← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Onyx Sleet uses array of malware to gather intelligence for North Korea | Microsoft Security Blog
WHITE Onyx Sleet CyberHunter_NL 2024-07-29 Modified: 2024-08-28
48
IOCs
MEDIUM VOLUME
Onyx Sleet, Microsoft’s most advanced cyber-espionage tool, is being used to gather intelligence for North Korea, the company has announced. £1.5bn
onyx sleetmicrosoftsmalltigervalidalphacveidlog4jtigerratendpointunitedsouth korearatstdrop2sliverthemidavmprotectdtrackjunevirustotalfebruarydefenderprojecttwitterdorac++durianbeaconlighthandh0lygh0st
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Dora C++ DurianBeacon LightHand ValidAlpha H0lyGh0st Dtrack SmallTiger
Indicators of Compromise (48)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 CVE URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 505262547f8879249794fc31eea41fc6 MD5 of f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c 2024-07-29
FileHash-SHA1 b312dd587e8725edf782e0c176b902fbbfc01468 SHA1 of f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c 2024-07-29
FileHash-SHA256 f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c 2024-07-29
CVE CVE-2021-44228 2024-07-29
CVE CVE-2023-22515 2024-07-29
CVE CVE-2023-27350 2024-07-29
CVE CVE-2023-42793 2024-07-29
CVE CVE-2023-46604 2024-07-29
FileHash-MD5 0a09b7f2317b3d5f057180be6b6d0755 MD5 of 8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f 2024-07-29
FileHash-MD5 1ffccc23fef2964e9b1747098c19d956 MD5 of 3098e6e7ae23b3b8637677da7bfc0ba720e557e6df71fa54a8ef1579b6746061 2024-07-29
FileHash-MD5 6e710f6f02fdde1e4adf06935a296fd8 MD5 of 868a62feff8b46466e9d63b83135a7987bf6d332c13739aa11b747b3e2ad4bbf 2024-07-29
FileHash-MD5 76cb5d1e6c2b6895428115705d9ac765 2024-07-29
FileHash-MD5 891db50188a90ddacfaf7567d2d0355d MD5 of 0837dd54268c373069fc5c1628c6e3d75eb99c3b3efc94c45b73e2cf9a6f3207 2024-07-29
FileHash-MD5 9112efb49cae021abebd3e9a564e6ca4 MD5 of 7339cfa5a67f5a4261c18839ef971d7f96eaf60a46190cab590b439c71c4742b 2024-07-29
FileHash-MD5 9d7bd0caed10cc002670faff7ca130f5 MD5 of c2500a6e12f22b16e221ba01952b69c92278cd05632283d8b84c55c916efe27c 2024-07-29
FileHash-MD5 c1f266f7ec886278f030e7d7cd4e9131 MD5 of c1a09024504a5ec422cbea68e17dffc46472d3c2d73f83aa0741a89528a45cd1 2024-07-29
FileHash-MD5 d6121d74dcef566a5e2f9aba179b8cca MD5 of fed94f461145681dc9347b382497a72542424c64b6ae6fcf945f4becd2d46c32 2024-07-29
FileHash-SHA1 0f3b24e4e3e44bf60c5aad5b457fd8e0f6836c29 SHA1 of 7339cfa5a67f5a4261c18839ef971d7f96eaf60a46190cab590b439c71c4742b 2024-07-29
FileHash-SHA1 6624c7b8faac176d1c1cb10b03e7ee58a4853f91 2024-07-29
FileHash-SHA1 8bceaaa270b38fcb0aebae1abd74477754c189c8 SHA1 of 0837dd54268c373069fc5c1628c6e3d75eb99c3b3efc94c45b73e2cf9a6f3207 2024-07-29
FileHash-SHA1 926bfb37f292c1f4e37b1ad00b9edd7d4ee557d9 SHA1 of c2500a6e12f22b16e221ba01952b69c92278cd05632283d8b84c55c916efe27c 2024-07-29
FileHash-SHA1 a100daa33d7db6d2424ac1a8c9ec4b3ae8a3105c SHA1 of 3098e6e7ae23b3b8637677da7bfc0ba720e557e6df71fa54a8ef1579b6746061 2024-07-29
FileHash-SHA1 ab76f74f61428d15ab4e1dacc0824d1770c34689 SHA1 of 868a62feff8b46466e9d63b83135a7987bf6d332c13739aa11b747b3e2ad4bbf 2024-07-29
FileHash-SHA1 b3a4a86e27afe3872c52e007be93a71ee3f867ee SHA1 of c1a09024504a5ec422cbea68e17dffc46472d3c2d73f83aa0741a89528a45cd1 2024-07-29
FileHash-SHA1 dfe5d75ed31b6cfc2cceebb1404d3eabc02f0021 SHA1 of 8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f 2024-07-29
FileHash-SHA1 e2f78ec89d80ed5c0299856fee84cc78c5d7f7ba SHA1 of fed94f461145681dc9347b382497a72542424c64b6ae6fcf945f4becd2d46c32 2024-07-29
FileHash-SHA256 0837dd54268c373069fc5c1628c6e3d75eb99c3b3efc94c45b73e2cf9a6f3207 2024-07-29
FileHash-SHA256 1b88b939e5ec186b2d19aec8f17792d493d74dd6ab3d5a6ddc42bfe78b01aff1 2024-07-29
FileHash-SHA256 29c6044d65af0073424ccc01abcb8411cbdc52720cac957a3012773c4380bab3 2024-07-29
FileHash-SHA256 3098e6e7ae23b3b8637677da7bfc0ba720e557e6df71fa54a8ef1579b6746061 2024-07-29
FileHash-SHA256 7339cfa5a67f5a4261c18839ef971d7f96eaf60a46190cab590b439c71c4742b 2024-07-29
FileHash-SHA256 868a62feff8b46466e9d63b83135a7987bf6d332c13739aa11b747b3e2ad4bbf 2024-07-29
FileHash-SHA256 8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f 2024-07-29
FileHash-SHA256 96118268f9ab475860c3ae3edf00d9ee944d6440fd60a1673f770d150bfb16d3 2024-07-29
FileHash-SHA256 c1a09024504a5ec422cbea68e17dffc46472d3c2d73f83aa0741a89528a45cd1 2024-07-29
FileHash-SHA256 c2500a6e12f22b16e221ba01952b69c92278cd05632283d8b84c55c916efe27c 2024-07-29
FileHash-SHA256 f1662bee722a4e25614ed30933b0ced17b752d99fae868fbb326a46afa2282d5 2024-07-29
FileHash-SHA256 fed94f461145681dc9347b382497a72542424c64b6ae6fcf945f4becd2d46c32 2024-07-29
URL http://84.38.134.56/procdump.gif 2024-07-29
URL https://thecyberwire.com/podcasts/microsoft-threat-intelligence 2024-07-29
URL https://www.boho.or.kr/en/bbs/view.do?searchCnd=&bbsId=B0001041&searchWrd=&menuNo=205083&pageIndex=1&categoryCode=&nttId=36276 2024-07-29
domain americajobmail.site 2024-07-29
domain thecyberwire.com 2024-07-29
domain view.do 2024-07-29
hostname advice.uphearth.com 2024-07-29
hostname privatemake.bounceme.net 2024-07-29
hostname ww3c.bounceme.net 2024-07-29
hostname www.boho.or.kr 2024-07-29
References (1)
↗ https://www.microsoft.com/en-us/security/blog/2024/07/25/onyx-sleet-uses-array-of-malware-to-gather-intelligence-for-north-korea/