Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[threat actors] Add 2 actors #996

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -535,7 +535,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements

[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.

Category: *actor* - source: *MISP Project* - total: *703* elements
Category: *actor* - source: *MISP Project* - total: *705* elements

[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]

Expand Down
26 changes: 26 additions & 0 deletions clusters/threat-actor.json
Original file line number Diff line number Diff line change
Expand Up @@ -16296,6 +16296,32 @@
},
"uuid": "849d16c8-eaa3-46e7-9c1c-179ef680922e",
"value": "IntelBroker"
},
{
"description": "DRAGONBRIDGE is a Chinese state-sponsored threat actor known for engaging in information operations to promote the political interests of the People's Republic of China. They have been observed using AI-generated images and videos to spread propaganda on social media platforms. The group has targeted various countries and regions, including the US, Taiwan, and Japan, with narratives promoting pro-PRC viewpoints. DRAGONBRIDGE has been linked to campaigns discrediting the US political system, sowing division between allies, and criticizing specific companies and individuals.",
"meta": {
"country": "CN",
"refs": [
"https://cloud.google.com/blog/topics/threat-intelligence/prc-dragonbridge-influence-elections/",
"https://quointelligence.eu/2024/06/european-election-at-risk-analysis/",
"https://blog.google/threat-analysis-group/over-50000-instances-of-dragonbridge-activity-disrupted-in-2022/"
],
"synonyms": [
"Spamouflage Dragon"
]
},
"uuid": "a4d55f94-d842-400a-acb6-dfee1c446257",
"value": "Dragonbridge"
},
{
"description": "Boolka is a threat actor known for infecting websites with malicious JavaScript scripts for data exfiltration. They have been carrying out opportunistic SQL injection attacks since at least 2022. Boolka has developed a malware delivery platform based on the BeEF framework and has been distributing the BMANAGER trojan. Their activities demonstrate a progression from basic website infections to more sophisticated malware operations.",
"meta": {
"refs": [
"https://www.group-ib.com/blog/boolka/"
]
},
"uuid": "99ad0cef-c53a-44d5-85d4-5459e59a06d5",
"value": "Boolka"
}
],
"version": 312
Expand Down
Loading