MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2025-01-18 10:36:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1041 from Mathieu4141/threat-actor/wassonite-e7f2d6bb-ab1a-435b-8f41-c28b56195876
Some checks failed
Python application / build (3.10) (push) Has been cancelled
Details
Python application / build (3.8) (push) Has been cancelled
Details
Python application / build (3.9) (push) Has been cancelled
Details

Browse source 
[threat actors] add Wassonite
This commit is contained in:
Alexandre Dulaunoy 2024-12-24 06:10:17 -08:00 committed by GitHub
commit 40a70938d3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -599,7 +599,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group. [Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
Category: *actor* - source: *MISP Project* - total: *792* elements Category: *actor* - source: *MISP Project* - total: *793* elements
[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)] [[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]

12
clusters/threat-actor.json
View file

@ -17612,6 +17612,18 @@
}, },
"uuid": "d44be76b-07ad-47b3-a296-3899f27f0702", "uuid": "d44be76b-07ad-47b3-a296-3899f27f0702",
"value": "UAC-0185" "value": "UAC-0185"
},
{
"description": "WASSONITE is a North Korea-linked APT that has targeted industrial sectors, including electric generation, nuclear energy, manufacturing, and research entities in India, South Korea, and Japan since at least 2018. The group employs DTrack RAT for remote access, Mimikatz for credential capture, and various system tools for lateral movement and file transfers. WASSONITE has been observed using nuclear energy-themed spear phishing lures to deploy the AppleSeed backdoor, which can take screenshots, log keystrokes, and execute commands from a C2 server. Their operations focus on initial access, reconnaissance, and data collection without demonstrating disruptive capabilities.",
"meta": {
"country": "KP",
"refs": [
"https://www.dragos.com/blog/2022-ics-ot-threat-landscape-recap-what-to-watch-for-this-year/",
"https://www.dragos.com/threat/wassonite/"
]
},
"uuid": "fba00660-d18c-4af7-831c-25757e495907",
"value": "Wassonite"
} }
], ],
"version": 322 "version": 322