CN

REF2924REF2924

Also known as: REF2924

Origin
CN
Known aliases
1

Profile

A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the researchers — in attacks against victims operating in southern and southeast Asia.According to a blog post by Elastic senior security research engineer Remco Sprooten, in that region of the world, network-based detection and prevention technologies are the de facto method for securing many environments.

Aliases· 1

REF2924

References

  1. https://www.elastic.co/security-labs/ref2924-howto-maintain-persistence-as-an-advanced-threat
  2. https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC3524
Actor
REF5961
Actor
APT9
Actor
UNC2465
Actor
UAC-0227
Actor
SLIME29
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.