MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add Storm-1113

pull/912/head
Mathieu4141 2024-01-08 05:23:29 -08:00
parent ce4be94d8b
commit 2c7adf27a0
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
clusters/threat-actor.json
View File

@ -13940,6 +13940,16 @@
}, },
"uuid": "7b8845d9-d7f5-4895-9dcc-54da3492bd55", "uuid": "7b8845d9-d7f5-4895-9dcc-54da3492bd55",
"value": "KelvinSecurity" "value": "KelvinSecurity"
},
{
"description": "Storm-1113 is a threat actor that acts both as an access broker focused on malware distribution through search advertisements and as an “as-a-service” entity providing malicious installers and landing page frameworks. In Storm-1113 malware distribution campaigns, users are directed to landing pages mimicking well-known software that host installers, often MSI files, that lead to the installation of malicious payloads. Storm-1113 is also the developer of EugenLoader, a commodity malware first observed around November 2022.",
"meta": {
"refs": [
"https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/"
]
},
"uuid": "993e81e8-63f4-4666-9538-4053a69287ba",
"value": "Storm-1113"
} }
], ],
"version": 296 "version": 296