Merge pull request #881 from feedly/threat-actors/add-camaro-dragon

[threat-actors] Add Camaro Dragon
MISP · Oct 26, 2023 · 555c45c · 555c45c
2 parents c585caa + dcde706
commit 555c45c
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
@@ -12047,6 +12047,18 @@
       ],
       "uuid": "9766d52e-0e5d-4997-9c31-7f2291dcda9e",
       "value": "Void Rabisu"
+    },
+    {
+      "description": "In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang Panda and LuminousMoth, whose focus is primarily on Southeast Asian countries and their close peers.",
+      "meta": {
+        "country": "CN",
+        "references": [
+          "https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/",
+          "https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/"
+        ]
+      },
+      "uuid": "9ee446fd-b0cd-4662-9cd1-a60b429192db",
+      "value": "Camaro Dragon"
     }
   ],
   "version": 287