mirror of https://github.com/MISP/misp-galaxy
[threat-actors] Add Silent Chollima aliases
parent
5ffdc0f868
commit
7a2cfa4f42
|
@ -3087,11 +3087,13 @@
|
|||
"value": "UNION SPIDER"
|
||||
},
|
||||
{
|
||||
"description": "Andariel is a threat actor that primarily targets South Korean corporations and institutions. They are believed to collaborate with or operate as a subsidiary organization of the Lazarus threat group. WHOIS utilizes spear phishing attacks, watering hole attacks, and supply chain attacks for initial access. They have been known to exploit vulnerabilities and use malware such as Infostealer and TigerRAT.",
|
||||
"meta": {
|
||||
"attribution-confidence": "50",
|
||||
"country": "KP",
|
||||
"refs": [
|
||||
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
|
||||
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf",
|
||||
"https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/"
|
||||
],
|
||||
"synonyms": [
|
||||
"OperationTroy",
|
||||
|
@ -3099,7 +3101,9 @@
|
|||
"GOP",
|
||||
"WHOis Team",
|
||||
"Andariel",
|
||||
"Subgroup: Andariel"
|
||||
"Subgroup: Andariel",
|
||||
"Onyx Sleet",
|
||||
"PLUTONIUM"
|
||||
]
|
||||
},
|
||||
"uuid": "245c8dde-ed42-4c49-b48b-634e3e21bdd7",
|
||||
|
|
Loading…
Reference in New Issue