APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
AI Analysis
Technical Summary
APT43, also known as Kimsuky, is a North Korean advanced persistent threat (APT) group that has been observed leveraging cybercrime activities to fund its espionage operations. This threat actor employs a sophisticated and multi-faceted attack methodology primarily centered around social engineering techniques such as phishing and spearphishing (MITRE ATT&CK T1566, T1566.001, T1566.002). The group uses malicious links and attachments to gain initial access to targeted systems. Once inside, APT43 utilizes a wide range of tactics and techniques to maintain persistence, escalate privileges, and conduct reconnaissance. These include the use of scheduled tasks (T1053.005), Windows Management Instrumentation (T1047), command and scripting interpreters such as PowerShell and Windows command shell (T1059.001, T1059.003), and code injection methods (T1055 series). APT43 also compromises infrastructure by leveraging virtual private servers (T1583.003) and multi-hop proxies (T1090.003) to obfuscate command and control (C2) communications, which often use web protocols (T1071.001) and DNS tunneling (T1071.004). The group employs digital and code signing certificates (T1588.003, T1588.004) to sign malware and evade detection, and installs these certificates (T1608.003) to masquerade malicious payloads as legitimate software. They also use obfuscation techniques such as binary padding, software packing, and indicator removal (T1027 series) to avoid signature-based detection. APT43 conducts extensive discovery activities (T1007, T1010, T1012, T1016, T1033, T1057, T1082, T1083, T1087, T1518) to map out the environment and identify valuable targets. They capture sensitive data through keylogging (T1056.001), screen capture (T1113), clipboard data collection (T1115), and exfiltrate data via automated methods (T1020). The group also employs brute force attacks (T1110) and steals credentials from web browsers (T1555.003) to expand access. Persistence is maintained through registry run keys, startup folders, Windows services, and Winlogon helper DLLs (T1547 series, T1543.003). They also use advanced evasion techniques such as virtualization/sandbox evasion (T1497), debugger evasion (T1622), and reflective code loading (T1620). This threat actor is known to exploit client execution vulnerabilities (T1203) and uses malicious files and links (T1204.001, T1204.002) to deliver payloads. They manipulate system processes and tokens (T1134) and modify system registries (T1112) to maintain control. The group’s operations are perpetual and ongoing, with known exploits in the wild, and no patches are currently available for the vulnerabilities exploited. The threat level is high due to the combination of espionage objectives and cybercrime funding activities, making it a persistent and dangerous actor.
Potential Impact
European organizations face significant risks from APT43 due to the group's sophisticated attack techniques and espionage motivations. The impact includes potential compromise of sensitive intellectual property, government secrets, and critical infrastructure data, which could undermine national security and economic competitiveness. The use of phishing and spearphishing makes any organization with email communication vulnerable, especially those in sectors such as defense, energy, finance, research, and government. The ability of APT43 to maintain persistence and evade detection means that breaches could remain undetected for extended periods, allowing extensive data exfiltration and operational disruption. Additionally, the group's cybercrime activities to fund espionage may lead to financial losses and increased operational costs for affected organizations. The compromise of code signing certificates and digital certificates also threatens the software supply chain integrity, potentially affecting software vendors and their customers across Europe. The threat to availability through service stoppage and system shutdown techniques could disrupt critical services. Overall, the impact spans confidentiality, integrity, and availability, posing a high risk to European entities.
Mitigation Recommendations
1. Implement advanced email security solutions with targeted phishing and spearphishing detection capabilities, including sandboxing and URL detonation, to identify and block malicious attachments and links. 2. Enforce strict digital certificate management policies, including monitoring for unauthorized issuance or installation of code signing and digital certificates, and employ certificate pinning where feasible. 3. Deploy endpoint detection and response (EDR) tools capable of detecting script-based attacks, code injection, and persistence mechanisms such as registry run keys and scheduled tasks. 4. Conduct regular threat hunting exercises focusing on indicators of compromise related to APT43 tactics, including unusual PowerShell usage, WMI activity, and network traffic anomalies involving multi-hop proxies and DNS tunneling. 5. Harden systems by disabling unnecessary scripting environments and restricting the use of PowerShell and Windows command shell to trusted administrators. 6. Implement network segmentation and strict egress filtering to limit data exfiltration paths and isolate critical assets. 7. Regularly update and patch all software and systems, and maintain an inventory of digital certificates and code signing keys to detect anomalies. 8. Provide targeted user awareness training emphasizing spearphishing risks and reporting procedures. 9. Monitor for brute force attempts and implement multi-factor authentication (MFA) to reduce credential compromise risks. 10. Establish incident response plans specifically addressing APT tactics, including rapid containment and forensic analysis capabilities.
