mirror of https://github.com/MISP/misp-galaxy
[threat-actors] Add Winter Vivern
parent
4bb6cce77d
commit
7bb54037e8
|
@ -12135,6 +12135,24 @@
|
||||||
},
|
},
|
||||||
"uuid": "0ee7be4f-389f-4083-a1e4-4c39dc1ae105",
|
"uuid": "0ee7be4f-389f-4083-a1e4-4c39dc1ae105",
|
||||||
"value": "Xiaoqiying"
|
"value": "Xiaoqiying"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Winter Vivern is a cyberespionage group first revealed by DomainTools in 2021. It is thought to have been active since at least 2020 and it targets governments in Europe and Central Asia. To compromise its targets, the group uses malicious documents, phishing websites, and a custom PowerShell backdoor.",
|
||||||
|
"meta": {
|
||||||
|
"aliases": [
|
||||||
|
"UAC-0114",
|
||||||
|
"TA473"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://www.sentinelone.com/labs/winter-vivern-uncovering-a-wave-of-global-espionage/",
|
||||||
|
"https://www.domaintools.com/resources/blog/winter-vivern-a-look-at-re-crafted-government-maldocs",
|
||||||
|
"https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/",
|
||||||
|
"https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability",
|
||||||
|
"https://socprime.com/blog/uac-0114-group-aka-winter-vivern-attack-detection-hackers-launch-malicious-phishing-campaigns-targeting-government-entities-of-ukraine-and-poland/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "b7497d28-02de-4722-8b97-1fc53e1d1b68",
|
||||||
|
"value": "Winter Vivern"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 288
|
"version": 288
|
||||||
|
|
Loading…
Reference in New Issue