mirror of https://github.com/MISP/misp-galaxy
[threat-actors] Add PhantomControl
parent
f0229fbdd2
commit
a6564bf61c
|
@ -13904,6 +13904,18 @@
|
|||
},
|
||||
"uuid": "e6d16c22-0780-483c-9920-c1d9f27b10c8",
|
||||
"value": "GREF"
|
||||
},
|
||||
{
|
||||
"description": "PhantomControl is a sophisticated threat actor that emerged in November 2023. They utilize phishing emails as their initial infection vector and employ a ScreenConnect client to establish a connection for their malicious activities. Their arsenal includes a VBS script that hides its true intentions and reveals a complex mechanism involving PowerShell scripts and image-based data retrieval. PhantomControl has been associated with the Blind Eagle threat actors, showcasing their versatility and reach.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.esentire.com/blog/phantomcontrol-returns-with-ande-loader-and-swaetrat",
|
||||
"https://www.esentire.com/blog/operation-phantomcontrol",
|
||||
"https://securityonline.info/esentire-vs-phantom-unveiling-the-cyber-spooks-dance-of-darkness/"
|
||||
]
|
||||
},
|
||||
"uuid": "a2208d56-8f08-4ca3-a304-8bdc334b5ebf",
|
||||
"value": "PhantomControl"
|
||||
}
|
||||
],
|
||||
"version": 296
|
||||
|
|
Loading…
Reference in New Issue