{ "type": "bundle", "id": "bundle--2071d209-5ba2-4dc1-9167-2a50bd60221e", "spec_version": "2.0", "objects": [ { "aliases": [ "Higaisa" ], "x_mitre_domains": [ "enterprise-attack" ], "x_mitre_contributors": [ "Daniyal Naeem, BT Security" ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "id": "intrusion-set--54dfec3e-6464-4f74-9d69-b7c817b7e5a3", "type": "intrusion-set", "created": "2021-03-05T18:54:56.267Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "external_id": "G0126", "source_name": "mitre-attack", "url": "https://attack.mitre.org/groups/G0126" }, { "source_name": "Malwarebytes Higaisa 2020", "url": "https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/", "description": "Malwarebytes Threat Intelligence Team. (2020, June 4). New LNK attack tied to Higaisa APT discovered. Retrieved March 2, 2021." }, { "source_name": "Zscaler Higaisa 2020", "url": "https://www.zscaler.com/blogs/security-research/return-higaisa-apt", "description": "Singh, S. Singh, A. (2020, June 11). The Return on the Higaisa APT. Retrieved March 2, 2021." }, { "source_name": "PTSecurity Higaisa 2020", "url": "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/", "description": "PT ESC Threat Intelligence. (2020, June 4). COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group. Retrieved March 2, 2021." } ], "modified": "2021-04-22T02:12:43.892Z", "name": "Higaisa", "description": "[Higaisa](https://attack.mitre.org/groups/G0126) is a threat group suspected to have South Korean origins. [Higaisa](https://attack.mitre.org/groups/G0126) has targeted government, public, and trade organizations in North Korea; however, they have also carried out attacks in China, Japan, Russia, Poland, and other nations. [Higaisa](https://attack.mitre.org/groups/G0126) was first disclosed in early 2019 but is assessed to have operated as early as 2009.(Citation: Malwarebytes Higaisa 2020)(Citation: Zscaler Higaisa 2020)(Citation: PTSecurity Higaisa 2020)", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }