MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #980 from jstnk9/sidewinder-update 

update sidewinder information
pull/988/head
Alexandre Dulaunoy 2024-06-02 09:29:08 +02:00 committed by GitHub
parent a5b6755b4f ecf246a103
commit ab6be85bc0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
clusters/threat-actor.json
View File

@ -8967,6 +8967,19 @@
{
"description": "An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.",
"meta": {
"country": "IN",
"cfr-suspected-state-sponsor": "India",
"cfr-suspected-victims": [
"China",
"Pakistan",
"Nepal",
"Afghanistan"
],
"cfr-target-category": [
"Government",
"Military",
"Private Sector"
],
"refs": [
"https://securelist.com/apt-trends-report-q1-2018/85280/",
"https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/",