[threat-actors] Add Opal Sleet

2024-02-01 11:02:02 -08:00 · 2024-02-01 11:02:02 -08:00 · 0dcbc136a7
parent 44a446c63f
commit 0dcbc136a7
1 changed files with 18 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -14468,6 +14468,24 @@
      },
      "uuid": "17fb8267-44a3-405b-b6b9-ba7fdeb56693",
      "value": "Storm-1167"
+    },
+    {
+      "description": "Konni is a threat actor associated with APT37, a North Korean cyber crime group. They have been active since 2012 and are known for their cyber-espionage activities. Konni has targeted various sectors, including education, government, business organizations, and the cryptocurrency industry. They have exploited vulnerabilities such as CVE-2023-38831 and have used malware like KonniRAT to gain control of victim hosts and steal important information.",
+      "meta": {
+        "country": "KP",
+        "refs": [
+          "https://nsfocusglobal.com/the-new-apt-group-darkcasino-and-the-global-surge-in-winrar-0-day-exploits/",
+          "https://paper.seebug.org/3031/",
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-konni-apt-group-active-iocs-11",
+          "https://www.securonix.com/blog/stiffbizon-detection-new-attack-campaign-observed/"
+        ],
+        "synonyms": [
+          "OSMIUM",
+          "Konni"
+        ]
+      },
+      "uuid": "5f71a9ea-511d-4fdd-9807-271ef613f488",
+      "value": "Opal Sleet"
    }
  ],
  "version": 298