Skip to content

Commit

Permalink
Merge pull request #899 from Delta-Sierra/main
Browse files Browse the repository at this point in the history
 Kimsuky targets and relations
  • Loading branch information
adulau authored Nov 21, 2023
2 parents d6feab1 + 0b44ea3 commit 6868b6a
Show file tree
Hide file tree
Showing 5 changed files with 371 additions and 6 deletions.
9 changes: 8 additions & 1 deletion clusters/banker.json
Original file line number Diff line number Diff line change
Expand Up @@ -674,6 +674,13 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
Expand Down Expand Up @@ -1219,5 +1226,5 @@
"value": "Malteiro"
}
],
"version": 18
"version": 19
}
32 changes: 31 additions & 1 deletion clusters/ransomware.json
Original file line number Diff line number Diff line change
Expand Up @@ -23395,6 +23395,36 @@
},
{
"description": "ransomware",
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
"value": "XRat"
},
Expand Down Expand Up @@ -26176,5 +26206,5 @@
"value": "Yanluowang"
}
],
"version": 118
"version": 119
}
62 changes: 61 additions & 1 deletion clusters/rat.json
Original file line number Diff line number Diff line change
Expand Up @@ -760,6 +760,27 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
Expand Down Expand Up @@ -1064,6 +1085,36 @@
"https://github.com/c4bbage/xRAT"
]
},
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
},
{
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
"value": "xRAT"
},
Expand Down Expand Up @@ -1496,6 +1547,15 @@
"https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en"
]
},
"related": [
{
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
"value": "Chrome Remote Desktop"
},
Expand Down Expand Up @@ -3576,5 +3636,5 @@
"value": "STRRAT"
}
],
"version": 43
"version": 44
}
153 changes: 151 additions & 2 deletions clusters/threat-actor.json
Original file line number Diff line number Diff line change
Expand Up @@ -5553,7 +5553,8 @@
"https://attack.mitre.org/groups/G0086/",
"https://us-cert.cisa.gov/ncas/alerts/aa20-301a",
"https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite",
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report",
"https://asec.ahnlab.com/en/57873/"
],
"synonyms": [
"Velvet Chollima",
Expand All @@ -5562,6 +5563,14 @@
"Operation Stolen Pencil",
"G0086",
"APT43"
],
"targeted-sector": [
"Research - Innovation",
"Energy",
"Defense",
"Diplomacy",
"Academia - University ",
"News - Media"
]
},
"related": [
Expand All @@ -5571,6 +5580,146 @@
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "05252643-093b-4070-b62f-d5836683a9fa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "bea5f660-a106-4983-a11a-0e0b6ce348d2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "5a78ec38-8b93-4dde-a99e-0c9b77674838",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "e596e014-c0b7-491a-afee-3588fbfc61c1",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "8abdd40c-d79a-4353-80e3-29f8a4229a37",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "cdd432b0-8899-4e7d-ad4a-b18741ade11d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "0ec2f388-bf0f-4b5c-97b1-fc736d26c25f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "860643d6-5693-4e4e-ad1f-56c49faa10a7",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4e18657-3995-5837-88f1-f823520382a8",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
Expand Down Expand Up @@ -13366,5 +13515,5 @@
"value": "SilverFish"
}
],
"version": 294
"version": 295
}
Loading

0 comments on commit 6868b6a

Please sign in to comment.