Merge pull request #725 from Mathieu4141/threat-actors/add-toddy-cat

Add ToddyCat Threat actor
2022-06-22 10:14:45 +02:00 · 2022-06-22 10:14:45 +02:00 · 26ba6ace82
parent 373fcb8530 d79c5bd1ab
commit 26ba6ace82
1 changed files with 36 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -9504,7 +9504,42 @@
      },
      "uuid": "4d522fad-452c-46be-94ea-5803aec9b709",
      "value": "RansomHouse"
+    },
+    {
+      "description": "ToddyCat is responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. There is still little information about this actor, but its main distinctive signs are two formerly unknown tools that Kaspersky call ‘Samurai backdoor’ and ‘Ninja Trojan’.",
+      "meta": {
+        "cfr-suspected-victims": [
+          "Afghanistan",
+          "India",
+          "Indonesia",
+          "Iran",
+          "Kyrgyzstan",
+          "Malaysia",
+          "Pakistan",
+          "Russia",
+          "Slovakia",
+          "Taiwan",
+          "Thailand",
+          "United Kingdom",
+          "Uzbekistan",
+          "Vietnam"
+        ],
+        "cfr-target-category": [
+          "Military",
+          "Government"
+        ],
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/new-toddycat-apt-group-targets-exchange-servers-in-asia-europe/",
+          "https://securelist.com/toddycat/106799/",
+          "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/"
+        ],
+        "synonyms": [
+          "Websiic"
+        ]
+      },
+      "uuid": "091a0b69-74de-44b6-bb12-16b7a8fd078b",
+      "value": "ToddyCat"
    }
  ],
-  "version": 228
+  "version": 229
 }