Merge pull request #664 from nyx0/main

Adding TA and Tool
This commit is contained in:
Alexandre Dulaunoy 2021-08-27 11:01:31 +02:00 committed by GitHub
commit 6b279d3b33
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 7 deletions

View file

@ -5660,6 +5660,7 @@
],
"country": "KP",
"refs": [
"https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/",
"https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html",
"https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf",
"http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html",
@ -5678,13 +5679,14 @@
"APT 37",
"Group 123",
"Group123",
"ScarCruft",
"Reaper",
"Reaper Group",
"Red Eyes",
"Ricochet Chollima",
"InkySquid",
"Operation Daybreak",
"Operation Erebus",
"Reaper Group",
"Reaper",
"Red Eyes",
"Ricochet Chollima",
"ScarCruft",
"Venus 121"
]
},
@ -8862,5 +8864,5 @@
"value": "BelialDemon"
}
],
"version": 205
"version": 206
}

View file

@ -8426,7 +8426,20 @@
},
"uuid": "2214b113-6942-494f-94b7-576e74fccdb5",
"value": "Matanbuchus"
},
{
"description": "It is likely that BLUELIGHT is used as a secondary payload following successful delivery of Cobalt Strike.",
"meta": {
"refs": [
"https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/"
],
"type": [
"backdoor"
]
},
"uuid": "b1c4f468-1c55-40aa-bce4-c3772ef83d0c",
"value": "BLUELIGHT"
}
],
"version": 146
"version": 147
}