Stolen Pencil

Stolen Pencil is a suspected North Korean-based threat group that has been active since at least May 2018. This threat group appears to have targeted academic institutions, but its motives remain unclear.

This is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.