mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
add relation between Lazarus Group and Operation SharpShooter
This commit is contained in:
parent
19c4fe4d11
commit
6ffb8dd437
1 changed files with 19 additions and 2 deletions
|
@ -2689,6 +2689,13 @@
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
],
|
],
|
||||||
"type": "similar"
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "b06c3af1-0243-4428-88da-b3451c345e1e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376",
|
"uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376",
|
||||||
|
@ -6142,9 +6149,19 @@
|
||||||
"description": "The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.\nOperation Sharpshooter’s numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags. Our research focuses on how this actor operates, the global impact, and how to detect the attack. We shall leave attribution to the broader security community.",
|
"description": "The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.\nOperation Sharpshooter’s numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags. Our research focuses on how this actor operates, the global impact, and how to detect the attack. We shall leave attribution to the broader security community.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/"
|
"https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/",
|
||||||
|
"https://www.bleepingcomputer.com/news/security/op-sharpshooter-connected-to-north-koreas-lazarus-group/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "b06c3af1-0243-4428-88da-b3451c345e1e",
|
"uuid": "b06c3af1-0243-4428-88da-b3451c345e1e",
|
||||||
"value": "Operation Sharpshooter"
|
"value": "Operation Sharpshooter"
|
||||||
},
|
},
|
||||||
|
@ -6389,5 +6406,5 @@
|
||||||
"value": "STOLEN PENCIL"
|
"value": "STOLEN PENCIL"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 94
|
"version": 95
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue