test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/intrusion-set
/intrusion-set--54dfec3e-6464-4f74-9d69-b7c817b7e5a3.json
{ | |
"type": "bundle", | |
"id": "bundle--2071d209-5ba2-4dc1-9167-2a50bd60221e", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"aliases": [ | |
"Higaisa" | |
], | |
"x_mitre_domains": [ | |
"enterprise-attack" | |
], | |
"x_mitre_contributors": [ | |
"Daniyal Naeem, BT Security" | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"id": "intrusion-set--54dfec3e-6464-4f74-9d69-b7c817b7e5a3", | |
"type": "intrusion-set", | |
"created": "2021-03-05T18:54:56.267Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"external_references": [ | |
{ | |
"external_id": "G0126", | |
"source_name": "mitre-attack", | |
"url": "https://attack.mitre.org/groups/G0126" | |
}, | |
{ | |
"source_name": "Malwarebytes Higaisa 2020", | |
"url": "https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/", | |
"description": "Malwarebytes Threat Intelligence Team. (2020, June 4). New LNK attack tied to Higaisa APT discovered. Retrieved March 2, 2021." | |
}, | |
{ | |
"source_name": "Zscaler Higaisa 2020", | |
"url": "https://www.zscaler.com/blogs/security-research/return-higaisa-apt", | |
"description": "Singh, S. Singh, A. (2020, June 11). The Return on the Higaisa APT. Retrieved March 2, 2021." | |
}, | |
{ | |
"source_name": "PTSecurity Higaisa 2020", | |
"url": "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/", | |
"description": "PT ESC Threat Intelligence. (2020, June 4). COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group. Retrieved March 2, 2021." | |
} | |
], | |
"modified": "2021-04-22T02:12:43.892Z", | |
"name": "Higaisa", | |
"description": "[Higaisa](https://attack.mitre.org/groups/G0126) is a threat group suspected to have South Korean origins. [Higaisa](https://attack.mitre.org/groups/G0126) has targeted government, public, and trade organizations in North Korea; however, they have also carried out attacks in China, Japan, Russia, Poland, and other nations. [Higaisa](https://attack.mitre.org/groups/G0126) was first disclosed in early 2019 but is assessed to have operated as early as 2009.(Citation: Malwarebytes Higaisa 2020)(Citation: Zscaler Higaisa 2020)(Citation: PTSecurity Higaisa 2020)", | |
"x_mitre_version": "1.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |