{
  "name": "APT45: North Korea\u2019s Digital Military Machine",
  "slug": "apt45-north-koreas-digital-military-machine",
  "description": "Mandiant provides an overview of the activities of APT45, a cyber threat group attributed with high confidence to North Korea. The report details APT45's transition from traditional espionage campaigns against government and defense sectors to financially motivated operations, including suspected ransomware development. The group has targeted critical infrastructure, nuclear facilities, and sectors like agriculture and healthcare, reflecting North Korea's evolving priorities. APT45 stands out among North Korean operators for its potential use of ransomware, possibly to fund regime activities.",
  "published": "2024-07-26T06:51:00+00:00",
  "created_at": "2024-07-26T06:51:00+00:00",
  "modified_at": "2024-07-26T07:03:13+00:00",
  "created_at_opencti": "2024-07-26T06:51:00+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-07-26",
    "3proxy",
    "andariel",
    "apt45",
    "dprk",
    "maui ransomware",
    "onyx sleet",
    "rifle",
    "rogueye",
    "shatteredglass",
    "silent chollima",
    "stonefly"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "e8e61112e8b896ad00ddefb42feb33e5d0fc38d2fb462b9f980606fe79d42571"
      },
      {
        "id": "",
        "name": "e263aa0e7e6a6a1d59677eaf2d4ccb848fe65a84035ab4f24c4e26a1ab089c79"
      },
      {
        "id": "",
        "name": "d30abdf9db88da8a23dccb8188cd4caff48bc437bb3eb3ad576a013ff675161a"
      },
      {
        "id": "",
        "name": "cb4d45338798b97177d8d96eea82dae22481dada40174dda0386026d11136209"
      },
      {
        "id": "",
        "name": "c9724eecab6cfb1c312d4538630fdac0d30434c0cffa131f9190e5a76bef6304"
      },
      {
        "id": "",
        "name": "c8fb5988ad3f71412cb5b4f1248df7ddf82c8c5f3dce60c73c4787b6e443b7b0"
      },
      {
        "id": "",
        "name": "c28bb61de4a6ad1c5e225ad9ec2eaf4a6c8ccfff40cf45a640499c0adb0d8740"
      },
      {
        "id": "",
        "name": "ac5e0ec03658a281bb57e8b1b17f1fa1da2c819a373524577459c63b0b9d9a75"
      },
      {
        "id": "",
        "name": "a1990d863e0b5c7661358dab72ce9223e2d54570915105707374ea8cf68828bd"
      },
      {
        "id": "",
        "name": "a0a0b0dd33b5b685317f6abe7b4caf0610938f548f6d178919bf43c24e1a3a4b"
      },
      {
        "id": "",
        "name": "8bc74559c3678d299826755f29d5ba75b1148b0f8d1fa71a120b2f879f85f08b"
      },
      {
        "id": "",
        "name": "846c2a02505dc1463019cabc021969f7f6095215efb63ec374da1d055e778390"
      },
      {
        "id": "",
        "name": "789c3aeb31700b078f6449cb310b4a2b7d8c03aefeed46a69b1dcb40a18001a7"
      },
      {
        "id": "",
        "name": "782791c9ec3550cd522fd27b992e75381d5c5bc4d95b2f3934f9af6b6d5a57f4"
      },
      {
        "id": "",
        "name": "6ca3c2a6001f1149ff75ab46402dee40d97602bab0b43ac144ca70fbd2101404"
      },
      {
        "id": "",
        "name": "42daf0f3080b50a0a1f14291f5ae3fa8fa400d838a915618f68a8f059777bcd4"
      },
      {
        "id": "",
        "name": "3cf63d516c580d8f988aa4f9b7d482bbdf3901dce435356dbca83eb311c32382"
      },
      {
        "id": "",
        "name": "2e500b2f160f927b1140fb105b83300ca21762c21bb6195c44e8dc613f7d7b12"
      },
      {
        "id": "",
        "name": "152743ffa9df246e5f8c5687381121d8a66dfc05ca2ec2e58000caf964abafc2"
      },
      {
        "id": "",
        "name": "0e416e3cc1673d8fc3e7b2469e491c005152b9328515ea9bbd7cf96f1d23a99f"
      },
      {
        "id": "",
        "name": "0c5e0a81efc0ccc406e5e6eaa222a79b491f4aa2938cf7cc72d0d027b53a9d99"
      },
      {
        "id": "",
        "name": "58fef66f346fe3ed320e22640ab997055e54c8704fc272392d71e367e2d1c2bb"
      },
      {
        "id": "",
        "name": "1177105e51fa02f9977bd435f9066123ace32b991ed54912ece8f3d4fbeeade4"
      },
      {
        "id": "",
        "name": "b7435d23769e79fcbe69b28df4aef062685d1a631892c2354f96d833eae467be"
      },
      {
        "id": "",
        "name": "4e5e42b1acb0c683963caf321167f6985e553af2c70f5b87ec07cc4a8c09b4d8"
