MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #617 from danielplohmann/patch-4 

merge COVELLITE into Lazarus Group
pull/618/head
Alexandre Dulaunoy 2021-01-17 16:05:13 +01:00 committed by GitHub
parent dc7de80b98 ca66fcd93a
commit 3c19c7c1e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
clusters/threat-actor.json
View File

@ -3083,7 +3083,10 @@
"https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html", "https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html",
"https://www.secureworks.com/research/threat-profiles/nickel-gladstone", "https://www.secureworks.com/research/threat-profiles/nickel-gladstone",
"https://blogs.jpcert.or.jp/en/2020/09/BLINDINGCAN.html", "https://blogs.jpcert.or.jp/en/2020/09/BLINDINGCAN.html",
"https://www.welivesecurity.com/2020/11/16/lazarus-supply-chain-attack-south-korea/" "https://www.welivesecurity.com/2020/11/16/lazarus-supply-chain-attack-south-korea/",
"https://dragos.com/adversaries.html",
"https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
"https://www.cfr.org/interactive/cyber-operations/covellite"
], ],
"synonyms": [ "synonyms": [
"Operation DarkSeoul", "Operation DarkSeoul",
@ -3109,7 +3112,8 @@
"Appleworm", "Appleworm",
"Nickel Academy", "Nickel Academy",
"APT-C-26", "APT-C-26",
"NICKEL GLADSTONE" "NICKEL GLADSTONE",
"COVELLITE"
] ]
}, },
"related": [ "related": [
@ -3120,13 +3124,6 @@
], ],
"type": "similar" "type": "similar"
}, },
{
"dest-uuid": "027a1428-6e79-4a4b-82b9-e698e8525c2b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{ {
"dest-uuid": "b06c3af1-0243-4428-88da-b3451c345e1e", "dest-uuid": "b06c3af1-0243-4428-88da-b3451c345e1e",
"tags": [ "tags": [
@ -6014,51 +6011,6 @@
"uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", "uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1",
"value": "CHRYSENE" "value": "CHRYSENE"
}, },
{
"description": "Adversaries abusing ICS (based on Dragos Inc adversary list).\nThis threat actor compromises the networks of companies involved in electric power, specifically looking for intellectual property and information about the companies operations.",
"meta": {
"attribution-confidence": "50",
"capabilities": "Encoded binaries in documents, evasion techniques",
"cfr-suspected-state-sponsor": "Unknown",
"cfr-suspected-victims": [
"United States"
],
"cfr-target-category": [
"Private sector"
],
"cfr-type-of-incident": "Espionage",
"mode-of-operation": "IT compromise with hardened anti-analysis malware against industrial orgs",
"refs": [
"https://dragos.com/adversaries.html",
"https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
"https://www.cfr.org/interactive/cyber-operations/covellite"
],
"since": "2017",
"synonyms": [
"Lazarus",
"Hidden Cobra"
],
"victimology": "Electric Utilities, US"
},
"related": [
{
"dest-uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "027a1428-6e79-4a4b-82b9-e698e8525c2b",
"value": "COVELLITE"
},
{ {
"description": "Adversaries abusing ICS (based on Dragos Inc adversary list).\nThis threat actor targets industrial control systems in Turkey, Europe, and North America.\n Believed to be linked to Crouching Yeti", "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).\nThis threat actor targets industrial control systems in Turkey, Europe, and North America.\n Believed to be linked to Crouching Yeti",
"meta": { "meta": {