mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
[threat-actors] Add Silent Chollima aliases
This commit is contained in:
parent
5ffdc0f868
commit
7a2cfa4f42
1 changed files with 6 additions and 2 deletions
|
@ -3087,11 +3087,13 @@
|
||||||
"value": "UNION SPIDER"
|
"value": "UNION SPIDER"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
"description": "Andariel is a threat actor that primarily targets South Korean corporations and institutions. They are believed to collaborate with or operate as a subsidiary organization of the Lazarus threat group. WHOIS utilizes spear phishing attacks, watering hole attacks, and supply chain attacks for initial access. They have been known to exploit vulnerabilities and use malware such as Infostealer and TigerRAT.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"attribution-confidence": "50",
|
"attribution-confidence": "50",
|
||||||
"country": "KP",
|
"country": "KP",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
|
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf",
|
||||||
|
"https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"OperationTroy",
|
"OperationTroy",
|
||||||
|
@ -3099,7 +3101,9 @@
|
||||||
"GOP",
|
"GOP",
|
||||||
"WHOis Team",
|
"WHOis Team",
|
||||||
"Andariel",
|
"Andariel",
|
||||||
"Subgroup: Andariel"
|
"Subgroup: Andariel",
|
||||||
|
"Onyx Sleet",
|
||||||
|
"PLUTONIUM"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "245c8dde-ed42-4c49-b48b-634e3e21bdd7",
|
"uuid": "245c8dde-ed42-4c49-b48b-634e3e21bdd7",
|
||||||
|
|
Loading…
Reference in a new issue