[threat-actors] Add LilacSquid

pull/985/head
Mathieu4141 2024-06-06 01:27:07 -07:00
parent 7ade514644
commit 3c7f74913f
1 changed files with 10 additions and 0 deletions

View File

@ -16068,6 +16068,16 @@
}, },
"uuid": "1bd2034f-a135-4c71-b08f-867b7f9e7998", "uuid": "1bd2034f-a135-4c71-b08f-867b7f9e7998",
"value": "SEXi" "value": "SEXi"
},
{
"description": "LilacSquid is an APT actor targeting a variety of industries worldwide since at least 2021. They use tactics such as exploiting vulnerabilities and compromised RDP credentials to gain access to victim organizations. Their post-compromise activities involve deploying MeshAgent and a customized version of QuasarRAT known as PurpleInk to maintain control over infected systems. LilacSquid has been observed using tools like Secure Socket Funneling for data exfiltration.",
"meta": {
"refs": [
"https://blog.talosintelligence.com/lilacsquid/"
]
},
"uuid": "efacc258-fa0e-4686-99d2-03bab14a640e",
"value": "LilacSquid"
} }
], ],
"version": 310 "version": 310