MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add PhantomControl

pull/912/head
Mathieu4141 2024-01-08 05:23:28 -08:00
parent f0229fbdd2
commit a6564bf61c
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/threat-actor.json
View File

@ -13904,6 +13904,18 @@
},
"uuid": "e6d16c22-0780-483c-9920-c1d9f27b10c8",
"value": "GREF"
},
{
"description": "PhantomControl is a sophisticated threat actor that emerged in November 2023. They utilize phishing emails as their initial infection vector and employ a ScreenConnect client to establish a connection for their malicious activities. Their arsenal includes a VBS script that hides its true intentions and reveals a complex mechanism involving PowerShell scripts and image-based data retrieval. PhantomControl has been associated with the Blind Eagle threat actors, showcasing their versatility and reach.",
"meta": {
"refs": [
"https://www.esentire.com/blog/phantomcontrol-returns-with-ande-loader-and-swaetrat",
"https://www.esentire.com/blog/operation-phantomcontrol",
"https://securityonline.info/esentire-vs-phantom-unveiling-the-cyber-spooks-dance-of-darkness/"
]
},
"uuid": "a2208d56-8f08-4ca3-a304-8bdc334b5ebf",
"value": "PhantomControl"
}
],
"version": 296