Affected Countries
Germany, France, United Kingdom, Italy, Netherlands, Belgium, Poland, Sweden, Finland, Norway
Indicators of Compromise
- link: https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report
- text: Mandiant assesses with high confidence that APT43 is a moderately-sophisticated cyber operator that supports the interests of the North Korean regime. Campaigns attributed to APT43 include strategic intelligence collection aligned with Pyongyang’s geopolitical interests, credential harvesting and social engineering to support espionage activities, and financially-motivated cybercrime to fund operations. Tracked since 2018, APT43 collection priorities align with the mission of the Reconnaissance General Bureau (RGB), North Korea's main foreign intelligence service. The group’s focus on foreign policy and nuclear security issues supports North Korea’s strategic and nuclear ambitions. However, the group’s focus on health-related verticals throughout the majority of 2021, likely in support of pandemic response efforts, highlights its responsiveness to shifting priorities from Pyongyang.
- text: Report
- file: APT43 Report.pdf
- hash: e205ed81ccb99641dcc6c2799d32ef0584fa2175
- hash: 982fc9ded34c85469269eacb1cb4ef26
- hash: 557ff6c87c81a2d2348bd8d667ea8412a1a0a055f5e1ae91701c2954ca8a3fdb
- hash: 47a32bc992e5d4613b3658b025ab913b0679232c
- hash: de9a8c26049699dbbd5d334a8566d38d
- hash: 43c2d5122af50363c29879501776d907eaa568fa142d935f6c80e823d18223f5
- hash: 1087efbd004f65d226bf20a52f1dc0b3e756ff9e
- hash: 144bd7fd423edc3965cb0161a8b82ab2
- hash: 2b78d5228737a38fa940e9ab19601747c68ed28e488696694648e3d70e53eb5a
- hash: f3b047e6eb3964deb047767fad52851c5601483f
- hash: cd83a51bec0396f4a0fd563ca9c929d7
- hash: fb7fb6dbaf568b568cd5e60ab537a42d5982949a5e577db53cc707012c7f20e3
- hash: 539acd9145befd7e670fe826c248766f46f0d041
- hash: 33df74cbb60920d63fe677c6f90b63f9
- hash: 94aa827a514d7aa70c404ec326edaaad4b2b738ffaea5a66c0c9f246738df579
- hash: bc6cb78e20cb20285149d55563f6fdcf4aaafa58
- hash: ebaf83302dc78d96d5993830430bd169
- hash: 5cbc07895d099ce39a3142025c557b7fac41d79914535ab7ffc2094809f12a4b
- hash: c0c6b99796d732fa53402ff49fd241612a340229
- hash: b846fa8bc3a55fa0490a807186a8ece9
- hash: 855656bfecc359a1816437223c4a133359e73ecf45acda667610fbe7875ab3c8
- hash: e5b312155289cdc6a80a041821fc82d2cca80bcd
- hash: f92a75b98249fa61cf62e8b63cb68fae
- hash: d0971d098b0f8cf2187feeed3ce049930f19ec3379b141ec6a2f2871b1e90ff7
- hash: 40826e2064b59b8b7b3e514b9ef2c1479ac3b038
- hash: 1dcd5afeccfe2040895686eefa0a9629
- hash: 07aed9fa864556753de0a664d22854167a3d898820bc92be46b1977c68b12b34
- hash: e79527f7307c1dda62c42487163616b3e58d5028
- hash: 5fe4da6a1d82561a19711e564adc7589
- hash: 8d0bafca8a8e8f3e4544f1822bc4bb08ceaa3c7192c9a92006b1eb500771ab53
- hash: b0c2312852d750c4bceb552def6985b8b800d3f3
- hash: e8da7fcdf0ca67b76f9a7967e240d223
- hash: 9dac6553b89645ac8d9e0a3dc877d12641e6d05fb52e8de6ae5533b2bdf0abc9
- hash: 1b9a4c0a5615a4f96a041d771646c1a407b17577
- hash: 2bf26702c6ecbd46f68138cdcd45c034
- hash: 38d1d8c3c4ec5ea17c3719af285247cb1d8879c7cf967e1be1197e60d42c01c5
- hash: a1f72c890d0b920f4f4cb2d59df6fa40734de90d
- hash: 2d330c354c14b39368876392d56fb18c
- hash: f86d05c1d7853c06fc5561f8df19b53506b724a83bb29c69b39f004a0f7f82d8
- hash: fb09b89803da071b7b7eb23244771c54d979a873
- hash: 15ec5c7125e6c74f740d6fc3376c130d
- hash: 4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211
- hash: 4b0d0ebb0c676efe855bed796221dd475a39ba40
