MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 16:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add Silent Chollima aliases

Browse source
This commit is contained in:
Mathieu4141 2024-02-01 11:02:00 -08:00
parent 5ffdc0f868
commit 7a2cfa4f42
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
clusters/threat-actor.json
View file

@ -3087,11 +3087,13 @@
"value": "UNION SPIDER" "value": "UNION SPIDER"
}, },
{ {
"description": "Andariel is a threat actor that primarily targets South Korean corporations and institutions. They are believed to collaborate with or operate as a subsidiary organization of the Lazarus threat group. WHOIS utilizes spear phishing attacks, watering hole attacks, and supply chain attacks for initial access. They have been known to exploit vulnerabilities and use malware such as Infostealer and TigerRAT.",
"meta": { "meta": {
"attribution-confidence": "50", "attribution-confidence": "50",
"country": "KP", "country": "KP",
"refs": [ "refs": [
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf" "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf",
"https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/"
], ],
"synonyms": [ "synonyms": [
"OperationTroy", "OperationTroy",
@ -3099,7 +3101,9 @@
"GOP", "GOP",
"WHOis Team", "WHOis Team",
"Andariel", "Andariel",
"Subgroup: Andariel" "Subgroup: Andariel",
"Onyx Sleet",
"PLUTONIUM"
] ]
}, },
"uuid": "245c8dde-ed42-4c49-b48b-634e3e21bdd7", "uuid": "245c8dde-ed42-4c49-b48b-634e3e21bdd7",