mirror of https://github.com/MISP/misp-galaxy
[threat-actors] Add LilacSquid
parent
7ade514644
commit
3c7f74913f
|
@ -16068,6 +16068,16 @@
|
||||||
},
|
},
|
||||||
"uuid": "1bd2034f-a135-4c71-b08f-867b7f9e7998",
|
"uuid": "1bd2034f-a135-4c71-b08f-867b7f9e7998",
|
||||||
"value": "SEXi"
|
"value": "SEXi"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "LilacSquid is an APT actor targeting a variety of industries worldwide since at least 2021. They use tactics such as exploiting vulnerabilities and compromised RDP credentials to gain access to victim organizations. Their post-compromise activities involve deploying MeshAgent and a customized version of QuasarRAT known as PurpleInk to maintain control over infected systems. LilacSquid has been observed using tools like Secure Socket Funneling for data exfiltration.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://blog.talosintelligence.com/lilacsquid/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "efacc258-fa0e-4686-99d2-03bab14a640e",
|
||||||
|
"value": "LilacSquid"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 310
|
"version": 310
|
||||||
|
|
Loading…
Reference in New Issue