search

MISP / misp-galaxy

Clusters and elements to attach to MISP events or attributes (like threat actors)
https://misp-galaxy.org/
Other
527 stars 258 forks source link

APT OPERA1ER missing #793

Closed franckybzh22 closed 7 months ago

franckybzh22 commented 1 year ago

Ref : Financially motivated, dangerously activated:OPERA1ER APT in Africa Synonyms : DESKTOP-GROUP, Common Raven, NXSMS Motivation : Financial, exfiltration of documentation for further use in spear phishing Geography of attacks : Ivory Coast, Mali, Burkina Faso, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo, Argentina. Victims : Financial service, banks, mobile banking service, and telecom companies

adulau commented 7 months ago 
 {
   "description": "Threat actor Common Raven has been actively targeting financial sector institutions, compromising their SWIFT payment infrastructure to send out fraudulent payments.",
   "meta": {
     "refs": [
       "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-common-raven-iocs",
       "https://www2.swift.com/isac/report/10118",
       "https://blog.group-ib.com/opera1er-apt"
     ],
     "synonyms": [
       "OPERA1ER",                                                                                                                                                                            
       "NXSMS",
       "DESKTOP-GROUP"
     ]
   },
   "uuid": "da581c60-7c3d-4de6-b54c-cafea1c58389",
   "value": "Common Raven"
 },

It's in the Threat-Actor cluster. If you see something missing, let us know.