Skip to content

Commit

Permalink
Merge branch 'patch-1' of https://github.com/r0ny123/misp-galaxy into…
Browse files Browse the repository at this point in the history
… r0ny123-patch-1
  • Loading branch information
adulau committed Nov 24, 2024
2 parents 1541624 + 446ff6f commit 9951699
Showing 1 changed file with 27 additions and 34 deletions.
61 changes: 27 additions & 34 deletions clusters/threat-actor.json
Original file line number Diff line number Diff line change
Expand Up @@ -4859,33 +4859,47 @@
"https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations",
"https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign",
"https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf",
"https://www.darkreading.com/attacks-breaches/russian-apt-bluecharlie-swaps-infrastructure-to-evade-detection",
"https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/"
"https://www.recordedfuture.com/research/bluecharlie-previously-tracked-as-tag-53-continues-to-deploy-new-infrastructure-in-2023",
"https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/",
"https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf",
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/blue-callisto-orbits-around-us.html",
"https://www.ncsc.gov.uk/files/Advisory-Russian-FSB-cyber-actor-star-blizzard-continues-worldwide-spear-sphishing-campaigns.pdf",
"https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-global-elections",
"https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics",
"https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware",
"https://citizenlab.ca/2024/08/sophisticated-phishing-targets-russias-perceived-enemies-around-the-globe/",
"https://www.gov.uk/government/news/uk-exposes-attempted-russian-cyber-interference-in-politics-and-democratic-processes",
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/coldwastrel-space.html",
"https://citizenlab.ca/2024/10/disrupting-coldriver/",
"https://blogs.microsoft.com/on-the-issues/2024/10/03/protecting-democratic-institutions-from-cyber-threats/",
"https://www.justice.gov/opa/pr/justice-department-disrupts-russian-intelligence-spear-phishing-efforts",
"https://www.justice.gov/opa/pr/two-russian-nationals-working-russias-federal-security-service-charged-global-computer",
"https://www.justice.gov/opa/media/1327601/dl?inline",
"https://www.noticeofpleadings.com/starblizzard/",
"https://edeca.net/post/2024-06-26-an-interesting-callisto-yara-rule",
"https://blog.sekoia.io/calisto-show-interests-into-entities-involved-in-ukraine-war-support",
"https://blog.sekoia.io/one-year-after-the-cyber-implications-of-the-russo-ukrainian-war/",
"https://blog.sekoia.io/calisto-doxxing-sekoia-io-findings-concurs-to-reuters-investigation-on-fsb-related-andrey-korinets/"
],
"synonyms": [
"COLDRIVER",
"SEABORGIUM",
"TA446",
"GOSSAMER BEAR",
"BlueCharlie",
"Star Blizzard"
"Star Blizzard",
"TAG-53",
"IRON FRONTIER",
"UNC4057",
"Blue Callisto"
],
"targeted-sector": [
"Government, Administration",
"Government Administration",
"Military",
"Think Tanks",
"Journalist"
]
},
"related": [
{
"dest-uuid": "06630ccd-98ed-5aec-8083-e04c894bd2d6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
"value": "Callisto"
},
Expand Down Expand Up @@ -11665,27 +11679,6 @@
"uuid": "171d0590-be92-443f-addb-af5dc2a8034d",
"value": "Evasive Panda"
},
{
"description": "A Russia-linked threat actor tracked as TAG-53 is running phishing campaigns impersonating various defense, aerospace, and logistic companies, according to The Record by Recorded Future. Recorded Future’s Insikt Group identified overlaps with a threat actor tracked by other companies as Callisto Group, COLDRIVER, and SEABORGIUM.",
"meta": {
"refs": [
"https://blog.knowbe4.com/russian-threat-actor-impersonates-aerospace-and-defense-companies",
"https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations?utm_campaign=PostBeyond&utm_source=Twitter&utm_medium=359877&utm_term=Exposing+TAG-53%E2%80%99s+Credential+Harvesting+Infrastructure+Used+for+Russia-Aligned+Espionage+Operations",
"https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf"
]
},
"related": [
{
"dest-uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "overlaps"
}
],
"uuid": "e5865ca1-ec95-43e2-954a-d0f3507a9747",
"value": "TAG-53"
},
{
"description": "This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan.",
"meta": {
Expand Down

0 comments on commit 9951699

Please sign in to comment.