Moonstone Sleet

OriginCoreia do Norte

Techniques (MITRE ATT&CK)30

SourceMITRE ATT&CK

Also known as:Storm-1789

Vexday analysis

Moonstone Sleet é um agente de ameaça vinculado à Coreia do Norte que conduz tanto ataques motivados financeiramente quanto operações de espionagem, catalogado no MITRE ATT&CK sob o identificador G1036 com 30 técnicas documentadas. O grupo, também rastreado como Storm-1789, apresentava anteriormente sobreposição significativa com o Lazarus Group, mas passou a diferenciar seu conjunto de técnicas a partir de 2023. É notável pela criação de empresas e personas falsas para interagir com entidades-alvo, além do desenvolvimento de malware exclusivo, incluindo uma variante distribuída por meio de um jogo completamente funcional.

Techniques (MITRE ATT&CK) 30

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance

Email Addresses Gather Victim Org Information Phishing for Information Spearphishing Link

Resource development

Domains Virtual Private Server Social Media Accounts Email Accounts Develop Capabilities Malware Upload Malware

Initial access

Compromise Software Supply Chain Spearphishing Attachment Spearphishing via Service

Execution

Scheduled Task Malicious File Service Execution

Persistence

Registry Run Keys / Startup Folder

Credential access

LSASS Memory

Discovery

System Network Configuration Discovery System Owner/User Discovery System Information Discovery Browser Information Discovery

Command and control

Web Protocols Ingress Tool Transfer

Impact

Data Encrypted for Impact

stealth

Obfuscated Files or Information Embedded Payloads Encrypted/Encoded File Deobfuscate/Decode Files or Information

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

Moonstone Sleet uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →