MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

update microsoft activity groups

pull/594/head
Delta-Sierra 2020-10-30 14:53:20 +01:00
parent d48216031a
commit be672b8d3a
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/microsoft-activity-group.json
View File

@ -277,7 +277,16 @@
],
"uuid": "00edb40d-2fed-4d36-98b1-c85fc2bb1168",
"value": "PARINACOTA"
},
{
"value": "GADOLINIUM",
"description": "GADOLINIUM is a nation-state activity group that has been compromising targets for nearly a decade with a worldwide focus on the maritime and health industries. As with most threat groups, GADOLINIUM tracks the tools and techniques of security practitioners looking for new techniques they can use or modify to create new exploit methods.\nHistorically, GADOLINIUM used custom-crafted malware families that analysts can identify and defend against. In response, over the last year GADOLINIUM has begun to modify portions of its toolchain to use open-source toolkits to obfuscate their activity and make it more difficult for analysts to track. Because cloud services frequently offer a free trial or one-time payment (PayGo) account offerings, malicious actors have found ways to take advantage of these legitimate business offerings. By establishing free or PayGo accounts, they can use cloud-based technology to create a malicious infrastructure that can be established quickly then taken down before detection or given up at little cost.",
"meta": {
"refs":[
"https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/"
]
}
}
],
"version": 8
"version": 9
}