{
  "name": "Threat Assessment: North Korean Threat Groups",
  "slug": "threat-assessment-north-korean-threat-groups",
  "description": "This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10 malware samples across Windows, macOS, and Linux systems, providing technical insights into their functionality and Palo Alto Networks Cortex XDR's capability to detect and mitigate these threats.",
  "published": "2024-09-10T06:23:01+00:00",
  "created_at": "2024-09-10T06:23:01+00:00",
  "modified_at": "2024-09-10T06:56:30+00:00",
  "created_at_opencti": "2024-09-10T06:23:01+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-09-10",
    "collectionrat",
    "comebacker",
    "cybercrime",
    "espionage",
    "fullhouse",
    "kandykorn",
    "malware",
    "northkorea",
    "objcshellz",
    "odicloader",
    "pondrat",
    "poolrat",
    "rats",
    "rustbucket",
    "smoothoperator"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "88.119.174.148"
      },
      {
        "id": "",
        "name": "38.132.124.88"
      },
      {
        "id": "",
        "name": "23.254.226.90"
      },
      {
        "id": "",
        "name": "23.227.202.54"
      },
      {
        "id": "",
        "name": "198.244.135.250"
      },
      {
        "id": "",
        "name": "146.19.173.125"
      },
      {
        "id": "",
        "name": "www.talesseries.com"
      },
      {
        "id": "",
        "name": "http://www.talesseries.com/write.php"
      },
      {
        "id": "",
        "name": "http://rgedist.com/sfxl.php"
      },
      {
        "id": "",
        "name": "rgedist.com"
      },
      {
        "id": "",
        "name": "rentedpushy.com"
      },
      {
        "id": "",
        "name": "relysudden.com"
      },
      {
        "id": "",
        "name": "prontoposer.com"
      },
      {
        "id": "",
        "name": "rebelthumb.net"
      },
      {
        "id": "",
        "name": "levelframeblog.com"
      },
      {
        "id": "",
        "name": "globalkeystroke.com"
      },
      {
        "id": "",
        "name": "contortonset.com"
      },
      {
        "id": "",
        "name": "basketsalute.com"
      },
      {
        "id": "",
        "name": "airbseeker.com"
      },
      {
        "id": "",
        "name": "jdkgradle.com"
      },
      {
        "id": "",
        "name": "swissborg.blog"
      },
      {
        "id": "",
        "name": "fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7"
      },
      {
        "id": "",
        "name": "f3b0da965a4050ab00fce727bb31e0f889a9c05d68d777a8068cfc15a71d3703"
      },
      {
        "id": "",
        "name": "f1713afaf5958bdf3e975ebbab8245a98a84e03f8ce52175ef1568de208116e0"
      },
      {
        "id": "",
        "name": "d8565d58ad8e4f5558b5cd70df0ad12be9cf44e32ad07aaac6f65b816edbf414"
      },
      {
        "id": "",
        "name": "cbf4cfa2d3c3fb04fe349161e051a8cf9b6a29f8af0c3d93db953e5b5dc39c86"
      },
      {
        "id": "",
        "name": "c83c7b000a955f2b8cb92bb112ed606ffd9fbebbe3422f80d90d06b167f2f37b"
      },
      {
        "id": "",
        "name": "c6a48365c3db9761bd60981bdcdd87aced23d8e60067caa30fee501bf4b47b84"
      },
      {
        "id": "",
        "name": "bfd74b4a1b413fa785a49ca4a9c0594441a3e01983fc7f86125376fdbd4acf6b"
      },
      {
        "id": "",
        "name": "bce1eb513aaac344b5b8f7a9ba9c9e36fc89926d327ee5cc095fb4a895a12f80"
      },
      {
        "id": "",
        "name": "a03d13c9825e150810e6e6aaf053d71ec5a53b86581414dd982a74d4a8bc5475"
      },
      {
        "id": "",
        "name": "99dbc6fe3c3e465052fcefa1642861747dc9e069eeb244589b605bd710b1e0d1"
      },
      {
        "id": "",
        "name": "91eaf215be336eae983d069de16630cc3580e222c427f785e0da312d0692d0fd"
      },
      {
        "id": "",
        "name": "87c5d0c93b80acf61d24e7aaf0faae231ab507ca45483ad3d441b5d1acebc43c"
      },
      {
        "id": "",
        "name": "7667d1b8fcc4f712084e3e3f8b4ab505ab150c52aea7b219249ec508b4b0e224"
      },
      {
        "id": "",
        "name": "689cfaa9319f3f7529a31472ecf6b2e0ca6891b736de009e0b6c2ebac958cc94"
      },
      {
        "id": "",
        "name": "5e40d106977017b1ed235419b1e59ff090e1f43ac57da1bb5d80d66ae53b1df8"
      },
      {
        "id": "",
        "name": "5c907b722c53a5be256dc5f96b755bc9e0b032cc30973a52d984d4174bace456"
      },
      {
        "id": "",
        "name": "5009c7d1590c1f8c05827122172583ddf924c53b55a46826abf66da46725505a"
      },
      {
        "id": "",
        "name": "492a643bd1efdaca4ca125ade1b606e7bbf00e995ac9115ac84d1c4c59cb66dd"
      },
      {
        "id": "",
        "name": "479038eb12ed07893ee0dcc04fbdcf182489bbb271f5a4f90f83874881a80ce3"
