SYMBOLCOMMON_NAMEaka. SYNONYMS

Silent Chollima  (Back to overview)

aka: Andariel, GOP, Guardian of Peace, Onyx Sleet, OperationTroy, PLUTONIUM, Subgroup: Andariel, WHOis Team

Andariel is a threat actor that primarily targets South Korean corporations and institutions. They are believed to collaborate with or operate as a subsidiary organization of the Lazarus threat group. WHOIS utilizes spear phishing attacks, watering hole attacks, and supply chain attacks for initial access. They have been known to exploit vulnerabilities and use malware such as Infostealer and TigerRAT.


Associated Families
win.andardoor win.atharvan win.bistromath win.collection_rat win.jupiter win.magic_rat win.maui win.ninerat win.phandoor win.quiterat win.rifdoor win.sharpknot win.unidentified_105 win.vsingle win.yamabot win.shatteredglass win.tiger_rat win.tigerlite win.lilith win.dtrack

References
2024-10-30Palo Alto Networks Unit 42Unit 42
Jumpy Pisces Engages in Play Ransomware
Dtrack MimiKatz PLAY Sliver
2024-07-24GoogleAlice Revelli, Fred Plan, JEFF JOHNSON, Michael Barnhart, Taylor Long
APT45: North Korea’s Digital Military Machine
SHATTEREDGLASS APT45
2023-12-11Cisco TalosAsheer Malhotra, Jungsoo An, Vitor Ventura
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
BottomLoader DLRAT HazyLoad NineRAT
2023-11-10AhnLabASEC Analysis Team
Detection of attacks exploiting asset management software (Andariel Group)
Lilith Tiger RAT
2023-10-18MicrosoftMicrosoft Threat Intelligence
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
FeedLoad ForestTiger HazyLoad RollSling Silent Chollima
2023-08-31AhnLabSanseo
Analysis of Andariel’s New Attack Activities
Andardoor BlackRemote Tiger RAT Volgmer
2023-08-24Cisco TalosAsheer Malhotra, Jungsoo An, Vitor Ventura
Lazarus Group's infrastructure reuse leads to discovery of new malware
Collection RAT
2023-08-24Cisco TalosAsheer Malhotra, Jungsoo An, Vitor Ventura
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
QuiteRAT
2023-08-22AhnLabASEC Analysis Team
Analyzing the new attack activity of the Andariel group
Andardoor MimiKatz QuiteRAT Tiger RAT Volgmer
2023-07-19Twitter (@h2jazi)Hossein Jazi
Tweet on observation with Korean targeting, suspecting Lazarus
Unidentified 105
2023-06-28Kaspersky LabsGReAT
Andariel’s silly mistakes and a new malware family
Jupiter
2023-05-25YouTube (BSidesCharm)Asheer Malhotra
it’s all Magic(RAT) – A look into recent North Korean nation-state attacks
MagicRAT VSingle YamaBot
2023-05-17Medium (@DCSO_CyTec)Axel Wauer, Emilia Neuber, Jiro Minier, Johann Aydinbas, Kritika Roy
Andariel’s “Jupiter” malware and the case of the curious C2
Jupiter
2023-04-14Github (Hildaboo)Hildaboo
SHATTEREDGLASS Server Emulator
SHATTEREDGLASS
2023-02-23SymantecThreat Hunter Team
Clasiopa: New Group Targets Materials Research
Atharvan HazyLoad Lilith
2023-02-23BitdefenderBitdefender Team, Martin Zugec
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
Cobalt Strike DarkComet QuiteRAT RATel
2023-02-15AhnLabeastston
Distributed Malware Exploiting Vulnerable Innorix: Andariel
Andardoor
2023-02-09CISA, DSA, FBI, HHS, NSA, ROK
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Dtrack MagicRAT Maui Ransomware SiennaBlue SiennaPurple Tiger RAT YamaBot
2023-02-09CISACISA
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Maui Ransomware SiennaBlue SiennaPurple Storm-0530
2023-02-02WithSecureSami Ruohonen, Stephen Robinson
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
Dtrack GREASE QuiteRAT
2023-01-05AttackIQFrancis Guibernau, Ken Towne
Emulating the Highly Sophisticated North Korean Adversary Lazarus Group
MagicRAT Tiger RAT
2022-11-15Kaspersky LabsJornt van der Wiel, Konstantin Zykov
DTrack activity targeting Europe and Latin America
Dtrack
2022-10-05ZscalerAditya Sharma, Shatak Jain
Analysis of LilithBot Malware and Eternity Threat Group
Eternity Clipper Eternity Stealer Lilith
2022-09-08Cisco TalosAsheer Malhotra, Jung soo An, Vitor Ventura
Lazarus and the tale of three RATs
MagicRAT MimiKatz VSingle YamaBot
2022-09-07Cisco TalosAsheer Malhotra, Jung soo An, Vitor Ventura
MagicRAT: Lazarus’ latest gateway into victim networks
MagicRAT Tiger RAT
2022-08-09KasperskyKurt Baumgartner, Seongsu Park
Andariel deploys DTrack and Maui ransomware
Dtrack Maui Ransomware
2022-07-12cybleCyble Research Labs
New Ransomware Groups On The Rise: “RedAlert,” LILITH And 0mega Leading A Wave Of Ransomware Campaigns
RedAlert Ransomware Lilith
2022-07-07JPCERT/CCShusei Tomonaga
YamaBot Malware Used by Lazarus
YamaBot
2022-07-06StairwellSilas Cutler
Maui Ransomware
Maui Ransomware
2022-07-06CISACISA, Department of the Treasury (Treasury), FBI
