mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-23 07:17:17 +00:00
Merge pull request #899 from Delta-Sierra/main
Kimsuky targets and relations
This commit is contained in:
commit
6868b6aaed
5 changed files with 371 additions and 6 deletions
|
@ -674,6 +674,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
|
||||
|
@ -1219,5 +1226,5 @@
|
|||
"value": "Malteiro"
|
||||
}
|
||||
],
|
||||
"version": 18
|
||||
"version": 19
|
||||
}
|
||||
|
|
|
@ -23395,6 +23395,36 @@
|
|||
},
|
||||
{
|
||||
"description": "ransomware",
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
|
||||
"value": "XRat"
|
||||
},
|
||||
|
@ -26176,5 +26206,5 @@
|
|||
"value": "Yanluowang"
|
||||
}
|
||||
],
|
||||
"version": 118
|
||||
"version": 119
|
||||
}
|
||||
|
|
|
@ -760,6 +760,27 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
|
||||
|
@ -1064,6 +1085,36 @@
|
|||
"https://github.com/c4bbage/xRAT"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
|
||||
"value": "xRAT"
|
||||
},
|
||||
|
@ -1496,6 +1547,15 @@
|
|||
"https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
|
||||
"value": "Chrome Remote Desktop"
|
||||
},
|
||||
|
@ -3576,5 +3636,5 @@
|
|||
"value": "STRRAT"
|
||||
}
|
||||
],
|
||||
"version": 43
|
||||
"version": 44
|
||||
}
|
||||
|
|
|
@ -5553,7 +5553,8 @@
|
|||
"https://attack.mitre.org/groups/G0086/",
|
||||
"https://us-cert.cisa.gov/ncas/alerts/aa20-301a",
|
||||
"https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite",
|
||||
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
|
||||
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report",
|
||||
"https://asec.ahnlab.com/en/57873/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Velvet Chollima",
|
||||
|
@ -5562,6 +5563,14 @@
|
|||
"Operation Stolen Pencil",
|
||||
"G0086",
|
||||
"APT43"
|
||||
],
|
||||
"targeted-sector": [
|
||||
"Research - Innovation",
|
||||
"Energy",
|
||||
"Defense",
|
||||
"Diplomacy",
|
||||
"Academia - University ",
|
||||
"News - Media"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -5571,6 +5580,146 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "05252643-093b-4070-b62f-d5836683a9fa",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bea5f660-a106-4983-a11a-0e0b6ce348d2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5a78ec38-8b93-4dde-a99e-0c9b77674838",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e596e014-c0b7-491a-afee-3588fbfc61c1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8abdd40c-d79a-4353-80e3-29f8a4229a37",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cdd432b0-8899-4e7d-ad4a-b18741ade11d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0ec2f388-bf0f-4b5c-97b1-fc736d26c25f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "860643d6-5693-4e4e-ad1f-56c49faa10a7",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4e18657-3995-5837-88f1-f823520382a8",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
|
@ -13366,5 +13515,5 @@
|
|||
"value": "SilverFish"
|
||||
}
|
||||
],
|
||||
"version": 294
|
||||
"version": 295
|
||||
}
|
||||
|
|
|
@ -4249,6 +4249,27 @@
|
|||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
|
||||
|
@ -5303,6 +5324,34 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "05252643-093b-4070-b62f-d5836683a9fa",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
|
||||
|
@ -8524,6 +8573,20 @@
|
|||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
|
||||
|
@ -10675,7 +10738,63 @@
|
|||
],
|
||||
"uuid": "f162df7a-725b-40ef-add2-43ce74eb50a4",
|
||||
"value": "AtlasAgent"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://asec.ahnlab.com/en/57873/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "bea5f660-a106-4983-a11a-0e0b6ce348d2",
|
||||
"value": "RDP Wrapper"
|
||||
},
|
||||
{
|
||||
"description": "open-source VNC tool",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://asec.ahnlab.com/en/57873/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "e596e014-c0b7-491a-afee-3588fbfc61c1",
|
||||
"value": "TightVNC"
|
||||
},
|
||||
{
|
||||
"description": "Malware",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://asec.ahnlab.com/en/57873/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "cdd432b0-8899-4e7d-ad4a-b18741ade11d",
|
||||
"value": "RevClient"
|
||||
}
|
||||
],
|
||||
"version": 170
|
||||
"version": 171
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue