REF2924REF2924

Also known as: REF2924

Known aliases
1

Profile

A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the researchers — in attacks against victims operating in southern and southeast Asia.According to a blog post by Elastic senior security research engineer Remco Sprooten, in that region of the world, network-based detection and prevention technologies are the de facto method for securing many environments.

Aliases· 1

REF2924

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC3524
Actor
REF5961
Actor
APT9
Actor
UNC2465
Actor
UAC-0227
Actor
SLIME29
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.