MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1035 from Mathieu4141/threat-actors/a3284f2a-3ca4-4c0c-a1fc-758cd5f14970 

[threat actors] Add 2 actors
main
Alexandre Dulaunoy 2024-11-19 17:45:10 +01:00 committed by GitHub
parent 7b6cb55f90 d7169d4cc4
commit cce72b69e6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -599,7 +599,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
Category: *actor* - source: *MISP Project* - total: *779* elements
Category: *actor* - source: *MISP Project* - total: *781* elements
[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]

21
clusters/threat-actor.json
View File

@ -17443,6 +17443,27 @@
},
"uuid": "4d3c9666-6e08-4186-854c-cc0f8c28f5b6",
"value": "Kairos"
},
{
"description": "BrazenBamboo is a Chinese state-affiliated threat actor known for developing the LIGHTSPY, DEEPDATA, and DEEPPOST malware families. Their infrastructure includes capabilities for zero-day exploitation, specifically targeting vulnerabilities like FortiClient, and employs a command-and-control architecture that supports multi-platform operations. Volexity's analysis indicates that BrazenBamboo is a well-resourced entity with a focus on domestic targets, utilizing custom analyst software to manage data collected from their malware. The ongoing development of their malware families is evidenced by the timestamps associated with their latest payloads.",
"meta": {
"country": "CN",
"refs": [
"https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/"
]
},
"uuid": "305fbff0-d3ff-43e3-8741-63bad68e47ee",
"value": "BrazenBamboo"
},
{
"description": "Water Barghest is a cybercriminal group that has compromised over 20,000 IoT devices by October 2024, monetizing them through a residential proxy marketplace. They automate the entire process from identifying vulnerable devices using n-day and zero-day exploits to deploying Ngioweb malware and selling the compromised assets. Their operations include leveraging Ubiquiti EdgeRouter devices for espionage and utilizing automated scripts to exploit vulnerabilities within minutes of discovery. Water Barghest has maintained a low profile for years, but their activities gained attention due to the deployment of a zero-day vulnerability against Cisco IOS XE devices in October 2023.",
"meta": {
"refs": [
"https://www.trendmicro.com/en_us/research/24/k/water-barghest.html"
]
},
"uuid": "314325cd-5972-46a9-af1e-4b1e5585619d",
"value": "Water Barghest"
}
],
"version": 320