test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/intrusion-set
/intrusion-set--39d6890e-7f23-4474-b8ef-e7b0343c5fc8.json
{ | |
"type": "bundle", | |
"id": "bundle--670740b9-2d8e-40cd-83b6-db0653b67aca", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"modified": "2022-11-30T22:51:40.270Z", | |
"name": "Andariel", | |
"description": "[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military organizations, and a variety of domestic companies; they have also conducted cyber financial operations against ATMs, banks, and cryptocurrency exchanges. [Andariel](https://attack.mitre.org/groups/G0138)'s notable activity includes Operation Black Mine, Operation GoldenAxe, and Campaign Rifle.(Citation: FSI Andariel Campaign Rifle July 2017)(Citation: IssueMakersLab Andariel GoldenAxe May 2017)(Citation: AhnLab Andariel Subgroup of Lazarus June 2018)(Citation: TrendMicro New Andariel Tactics July 2018)(Citation: CrowdStrike Silent Chollima Adversary September 2021)\n\n[Andariel](https://attack.mitre.org/groups/G0138) is considered a sub-set of [Lazarus Group](https://attack.mitre.org/groups/G0032), and has been attributed to North Korea's Reconnaissance General Bureau.(Citation: Treasury North Korean Cyber Groups September 2019)\n\nNorth Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.", | |
"aliases": [ | |
"Andariel", | |
"Silent Chollima" | |
], | |
"x_mitre_deprecated": false, | |
"x_mitre_version": "1.0", | |
"x_mitre_contributors": [ | |
"Kyoung-ju Kwak (S2W)" | |
], | |
"type": "intrusion-set", | |
"id": "intrusion-set--39d6890e-7f23-4474-b8ef-e7b0343c5fc8", | |
"created": "2021-09-29T15:10:19.236Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"revoked": false, | |
"external_references": [ | |
{ | |
"source_name": "mitre-attack", | |
"url": "https://attack.mitre.org/groups/G0138", | |
"external_id": "G0138" | |
}, | |
{ | |
"source_name": "Silent Chollima", | |
"description": "(Citation: CrowdStrike Silent Chollima Adversary September 2021)" | |
}, | |
{ | |
"source_name": "Andariel", | |
"description": "(Citation: FSI Andariel Campaign Rifle July 2017)" | |
}, | |
{ | |
"source_name": "AhnLab Andariel Subgroup of Lazarus June 2018", | |
"description": "AhnLab. (2018, June 23). Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus. Retrieved September 29, 2021.", | |
"url": "http://download.ahnlab.com/global/brochure/%5BAnalysis%5DAndariel_Group.pdf" | |
}, | |
{ | |
"source_name": "TrendMicro New Andariel Tactics July 2018", | |
"description": "Chen, Joseph. (2018, July 16). New Andariel Reconnaissance Tactics Uncovered. Retrieved September 29, 2021.", | |
"url": "https://www.trendmicro.com/en_us/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-targets.html" | |
}, | |
{ | |
"source_name": "CrowdStrike Silent Chollima Adversary September 2021", | |
"description": "CrowdStrike. (2021, September 29). Silent Chollima Adversary Profile. Retrieved September 29, 2021.", | |
"url": "https://adversary.crowdstrike.com/en-US/adversary/silent-chollima/" | |
}, | |
{ | |
"source_name": "FSI Andariel Campaign Rifle July 2017", | |
"description": "FSI. (2017, July 27). Campaign Rifle - Andariel, the Maiden of Anguish. Retrieved September 29, 2021.", | |
"url": "https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1680.do" | |
}, | |
{ | |
"source_name": "IssueMakersLab Andariel GoldenAxe May 2017", | |
"description": "IssueMakersLab. (2017, May 1). Operation GoldenAxe. Retrieved September 29, 2021.", | |
"url": "http://www.issuemakerslab.com/research3/" | |
}, | |
{ | |
"source_name": "Treasury North Korean Cyber Groups September 2019", | |
"description": "US Treasury . (2019, September 13). Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups. Retrieved September 29, 2021.", | |
"url": "https://home.treasury.gov/news/press-releases/sm774" | |
} | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"x_mitre_domains": [ | |
"enterprise-attack" | |
], | |
"x_mitre_attack_spec_version": "3.1.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |