A Threat Intelligence Year in Review
2024-11-11 • Microsoft •
Microsoft's BlueHat 2024 MSTIC talk says Moonstone Sleet is a North Korean threat actor targeting IT services and software companies for data theft and financial gain. The speaker describes social engineering emails that posed as a software developer seeking investment or development help for an NFT-enabled game called The Tank War. The game ran across Windows, macOS, and Linux but also carried the YUI load malware loader, which performed network and user discovery, browser data collection, and LSASS credential access.
Related Actors
Related Reports
Shares tags: Trend, MoonstoneSleet • Same author: Microsoft • Published within a month
Shares tags: Trend, MoonstoneSleet
2024-11-22 •
53% Match
#MoonstoneSleet
#T1005
#T1056.001
#T1204.002
#T1566.002
#T1071
#T1547.001
#T1059
#T1195
#T1003
#T1486
#T1049
#T1021.002
#T1087.002
#T1561
#T1210
Shares tag: MoonstoneSleet • Published within a month
2024-07-19 •
51% Match
#Trend
#Andariel
#Kimsuky
#MoonstoneSleet
#Lazarus
#T1082
#T1059.003
#T1090
#T1140
#T1005
#T1070.004
#T1041
#T1113
#T1555
#T1560
#T1071.001
#T1046
#T1112
#T1115
#T1083
#T1497
#T1056.001
#T1036
#T1027
#T1204.002
#T1566.002
#T1555.003
#T1071
#T1124
#T1222
#T1552
#T1057
#T1583.003
#T1518.001
#T1547.001
#T1053.005
#T1539
#T1608.005
#T1583.001
#T1059.001
#T1053
#T1552.001
#T1566
#T1059
#T1003
#T1497.001
#T1102.001
#T1574.002
#T1562.001
#T1490
#T1486
#T1129
#T1133
#T1571
#T1548
#T1190
#T1203
#T1564.001
#T1087
#T1562.004
#T1218.011
#T1070.006
#T1547
#T1068
#T1614
#T1573
#T1095
#T1562
#T1070
#T1047
#T1056
#T1176
#T1010
#T1033
#T1569.002
#T1543.003
#T1485
#T1012
#T1202
#T1087.002
#T1021.004
#T1222.001
#T1518
#T1564.003
#T1505.003
#T1069.002
#T1564
#T1595.002
#T1027.005
#T1070.001
#T1056.004
#T1584
Shares tags: Trend, MoonstoneSleet
Shares tag: MoonstoneSleet • Same author: Microsoft
2024-05-28 •
48% Match
#PuTTY
#NPM
#ITWorker
#MoonstoneSleet
#FakePenny
#Storm-1789
#Storm-1877
#DeTankWar
#DeFiTankLand
Shares tag: MoonstoneSleet • Same author: Microsoft