Kimsuky relations

This commit is contained in:
Delta-Sierra 2023-11-21 11:40:50 +01:00
parent 77462a1dbb
commit 70456bd8ac
5 changed files with 358 additions and 1 deletions

View file

@ -674,6 +674,13 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
} }
], ],
"uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e", "uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",

View file

@ -23395,6 +23395,36 @@
}, },
{ {
"description": "ransomware", "description": "ransomware",
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d650da35-7ad7-417a-902a-16ea55bd1126", "uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
"value": "XRat" "value": "XRat"
}, },

View file

@ -760,6 +760,27 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "6efa425c-3731-44fd-9224-2a62df061a2d", "uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
@ -1064,6 +1085,36 @@
"https://github.com/c4bbage/xRAT" "https://github.com/c4bbage/xRAT"
] ]
}, },
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8", "uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
"value": "xRAT" "value": "xRAT"
}, },
@ -1496,6 +1547,15 @@
"https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en" "https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en"
] ]
}, },
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53", "uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
"value": "Chrome Remote Desktop" "value": "Chrome Remote Desktop"
}, },

View file

@ -5553,7 +5553,8 @@
"https://attack.mitre.org/groups/G0086/", "https://attack.mitre.org/groups/G0086/",
"https://us-cert.cisa.gov/ncas/alerts/aa20-301a", "https://us-cert.cisa.gov/ncas/alerts/aa20-301a",
"https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite", "https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite",
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report" "https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report",
"https://asec.ahnlab.com/en/57873/"
], ],
"synonyms": [ "synonyms": [
"Velvet Chollima", "Velvet Chollima",
@ -5571,6 +5572,146 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "05252643-093b-4070-b62f-d5836683a9fa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "bea5f660-a106-4983-a11a-0e0b6ce348d2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "5a78ec38-8b93-4dde-a99e-0c9b77674838",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "e596e014-c0b7-491a-afee-3588fbfc61c1",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "8abdd40c-d79a-4353-80e3-29f8a4229a37",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "cdd432b0-8899-4e7d-ad4a-b18741ade11d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "0ec2f388-bf0f-4b5c-97b1-fc736d26c25f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "860643d6-5693-4e4e-ad1f-56c49faa10a7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4e18657-3995-5837-88f1-f823520382a8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3", "uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",

View file

@ -4249,6 +4249,27 @@
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32", "uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
@ -5303,6 +5324,34 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "used-by" "type": "used-by"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "05252643-093b-4070-b62f-d5836683a9fa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a", "uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
@ -8524,6 +8573,20 @@
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"uuid": "78ed653d-2d76-4a99-849e-1509e4573c32", "uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
@ -10675,6 +10738,62 @@
], ],
"uuid": "f162df7a-725b-40ef-add2-43ce74eb50a4", "uuid": "f162df7a-725b-40ef-add2-43ce74eb50a4",
"value": "AtlasAgent" "value": "AtlasAgent"
},
{
"meta": {
"refs": [
"https://asec.ahnlab.com/en/57873/"
]
},
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"uuid": "bea5f660-a106-4983-a11a-0e0b6ce348d2",
"value": "RDP Wrapper"
},
{
"description": "open-source VNC tool",
"meta": {
"refs": [
"https://asec.ahnlab.com/en/57873/"
]
},
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"uuid": "e596e014-c0b7-491a-afee-3588fbfc61c1",
"value": "TightVNC"
},
{
"description": "Malware",
"meta": {
"refs": [
"https://asec.ahnlab.com/en/57873/"
]
},
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"uuid": "cdd432b0-8899-4e7d-ad4a-b18741ade11d",
"value": "RevClient"
} }
], ],
"version": 170 "version": 170