      },
      {
        "id": "",
        "name": "3c8dbfcbb4fccbaf924f9a650a04cb4715f4a58d51ef49cc75bfcef0ac258a3e"
      },
      {
        "id": "",
        "name": "2546d239a262c24a6f8ea01d890cbc459a22db79b379b6ec3b24fbb56efb5381"
      },
      {
        "id": "",
        "name": "15d53bb839e00405a34a8b690ec181f5555fc4f891b8248ae7fa72bad28315a9"
      },
      {
        "id": "",
        "name": "0b5db31e47b0dccfdec46e74c0e70c6a1684768dbacc9eacbb4fd2ef851994c7"
      },
      {
        "id": "",
        "name": "081804b491c70bfa63ecdbe9fd4618d3570706ad8b71dba13e234069648e5e48"
      },
      {
        "id": "",
        "name": "973f7939ea03fd2c9663dafc21bb968f56ed1b9a56b0284acf73c3ee141c053c"
      },
      {
        "id": "",
        "name": "63fb47c3b4693409ebadf8a5179141af5cf45a46d1e98e5f763ca0d7d64fb17c"
      },
      {
        "id": "",
        "name": "8bfa4fe0534c0062393b6a2597c3491f7df3bf2eabfe06544c53bdf1f38db6d4"
      },
      {
        "id": "",
        "name": "c7f4aa77be7f7afe9d0665d3e705dbf7794bc479bb9c44488c7bf4169f8d14fe"
      },
      {
        "id": "",
        "name": "c9a7b42c7b29ca948160f95f017e9e9ae781f3b981ecf6edbac943e52c63ffc8"
      },
      {
        "id": "",
        "name": "2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1"
      },
      {
        "id": "",
        "name": "3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940"
      },
      {
        "id": "",
        "name": "927b3564c1cf884d2a05e1d7bd24362ce8563a1e9b85be776190ab7f8af192f6"
      },
      {
        "id": "",
        "name": "6c121f2b2efa6592c2c22b29218157ec9e63f385e7a1d7425857d603ddef8c59"
      },
      {
        "id": "",
        "name": "db6a9934570fa98a93a979e7e0e218e0c9710e5a787b18c6948f2eedd9338984"
      },
      {
        "id": "",
        "name": "e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec"
      },
      {
        "id": "",
        "name": "a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:cc541ef053305a76",
        "name": "OdicLoader",
        "slug": "odicloader"
      },
      {
        "id": "d13c5808-6c18-48d6-93ed-3a1d8dcc76e2",
        "name": "PondRAT",
        "slug": "pondrat"
      },
      {
        "id": "7b2e25ba-9448-4d9c-88c2-0f9f363c23b0",
        "name": "POOLRAT",
        "slug": "poolrat"
      },
      {
        "id": "legacy:malware:023f1653afe3d714",
        "name": "Fullhouse",
        "slug": "fullhouse"
      },
      {
        "id": "legacy:malware:fb57e683f04fb204",
        "name": "ObjCShellz",
        "slug": "objcshellz"
      },
      {
        "id": "legacy:malware:589321b9809796b0",
        "name": "SmoothOperator",
        "slug": "smoothoperator"
      },
      {
        "id": "legacy:malware:86507c541a53a758",
        "name": "Comebacker",
        "slug": "comebacker"
      },
      {
        "id": "legacy:malware:036e53e0133a0fdf",
        "name": "KANDYKORN",
        "slug": "kandykorn"
      },
      {
        "id": "caf1743d-6704-4934-8062-b9b2e65023fb",
        "name": "CollectionRAT",
        "slug": "collectionrat"
      },
      {
        "id": "legacy:malware:4981b257a58aecdf",
        "name": "RustBucket",
        "slug": "rustbucket"
      }
    ],
    "intrusion_sets": [
      {
        "id": "484244ec-5499-429e-af3d-bef0c07226ec",
        "name": "Various North Korean groups under the Reconnaissance General Bureau",
        "slug": "various-north-korean-groups-under-the-reconnaissance-general-bureau"
      }
    ],
    "attack_patterns": [
      {
        "id": "06e3163e-2f5a-4983-9b07-6e4c5995afac",
        "name": "T1009"
      },
      {
        "id": "b56202f3-494b-4a66-a470-5acd1a669081",
        "name": "T1045"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "53b3b18c-d0d0-4bf6-bc6b-2c0ab9180deb",
        "name": "T1070"
      },
      {
        "id": "b9a3b4f8-b9c0-4ed8-bf5e-bf759b9804d6",
        "name": "T1564"
      },
      {
        "id": "29398669-98ed-4766-9dac-f9632f7175ff",
        "name": "T1518"
      },
      {
        "id": "60972cf6-e90b-4600-af3c-13c468391d9c",
        "name": "T1106"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "af9ed2e3-4663-4723-beab-c606ddc312e0",
        "name": "T1543"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "820fbdf8-7db2-4292-9a60-7eed3567be8d",
        "name": "T1210"
      },
      {
        "id": "c12e0e03-aab0-4646-a929-e921a3d27f02",
        "name": "T1219"
      },
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d",
        "name": "T1053"
      },
      {
        "id": "fcd96dc0-500e-4354-bd97-5c65718a9004",
        "name": "T1562"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/",
    "https://otx.alienvault.com/pulse/66e001e55e7c69c7c2be94df"
  ]
}