MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add WIP19

pull/905/head
Mathieu Beligon 2023-12-06 17:42:33 -08:00
parent 3719022d91
commit 668fb80aec
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/threat-actor.json
View File

@ -13671,6 +13671,17 @@
},
"uuid": "47739f40-c80c-435a-bedc-0d2b38e87ddc",
"value": "AeroBlade"
},
{
"description": "WIP19 is a Chinese-speaking threat group involved in espionage targeting the Middle East and Asia. They utilize a stolen certificate to sign their malware, including SQLMaggie, ScreenCap, and a credential dumper. The group has been observed targeting telecommunications and IT service providers, using toolsets authored by WinEggDrop. WIP19's activities suggest they are after specific information and are part of the broader Chinese espionage landscape.",
"meta": {
"country": "CN",
"refs": [
"https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/"
]
},
"uuid": "21bb2dab-4125-4ae8-8966-c7381659e180",
"value": "WIP19"
}
],
"version": 295