diff options
| author | W. Kosior <koszko@koszko.org> | 2025-01-08 11:44:30 +0100 |
|---|---|---|
| committer | W. Kosior <koszko@koszko.org> | 2025-01-08 11:44:30 +0100 |
| commit | ed6def4a5c8c3531748e22237790acade8525a18 (patch) | |
| tree | cc9837447023cc2adfdfa9698cc087b37d83c911 | |
| parent | 622320f55c135476990fd2091370e512374b3685 (diff) | |
| download | AGH-threat-intel-course-ed6def4a5c8c3531748e22237790acade8525a18.tar.gz AGH-threat-intel-course-ed6def4a5c8c3531748e22237790acade8525a18.zip | |
Split the `Lazarus Group\'.
| -rw-r--r-- | profiles.yaml | 158 |
1 files changed, 147 insertions, 11 deletions
diff --git a/profiles.yaml b/profiles.yaml index 5d3e071..757c154 100644 --- a/profiles.yaml +++ b/profiles.yaml @@ -77,6 +77,25 @@ groups: - label: dragos-allanite URL: https://www.dragos.com/threat/allanite/ + - name: Andariel + origin: North Korea + targets: + - where: South Korea + ref: [trendmicro-lazarus, ahnlab-andariel] + sectors: + - sector: defense + ref: [trendmicro-lazarus, ahnlab-andariel] + - sector: finance + ref: [trendmicro-lazarus, ahnlab-andariel] + goals: + - goal: espionage + ref: [trendmicro-lazarus, ahnlab-andariel] + - goal: financial theft + ref: trendmicro-lazarus + references: + - label: ahnlab-andariel + URL: https://web.archive.org/web/20230213154832/http://download.ahnlab.com/global/brochure/%5BAnalysis%5DAndariel_Group.pdf + - name: Aoqin Dragon origin: China targets: @@ -400,6 +419,109 @@ groups: - label: hivepro-apt33 URL: https://www.hivepro.com/wp-content/uploads/2023/09/APT-33-Uses-Password-Spray-Campaigns-to-Infiltrate-Organizations_TA2023375.pdf + - name: APT37 + origin: North Korea + targets: + - where: South Korea + ref: fireeye-apt37 + - where: Japan + ref: fireeye-apt37 + - where: Vietnam + ref: fireeye-apt37 + - where: Middle East + ref: fireeye-apt37 + - where: Egipt + ref: fireeye-apt37 + - where: Turkey + ref: fireeye-apt37 + - where: Egipt + ref: fireeye-apt37 + - where: Cyprus + ref: fireeye-apt37 + - where: Syria + ref: fireeye-apt37 + - where: Iraq + ref: fireeye-apt37 + - where: Lebanon + ref: fireeye-apt37 + - where: Jordan + ref: fireeye-apt37 + - where: Israel + ref: fireeye-apt37 + - where: Kuwait + ref: fireeye-apt37 + - where: Saudi Arabia + ref: fireeye-apt37 + - where: Qatar + ref: fireeye-apt37 + - where: Bahrain + ref: fireeye-apt37 + - where: United Arab Emirates + ref: fireeye-apt37 + - where: Oman + ref: fireeye-apt37 + - where: Yemen + ref: fireeye-apt37 + sectors: + - sector: automotive + ref: fireeye-apt37 + - sector: media + ref: fireeye-apt37 + - sector: non-government organizations + ref: fireeye-apt37 + - sector: construction/manufacturing + ref: fireeye-apt37 + - sector: telecommunications/satellites # "internet service providers" in + # our source + ref: fireeye-apt37 + - sector: defense + ref: fireeye-apt37 + - sector: education + ref: fireeye-apt37 + - sector: finance + ref: fireeye-apt37 + - sector: government + ref: fireeye-apt37 + - sector: medical # "healthcare" in our source + ref: fireeye-apt37 + - sector: electronics + ref: fireeye-apt37 + goals: + - goal: espionage + ref: trendmicro-lazarus + references: + - label: fireeye-apt37 + URL: https://web.archive.org/web/20220313060724/https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf + + - name: APT38 + origin: North Korea + targets: + - where: South Korea + ref: trendmicro-lazarus + - where: Bangladesh + ref: trendmicro-lazarus + - where: Philippines + ref: trendmicro-lazarus + - where: Vietnam + ref: trendmicro-lazarus + - where: Poland + ref: trendmicro-lazarus + - where: Mexico + ref: trendmicro-lazarus + - where: Taiwan + ref: trendmicro-lazarus + sectors: + - sector: finance + ref: trendmicro-lazarus + - sector: construction/manufacturing # "SK Manufacturing Industry Attack" + # in our source + ref: trendmicro-lazarus + goals: + - goal: espionage + ref: trendmicro-lazarus + - goal: financial theft + ref: trendmicro-lazarus + - name: APT39 origin: Iran targets: @@ -975,6 +1097,27 @@ groups: # - label: # URL: + - name: Kimsuky + origin: North Korea + targets: + - where: South Korea + ref: cisa-focus-kimsuky + - where: Japan + ref: cisa-focus-kimsuky + - where: US + ref: cisa-focus-kimsuky + sectors: + - sector: government + ref: cisa-focus-kimsuky + - sector: researchers + ref: cisa-focus-kimsuky + goals: + - goal: espionage + ref: cisa-focus-kimsuky + references: + - label: cisa-focus-kimsuky + URL: https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-301a + - name: Lazarus Group origin: North Korea targets: @@ -982,8 +1125,6 @@ groups: ref: trendmicro-lazarus - where: US ref: trendmicro-lazarus - - where: Vietnam - ref: trendmicro-lazarus sectors: - sector: government ref: trendmicro-lazarus @@ -991,20 +1132,13 @@ groups: ref: trendmicro-lazarus - sector: media ref: trendmicro-lazarus - - sector: defense - ref: trendmicro-lazarus goals: - - goal: espionage - ref: trendmicro-lazarus - goal: disruption ref: trendmicro-lazarus - goal: extortion ref: trendmicro-lazarus - goal: financial theft ref: trendmicro-lazarus - references: - - label: trendmicro-lazarus - URL: https://www.trendmicro.com/vinfo/nl/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations - name: Leafminer origin: Iran @@ -1584,5 +1718,7 @@ groups: # Below we keep references that are used in profiles of multiple groups. references: - label: fireeye-apt-groups - URL: https://web.archive.org/web/20180806122230/https://www.fireeye.com/current-threats/apt-groups.html#apt19 + - label: fireeye-apt-groups + URL: https://web.archive.org/web/20180806122230/https://www.fireeye.com/current-threats/apt-groups.html + - label: trendmicro-lazarus + URL: https://www.trendmicro.com/vinfo/nl/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations |