Merge pull request #1004 from Mathieu4141/threat-actors/2c706bb2-b7e3-4de0-86e5-f94b1c1f1905

[threat actors] Add 2 actors
pull/1005/head
Alexandre Dulaunoy 2024-07-24 13:30:23 +02:00 committed by GitHub
commit 284671eaba
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 25 additions and 1 deletions

View File

@ -543,7 +543,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
Category: *actor* - source: *MISP Project* - total: *711* elements
Category: *actor* - source: *MISP Project* - total: *713* elements
[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]

View File

@ -16399,6 +16399,30 @@
},
"uuid": "000d8bbf-cb6f-4f7b-89a4-9c136ac4bc5a",
"value": "Nullbulge"
},
{
"description": "Threat actor 888 is a hacker active in 2024, targeting companies for data breaches. They've hit Microsoft, BMW (Hong Kong), and others in tech, freight, and oil & gas industries",
"meta": {
"refs": [
"https://cybersecuritynews.com/threats-claimimg-breach/",
"https://www.cloudways.com/blog/hacker-allegedly-leaks-data-from-shopify-breach-on-breachforums/",
"https://twitter.com/H4ckManac/status/1810569160180515171",
"https://medium.com/@DoingFedTime/80-000-records-exposed-in-shell-data-breach-by-threat-actor-888-64c407dfac94"
]
},
"uuid": "8f31b9b1-44c9-4b7f-b850-7cf02c306e25",
"value": "Threat Actor 888"
},
{
"description": "UAC-0063 is a threat actor linked to Russian APT28, known for targeting government entities in Ukraine and Central Asia for cyber espionage operations. They utilize keyloggers, backdoors, and malware like Hatvibe and Cherryspy to compromise systems and exfiltrate sensitive information. The group has been active since at least 2021 and has shown interest in targeting organizations in Mongolia, Kazakhstan, Kyrgyzstan, Israel, and India. Their TTPs include spear-phishing campaigns and exploiting vulnerabilities in software products like HFS HTTP File Server and Rejetto file-sharing servers.",
"meta": {
"refs": [
"https://socprime.com/blog/uac-0063-attack-detection-hackers-target-ukrainian-research-institutions-using-hatvibe-cherryspy-and-cve-2024-23692/",
"https://cert.gov.ua/article/4697016"
]
},
"uuid": "9565bf78-7c9c-41cd-9ed0-58031f6d8978",
"value": "UAC-0063"
}
],
"version": 312