Merge pull request #899 from Delta-Sierra/main

Kimsuky targets and relations
This commit is contained in:
Alexandre Dulaunoy 2023-11-21 15:26:21 +01:00 committed by GitHub
commit 6868b6aaed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 371 additions and 6 deletions

View file

@ -674,6 +674,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
@ -1219,5 +1226,5 @@
"value": "Malteiro"
}
],
"version": 18
"version": 19
}

View file

@ -23395,6 +23395,36 @@
},
{
"description": "ransomware",
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
"value": "XRat"
},
@ -26176,5 +26206,5 @@
"value": "Yanluowang"
}
],
"version": 118
"version": 119
}

View file

@ -760,6 +760,27 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
@ -1064,6 +1085,36 @@
"https://github.com/c4bbage/xRAT"
]
},
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
"value": "xRAT"
},
@ -1496,6 +1547,15 @@
"https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en"
]
},
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
"value": "Chrome Remote Desktop"
},
@ -3576,5 +3636,5 @@
"value": "STRRAT"
}
],
"version": 43
"version": 44
}

View file

@ -5553,7 +5553,8 @@
"https://attack.mitre.org/groups/G0086/",
"https://us-cert.cisa.gov/ncas/alerts/aa20-301a",
"https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite",
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report",
"https://asec.ahnlab.com/en/57873/"
],
"synonyms": [
"Velvet Chollima",
@ -5562,6 +5563,14 @@
"Operation Stolen Pencil",
"G0086",
"APT43"
],
"targeted-sector": [
"Research - Innovation",
"Energy",
"Defense",
"Diplomacy",
"Academia - University ",
"News - Media"
]
},
"related": [
@ -5571,6 +5580,146 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "05252643-093b-4070-b62f-d5836683a9fa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "bea5f660-a106-4983-a11a-0e0b6ce348d2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "5a78ec38-8b93-4dde-a99e-0c9b77674838",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "e596e014-c0b7-491a-afee-3588fbfc61c1",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "8abdd40c-d79a-4353-80e3-29f8a4229a37",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "cdd432b0-8899-4e7d-ad4a-b18741ade11d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "0ec2f388-bf0f-4b5c-97b1-fc736d26c25f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "860643d6-5693-4e4e-ad1f-56c49faa10a7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4e18657-3995-5837-88f1-f823520382a8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
@ -13366,5 +13515,5 @@
"value": "SilverFish"
}
],
"version": 294
"version": 295
}

View file

@ -4249,6 +4249,27 @@
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "similar"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
@ -5303,6 +5324,34 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "05252643-093b-4070-b62f-d5836683a9fa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
@ -8524,6 +8573,20 @@
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "similar"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
@ -10675,7 +10738,63 @@
],
"uuid": "f162df7a-725b-40ef-add2-43ce74eb50a4",
"value": "AtlasAgent"
},
{
"meta": {
"refs": [
"https://asec.ahnlab.com/en/57873/"
]
},
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"version": 170
"uuid": "bea5f660-a106-4983-a11a-0e0b6ce348d2",
"value": "RDP Wrapper"
},
{
"description": "open-source VNC tool",
"meta": {
"refs": [
"https://asec.ahnlab.com/en/57873/"
]
},
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"uuid": "e596e014-c0b7-491a-afee-3588fbfc61c1",
"value": "TightVNC"
},
{
"description": "Malware",
"meta": {
"refs": [
"https://asec.ahnlab.com/en/57873/"
]
},
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"uuid": "cdd432b0-8899-4e7d-ad4a-b18741ade11d",
"value": "RevClient"
}
],
"version": 171
}