MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

merge KNOCKOUT SPIDER -> Evilnum 

Based on newer public reporting grouping these.
pull/928/head
Daniel Plohmann 2024-02-08 10:38:04 +01:00 committed by GitHub
parent d7c003ed9c
commit 8a359dbd43
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
clusters/threat-actor.json
View File

@ -9207,13 +9207,17 @@
"https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/",
"https://www.proofpoint.com/us/blog/threat-insight/buy-sell-steal-evilnum-targets-cryptocurrency-forex-commodities",
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-evilnum-apt-group-active-iocs-7",
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-evilnum-apt-group-targeting-financial-sector"
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-evilnum-apt-group-targeting-financial-sector",
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf",
"https://www.hivepro.com/wp-content/uploads/2022/08/Vulnerabilities-Threats-that-Matter-25th-to-31st-July.pdf",
"https://medium.com/bitso-engineering/profiling-disrupting-an-apt-spear-phishing-campaign-targeting-slack-users-in-the-financial-sector-9389533d5fc2"
],
"synonyms": [
"DeathStalker",
"TA4563",
"EvilNum",
"Jointworm"
"Jointworm",
"KNOCKOUT SPIDER"
]
},
"uuid": "b6f3150f-2240-4c57-9dda-5144c5077058",
@ -9624,16 +9628,6 @@
"uuid": "3570552c-c46f-428e-9472-744a14e6ece7",
"value": "GOLD DUPONT"
},
{
"description": "KNOCKOUT SPIDER has conducted low-volume spear-phishing campaigns focused on companies involved in cryptocurrency.",
"meta": {
"refs": [
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf"
]
},
"uuid": "0fb7b53a-77d5-44c5-b500-1d612f262172",
"value": "KNOCKOUT SPIDER"
},
{
"description": "SOLAR SPIDERs phishing campaigns deliver the JSOutProx RAT to financial institutions across Africa, the Middle East, South Asia and Southeast Asia.",
"meta": {
@ -14989,5 +14983,5 @@
"value": "Operation Emmental"
}
],
"version": 299
"version": 300
}