EXPLORE
Sign In
← Back to Actors

Moonstone Sleet

Moonstone SleetStorm-1789

[Moonstone Sleet](https://attack.mitre.org/groups/G1036) is a North Korean-linked threat actor executing both financially motivated attacks and espionage operations. The group previously overlapped significantly with another North Korean-linked entity, [Lazarus Group](https://attack.mitre.org/groups/G0032), but has differentiated its tradecraft since 2023. [Moonstone Sleet](https://attack.mitre.org/groups/G1036) is notable for creating fake companies and personas to interact with victim entities, as well as developing unique malware such as a variant delivered via a fully functioning game.(Cit...

30
Techniques
26
Covered
4
Gaps
87%
Coverage
Coverage26/30

GAPS (4)

T1583.003Virtual Private ServerT1585.001Social Media AccountsT1585.002Email AccountsT1591Gather Victim Org Information

COVERED (26)

T1003.001LSASS Memory105 det.T1016System Network Configuration Discovery35 det.T1027Obfuscated Files or Information525 det.T1027.009Embedded Payloads1 det.T1027.013Encrypted/Encoded File7 det.T1033System Owner/User Discovery59 det.T1053.005Scheduled Task82 det.T1071.001Web Protocols74 det.T1082System Information Discovery80 det.T1105Ingress Tool Transfer170 det.T1140Deobfuscate/Decode Files or Information55 det.T1195.002Compromise Software Supply Chain23 det.T1204.002Malicious File397 det.T1217Browser Information Discovery4 det.T1486Data Encrypted for Impact339 det.T1547.001Registry Run Keys / Startup Folder50 det.T1566.001Spearphishing Attachment850 det.T1566.003Spearphishing via Service85 det.T1569.002Service Execution63 det.T1583.001Domains61 det.T1587Develop Capabilities4 det.T1587.001Malware9 det.T1589.002Email Addresses2 det.T1598Phishing for Information843 det.T1598.003Spearphishing Link271 det.T1608.001Upload Malware2 det.