MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 14:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[threat-actors] Add UAT-5394

Browse source
This commit is contained in:
Mathieu4141 2024-09-09 08:18:23 -07:00
parent 40dc998b9b
commit c68dd13772
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
clusters/threat-actor.json
View file

@ -16630,6 +16630,17 @@
},
"uuid": "1e3efe43-9006-4ac8-b9ee-f1fbb9794cd9",
"value": "RaHDit"
},
{
"description": "UAT-5394 is a state-sponsored North Korean threat actor known for developing the MoonPeak RAT, which is based on XenoRAT. They have transitioned from using QuasarRAT to MoonPeak and have established command and control infrastructure. UAT-5394 employs tactics such as using RDP for remote access and has implemented State Machines in their malware to complicate analysis. Their activity indicates a focus on rapidly evolving their malware and infrastructure to enhance operational capabilities.",
"meta": {
"country": "KP",
"refs": [
"https://blog.talosintelligence.com/moonpeak-malware-infrastructure-north-korea/"
]
},
"uuid": "6038ceaf-4c1b-470d-af36-c62948488786",
"value": "UAT-5394"
}
],
"version": 313