REF5961 (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

REF5961 (Back to overview)

Elastic's security team has published a report on REF5961, a cyber-espionage group they found on the network of a Foreign Affairs Ministry from a member of the Association of Southeast Asian Nations (ASEAN). Elastic says it found the group's tools next to the malware of another cyber-espionage group it tracks as REF2924. REF5961's arsenal includes malware such as EAGERBEE, RUDEBIRD, and DOWNTOWN.

Associated Families

There are currently no families associated with this actor.

References

2023-10-13 ⋅ Elastic ⋅ Cyril François
Disclosing the BLOODALCHEMY backdoor
BloodAlchemy REF5961

2023-10-03 ⋅ Elastic ⋅ Andrew Pease, Cyril François, Daniel Stepanic, Salim Bitam, Seth Goodwin
Introducing the REF5961 intrusion set (RUDEBIRD, DOWNTOWN, and EAGERBEE)
EagerBee SManager REF2924 REF5961

Credits: MISP Project