MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

adding Mandiant's FIN13.

pull/672/head
Daniel Plohmann 2022-01-03 09:32:43 +01:00 committed by GitHub
parent 174a812cef
commit 3094283252
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/threat-actor.json
View File

@ -8873,7 +8873,17 @@
},
"uuid": "da581c60-7c3d-4de6-b54c-cafea1c58389",
"value": "Common Raven"
},
{
"description": "Since 2017, Mandiant has been tracking FIN13, an industrious and versatile financially motivated threat actor conducting long-term intrusions in Mexico with an activity timeframe stretching back as early as 2016. Although their operations continue through the present day, in many ways FIN13's intrusions are like a time capsule of traditional financial cybercrime from days past. Instead of today's prevalent smash-and-grab ransomware groups, FIN13 takes their time to gather information to perform fraudulent money transfers. Rather than relying heavily on attack frameworks such as Cobalt Strike, the majority of FIN13 intrusions involve heavy use of custom passive backdoors and tools to lurk in environments for the long haul.",
"meta": {
"refs": [
"https://www.mandiant.com/resources/fin13-cybercriminal-mexico"
]
},
"uuid": "60fa684d-c738-4b77-98fb-3f6605e2bb82",
"value": "FIN13"
}
],
"version": 207
"version": 208
}