MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add TA402

pull/898/head
Mathieu4141 2023-11-20 09:29:07 -08:00
parent 00ca4c865f
commit ee2a8bec32
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/threat-actor.json
View File

@ -13340,6 +13340,18 @@
},
"uuid": "5587f082-349b-46ab-9e6f-303d9bfd1e1b",
"value": "CostaRicto"
},
{
"description": "TA402 is an APT group that has been tracked by Proofpoint since 2020. They primarily target government entities in the Middle East and North Africa, with a focus on intelligence collection. TA402 is known for using sophisticated phishing campaigns and constantly updating their malware implants and delivery methods to evade detection. They have been observed using cloud services like Dropbox and Google Drive for hosting malicious payloads and command-and-control infrastructure.",
"meta": {
"country": "PS",
"refs": [
"https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government",
"https://www.proofpoint.com/us/blog/threat-insight/ugg-boots-4-sale-tale-palestinian-aligned-espionage"
]
},
"uuid": "aad291eb-08d1-4af4-9dd1-e90fe1f2d6c6",
"value": "TA402"
}
],
"version": 294