[threat-actors] Add Silent Chollima aliases

2024-02-01 11:02:00 -08:00 · 2024-02-01 11:02:00 -08:00 · 7a2cfa4f42
parent 5ffdc0f868
commit 7a2cfa4f42
1 changed files with 6 additions and 2 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -3087,11 +3087,13 @@
      "value": "UNION SPIDER"
    },
    {
+      "description": "Andariel is a threat actor that primarily targets South Korean corporations and institutions. They are believed to collaborate with or operate as a subsidiary organization of the Lazarus threat group. WHOIS utilizes spear phishing attacks, watering hole attacks, and supply chain attacks for initial access. They have been known to exploit vulnerabilities and use malware such as Infostealer and TigerRAT.",
      "meta": {
        "attribution-confidence": "50",
        "country": "KP",
        "refs": [
-          "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
+          "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf",
+          "https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/"
        ],
        "synonyms": [
          "OperationTroy",
@ -3099,7 +3101,9 @@
          "GOP",
          "WHOis Team",
          "Andariel",
-          "Subgroup: Andariel"
+          "Subgroup: Andariel",
+          "Onyx Sleet",
+          "PLUTONIUM"
        ]
      },
      "uuid": "245c8dde-ed42-4c49-b48b-634e3e21bdd7",