- hash: 2a5562de1d3e734d9328a1c78b43c2e5
- hash: 203ea478fa4d2d5ef513cad8b51617e0c9f7571bf3a3becf9c267a0d590c6d72
- hash: 1d49d462a11a00d8ac9608e49f055961bf79980d
- hash: 0cc0aa5877cec9109b7a5a0e3a250c72
- hash: 1324acd1f720055e7941b39949116dfe72ce2e7792e70128f69e228eb48b0821
- hash: 5b69e3e5f4f49cf8b635a57a8c92e17a4f130d50
- hash: 2c530adb841114366ce6177ce964a5e6
- hash: 873b8fb97b4b0c6d7992f6af15653295788526def41f337c651dc64e8e4aeebd
- hash: 2508f5ff0c28356c0c3f8e6cae7b750d53495bca
- hash: c066b81c4b8b0703f81f8bc6fb432992
- hash: 63b4bd01f80d43576c279adf69a5582129e81cc4adbd03675909581643765ea8
- hash: 942fd7b4ef1ccf7032a40acad975c7b5905c3c77
- hash: 1d30dfa5d8f21d1465409b207115ded6
- hash: ed0161f2a3337af5e27a84bea85fb4abe35654f5de22bcb8a503d537952b1e8a
- hash: 862abce03f7f5de0c466fdbd24ad796578eaa110
- hash: 21cffaa7f9bf224ce75e264bfb16dd0d
- hash: a605570555620cea6d6be211520525fc95a30961661780da4cc4bafe9864f394
- hash: e74b816f1c6d6347cb40121e0b50dadd0d8f1f97
- hash: 20bc53deb7b1214580e9d9efeaa5e9d7
- hash: 908777e58161615657663656861c212ac25696741ef69411021474158fa2b4cf
- hash: d80be054a569df5f201191dcc4fea0dde9622da5
- hash: 9cdda333432f403b408b9fe717163861
- hash: d2f4bf0caed5a442198fcdc43c83c7b27ae04f341a72b270c9ed40778aa77afe
- hash: 63e113f0a906af82903dbfac3e78bdd2d146e738
- hash: ddae18c65d583b41a2157d496a4bde61
- hash: a4ba1e6ab678a1bdf8bc05bea8310d743928a4e2c05bad104e61afdd9cccf9a1
- hash: a61f009e73ae81a18751e9aee39f8121a3902280
- hash: 1ffccf6cb3b74d68df2b899fd33127a5
- hash: da22d327124a0ee6a93cd07e85f9804fbc98eda87824ddcf7c8a63d349e87034
- hash: 12c508ace6e8aa42be02750d759e720b800bf796
- hash: 60efecf4e1b5b2c580329e9afa05db15
- hash: 034d29fb89a8f68ba714f1868b2181c4cd59d4a2604630ef1554a6ccf3fe6d75
- hash: 7da4e8b743478370fa41fe39a45e3ff2ca2194b3
- hash: 0f77143ce98d0b9f69c802789e3b1713
- hash: 54a8b8c933633c089f03d07cfbd5cafbf76a6d7095f2706d6604e739bb9c950f
- hash: b7fdb5e5b31adfc5ada0de1e05b0c069968e5bce
- hash: 0b558ee89a7bb32968ef78104f6b9a28
- hash: 79c0fe1467dada33e0b097dd772c36229618b7091baa5f10da083f894192a237
- hash: 2dd269608dd7f4da171d1a220fe97347162008c7
- hash: 139d2561f5c72fabb099a12c16b8960c
- hash: 2c338055e8245057169f1733846e0490bc4ae117d1dadefe0a3f07a63dc87520
- hash: 98040f42103ce3b840dd54bf3490587f141a0bc3
- hash: 14a00f517012279af53118a491253e5c
- hash: 26a98b752fd8e700776f11bad4169a0670824d5b5b9337f3c8f46fac33bc03e8
- hash: 7d66c1f36b4b48d990461ec44d626793ade6a8d1
- hash: 37e7d679cd4aa788ec63f27cb02962ea
- hash: b55e9d65a3130f543360a9c488d35475d4789ee7a32a4e94d02f33c21a172bcb
- hash: 4e93797dd3b383050cf0ee585aa5b5525efb2380
- hash: b077ba5af1dfbd4ac523923eab56bcd4
- hash: 4a08b78d410bc3d9b78dd63b146767f293dc3f3f6f8092352d2aa2f589e9c772
- hash: f3b774e921eaad9335b9c057dd49b918c5dae4a6
- hash: 04d0856afb1aa9168377d6aa579c5403
- hash: e637c86ae20a7f36a0ad43618b00c48f47b5591a03af3fb689a16c45afa43733
- hash: a9ff1ebb548f5bba600d38e709ff331749fa9971
- hash: 4626ed60dfc8deaf75477bc06bd39be7
- hash: 2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2
- hash: 6f4b6938ac8fd9591fc399219dbaf4347d8b444b
- hash: 768c84100d6e3181a26fa50261129287
- hash: 780e7edbfad5f68051c2039036b00b304d3f828fdbee85d2d09edbcc6d07ea34
- hash: d3b233d6d8b11235929e4a0cbdb12eefdd47d927
- hash: 946f787c129bf469298aa881fb0843f4
- hash: 32beeda8cffc2ecc689ea2529194cf806955879a334ec68176864d1e6c09800c
- hash: 851ba2182b37bc7380420a986840e16f73947413
- hash: c9d70bf370172609da848fa785989939
- hash: ba3c79dbeca0234fa838ae4c956409115556f437372aeeb0737206d71caf4a38
