mirror of
https://github.com/MISP/misp-galaxy.git
synced 2025-01-18 10:36:17 +00:00
[threat-actors] Add Wassonite
This commit is contained in:
Mathieu4141
parent
9e202b45f6
commit
3735fd37d5
1 changed files with 12 additions and 0 deletions
|
|
@ -17612,6 +17612,18 @@
|
||||||
},
|
},
|
||||||
"uuid": "d44be76b-07ad-47b3-a296-3899f27f0702",
|
"uuid": "d44be76b-07ad-47b3-a296-3899f27f0702",
|
||||||
"value": "UAC-0185"
|
"value": "UAC-0185"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "WASSONITE is a North Korea-linked APT that has targeted industrial sectors, including electric generation, nuclear energy, manufacturing, and research entities in India, South Korea, and Japan since at least 2018. The group employs DTrack RAT for remote access, Mimikatz for credential capture, and various system tools for lateral movement and file transfers. WASSONITE has been observed using nuclear energy-themed spear phishing lures to deploy the AppleSeed backdoor, which can take screenshots, log keystrokes, and execute commands from a C2 server. Their operations focus on initial access, reconnaissance, and data collection without demonstrating disruptive capabilities.",
|
||||||
|
"meta": {
|
||||||
|
"country": "KP",
|
||||||
|
"refs": [
|
||||||
|
"https://www.dragos.com/blog/2022-ics-ot-threat-landscape-recap-what-to-watch-for-this-year/",
|
||||||
|
"https://www.dragos.com/threat/wassonite/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "fba00660-d18c-4af7-831c-25757e495907",
|
||||||
|
"value": "Wassonite"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 322
|
"version": 322
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue