MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add Storm-0506

pull/1008/head
Mathieu4141 2024-07-31 02:14:11 -07:00
parent f5687c0162
commit cd621af35c
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/threat-actor.json
View File

@ -16465,6 +16465,17 @@
},
"uuid": "1725e1c3-9870-4f66-8962-753c4ed3e086",
"value": "TA4903"
},
{
"description": "Storm-0569 is an initial access broker that distributes BATLOADER using search engine optimization (SEO) poisoning with websites that spoof Zoom, TeamViewer, Tableau, and AnyDesk. It uses the loader malware to inject the Cobalt Strike payload and transfers access to Storm-0506 for the deployment of the Black Basta ransomware.",
"meta": {
"refs": [
"https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/",
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-widely-abused-msix-app-installer-disabled-by-microsoft-active-iocs"
]
},
"uuid": "d1ad4392-c85a-4f07-9818-a86f805a49f6",
"value": "Storm-0506"
}
],
"version": 312