{ "Event": { "analysis": "1", "date": "2015-12-04", "extends_uuid": "", "info": "[Threat Intel] APT 38: Un-usual Suspects", "protected": false, "publish_timestamp": "1780042167", "published": true, "threat_level_id": "1", "timestamp": "1780042166", "uuid": "d1312ce7-09b1-428d-9ff1-856680e57a98", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Lazarus Group\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Trellix\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BLINDTOAD\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BOOTWRECK\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Bitsran\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Brambul\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CHEESETRAY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CLEANTOAD\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Contopee\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DYEPACK\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DarkComet\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"HOTWAX\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Hermes\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NACHOCHEESE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NESTEGG\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"QUICKCAFE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"REDSHAWL\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ratankba\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"RatankbaPOS\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"WORMHOLE\"", "relationship_type": "" }, { "colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#4bec12", "local": false, "name": "misp-galaxy:target-information=\"Chile\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"north korea\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771037217", "to_ids": false, "type": "link", "uuid": "760a419d-3f35-453b-bf36-207d9d6c9ff1", "value": "https://services.google.com/fh/files/misc/apt38-un-usual-suspects.pdf" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771037245", "to_ids": false, "type": "threat-actor", "uuid": "6020234a-a137-4c9a-ab23-af6ed12140c5", "value": "APT38" }, { "category": "Network activity", "comment": "IP range registered to a company in Pyongyang", "deleted": false, "disable_correlation": false, "timestamp": "1771037536", "to_ids": true, "type": "ip-dst", "uuid": "cfac44f4-b0c1-4d7c-834c-6d33afd8657c", "value": "175.45.176.0/22" }, { "category": "Network activity", "comment": "IP range registered to a company in China but leased to North Korea", "deleted": false, "disable_correlation": false, "timestamp": "1771037536", "to_ids": true, "type": "ip-dst", "uuid": "60df61ca-a600-47d4-a6ac-0f715cc51d62", "value": "210.52.109.0/24" }, { "category": "Network activity", "comment": "DDNS domain", "deleted": false, "disable_correlation": false, "timestamp": "1771037615", "to_ids": true, "type": "hostname", "uuid": "79f925ce-ec86-4d23-856b-4d27eb67d301", "value": "onlink.epac.to" }, { "category": "Network activity", "comment": "watering hole domain", "deleted": false, "disable_correlation": false, "timestamp": "1771037615", "to_ids": true, "type": "domain", "uuid": "fd96b6e1-0353-493c-81ae-a60382b24e79", "value": "brou.com" }, { "category": "Network activity", "comment": "watering hole domain", "deleted": false, "disable_correlation": false, "timestamp": "1771037615", "to_ids": true, "type": "hostname", "uuid": "4a459de7-2724-4ad9-a9e0-c79393c14a9e", "value": "cnbv.gob.mx" }, { "category": "Network activity", "comment": "watering hole domain", "deleted": false, "disable_correlation": false, "timestamp": "1771037615", "to_ids": true, "type": "hostname", "uuid": "02efcc4e-f1dc-4e14-bf25-c070c2e5526e", "value": "knf.gov.pl" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780042163", "to_ids": true, "type": "ip-dst", "uuid": "fa3c0405-4ebb-414b-aa41-e19865b2f848", "value": "210.52.109.22", "Tag": [ { "colour": "#7cdf95", "local": false, "name": "asn:asn=\"9929\"", "relationship_type": "" }, { "colour": "#5dde94", "local": false, "name": "asn:as-owner=\"CUII CHINA UNICOM Industrial Internet Backbone\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780042165", "to_ids": true, "type": "ip-dst", "uuid": "6f7cf6e4-a145-4ac3-a113-b2ef0aa6c362", "value": "175.45.178.222", "Tag": [ { "colour": "#3f777c", "local": false, "name": "asn:asn=\"131279\"", "relationship_type": "" }, { "colour": "#2fbd2c", "local": false, "name": "asn:as-owner=\"STAR-KP Ryugyong-dong\"", "relationship_type": "" }, { "colour": "#e844fd", "local": false, "name": "asn:as-country=\"KP\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"north korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780042166", "to_ids": true, "type": "ip-dst", "uuid": "ea9c42e0-2589-46c5-a481-319cb079096b", "value": "175.45.176.0", "Tag": [ { "colour": "#3f777c", "local": false, "name": "asn:asn=\"131279\"", "relationship_type": "" }, { "colour": "#2fbd2c", "local": false, "name": "asn:as-owner=\"STAR-KP Ryugyong-dong\"", "relationship_type": "" }, { "colour": "#e844fd", "local": false, "name": "asn:as-country=\"KP\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"north korea\"", "relationship_type": "" } ] } ] } }