MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add Storm-1044

pull/921/head
Mathieu4141 2024-02-01 11:02:02 -08:00
parent 0dcbc136a7
commit 22d3ea5ebf
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
clusters/threat-actor.json
View File

@ -14486,6 +14486,19 @@
}, },
"uuid": "5f71a9ea-511d-4fdd-9807-271ef613f488", "uuid": "5f71a9ea-511d-4fdd-9807-271ef613f488",
"value": "Opal Sleet" "value": "Opal Sleet"
},
{
"description": "Storm-1044 has been identified as part of a cyber campaign in collaboration with Twisted Spider. They employ a strategic approach, targeting specific endpoints using an initial access trojan called DanaBot. Once they gain access, Storm-1044 initiates lateral movement through Remote Desktop Protocol sign-in attempts, passing control to Twisted Spider. Twisted Spider then compromises the endpoints by introducing the CACTUS ransomware. Microsoft has detected ongoing malvertising attacks involving Storm-1044, leading to the deployment of CACTUS ransomware.",
"meta": {
"refs": [
"https://twitter.com/MsftSecIntel/status/1730383711437283757"
],
"synonyms": [
"DEV-1044"
]
},
"uuid": "5ec7a98e-9725-4f87-8a6e-91e2b4ba04ac",
"value": "Storm-1044"
} }
], ],
"version": 298 "version": 298