SHA1MediumSignal 94/100
e1ff89f8b2830778ee9bdae64ab94fc64d16af5a
Location
First Seen
Aug 17, 2023
Last Seen
Apr 1, 2026
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
94%
Signal Score
94 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports94% confidence
4
Source reports
94%
Confidence score
Category tags
active scanactive scanningaerospace & defenseagencyagricultural supply chainagricultural technologyagriculture, forestry, fishing and huntingahnlabandarielandarielpevt2apacheapplied researchaptapt45asiaautomotive manufacturingbad reputationbankingbitcoinblockchainbotnetbotnet activitybrute forcecertcisacivil servicescommand & controlcommand and controlcommodity contracts intermediationcommunication protocolcommunications networkscomputer securityconceptcpgscredential accesscredential stuffingcredit card servicescritical infrastructurecrop productioncrypto exchangecrypto miningcrypto walletcryptocurrencycryptocurrency threatscryptojackingcsirtcyber riskscyber securitydarkseouldata encryptiondata exfiltrationdata store exposuredatabase securityddosdecentralized financedefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedetect-debug-environmentdevelopment labsdigital currencydirect-cpu-clock-accessdistributed attacksdprkdprk cyberelectronic health recordselectronics manufacturingemergency servicesencryptionenergyenergy distributionenergy systemsengineeringexploitation activityextortionfarmingfile-hashfinfinancefinance and insurancefinancial servicesfinancial systemsfinancial technologyfood productionftpftp brute forcegoc2pegovtgogovernment facilitiesgovernment technologyh0lygh0sthealth care and social assistancehealth information technologyhealthcare information systemsholygh0st ransomwarehospital managementhttp brute forcehttp scanneridentity & access exploitationidleindicatorindustrial automationindustrial iotindustrial productionindustry/defenseindustry/transportation and warehousingindustry/utilitiesingress tool transferinitial accessinjection activityinjection attacksinnovation managementinstallintrusion detectioniocsiot securityjigsawkorea, democratic people's republic oflateral movementlazaruslazarusandariellivestock managementlockbitlong-sleepsmalicious downloadmalicious softwaremalwaremalware distributionmalwaretype/remote access trojanmanufacturing technologymauimaui ransomwaremedical servicesmilitary operationsmodulekeyloggermoduleshellnational securitynetwork attacksnetwork intrusionnetwork probingnetwork protocolnetwork scanningnetwork securitynistnorth koreanuclearoil & gasonyx sleetoperating systemosintoverlaypatient carepayment processingpeexeperuphishingpower generationpower systemsprecision agricultureprocess injectionprocess manufacturingproduct developmentproton mailpublic administrationpublic infrastructurepublic policyquality controlr&d strategyransomransomwareratsrbgreconnaissancereconnaissance general bureauregulatory agenciesremote accessremote servicesrenewable energyresearchresearch & developmentresearch methodologyresearchedresource hijackingriflerogueyeruntime-modulesryukscannerscientific researchsecurity operationsservicesilent chollimasonicwall smasouth americasouth koreasouth koreanssh attackstrongsupply chain attacksupply chain managementsustainable agriculturesynsystem disruptiont1003t1005t1021t1021.001t1021.002t1027t1039t1040t1047t1048t1055t1057t1059t1059.001t1059.003t1059.004t1059.005t1068t1069.001t1071t1071.001t1071.002t1071.004t1076t1077t1078t1082t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1119t1133t1189t1190t1195t1210t1486t1490t1496t1499.001t1499.002t1499.003t1560t1563t1565t1566t1566.001t1567t1569t1569.002t1572t1583t1583.003t1587t1588t1588.002t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1591t1592t1592.001t1592.002t1592.003t1595t1595.001t1595.002t1595.003t1596tcp protocoltechnology researchthreat actorthreat intelligencethreatactor/onyx sleetthreattype/malwarethreattype/threat actorthreattype/vulnerability exploitationtor nodetransportation and warehousingtransportation networksttpsturnunauthorized access attemptuniteduscertutilitiesvulnerability scanwater systemswealth managementweb loginweb trafficwin32 malwarewindows malwarex-popupxmas
Activity Timeline
Apr 1Apr 1
Threat Activity Heatmap
· Peak: 2026-04-01LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
94
SIGNAL
Signal Score
94%
Confidence
4
Reports
First seenAug 17, 2023
Last seenApr 1, 2026
VirusTotal
Not checked
WHOIS
- description
- PE32+ executable (GUI) x86-64, for MS Windows
- references
- https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine, https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a, https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-040a, https://www.cisa.gov/uscert/ncas/alerts/aa23-040a, https://www.microsoft.com/en-us/security/blog/2024/07/25/onyx-sleet-uses-array-of-malware-to-gather-intelligence-for-north-korea/#:~:text=Indicators%20of%20compromise, https://www.cisa.gov/sites/default/files/2024-07/AA24-207A-North-Korea-Cyber-Group-Conducts-Global-Espionage-Campaign-to-Advance-Regimes-Military-and-Nuclear-Programs.stix_.json, https://media.defense.gov/2024/Jul/25/2003510137/-1/-1/0/Joint-CSA-North-Korea-Cyber-Espionage-Advance-Military-Nuclear-Programs.PDF, https://www.ic3.gov/Media/News/2024/240725.pdf, https://www.ncsc.gov.uk/news/ncsc-partners-vigilant-dprk-sponsored-cyber-campaign, https://raw.githubusercontent.com/conexioninversa/MalwareIntel/main/C2_CobaltStrikeBeacon.txt, https://labs.inquest.net/iocdb, https://asec.ahnlab.com/en/47906/, 2697839.misp-json, https://community.riskiq.com/article/1028f070, https://ti.qianxin.com/blog/articles/lazarus-armory-update-analysis-of-recent-andariel-attacks/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 3 months ago
Appeared in 4 threat reports