Back

Array of malware used to gather intelligence for North Korea

July 29, 2024, 11:04 a.m.

Tags

espionage
north korea
CVE-2021-44228
sliver
smalltiger
2024-07-29
dtrack
CVE-2023-27350
tigerrat
CVE-2023-42793
lighthand
validalpha

External References

https://www.microsoft.com/

https://otx.alienvault.com/

Description

Microsoft Threat Intelligence analyzes the activities of the North Korean threat actor Onyx Sleet, which conducts cyber espionage operations primarily targeting military, defense, and technology industries. The report covers Onyx Sleet's affiliations with other North Korean threat groups, its targets, attack techniques like exploiting vulnerabilities and custom malware, and recent malware campaigns such as TigerRAT, SmallTiger, LightHand, and ValidAlpha. The report also provides recommendations, detections, and indicators to help organizations protect themselves against Onyx Sleet's operations.

Date

Published Created Modified
July 29, 2024, 10:21 a.m. July 29, 2024, 10:21 a.m. July 29, 2024, 11:04 a.m.

Indicators

fed94f461145681dc9347b382497a72542424c64b6ae6fcf945f4becd2d46c32

f1662bee722a4e25614ed30933b0ced17b752d99fae868fbb326a46afa2282d5

96118268f9ab475860c3ae3edf00d9ee944d6440fd60a1673f770d150bfb16d3

868a62feff8b46466e9d63b83135a7987bf6d332c13739aa11b747b3e2ad4bbf

29c6044d65af0073424ccc01abcb8411cbdc52720cac957a3012773c4380bab3

1b88b939e5ec186b2d19aec8f17792d493d74dd6ab3d5a6ddc42bfe78b01aff1

c1a09024504a5ec422cbea68e17dffc46472d3c2d73f83aa0741a89528a45cd1

c2500a6e12f22b16e221ba01952b69c92278cd05632283d8b84c55c916efe27c

8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f

7339cfa5a67f5a4261c18839ef971d7f96eaf60a46190cab590b439c71c4742b

3098e6e7ae23b3b8637677da7bfc0ba720e557e6df71fa54a8ef1579b6746061

0837dd54268c373069fc5c1628c6e3d75eb99c3b3efc94c45b73e2cf9a6f3207

f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c

84.38.134.56

45.155.37.101

213.139.205.151

162.19.71.175

147.78.149.201

109.248.150.147

http://84.38.134.56/procdump.gif

Attack Patterns

Dtrack - S0567

LightHand

ValidAlpha

SmallTiger

TigerRAT

Sliver

Onyx Sleet

T1139

T1565

T1137

T1027.002

T1136

T1059.003

T1087

T1071.001

T1021

T1218

T1057

T1105

T1071

T1102

T1036

T1498

T1132

T1027

T1059

CVE-2023-42793

CVE-2023-27350

CVE-2023-46604

CVE-2023-22515

CVE-2021-44228

Additional Informations

Technology

Energy

Defense

India

Korea, Republic of

United States of America