← Back to Actors
Moonstone Sleet
Moonstone SleetStorm-1789
[Moonstone Sleet](https://attack.mitre.org/groups/G1036) is a North Korean-linked threat actor executing both financially motivated attacks and espionage operations. The group previously overlapped significantly with another North Korean-linked entity, [Lazarus Group](https://attack.mitre.org/groups/G0032), but has differentiated its tradecraft since 2023. [Moonstone Sleet](https://attack.mitre.org/groups/G1036) is notable for creating fake companies and personas to interact with victim entities, as well as developing unique malware such as a variant delivered via a fully functioning game.(Cit...
30
Techniques
26
Covered
4
Gaps
87%
Coverage
Coverage26/30
GAPS (4)
COVERED (26)
T1003.001LSASS Memory111 det.T1016System Network Configuration Discovery40 det.T1027Obfuscated Files or Information606 det.T1027.009Embedded Payloads2 det.T1027.013Encrypted/Encoded File8 det.T1033System Owner/User Discovery61 det.T1053.005Scheduled Task100 det.T1071.001Web Protocols81 det.T1082System Information Discovery86 det.T1105Ingress Tool Transfer184 det.T1140Deobfuscate/Decode Files or Information58 det.T1195.002Compromise Software Supply Chain23 det.T1204.002Malicious File441 det.T1217Browser Information Discovery4 det.T1486Data Encrypted for Impact374 det.T1547.001Registry Run Keys / Startup Folder53 det.T1566.001Spearphishing Attachment979 det.T1566.003Spearphishing via Service96 det.T1569.002Service Execution64 det.T1583.001Domains62 det.T1587Develop Capabilities4 det.T1587.001Malware10 det.T1589.002Email Addresses2 det.T1598Phishing for Information1002 det.T1598.003Spearphishing Link312 det.T1608.001Upload Malware3 det.