Merge pull request #725 from Mathieu4141/threat-actors/add-toddy-cat

Add ToddyCat Threat actor
pull/726/head
Alexandre Dulaunoy 2022-06-22 10:14:45 +02:00 committed by GitHub
commit 26ba6ace82
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 36 additions and 1 deletions

View File

@ -9504,7 +9504,42 @@
}, },
"uuid": "4d522fad-452c-46be-94ea-5803aec9b709", "uuid": "4d522fad-452c-46be-94ea-5803aec9b709",
"value": "RansomHouse" "value": "RansomHouse"
},
{
"description": "ToddyCat is responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. There is still little information about this actor, but its main distinctive signs are two formerly unknown tools that Kaspersky call Samurai backdoor and Ninja Trojan.",
"meta": {
"cfr-suspected-victims": [
"Afghanistan",
"India",
"Indonesia",
"Iran",
"Kyrgyzstan",
"Malaysia",
"Pakistan",
"Russia",
"Slovakia",
"Taiwan",
"Thailand",
"United Kingdom",
"Uzbekistan",
"Vietnam"
],
"cfr-target-category": [
"Military",
"Government"
],
"refs": [
"https://www.bleepingcomputer.com/news/security/new-toddycat-apt-group-targets-exchange-servers-in-asia-europe/",
"https://securelist.com/toddycat/106799/",
"https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/"
],
"synonyms": [
"Websiic"
]
},
"uuid": "091a0b69-74de-44b6-bb12-16b7a8fd078b",
"value": "ToddyCat"
} }
], ],
"version": 228 "version": 229
} }