- hash: 25d94c9ab7635ff330dabe96780f330f7f2ba775
- hash: 0085bc8ce16ef17643909c4799ead02b
- hash: a9c404e100bfd2716a8f6bfafc07b0bd6175bedb047d10b94390c79249258272
- hash: 700acc4e48eae84f80f4dbaf74bf60b79efd49bd
- hash: 68ce092f1a3d19852ea32db8388de5c7
- hash: 25c2f4703cbaa1ff4dbcfcc16a10b29ef35ccc174b71b21de360d898540889f8
- hash: 6618e25dd49b68f7b2b266eb2d787e6f05c964bc
- hash: 7e609404cc258bbe283bea6ddd7af293
- hash: 502136707a70b768800640224e48c634057dc651892113b62522f0dd2fcf1e87
- hash: 1f6c7c9219f6b6ea30cd481968ae1a038789be67
- hash: 0821884168a644f3c27176a52763acc9
- hash: e7fae41c0bd8d3d95253bd75dce99015599ecc404bd8d737cec305fc3e4dd018
- hash: 636f2c20183b45691b742949d49b3d6c218c9cce
- hash: 8ca84c206fe8436dcc92bf6c1f7cf168
- hash: 7943bf9cc7b2adf50f7f92dd37347381e6d0aef23b34a3cd0a3afcda1d72e16d
- hash: 11f646095495d625e7d71038578cc838a6d5e111
- hash: 18df13900f118158c33df904c662e875
- hash: 98d4471fe549bb3067ac2f2d9afd50ed1baaddab41ec4270834989e7f1ade14d
- hash: 75c516dde8415494c288e349d440ce778dede8e3
- hash: 107f917a5ddb4d3947233fbc9d47ddc8
- hash: 2d41b04f5d86047dc2353a10595418b0d5239c22112f36eb9d253b2e8b6eb0d0
APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
Description
APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
AI-Powered Analysis
Technical Analysis
APT43, also known as Kimsuky, is a North Korean advanced persistent threat (APT) group that has been observed leveraging cybercrime activities to fund its espionage operations. This threat actor employs a sophisticated and multi-faceted attack methodology primarily centered around social engineering techniques such as phishing and spearphishing (MITRE ATT&CK T1566, T1566.001, T1566.002). The group uses malicious links and attachments to gain initial access to targeted systems. Once inside, APT43 utilizes a wide range of tactics and techniques to maintain persistence, escalate privileges, and conduct reconnaissance. These include the use of scheduled tasks (T1053.005), Windows Management Instrumentation (T1047), command and scripting interpreters such as PowerShell and Windows command shell (T1059.001, T1059.003), and code injection methods (T1055 series). APT43 also compromises infrastructure by leveraging virtual private servers (T1583.003) and multi-hop proxies (T1090.003) to obfuscate command and control (C2) communications, which often use web protocols (T1071.001) and DNS tunneling (T1071.004). The group employs digital and code signing certificates (T1588.003, T1588.004) to sign malware and evade detection, and installs these certificates (T1608.003) to masquerade malicious payloads as legitimate software. They also use obfuscation techniques such as binary padding, software packing, and indicator removal (T1027 series) to avoid signature-based detection. APT43 conducts extensive discovery activities (T1007, T1010, T1012, T1016, T1033, T1057, T1082, T1083, T1087, T1518) to map out the environment and identify valuable targets. They capture sensitive data through keylogging (T1056.001), screen capture (T1113), clipboard data collection (T1115), and exfiltrate data via automated methods (T1020). The group also employs brute force attacks (T1110) and steals credentials from web browsers (T1555.003) to expand access. Persistence is maintained through registry run keys, startup folders, Windows services, and Winlogon helper DLLs (T1547 series, T1543.003). They also use advanced evasion techniques such as virtualization/sandbox