MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: [threat-actor] fix JSON

pull/911/head
Alexandre Dulaunoy 2023-12-18 14:43:21 +01:00
parent 0dd2f95a50
commit c306125679
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
clusters/threat-actor.json
View File

@ -13789,13 +13789,15 @@
{ {
"description": "First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifically STORM-0866/Red Dev 40. Sandman is tracked as a distinct cluster, pending additional conclusive information. A notable characteristic is its use of the LuaDream backdoor. LuaDream is based on the Lua platform, a relatively rare occurrence in the cyberespionage domain, historically associated with APTs considered Western or Western-aligned.", "description": "First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifically STORM-0866/Red Dev 40. Sandman is tracked as a distinct cluster, pending additional conclusive information. A notable characteristic is its use of the LuaDream backdoor. LuaDream is based on the Lua platform, a relatively rare occurrence in the cyberespionage domain, historically associated with APTs considered Western or Western-aligned.",
"meta": { "meta": {
"attribution-confidence": "50",
"cfr-suspected-state-sponsor": "China",
"cfr-suspected-victims": [ "cfr-suspected-victims": [
"Middle East", "Middle East",
"Southeast Asian", "Southeast Asian",
"France", "France",
"Egypt", "Egypt",
"Sudan", "Sudan",
"South Sudan" "South Sudan",
"Libya", "Libya",
"Turkey", "Turkey",
"Saudi Arabia", "Saudi Arabia",
@ -13814,10 +13816,8 @@
"Government", "Government",
"Telecommunications" "Telecommunications"
], ],
"attribution-confidence": "50",
"country": "CN",
"cfr-suspected-state-sponsor": "China",
"cfr-type-of-incident": "Espionage", "cfr-type-of-incident": "Espionage",
"country": "CN",
"references": [ "references": [
"https://www.sentinelone.com/labs/sandman-apt-china-based-adversaries-embrace-lua/", "https://www.sentinelone.com/labs/sandman-apt-china-based-adversaries-embrace-lua/",
"https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/" "https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/"
@ -13827,5 +13827,5 @@
"value": "Sandman APT" "value": "Sandman APT"
} }
], ],
"version": 295 "version": 296
} }