT group (APT-C-27). There is a decoy Word document inside the archive regarding terrorist attacks to lure the victim into decompressing. When the archive gets decompressed on the vulnerable computer, the embedded njRAT backdoor (Telegram Desktop.exe) will be extracted to the startup folder and then triggered into execution if the victim restarts the computer or performs re-login. After that, the attacker is capable to control the compromised device.", + "description": "A threat actor which is ac tive since at least November 2014. This group launched long-term at tacks against organizations in the Syrian region using Android and Windows malwares. Its objective is the theft of sensitive information.", "meta": { + "country": "SY", "refs": [ "https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/", "https://ti.360.net/blog/articles/analysis-of-apt-c-27/", @@ -7119,11 +7120,13 @@ ], "since": "2014", "suspected-victims": [ - "Middle East" + "Middle East", + "Syria" ], "synonyms": [ "GoldMouse", - "Golden RAT" + "Golden RAT", + "ATK80" ] }, "uuid": "ee7f535d-cc3e-40f3-99f3-c97963cfa250",