Merge pull request #995 from Mathieu4141/threat-actors/4c1ff26b-8695-…

…45ec-8c36-adcbdb2add7c [threat actors] Add 2 actors
MISP · Jun 25, 2024 · a439501 · a439501
2 parents 41cf08a + 6d18539
commit a439501
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -535,7 +535,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
 
 [Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
 
-Category: *actor* - source: *MISP Project* - total: *701* elements
+Category: *actor* - source: *MISP Project* - total: *703* elements
 
 [[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]
 

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
@@ -16272,6 +16272,30 @@
       },
       "uuid": "06a615dc-fa13-4d6a-ac8b-3d2a8c9501c4",
       "value": "BlueHornet"
+    },
+    {
+      "description": "Hellhounds is an APT group targeting organizations in Russia, using a modified version of Pupy RAT called Decoy Dog. They gain initial access through vulnerable web services and trusted relationships, with a focus on the public sector and IT companies. The group has been active since at least 2019, maintaining covert presence inside compromised organizations by modifying open-source projects to evade detection. Hellhounds have successfully targeted at least 48 victims, including a telecom operator where they disrupted services.",
+      "meta": {
+        "refs": [
+          "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/hellhounds-operation-lahat-part-2/",
+          "https://ics-cert.kaspersky.com/publications/reports/2024/04/02/apt-and-financial-attacks-on-industrial-organizations-in-h2-2023/"
+        ]
+      },
+      "uuid": "46ef6903-deac-415a-afaf-97e3ce067d7e",
+      "value": "HellHounds"
+    },
+    {
+      "description": "IntelBroker is a threat actor known for orchestrating high-profile data breaches targeting companies like Apple, Zscaler, and Facebook Marketplace. They have a reputation for selling access to compromised systems and data on underground forums like BreachForums. IntelBroker has claimed responsibility for breaches involving government agencies such as Europol, the U.S. Department of Transportation, and the Pentagon, leaking sensitive information and classified documents. The actor has been linked to breaches at companies like Acuity, General Electric, and Home Depot, showcasing a pattern of targeting critical infrastructure and major corporations.",
+      "meta": {
+        "refs": [
+          "https://www.cysecurity.news/2024/06/infamous-hacker-intelbroker-breaches.html",
+          "https://www.malwarebytes.com/blog/news/2024/06/was-t-mobile-compromised-by-a-zero-day-in-jira",
+          "https://securityaffairs.com/164263/cyber-crime/pandabuy-extorted-again.html",
+          "https://meterpreter.org/cybersecurity-firm-hacked-sensitive-data-on-sale/"
+        ]
+      },
+      "uuid": "849d16c8-eaa3-46e7-9c1c-179ef680922e",
+      "value": "IntelBroker"
     }
   ],
   "version": 312