{
    "type": "bundle",
    "id": "bundle--2071d209-5ba2-4dc1-9167-2a50bd60221e",
    "spec_version": "2.0",
    "objects": [
        {
            "aliases": [
                "Higaisa"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_contributors": [
                "Daniyal Naeem, BT Security"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "intrusion-set--54dfec3e-6464-4f74-9d69-b7c817b7e5a3",
            "type": "intrusion-set",
            "created": "2021-03-05T18:54:56.267Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "external_id": "G0126",
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0126"
                },
                {
                    "source_name": "Malwarebytes Higaisa 2020",
                    "url": "https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/",
                    "description": "Malwarebytes Threat Intelligence Team. (2020, June 4). New LNK attack tied to Higaisa APT discovered. Retrieved March 2, 2021."
                },
                {
                    "source_name": "Zscaler Higaisa 2020",
                    "url": "https://www.zscaler.com/blogs/security-research/return-higaisa-apt",
                    "description": "Singh, S. Singh, A. (2020, June 11). The Return on the Higaisa APT. Retrieved March 2, 2021."
                },
                {
                    "source_name": "PTSecurity Higaisa 2020",
                    "url": "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/",
                    "description": "PT ESC Threat Intelligence. (2020, June 4). COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group. Retrieved March 2, 2021."
                }
            ],
            "modified": "2021-04-22T02:12:43.892Z",
            "name": "Higaisa",
            "description": "[Higaisa](https://attack.mitre.org/groups/G0126) is a threat group suspected to have South Korean origins. [Higaisa](https://attack.mitre.org/groups/G0126) has targeted government, public, and trade organizations in North Korea; however, they have also carried out attacks in China, Japan, Russia, Poland, and other nations. [Higaisa](https://attack.mitre.org/groups/G0126) was first disclosed in early 2019 but is assessed to have operated as early as 2009.(Citation: Malwarebytes Higaisa 2020)(Citation: Zscaler Higaisa 2020)(Citation: PTSecurity Higaisa 2020)",
            "x_mitre_version": "1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}