Array of malware used to gather intelligence for North Korea
July 29, 2024, 11:04 a.m.
Description
Microsoft Threat Intelligence analyzes the activities of the North Korean threat actor Onyx Sleet, which conducts cyber espionage operations primarily targeting military, defense, and technology industries. The report covers Onyx Sleet's affiliations with other North Korean threat groups, its targets, attack techniques like exploiting vulnerabilities and custom malware, and recent malware campaigns such as TigerRAT, SmallTiger, LightHand, and ValidAlpha. The report also provides recommendations, detections, and indicators to help organizations protect themselves against Onyx Sleet's operations.
Tags
Date
- Created: July 29, 2024, 10:21 a.m.
- Published: July 29, 2024, 10:21 a.m.
- Modified: July 29, 2024, 11:04 a.m.
Indicators
- fed94f461145681dc9347b382497a72542424c64b6ae6fcf945f4becd2d46c32
- f1662bee722a4e25614ed30933b0ced17b752d99fae868fbb326a46afa2282d5
- 96118268f9ab475860c3ae3edf00d9ee944d6440fd60a1673f770d150bfb16d3
- 868a62feff8b46466e9d63b83135a7987bf6d332c13739aa11b747b3e2ad4bbf
- 29c6044d65af0073424ccc01abcb8411cbdc52720cac957a3012773c4380bab3
- 1b88b939e5ec186b2d19aec8f17792d493d74dd6ab3d5a6ddc42bfe78b01aff1
- c1a09024504a5ec422cbea68e17dffc46472d3c2d73f83aa0741a89528a45cd1
- c2500a6e12f22b16e221ba01952b69c92278cd05632283d8b84c55c916efe27c
- 8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f
- 7339cfa5a67f5a4261c18839ef971d7f96eaf60a46190cab590b439c71c4742b
- 3098e6e7ae23b3b8637677da7bfc0ba720e557e6df71fa54a8ef1579b6746061
- 0837dd54268c373069fc5c1628c6e3d75eb99c3b3efc94c45b73e2cf9a6f3207
- f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c
- 84.38.134.56
- 45.155.37.101
- 213.139.205.151
- 162.19.71.175
- 147.78.149.201
- 109.248.150.147
- http://84.38.134.56/procdump.gif
- ww3c.bounceme.net
- advice.uphearth.com
- americajobmail.site
- privatemake.bounceme.net
Additional Informations
- Technology
- Energy
- Defense
- India
- Korea, Republic of
- United States of America