      },
      {
        "id": "",
        "name": "2eb16dbc1097a590f07787ab285a013f5fe235287cb4fb948d4f9cce9efa5dbc"
      },
      {
        "id": "",
        "name": "16db0063e4aa666d94752414549fa09fb33142481d894b01a0fae45b339a09fb"
      },
      {
        "id": "",
        "name": "ed8ec7a8dd089019cfd29143f008fa0951c56a35d73b2e1b274315152d0c0ee6"
      },
      {
        "id": "",
        "name": "f67ee77d6129bd1bcd5d856c0fc5314169b946d32b8abaa4e680bb98130b38e7"
      },
      {
        "id": "",
        "name": "f5f6e538001803b0aa008422caf2c3c2a79b2eeee9ddc7feda710e4aba96fea4"
      },
      {
        "id": "",
        "name": "afb2d4d88f59e528f0e388705113ae54b7b97db4f03a35ae43cc386a48f263a0"
      },
      {
        "id": "",
        "name": "90fb0cd574155fd8667d20f97ac464eca67bdb6a8ee64184159362d45d79b6a4"
      },
      {
        "id": "",
        "name": "655aa64860f1655081489cf85b77f72a49de846a99dd122093db4018434b83ae"
      },
      {
        "id": "",
        "name": "6319102bac226dfc117c3c9e620cd99c7eafbf3874832f2ce085850aa042f19c"
      },
      {
        "id": "",
        "name": "f93ddb2377e02b0673aac6d540a558f9e47e611ab6e345a39fd9b1ba9f37cd22"
      },
      {
        "id": "",
        "name": "8aa6612c95c7cef49709596da43a0f8354f14d8c08128c4cb9b1f37e548f083b"
      },
      {
        "id": "",
        "name": "60425a4d5ee04c8ae09bfe28ca33bf9e76a43f69548b2704956d0875a0f25145"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:c8b4c384e239b1a3",
        "name": "ROGUEEYE",
        "slug": "rogueeye"
      },
      {
        "id": "legacy:malware:d431706bd1561bc4",
        "name": "SHATTEREDGLASS",
        "slug": "shatteredglass"
      },
      {
        "id": "57a02656-658e-4e2a-91bb-27ceeceaf20a",
        "name": "Maui Ransomware",
        "slug": "maui-ransomware"
      },
      {
        "id": "legacy:malware:efade50ee3985996",
        "name": "RIFLE",
        "slug": "rifle"
      },
      {
        "id": "legacy:malware:d409bd9817fb7678",
        "name": "3PROXY",
        "slug": "3proxy"
      }
    ],
    "intrusion_sets": [
      {
        "id": "0640edba-3987-4592-a70b-7531d44447da",
        "name": "APT45",
        "slug": "apt45"
      }
    ],
    "attack_patterns": [
      {
        "id": "63c59faa-dc58-40f7-9bbb-b9fd06dc0043",
        "name": "T1063"
      },
      {
        "id": "7616ff60-a18f-4663-9824-b889aa01c8ce",
        "name": "T1588"
      },
      {
        "id": "f6ceeba2-b50c-47dc-8642-ab9842ca76d7",
        "name": "T1018"
      },
      {
        "id": "232fbdfa-94c6-443d-b575-373e75b4f4c2",
        "name": "T1567"
      },
      {
        "id": "16e26db7-7376-40c1-b8a9-23d56c44f7ee",
        "name": "T1571"
      },
      {
        "id": "e73b317e-ea92-49b4-a45d-051f7279aced",
        "name": "T1213"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "67c697ce-a6cc-475f-9bee-e14c1bef7067",
        "name": "T1047"
      },
      {
        "id": "747c7b95-79ff-4132-8ea5-397cb6665ebd",
        "name": "T1498"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "81ee4813-4f68-4984-bec1-980d7c5b56eb",
        "name": "T1132"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d",
        "name": "T1053"
      },
      {
        "id": "c1e3fabe-9e8b-4e8f-a1f8-bf23e234e770",
        "name": "T1485"
      },
      {
        "id": "358e04b8-6f65-48b2-a24b-f101bfc6671a",
        "name": "T1195"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Korea, Democratic People's Republic of"
      },
      {
        "id": "",
        "name": "India"
      },
      {
        "id": "",
        "name": "Korea, Republic of"
      },
      {
        "id": "",
        "name": "Agriculture"
      },
      {
        "id": "",
        "name": "Healthcare"
      },
      {
        "id": "",
        "name": "Defense"
      },
      {
        "id": "",
        "name": "Finance"
      },
      {
        "id": "",
        "name": "Government"
      }
    ]
  },
  "external_refs": [
    "https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine",
    "https://otx.alienvault.com/pulse/66a363754693f26947c343dc"
  ]
}