evasion (T1497), debugger evasion (T1622), and reflective code loading (T1620). This threat actor is known to exploit client execution vulnerabilities (T1203) and uses malicious files and links (T1204.001, T1204.002) to deliver payloads. They manipulate system processes and tokens (T1134) and modify system registries (T1112) to maintain control. The group’s operations are perpetual and ongoing, with known exploits in the wild, and no patches are currently available for the vulnerabilities exploited. The threat level is high due to the combination of espionage objectives and cybercrime funding activities, making it a persistent and dangerous actor.
Potential Impact
European organizations face significant risks from APT43 due to the group's sophisticated attack techniques and espionage motivations. The impact includes potential compromise of sensitive intellectual property, government secrets, and critical infrastructure data, which could undermine national security and economic competitiveness. The use of phishing and spearphishing makes any organization with email communication vulnerable, especially those in sectors such as defense, energy, finance, research, and government. The ability of APT43 to maintain persistence and evade detection means that breaches could remain undetected for extended periods, allowing extensive data exfiltration and operational disruption. Additionally, the group's cybercrime activities to fund espionage may lead to financial losses and increased operational costs for affected organizations. The compromise of code signing certificates and digital certificates also threatens the software supply chain integrity, potentially affecting software vendors and their customers across Europe. The threat to availability through service stoppage and system shutdown techniques could disrupt critical services. Overall, the impact spans confidentiality, integrity, and availability, posing a high risk to European entities.
Mitigation Recommendations
1. Implement advanced email security solutions with targeted phishing and spearphishing detection capabilities, including sandboxing and URL detonation, to identify and block malicious attachments and links. 2. Enforce strict digital certificate management policies, including monitoring for unauthorized issuance or installation of code signing and digital certificates, and employ certificate pinning where feasible. 3. Deploy endpoint detection and response (EDR) tools capable of detecting script-based attacks, code injection, and persistence mechanisms such as registry run keys and scheduled tasks. 4. Conduct regular threat hunting exercises focusing on indicators of compromise related to APT43 tactics, including unusual PowerShell usage, WMI activity, and network traffic anomalies involving multi-hop proxies and DNS tunneling. 5. Harden systems by disabling unnecessary scripting environments and restricting the use of PowerShell and Windows command shell to trusted administrators. 6. Implement network segmentation and strict egress filtering to limit data exfiltration paths and isolate critical assets. 7. Regularly update and patch all software and systems, and maintain an inventory of digital certificates and code signing keys to detect anomalies. 8. Provide targeted user awareness training emphasizing spearphishing risks and reporting procedures. 9. Monitor for brute force attempts and implement multi-factor authentication (MFA) to reduce credential compromise risks. 10. Establish incident response plans specifically addressing APT tactics, including rapid containment and forensic analysis capabilities.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 1
