Merge pull request #664 from nyx0/main

Adding TA and Tool
2021-08-27 11:01:31 +02:00 · 2021-08-27 11:01:31 +02:00 · 6b279d3b33
parent 60cc6dd536 1985de4d44
commit 6b279d3b33
2 changed files with 22 additions and 7 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -5660,6 +5660,7 @@
        ],
        "country": "KP",
        "refs": [
+          "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/",
          "https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html",
          "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf",
          "http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html",
@ -5678,13 +5679,14 @@
          "APT 37",
          "Group 123",
          "Group123",
-          "ScarCruft",
-          "Reaper",
-          "Reaper Group",
-          "Red Eyes",
-          "Ricochet Chollima",
+          "InkySquid",
          "Operation Daybreak",
          "Operation Erebus",
+          "Reaper Group",
+          "Reaper",
+          "Red Eyes",
+          "Ricochet Chollima",
+          "ScarCruft",
          "Venus 121"
        ]
      },
@ -8862,5 +8864,5 @@
      "value": "BelialDemon"
    }
  ],
-  "version": 205
+  "version": 206
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -8426,7 +8426,20 @@
      },
      "uuid": "2214b113-6942-494f-94b7-576e74fccdb5",
      "value": "Matanbuchus"
+    },
+    {
+      "description": "It is likely that BLUELIGHT is used as a secondary payload following successful delivery of Cobalt Strike.",
+      "meta": {
+        "refs": [
+          "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/"
+        ],
+        "type": [
+          "backdoor"
+        ]
+      },
+      "uuid": "b1c4f468-1c55-40aa-bce4-c3772ef83d0c",
+      "value": "BLUELIGHT"
    }
  ],
-  "version": 146
+  "version": 147
 }