mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 08:47:18 +00:00
add ref for operation Applejeus
This commit is contained in:
parent
cb5fa5e822
commit
f107563cad
2 changed files with 4 additions and 2 deletions
|
@ -2742,7 +2742,8 @@
|
||||||
"description": "According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.",
|
"description": "According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.us-cert.gov/ncas/alerts/TA17-318A"
|
"https://www.us-cert.gov/ncas/alerts/TA17-318A",
|
||||||
|
"https://securelist.com/operation-applejeus/87553/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
|
|
@ -2582,7 +2582,8 @@
|
||||||
"https://www.us-cert.gov/ncas/alerts/TA17-318B",
|
"https://www.us-cert.gov/ncas/alerts/TA17-318B",
|
||||||
"https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-up-to-no-good-again/",
|
"https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-up-to-no-good-again/",
|
||||||
"https://www.cfr.org/interactive/cyber-operations/lazarus-group",
|
"https://www.cfr.org/interactive/cyber-operations/lazarus-group",
|
||||||
"https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret"
|
"https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret",
|
||||||
|
"https://securelist.com/operation-applejeus/87553/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Operation DarkSeoul",
|
"Operation DarkSeoul",
|
||||||
|
|
Loading…
Reference in a new issue