Andariel
Associated Group Descriptions |
|
Name | Description |
---|---|
Silent Chollima | (Citation: CrowdStrike Silent Chollima Adversary September 2021) |
PLUTONIUM | (Citation: Microsoft Threat Actor Naming July 2023) |
Onyx Sleet | (Citation: Microsoft Threat Actor Naming July 2023) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1592 | .002 | Gather Victim Host Information: Software |
Andariel has inserted a malicious script within compromised websites to collect potential victim information such as browser type, system language, Flash Player version, and other data.(Citation: TrendMicro New Andariel Tactics July 2018) |
Enterprise | T1590 | .005 | Gather Victim Network Information: IP Addresses |
Andariel has limited its watering hole attacks to specific IP address ranges.(Citation: AhnLab Andariel Subgroup of Lazarus June 2018) |
Enterprise | T1027 | .003 | Obfuscated Files or Information: Steganography |
Andariel has hidden malicious executables within PNG files.(Citation: MalwareBytes Lazarus-Andariel Conceals Code April 2021)(Citation: Kaspersky Andariel Ransomware June 2021) |
Enterprise | T1588 | .001 | Obtain Capabilities: Malware |
Andariel has used a variety of publicly-available remote access Trojans (RATs) for its operations.(Citation: FSI Andariel Campaign Rifle July 2017) |
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
Andariel has conducted spearphishing campaigns that included malicious Word or Excel attachments.(Citation: AhnLab Andariel Subgroup of Lazarus June 2018)(Citation: MalwareBytes Lazarus-Andariel Conceals Code April 2021) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
Andariel has attempted to lure victims into enabling malicious macros within email attachments.(Citation: AhnLab Andariel Subgroup of Lazarus June 2018) |
References
- AhnLab. (2018, June 23). Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus. Retrieved September 29, 2021.
- Park, S. (2021, June 15). Andariel evolves to target South Korea with ransomware. Retrieved September 29, 2021.
- Chen, Joseph. (2018, July 16). New Andariel Reconnaissance Tactics Uncovered. Retrieved September 29, 2021.
- FSI. (2017, July 27). Campaign Rifle - Andariel, the Maiden of Anguish. Retrieved September 12, 2024.
- IssueMakersLab. (2017, May 1). Operation GoldenAxe. Retrieved September 12, 2024.
- Jazi, H. (2021, April 19). Lazarus APT conceals malicious code within BMP image to drop its RAT . Retrieved September 29, 2021.
- CrowdStrike. (2021, September 29). Silent Chollima Adversary Profile. Retrieved September 29, 2021.
- Microsoft . (2023, July 12). How Microsoft names threat actors. Retrieved November 17, 2023.
- US Treasury . (2019, September 13). Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups. Retrieved September 29, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.