cti-ATT-CK-v13.1/enterprise-attack/intrusion-set/intrusion-set--39d6890e-7f23-4474-b8ef-e7b0343c5fc8.json

{
    "type": "bundle",
    "id": "bundle--670740b9-2d8e-40cd-83b6-db0653b67aca",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2022-11-30T22:51:40.270Z",
            "name": "Andariel",
            "description": "[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military organizations, and a variety of domestic companies; they have also conducted cyber financial operations against ATMs, banks, and cryptocurrency exchanges. [Andariel](https://attack.mitre.org/groups/G0138)'s notable activity includes Operation Black Mine, Operation GoldenAxe, and Campaign Rifle.(Citation: FSI Andariel Campaign Rifle July 2017)(Citation: IssueMakersLab Andariel GoldenAxe May 2017)(Citation: AhnLab Andariel Subgroup of Lazarus June 2018)(Citation: TrendMicro New Andariel Tactics July 2018)(Citation: CrowdStrike Silent Chollima Adversary September 2021)\n\n[Andariel](https://attack.mitre.org/groups/G0138) is considered a sub-set of [Lazarus Group](https://attack.mitre.org/groups/G0032), and has been attributed to North Korea's Reconnaissance General Bureau.(Citation: Treasury North Korean Cyber Groups September 2019)\n\nNorth Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.",
            "aliases": [
                "Andariel",
                "Silent Chollima"
            ],
            "x_mitre_deprecated": false,
            "x_mitre_version": "1.0",
            "x_mitre_contributors": [
                "Kyoung-ju Kwak (S2W)"
            ],
            "type": "intrusion-set",
            "id": "intrusion-set--39d6890e-7f23-4474-b8ef-e7b0343c5fc8",
            "created": "2021-09-29T15:10:19.236Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0138",
                    "external_id": "G0138"
                },
                {
                    "source_name": "Silent Chollima",
                    "description": "(Citation: CrowdStrike Silent Chollima Adversary September 2021)"
                },
                {
                    "source_name": "Andariel",
                    "description": "(Citation: FSI Andariel Campaign Rifle July 2017)"
                },
                {
                    "source_name": "AhnLab Andariel Subgroup of Lazarus June 2018",
                    "description": "AhnLab. (2018, June 23). Targeted attacks by Andariel Threat Group,  a subgroup of the Lazarus. Retrieved September 29, 2021.",
                    "url": "http://download.ahnlab.com/global/brochure/%5BAnalysis%5DAndariel_Group.pdf"
                },
                {
                    "source_name": "TrendMicro New Andariel Tactics July 2018",
                    "description": "Chen, Joseph. (2018, July 16). New Andariel Reconnaissance Tactics Uncovered. Retrieved September 29, 2021.",
                    "url": "https://www.trendmicro.com/en_us/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-targets.html"
                },
                {
                    "source_name": "CrowdStrike Silent Chollima Adversary September 2021",
                    "description": "CrowdStrike. (2021, September 29). Silent Chollima Adversary Profile. Retrieved September 29, 2021.",
                    "url": "https://adversary.crowdstrike.com/en-US/adversary/silent-chollima/"
                },
                {
                    "source_name": "FSI Andariel Campaign Rifle July 2017",
                    "description": "FSI. (2017, July 27). Campaign Rifle - Andariel, the Maiden of Anguish. Retrieved September 29, 2021.",
                    "url": "https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1680.do"
                },
                {
                    "source_name": "IssueMakersLab Andariel GoldenAxe May 2017",
                    "description": "IssueMakersLab. (2017, May 1). Operation GoldenAxe. Retrieved September 29, 2021.",
                    "url": "http://www.issuemakerslab.com/research3/"
                },
                {
                    "source_name": "Treasury North Korean Cyber Groups September 2019",
                    "description": "US Treasury . (2019, September 13). Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups. Retrieved September 29, 2021.",
                    "url": "https://home.treasury.gov/news/press-releases/sm774"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_attack_spec_version": "3.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}