Alert (AA22-187A): North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
Maui Ransomware
2022-07-06CISACISA, Department of the Treasury (Treasury), FBI
CSA AA22-187A: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector (PDF)
Maui Ransomware
2022-07-05JPCERT/CCShusei Tomonaga
VSingle malware that obtains C2 server information from GitHub
VSingle
2022-05-18YoroiCarmelo Ragusa, Luigi Martire, Yoroi Malware ZLab
A deep dive into Eternity Group: A new emerging Cyber Threat
Eternity Ransomware Eternity Stealer Eternity Worm Lilith
2022-04-27SymantecThreat Hunter Team
Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets
Dtrack VSingle
2021-12-22ThreatrayMarkel Picado Ortiz
Establishing the TigerRAT and TigerDownloader Malware Families
TigerLite Tiger RAT
2021-12-14Trend MicroNick Dai, Ted Lee, Vickie Su
Collecting In the Dark: Tropic Trooper Targets Transportation and Government
ChiserClient Ghost RAT Lilith Quasar RAT xPack APT23
2021-12-03vmwareVMWare
TigerRAT – Advanced Adversaries on the Prowl
Tiger RAT
2021-11-10AhnLabASEC Analysis Team
Analysis Report of Lazarus Group’s NukeSped Malware
DarkComet Tiger RAT
2021-09-02KrCertKrCERT
TTPs#6 Targeted Watering Hole Attack Strategy Analysis (SILENT CHOLLIMA)
Tiger RAT
2021-07-15BrightTALKAriel Jungheit, Kaspersky, Mathieu Gaucheler, Vicente Diaz
Visual investigations - Speed up your IR, Forensic Analysis and Hunting
Tiger RAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal (IOCs)
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)
AllaKore Lilith NjRAT
2021-07-02CiscoAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal
AllaKore CetaRAT Lilith NjRAT ReverseRAT
2021-06-15KasperskySeongsu Park
Andariel evolves to target South Korea with ransomware
BISTROMATH PEBBLEDASH SHATTEREDGLASS TigerLite Tiger RAT
2021-05-11QianxinRed Raindrop Team
Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait
BISTROMATH TigerLite
2021-04-19MalwarebytesHossein Jazi
Lazarus APT conceals malicious code within BMP image to drop its RAT
TigerLite
2021-04-19MalwarebytesHossein Jazi
Lazarus APT conceals malicious code within BMP image to drop its RAT
BISTROMATH
2021-03-22JPCERT/CCShusei Tomonaga
Lazarus Attack Activities Targeting Japan (VSingle/ValeforBeta)
VSingle
2020-11-27MacnicaHiroshi Takeuchi
Analyzing Organizational Invasion Ransom Incidents Using Dtrack
Cobalt Strike Dtrack
2020-11-03Kaspersky LabsGReAT
APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti
2020-05-31Twitter (ShadowChasing1)Shadow Chaser Group
Tweet on DTRACK malware
Dtrack
2020-04-16VMWare Carbon BlackScott Knight
The Evolution of Lazarus
HOTCROISSANT Rifdoor
2020-03-03PWC UKPWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-02-25SentinelOneJim Walter
DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity
ARTFULPIE BISTROMATH BUFFETLINE CHEESETRAY HOPLIGHT HOTCROISSANT SLICKSHOES
2020-02-19LexfoLexfo
The Lazarus Constellation A study on North Korean malware
FastCash AppleJeus BADCALL Bankshot Brambul Dtrack Duuzer DYEPACK ELECTRICFISH HARDRAIN Hermes HOPLIGHT Joanap KEYMARBLE Kimsuky MimiKatz MyDoom NACHOCHEESE NavRAT PowerRatankba RokRAT Sierra(Alfa,Bravo, ...) Volgmer WannaCryptor
2020-02-14US-CERTUS-CERT
Malware Analysis Report (AR20-045A): MAR-10265965-1.v1 - North Korean Trojan: BISTROMATH
BISTROMATH
2020-02-13QianxinQi Anxin Threat Intelligence Center
APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2019-12-12FireEyeChi-en Shen, Oleg Bondarenko
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech
2019-11-29Trend MicroHiroyuki Kakara, Joey Chen, Masaoki Shoji
Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK
Datper Lilith
2019-11-21CyberbitHod Gavriel
Dtrack: In-depth analysis of APT on a nuclear power plant
Dtrack
2019-11-04Marco Ramilli's BlogMarco Ramilli
Is Lazarus/APT38 Targeting Critical Infrastructures?
Dtrack
2019-11-03Github (jeFF0Falltrades)Jeff Archer
DTrack
Dtrack
2019-09-23Kaspersky LabsKonstantin Zykov
Hello! My name is Dtrack
Dtrack
2019-09-19GitHub (werkamsus)werkamsus
Lilith
Lilith
2018-06-23AhnLabAhnLab
Full Discloser of Andariel, A Subgroup of Lazarus Threat Group
PhanDoor Rifdoor
2018-03-09NCCICNCCIC
Malware Analysis Report Sharpknot
SHARPKNOT
2017-05-01IssueMakersLabIssueMakersLab
Operation GoldenAxe
Rifdoor
2017-01-01FSIKay Kwak (Kyoung-Ju Kwak)
Campaign Rifle: Andariel, The Maiden of Anguish
Rifdoor
2014-02-24RSA ConferenceDmitri Alperovitch
The Art of Attribution Identifying and Pursuing your Cyber Adversaries
ANDROMEDA SPIDER APT19 DEXTOROUS SPIDER Ghost Jackal Silent Chollima SINGING SPIDER Tonto Team TOXIC PANDA UNION SPIDER
2013-04-02Eric Romang
Dark South Korea Total War Review
SHARPKNOT

Credits: MISP Project