mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
commit
6b279d3b33
2 changed files with 22 additions and 7 deletions
|
@ -5660,6 +5660,7 @@
|
||||||
],
|
],
|
||||||
"country": "KP",
|
"country": "KP",
|
||||||
"refs": [
|
"refs": [
|
||||||
|
"https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/",
|
||||||
"https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html",
|
"https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html",
|
||||||
"https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf",
|
"https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf",
|
||||||
"http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html",
|
"http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html",
|
||||||
|
@ -5678,13 +5679,14 @@
|
||||||
"APT 37",
|
"APT 37",
|
||||||
"Group 123",
|
"Group 123",
|
||||||
"Group123",
|
"Group123",
|
||||||
"ScarCruft",
|
"InkySquid",
|
||||||
"Reaper",
|
|
||||||
"Reaper Group",
|
|
||||||
"Red Eyes",
|
|
||||||
"Ricochet Chollima",
|
|
||||||
"Operation Daybreak",
|
"Operation Daybreak",
|
||||||
"Operation Erebus",
|
"Operation Erebus",
|
||||||
|
"Reaper Group",
|
||||||
|
"Reaper",
|
||||||
|
"Red Eyes",
|
||||||
|
"Ricochet Chollima",
|
||||||
|
"ScarCruft",
|
||||||
"Venus 121"
|
"Venus 121"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
@ -8862,5 +8864,5 @@
|
||||||
"value": "BelialDemon"
|
"value": "BelialDemon"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 205
|
"version": 206
|
||||||
}
|
}
|
||||||
|
|
|
@ -8426,7 +8426,20 @@
|
||||||
},
|
},
|
||||||
"uuid": "2214b113-6942-494f-94b7-576e74fccdb5",
|
"uuid": "2214b113-6942-494f-94b7-576e74fccdb5",
|
||||||
"value": "Matanbuchus"
|
"value": "Matanbuchus"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "It is likely that BLUELIGHT is used as a secondary payload following successful delivery of Cobalt Strike.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/"
|
||||||
|
],
|
||||||
|
"type": [
|
||||||
|
"backdoor"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "b1c4f468-1c55-40aa-bce4-c3772ef83d0c",
|
||||||
|
"value": "BLUELIGHT"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 146
|
"version": 147
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue