add ref for operation Applejeus

This commit is contained in:
Deborah Servili 2018-09-12 09:34:16 +02:00
parent cb5fa5e822
commit f107563cad
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1
2 changed files with 4 additions and 2 deletions

View file

@ -2742,7 +2742,8 @@
"description": "According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victims system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.", "description": "According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victims system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.",
"meta": { "meta": {
"refs": [ "refs": [
"https://www.us-cert.gov/ncas/alerts/TA17-318A" "https://www.us-cert.gov/ncas/alerts/TA17-318A",
"https://securelist.com/operation-applejeus/87553/"
] ]
}, },
"related": [ "related": [

View file

@ -2582,7 +2582,8 @@
"https://www.us-cert.gov/ncas/alerts/TA17-318B", "https://www.us-cert.gov/ncas/alerts/TA17-318B",
"https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-up-to-no-good-again/", "https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-up-to-no-good-again/",
"https://www.cfr.org/interactive/cyber-operations/lazarus-group", "https://www.cfr.org/interactive/cyber-operations/lazarus-group",
"https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret" "https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret",
"https://securelist.com/operation-applejeus/87553/"
], ],
"synonyms": [ "synonyms": [
"Operation DarkSeoul", "Operation DarkSeoul",