ID

Storm-1167Storm-1167

Also known as: DEV-1167 · Storm-1167

Origin
ID
Known aliases
2

Profile

Storm-1167 is a threat actor (origin ID) catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as DEV-1167. Original record: Storm-1167 is a threat actor tracked by Microsoft, known for their use of an AiTM phishing kit. They were responsible for launching an attack that led to Business Email Compromise activity.

Aliases· 2

DEV-1167Storm-1167

References

  1. https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Storm-1101
Actor
Storm-0867
Actor
Storm-1133
Actor
Storm-1286
Actor
Storm-1152
Actor
Storm-1113
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.