MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add UNC5820

pull/1030/head
Mathieu4141 2024-11-01 10:43:27 -07:00
parent d9f98b52da
commit f74560c80f
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
clusters/threat-actor.json
View File

@ -17061,6 +17061,16 @@
},
"uuid": "8bd29f1a-ea33-49c2-a783-42cd2a193f83",
"value": "OverFlame"
},
{
"description": "UNC5820 is a threat actor exploiting the CVE-2024-47575 vulnerability in Fortinet's FortiManager, allowing them to bypass authentication and execute arbitrary commands. They have been observed exfiltrating configuration data, user information, and FortiOS256-hashed passwords from managed FortiGate devices. While the actor has staged and exfiltrated sensitive data, there is currently no evidence of lateral movement or further compromise of additional environments. Mandiant has not determined whether UNC5820 is state-sponsored or identified its geographic location.",
"meta": {
"refs": [
"https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575/"
]
},
"uuid": "e13e36e7-a75b-42fa-8d51-35f9eeafebfc",
"value": "UNC5820"
}
],
"version": 318