Pulse Detail — Threat Intelligence

PULSE NAME

Onyx Sleet uses array of malware to gather intelligence for North Korea | Microsoft Security Blog

WHITE Onyx Sleet CyberHunter_NL 2024-07-29 Modified: 2024-08-28

IOCs

MEDIUM VOLUME

Onyx Sleet, Microsoft’s most advanced cyber-espionage tool, is being used to gather intelligence for North Korea, the company has announced. Â£1.5bn

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

MALWARE FAMILIES

Dora C++ DurianBeacon LightHand ValidAlpha H0lyGh0st Dtrack SmallTiger

Indicators of Compromise (10 / 48 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 CVE URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	505262547f8879249794fc31eea41fc6	MD5 of f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c	2024-07-29
FileHash-MD5	0a09b7f2317b3d5f057180be6b6d0755	MD5 of 8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f	2024-07-29
FileHash-MD5	1ffccc23fef2964e9b1747098c19d956	MD5 of 3098e6e7ae23b3b8637677da7bfc0ba720e557e6df71fa54a8ef1579b6746061	2024-07-29
FileHash-MD5	6e710f6f02fdde1e4adf06935a296fd8	MD5 of 868a62feff8b46466e9d63b83135a7987bf6d332c13739aa11b747b3e2ad4bbf	2024-07-29
FileHash-MD5	76cb5d1e6c2b6895428115705d9ac765	—	2024-07-29
FileHash-MD5	891db50188a90ddacfaf7567d2d0355d	MD5 of 0837dd54268c373069fc5c1628c6e3d75eb99c3b3efc94c45b73e2cf9a6f3207	2024-07-29
FileHash-MD5	9112efb49cae021abebd3e9a564e6ca4	MD5 of 7339cfa5a67f5a4261c18839ef971d7f96eaf60a46190cab590b439c71c4742b	2024-07-29
FileHash-MD5	9d7bd0caed10cc002670faff7ca130f5	MD5 of c2500a6e12f22b16e221ba01952b69c92278cd05632283d8b84c55c916efe27c	2024-07-29
FileHash-MD5	c1f266f7ec886278f030e7d7cd4e9131	MD5 of c1a09024504a5ec422cbea68e17dffc46472d3c2d73f83aa0741a89528a45cd1	2024-07-29
FileHash-MD5	d6121d74dcef566a5e2f9aba179b8cca	MD5 of fed94f461145681dc9347b382497a72542424c64b6ae6fcf945f4becd2d46c32	2024-07-29

References (1)