Onyx Sleet uses array of malware to gather intelligence for North Korea | Microsoft Security Blog
Tags
cmtmf-attack-pattern: Masquerading
country: North Korea India South Korea United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Confluence - T1213.001 Exploits - T1587.004 Exploits - T1588.005 Keylogging - T1056.001 Keylogging - T1417.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Masquerading - T1036 Masquerading
Show in Graph
Common Information
Type Value
UUID 8c23a27f-6b69-4272-86f0-75017b9dd3e9
Fingerprint ad741f1106ce96d1
Analysis status DONE
Considered CTI value 2
Text language
Published July 25, 2024, 8:57 a.m.
Added to db Aug. 31, 2024, 7:22 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Onyx Sleet uses array of malware to gather intelligence for North Korea
Title Onyx Sleet uses array of malware to gather intelligence for North Korea | Microsoft Security Blog
Detected Hints/Tags/Attributes 90/4/33
Source URLs
Redirection Url
Details Source https://www.microsoft.com/en-us/security/blog/2024/07/25/onyx-sleet-uses-array-of-malware-to-gather-intelligence-for-north-korea/
URL Provider
Details Provider Source level domain
Details microsoft.com www.microsoft.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 173 Microsoft Security Blog https://microsoft.com/security/blog/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 53 
cve-2023-42793
Details CVE 397 
cve-2021-44228
Details CVE 84 
cve-2023-46604
Details CVE 102 
cve-2023-22515
Details CVE 140 
cve-2023-27350
Details Domain 107 
aka.ms
Details File 2125 
cmd.exe
Details File 1 
procdump.gif
Details File 1 
smalltiger.dll
Details md5 3 
76cb5d1e6c2b6895428115705d9ac765
Details sha1 3 
6624c7b8faac176d1c1cb10b03e7ee58a4853f91
Details sha256 3 
f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c
Details sha256 1 
0837dd54268c373069fc5c1628c6e3d75eb99c3b3efc94c45b73e2cf9a6f3207
Details sha256 1 
29c6044d65af0073424ccc01abcb8411cbdc52720cac957a3012773c4380bab3
Details sha256 1 
fed94f461145681dc9347b382497a72542424c64b6ae6fcf945f4becd2d46c32
Details sha256 1 
868a62feff8b46466e9d63b83135a7987bf6d332c13739aa11b747b3e2ad4bbf
Details sha256 1 
f1662bee722a4e25614ed30933b0ced17b752d99fae868fbb326a46afa2282d5
Details sha256 1 
1b88b939e5ec186b2d19aec8f17792d493d74dd6ab3d5a6ddc42bfe78b01aff1
Details sha256 1 
3098e6e7ae23b3b8637677da7bfc0ba720e557e6df71fa54a8ef1579b6746061
Details sha256 1 
8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f
Details sha256 1 
7339cfa5a67f5a4261c18839ef971d7f96eaf60a46190cab590b439c71c4742b
Details IPv4 1 
84.38.134.56
Details IPv4 2 
45.155.37.101
Details IPv4 1 
213.139.205.151
Details IPv4 3 
109.248.150.147
Details IPv4 3 
162.19.71.175
Details IPv4 2 
147.78.149.201
Details Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) 11 
DEV-0530
Details Microsoft Threat Actor Naming Taxonomy (Groups in development) 2 
Storm-0530
Details Microsoft Threat Actor Naming Taxonomy (Groups in development) 1 
Storm-1789
Details Threat Actor Identifier - APT 19 
APT45
Details Url 1 
http://84.38.134.56/procdump.gif
Details Url 22 
https://aka.ms/threatintelblog.