Merge branch 'nyx0-master'

2024-11-22 23:07:19 +00:00 · 2020-05-11 10:20:35 +02:00 · 2020-05-11 10:20:35 +02:00 · 881a5664ac
commit 881a5664ac
parent cb9bff18e8 09429eda5a
2 changed files with 43 additions and 2 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -8181,7 +8181,32 @@
      },
      "uuid": "169187c5-9fbe-42df-ae92-6e35846db021",
      "value": "Nazar"
+    },
+    {
+      "description": "The organization often uses important North Korean time nodes such as holidays and North Korea to conduct fishing activities. The bait includes New Year blessings, Lantern blessings, North Korean celebrations, and important news, overseas personnel contact lists and so on. In addition, the attack organization also has the attack capability of the mobile terminal. The targets of the attack also include diplomatic entities related to North Korea (such as embassy officials in various places), government officials, human rights organizations, North Korean residents abroad, and traders. The victim countries currently monitored include China, North Korea, Japan, Nepal, Singapore, Russia, Poland, Switzerland, etc.",
+      "meta": {
+        "cfr-suspected-state-sponsor": "Korea (Republic of)",
+        "cfr-suspected-victims": [
+          "China",
+          "North Korea",
+          "Japan",
+          "Nepal",
+          "Singapore",
+          "Russia",
+          "Poland",
+          "Switzerland"
+        ],
+        "cfr-target-category": [
+          "Government"
+        ],
+        "country": "KR",
+        "refs": [
+          "https://s.tencent.com/research/report/836.html"
+        ]
+      },
+      "uuid": "a9df6cb7-74ff-482f-b23b-ac40e975a31a",
+      "value": "Higaisa"
    }
  ],
-  "version": 158
+  "version": 159
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -8016,7 +8016,23 @@
      },
      "uuid": "edd9e14c-80f7-4a50-ab85-fa1120c54003",
      "value": "DenesRAT"
+    },
+    {
+      "description": "Sednit's Exploit-Kit",
+      "meta": {
+        "refs": [
+          "https://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/",
+          "https://www.welivesecurity.com/2016/10/20/new-eset-research-paper-puts-sednit-under-the-microscope/"
+        ],
+        "synonyms": [],
+        "type": [
+          "Exploit-Kit"
+        ]
+      },
+      "related": [],
+      "uuid": "a2d1cdd6-1c3d-47b3-803b-9a3fffe2f051",
+      "value": "Sedkit"
    }
  ],
-  "version": 134
+  "version": 135
 }