mirror of https://github.com/MISP/misp-galaxy
fix: resolve conflict
Rony
GitHub
parent
dd8b317912
commit
3d5c61a8ef
|
|
@ -15863,7 +15863,76 @@
|
|||
},
|
||||
"uuid": "c6e2e5ba-ffad-4258-8b6e-775b3fa230c3",
|
||||
"value": "Earth Freybug"
|
||||
},
|
||||
{
|
||||
"description": "Ghostr is a financially motivated threat actor known for stealing a confidential database containing 5.3 million records from the World-Check and leaking about 186GB of data from a stock trading platform. They have been active on Breachforums.is, revealing massive data breaches involving comprehensive details of Thai users, including full names, phone numbers, email addresses, and ID card numbers.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://securityaffairs.com/162136/cyber-crime/hackers-threaten-leak-world-check.html",
|
||||
"https://www.resecurity.com/blog/article/cybercriminals-leaked-massive-volumes-of-stolen-pii-data-from-thailand-in-dark-web"
|
||||
]
|
||||
},
|
||||
"uuid": "0e4ed0ab-87e2-4588-8fc0-3d720e0efebd",
|
||||
"value": "GhostR"
|
||||
},
|
||||
{
|
||||
"description": "UTA0218 is a threat actor with advanced capabilities, targeting organizations to establish a reverse shell, acquire tools, and extract data. They exploit vulnerabilities in firewall devices to move laterally within victim networks, focusing on obtaining domain backup keys and active directory credentials. The actor deploys a custom Python backdoor named UPSTYLE to execute commands and download additional tools. UTA0218 is likely state-backed, utilizing a mix of infrastructure including VPNs and compromised routers to store malicious files.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.enigmasoftware.com/cve20243400vulnerability-removal/",
|
||||
"https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
|
||||
]
|
||||
},
|
||||
"uuid": "ee8b8fc4-59f4-4442-a4e6-3686d09c6509",
|
||||
"value": "UTA0218"
|
||||
},
|
||||
{
|
||||
"description": "UAC-0149 is a threat actor targeting the Armed Forces of Ukraine with COOKBOX malware. They use obfuscation techniques like character encoding and base64 encoding to evade detection. The group leverages dynamic DNS services and Cloudflare Workers for their C2 infrastructure.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://socprime.com/blog/uac-0149-attack-detection-hackers-launch-a-targeted-attack-against-the-armed-forces-of-ukraine-as-cert-ua-reports/",
|
||||
"https://cert.gov.ua/article/6277849"
|
||||
]
|
||||
},
|
||||
"uuid": "f5f6d4eb-1ec3-494e-807d-5b767122f9b2",
|
||||
"value": "UAC-0149"
|
||||
},
|
||||
{
|
||||
"description": "ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. As a critical path for data into and out of the network, these devices need to be routinely and promptly patched; using up-to-date hardware and software versions and configurations; and be closely monitored from a security perspective. Gaining a foothold on these devices allows an actor to directly pivot into an organization, reroute or modify traffic and monitor network communications. In the past two years, we have seen a dramatic and sustained increase in the targeting of these devices in areas such as telecommunications providers and energy sector organizations — critical infrastructure entities that are likely strategic targets of interest for many foreign governments.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/"
|
||||
]
|
||||
},
|
||||
"uuid": "97a10d3b-5cb5-4df9-856c-515994f3e953",
|
||||
"value": "ArcaneDoor"
|
||||
},
|
||||
{
|
||||
"description": "UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called \"Line Runner\" and \"Line Dancer.\" The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/"
|
||||
],
|
||||
"synonyms": [
|
||||
"UAT4356"
|
||||
]
|
||||
},
|
||||
"uuid": "3d94ef07-9fd6-4d64-bf1e-f1316f2686a4",
|
||||
"value": "STORM-1849"
|
||||
},
|
||||
{
|
||||
"description": "USDoD is a threat actor known for leaking large databases of personal information, including from companies like Airbus and the U.S. Environmental Protection Agency. They have a history of engaging in high-profile data breaches, such as exposing data from the FBI's InfraGard program. USDoD has also been involved in web scraping to obtain information from websites like LinkedIn.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/",
|
||||
"https://www.cysecurity.news/2023/09/transunion-refutes-data-breach-reports.html",
|
||||
"https://socradar.io/unmasking-usdod-the-enigma-of-the-cyber-realm/",
|
||||
"https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/"
|
||||
]
|
||||
},
|
||||
"uuid": "d6882fb9-d1e4-4cec-889c-5423c772d199",
|
||||
"value": "USDoD"
|
||||
}
|
||||
],
|
||||
"version": 307
|
||||
"version": 308
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue