Rectifyq📃Title: APT 38: Un-usual Suspects
📅Date: 2015-12-04
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: TA-profile
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- threat-actor Lazarus-Group
- producer Trellix
- malpedia=“BLINDTOAD”
- malpedia=“BOOTWRECK”
- malpedia=“Bitsran”
- malpedia=“Brambul”
- malpedia=“CHEESETRAY”
- malpedia=“CLEANTOAD”
- malpedia=“Contopee”
- malpedia=“DYEPACK”
- malpedia=“DarkComet”
- malpedia=“HOTWAX”
- malpedia=“Hermes”
- malpedia=“NACHOCHEESE”
- malpedia=“NESTEGG”
- malpedia=“QUICKCAFE”
- malpedia=“REDSHAWL”
- malpedia=“Ratankba”
- malpedia=“RatankbaPOS”
- malpedia=“WORMHOLE”
- target-information=“Bangladesh”
- target-information=“Brazil”
- target-information=“Chile”
- target-information=“Malaysia”
- target-information=“Philippines”
- target-information=“Taiwan”
- target-information=“Turkey”
- target-information=“United States”
- target-information=“Vietnam”
- country=“north korea”
- mitre-attack-pattern=[]
MISP event uuid: d1312ce7-09b1-428d-9ff1-856680e57a98
Indicator of Compromise (IoCs)
type,value,comment
ip-dst, 175.45.176.0/22, 'IP range registered to a company in Pyongyang'
ip-dst, 210.52.109.0/24, 'IP range registered to a company in China but leased to North Korea'
hostname, onlink.epac.to, 'DDNS domain'
domain, brou.com, 'watering hole domain'
hostname, cnbv.gob.mx, 'watering hole domain'
hostname, knf.gov.pl, 'watering hole domain'
ip-dst, 210.52.109.22, ''
ip-dst, 175.45.178.222, ''
ip-dst, 175.45.176.0, ''
Full IOCs available in Rectifyq's MISP```