
Also Known As
Velvet Chollima
Origin
North Korea
Target Countries
Japan | South Africa | France | Russian Federation | South Korea | United Kingdom | United States
Targeted Verticals
Critical Infrastructure
Financial Services
Healthcare
Government | Military
MITRE TTPs
Archive Collected Data: Archive via Custom Method
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
Command and Scripting Interpreter: PowerShell
Create or Modify System Process: Windows Service
Credentials from Password Stores: Credentials from Web Browsers
Event Triggered Execution: Change Default File Association
Impair Defenses: Disable or Modify Tools
Impair Defenses: Disable or Modify System Firewall
Indicator Removal on Host: File Deletion
Phishing: Spearphishing Attachment