MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add UNC5325

pull/951/head
Mathieu4141 2024-03-20 10:23:42 -07:00
parent e18e5c16c6
commit 6490424201
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/threat-actor.json
View File

@ -15340,6 +15340,17 @@
},
"uuid": "69a944ef-4962-432e-a1b9-575b646ee2ed",
"value": "R00tK1T"
},
{
"description": "UNC5325 is a suspected Chinese cyber espionage operator that exploited CVE-2024-21893 to compromise Ivanti Connect Secure appliances. UNC5325 leveraged code from open-source projects, installed custom malware, and modified the appliance's settings in order to evade detection and attempt to maintain persistence. UNC5325 has been observed deploying LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK. Mandiant identified TTPs and malware code overlaps in LITTLELAMB.WOOLTEA and PITHOOK with malware leveraged by UNC3886. Mandiant assesses with moderate confidence that UNC5325 is associated with UNC3886.",
"meta": {
"country": "CN",
"refs": [
"https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence"
]
},
"uuid": "ffb28c09-16a6-483a-817a-89c89751c9d4",
"value": "UNC5325"
}
],
"version": 304