MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add Thrip as threat actor

pull/228/head
Deborah Servili 2018-06-20 09:30:15 +02:00
parent dcd159f8ed
commit e18fdf42da
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
clusters/threat-actor.json
View File

@ -2701,6 +2701,16 @@
]
},
"uuid": "4af45fea-72d3-11e8-846c-d37699506c8d"
},
{
"value": "Thrip",
"description": "Symntec have been monitoring Thrip since 2013 when they uncovered a spying campaign being orchestrated from systems based in China. Since their initial discovery, the group has changed its tactics and broadened the range of tools it used. Initially, it relied heavily on custom malware, but in this most recent wave of attacks, which began in 2017, the group has switched to a mixture of custom malware and living off the land tools. All of these tools, with the exception of Mimikatz (which is almost always used maliciously), have legitimate uses.",
"meta": {
"refs": [
"https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets"
]
},
"uuid": "1533bc1a-745a-11e8-90e3-efa3e975fef3s"
}
],
"name": "Threat actor",