MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

adding ClearSky alias for Volatile Cedar 

adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious  files."
pull/622/head
Daniel Plohmann 2021-01-29 10:39:18 +01:00 committed by GitHub
parent 815e5c4fe4
commit d61e7d2fac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
clusters/threat-actor.json
View File

@ -3918,12 +3918,14 @@
"refs": [
"https://blog.checkpoint.com/2015/03/31/volatilecedar/",
"https://blog.checkpoint.com/2015/06/09/new-data-volatile-cedar/",
"https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/"
"https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/",
"https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf"
],
"synonyms": [
"Reuse team",
"Malware reusers",
"Dancing Salome"
"Dancing Salome",
"Lebanese Cedar"
]
},
"uuid": "cf421ce6-ddfe-419a-bc65-6a9fc953232a",