mirror of https://github.com/MISP/misp-galaxy
[threat-actors] Add RansomHub
parent
97fd1ed309
commit
f1bbd96d84
|
@ -16007,6 +16007,18 @@
|
||||||
},
|
},
|
||||||
"uuid": "6149f3b6-510d-4e45-bf88-cd25c7193702",
|
"uuid": "6149f3b6-510d-4e45-bf88-cd25c7193702",
|
||||||
"value": "Alpha Spider"
|
"value": "Alpha Spider"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "RansomHub is a rapidly growing ransomware group believed to be an updated version of the older Knight ransomware. They have been linked to attacks exploiting the Zerologon vulnerability to gain initial access. RansomHub has attracted former affiliates of the ALPHV ransomware group and operates as a Ransomware-as-a-Service with a unique affiliate prepayment model. The group has been active in extorting victims and leaking sensitive data to pressure for ransom payments.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware",
|
||||||
|
"https://forescoutstage.wpengine.com/blog/analysis-a-new-ransomware-group-emerges-from-the-change-healthcare-cyber-attack/",
|
||||||
|
"https://www.sentinelone.com/blog/ransomware-evolution-how-cheated-affiliates-are-recycling-victim-data-for-profit/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "9d218bb3-fc59-43e0-a273-a0a0fb5c463e",
|
||||||
|
"value": "RansomHub"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 310
|
"version": 310
|
||||||
|
|
Loading…
Reference in New Issue