add ref for operation Applejeus

clusters/rat.json

@@ -2742,7 +2742,8 @@
       "description": "According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.",
       "meta": {
         "refs": [
-          "https://www.us-cert.gov/ncas/alerts/TA17-318A"
+          "https://www.us-cert.gov/ncas/alerts/TA17-318A",
+          "https://securelist.com/operation-applejeus/87553/"
         ]
       },
       "related": [

clusters/threat-actor.json

@@ -2582,7 +2582,8 @@
           "https://www.us-cert.gov/ncas/alerts/TA17-318B",
           "https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-up-to-no-good-again/",
           "https://www.cfr.org/interactive/cyber-operations/lazarus-group",
-          "https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret"
+          "https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret",
+          "https://securelist.com/operation-applejeus/87553/"
         ],
         "synonyms": [
           "Operation DarkSeoul",