IOC Radar
MD5MediumSignal 99/100

0a09b7f2317b3d5f057180be6b6d0755

Location
PeruPeru
First Seen
Mar 1, 2023
Last Seen
Apr 30, 2026
Mar 1
First Seen
1218d ago
Apr 30
Last Seen
62d ago
7
Reports
source reports
99%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

87 techniques

Feed Intelligence Summary

7 reports99% confidence
7
Source reports
99%
Confidence score
Category tags
.netactive scanactive scanningaerospace & defenseahnlabahnlab securityandarielandariel groupandarloaderaptascii textasecasiaautomotive manufacturingazaz09blackblack ratbotnetbotnet activitybrute forcebuilding constructionc serverc++calls processcentercheckincisacivil servicescommand & controlcommand and controlcommand executioncommunication protocolconnection3aconstruction materialsconstruction safetyconstruction technologyconsumer electronicscoreacredential accesscredential stuffingcrlf linecveidcyberdarkseouldata encryptiondata exfiltrationdata store exposuredatabase securityddosdefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydenial of servicedetect-debug-environmentdetection logdirect-cpu-clock-accessdistributed attacksdistribution managementdoradprkdrops pedtrackelectronic componentselectronic designelectronic engineeringelectronic health recordselectronic manufacturingelectronic testingelectronics manufacturingembedded systemsencryptionenergyenergy distributionengineeringenterprise securityet malwareexploitation activityfile-hashfinfirstformbook cncfreight forwardingftpftp brute forcego programming languagegoatgoat ratgoatratgovernment technologyh0lygh0sthealth care and social assistancehealth information technologyhealthcare information systemshidden cobrahipshomenethospital managementhttp brute forcehttp scanneridentity & access exploitationidleindicatorindustrial automationindustrial iotindustrial productionindustry/defenseindustry/transportation and warehousingindustry/utilitiesinformation technologyinfostealeringress tool transferinitial accessinjection activityinjection attacksinnorix agentinsertintrusion detectioninventory managementiot securityit infrastructurekimsukykisakorea internetkorea, democratic people's republic ofkoreanlateral movementlazaruslazarus grouplog4jlogistics technologylong-sleepslookmagicratmajormalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmalwaretype/remote access trojanmanufacturing technologymedical servicesmilitary operationsmoderatenational securitynetwork attacksnetwork intrusionnetwork probingnetwork protocolnetwork scanningnetwork securitynextnorth koreanuclearoil & gasonyx sleetoperating systempatch managementpatient carepe filepeexeperiodperuphishingpower generationpower systemsprocess injectionprocess manufacturingprojectpublic administrationpublic infrastructurepublic policyquality controlransomwareratsrbgreconnaissancereconnaissance general bureauregulatory agenciesremote accessremote servicesrenewable energyresearchedrifdoorruntime-modulesrustscannerscripting attackssemiconductor technologyshellshipping servicessilent chollimasliversoftware developmentsoftware vulnerabilitiessouth americasouth koreaspawnsssh attackstrongsupply chain attacksupply chain managementsynt1003t1005t1014t1016t1018t1021t1021.001t1021.002t1027t1036t1039t1040t1047t1048t1049t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1068t1069.001t1071t1071.001t1071.002t1071.004t1076t1077t1078t1082t1083t1086t1087t1090t1105t1110t1110.001t1110.002t1110.003t1112t1119t1129t1189t1190t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1518t1547t1560t1562t1563t1565t1566t1566.001t1567t1569t1569.002t1572t1587t1588t1588.002t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1591t1592t1592.001t1592.002t1592.003t1595t1595.001t1595.002t1595.003t1596tcp protocoltdrop2themidathreat actorthreat intelligencethreatactor/onyx sleetthreattype/malwarethreattype/threat actorthreattype/vulnerability exploitationtigerrattor nodetransportation and warehousingtransportation managementtroytroy reversetwitterunauthorized access attemptunitedusersutilitiesvolgmervulnerability scanwarehouse operationsweb loginweb trafficwin32 malwarewindowswindows malwarewindows sandboxxmasyara

Activity Timeline

1 total obs
Apr 30Apr 30

Threat Activity Heatmap

· Peak: 2026-04-30
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
7
Reports
First seenMar 1, 2023
Last seenApr 30, 2026

VirusTotal

Not checked

WHOIS

description
MD5 of dfe5d75ed31b6cfc2cceebb1404d3eabc02f0021
references
https://www.microsoft.com/en-us/security/blog/2024/07/25/onyx-sleet-uses-array-of-malware-to-gather-intelligence-for-north-korea/, https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a, https://asec.ahnlab.com/en/56405/, https://www.microsoft.com/en-us/security/blog/2024/07/25/onyx-sleet-uses-array-of-malware-to-gather-intelligence-for-north-korea/#:~:text=Indicators%20of%20compromise, https://www.cisa.gov/sites/default/files/2024-07/AA24-207A-North-Korea-Cyber-Group-Conducts-Global-Espionage-Campaign-to-Advance-Regimes-Military-and-Nuclear-Programs.stix_.json, https://media.defense.gov/2024/Jul/25/2003510137/-1/-1/0/Joint-CSA-North-Korea-Cyber-Espionage-Advance-Military-Nuclear-Programs.PDF, https://www.ic3.gov/Media/News/2024/240725.pdf, https://www.ncsc.gov.uk/news/ncsc-partners-vigilant-dprk-sponsored-cyber-campaign, https://labs.inquest.net/iocdb, https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html, https://asec.ahnlab.com/en/48198/, 2713295.misp-json

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 2 months ago
Appeared in 7 threat reports