MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add Operation Red Signature

pull/925/head
Mathieu4141 2024-02-06 07:30:06 -08:00
parent 859d3f7ac0
commit baaf153229
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/threat-actor.json
View File

@ -14920,6 +14920,18 @@
},
"uuid": "f34962a4-a792-4f23-af23-a8bf0f053fcf",
"value": "Ferocious Kitten"
},
{
"description": "The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of interest through the update process. They carried this out by first stealing the companys certificate then using it to sign the malware. They also configured the update server to only deliver malicious files if the client is located in the range of IP addresses of their target organisations.",
"meta": {
"country": "CN",
"refs": [
"https://decoded.avast.io/threatintel/avast-finds-backdoor-on-us-government-commission-network/?utm_source=rss&utm_medium=rss&utm_campaign=avast-finds-backdoor-on-us-government-commission-network",
"https://www.trendmicro.com/en_my/research/18/h/supply-chain-attack-operation-red-signature-targets-south-korean-organizations.html"
]
},
"uuid": "3e9b98d9-0c61-4050-bafa-486622de0080",
"value": "Operation Red Signature"
}
],
"version": 299