[threat-actors] Add REF5961

MISP · Nov 6, 2023 · 18811f8 · 18811f8
1 parent ee354d9
commit 18811f8
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
@@ -12452,6 +12452,17 @@
       },
       "uuid": "cdcfd3e1-4e42-4746-b1f1-66d5ce27b4da",
       "value": "HiddenArt"
+    },
+    {
+      "description": "Elastic's security team has published a report on REF5961, a cyber-espionage group they found on the network of a Foreign Affairs Ministry from a member of the Association of Southeast Asian Nations (ASEAN). Elastic says it found the group's tools next to the malware of another cyber-espionage group it tracks as REF2924. REF5961's arsenal includes malware such as EAGERBEE, RUDEBIRD, and DOWNTOWN.",
+      "meta": {
+        "refs": [
+          "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set",
+          "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor"
+        ]
+      },
+      "uuid": "64234b2e-0c78-466d-8253-0df339f99f5f",
+      "value": "REF5961"
     }
   ],
   "version": 289