EXPLORE
Sign In
← Back to Actors

Moonstone Sleet

Moonstone SleetStorm-1789

[Moonstone Sleet](https://attack.mitre.org/groups/G1036) is a North Korean-linked threat actor executing both financially motivated attacks and espionage operations. The group previously overlapped significantly with another North Korean-linked entity, [Lazarus Group](https://attack.mitre.org/groups/G0032), but has differentiated its tradecraft since 2023. [Moonstone Sleet](https://attack.mitre.org/groups/G1036) is notable for creating fake companies and personas to interact with victim entities, as well as developing unique malware such as a variant delivered via a fully functioning game.(Cit...

30
Techniques
26
Covered
4
Gaps
87%
Coverage
Coverage26/30

GAPS (4)

T1583.003Virtual Private ServerT1585.001Social Media AccountsT1585.002Email AccountsT1591Gather Victim Org Information

COVERED (26)

T1003.001LSASS Memory111 det.T1016System Network Configuration Discovery39 det.T1027Obfuscated Files or Information561 det.T1027.009Embedded Payloads2 det.T1027.013Encrypted/Encoded File8 det.T1033System Owner/User Discovery61 det.T1053.005Scheduled Task99 det.T1071.001Web Protocols80 det.T1082System Information Discovery86 det.T1105Ingress Tool Transfer183 det.T1140Deobfuscate/Decode Files or Information58 det.T1195.002Compromise Software Supply Chain23 det.T1204.002Malicious File425 det.T1217Browser Information Discovery4 det.T1486Data Encrypted for Impact360 det.T1547.001Registry Run Keys / Startup Folder53 det.T1566.001Spearphishing Attachment905 det.T1566.003Spearphishing via Service88 det.T1569.002Service Execution64 det.T1583.001Domains61 det.T1587Develop Capabilities4 det.T1587.001Malware10 det.T1589.002Email Addresses2 det.T1598Phishing for Information902 det.T1598.003Spearphishing Link285 det.T1608.001Upload Malware3 det.