- Analysis
- 0
- Uuid
- 68690840-5104-4c1a-9223-6d0a35c52704
- Original Timestamp
- 1687420054
Indicators of Compromise
Link
| Value | Description | Copy |
|---|---|---|
linkhttps://mandiant.widen.net/s/zvmfw5fnjs/apt43-report | — |
Text
| Value | Description | Copy |
|---|---|---|
textMandiant assesses with high confidence that APT43 is a moderately-sophisticated cyber operator that supports the interests of the North Korean regime. Campaigns attributed to APT43 include strategic intelligence collection aligned with Pyongyang’s geopolitical interests, credential harvesting and social engineering to support espionage activities, and financially-motivated cybercrime to fund operations. Tracked since 2018, APT43 collection priorities align with the mission of the Reconnaissance General Bureau (RGB), North Korea's main foreign intelligence service. The group’s focus on foreign policy and nuclear security issues supports North Korea’s strategic and nuclear ambitions. However, the group’s focus on health-related verticals throughout the majority of 2021, likely in support of pandemic response efforts, highlights its responsiveness to shifting priorities from Pyongyang. | — | |
textReport | — |
File
| Value | Description | Copy |
|---|---|---|
fileAPT43 Report.pdf | — |
Hash
| Value | Description | Copy |
|---|---|---|
hashe205ed81ccb99641dcc6c2799d32ef0584fa2175 | — | |
hash982fc9ded34c85469269eacb1cb4ef26 | — | |
hash557ff6c87c81a2d2348bd8d667ea8412a1a0a055f5e1ae91701c2954ca8a3fdb | — | |
hash47a32bc992e5d4613b3658b025ab913b0679232c | — | |
hashde9a8c26049699dbbd5d334a8566d38d | — | |
hash43c2d5122af50363c29879501776d907eaa568fa142d935f6c80e823d18223f5 | — | |
hash1087efbd004f65d226bf20a52f1dc0b3e756ff9e | — | |
hash144bd7fd423edc3965cb0161a8b82ab2 | — | |
hash2b78d5228737a38fa940e9ab19601747c68ed28e488696694648e3d70e53eb5a | — | |
hashf3b047e6eb3964deb047767fad52851c5601483f | — | |
hashcd83a51bec0396f4a0fd563ca9c929d7 | — | |
hashfb7fb6dbaf568b568cd5e60ab537a42d5982949a5e577db53cc707012c7f20e3 | — | |
hash539acd9145befd7e670fe826c248766f46f0d041 | — | |
hash33df74cbb60920d63fe677c6f90b63f9 | — | |
hash94aa827a514d7aa70c404ec326edaaad4b2b738ffaea5a66c0c9f246738df579 | — | |
hashbc6cb78e20cb20285149d55563f6fdcf4aaafa58 | — | |
hashebaf83302dc78d96d5993830430bd169 | — | |
hash5cbc07895d099ce39a3142025c557b7fac41d79914535ab7ffc2094809f12a4b | — | |
hashc0c6b99796d732fa53402ff49fd241612a340229 | — | |
hashb846fa8bc3a55fa0490a807186a8ece9 | — | |
hash855656bfecc359a1816437223c4a133359e73ecf45acda667610fbe7875ab3c8 | — | |
hashe5b312155289cdc6a80a041821fc82d2cca80bcd | — | |
hashf92a75b98249fa61cf62e8b63cb68fae | — | |
hashd0971d098b0f8cf2187feeed3ce049930f19ec3379b141ec6a2f2871b1e90ff7 | — | |
hash40826e2064b59b8b7b3e514b9ef2c1479ac3b038 | — | |
hash1dcd5afeccfe2040895686eefa0a9629 | — | |
hash07aed9fa864556753de0a664d22854167a3d898820bc92be46b1977c68b12b34 | — | |
hashe79527f7307c1dda62c42487163616b3e58d5028 | — | |
hash5fe4da6a1d82561a19711e564adc7589 | — | |
hash8d0bafca8a8e8f3e4544f1822bc4bb08ceaa3c7192c9a92006b1eb500771ab53 | — | |
hashb0c2312852d750c4bceb552def6985b8b800d3f3 | — | |
hashe8da7fcdf0ca67b76f9a7967e240d223 | — | |
hash9dac6553b89645ac8d9e0a3dc877d12641e6d05fb52e8de6ae5533b2bdf0abc9 | — | |
hash1b9a4c0a5615a4f96a041d771646c1a407b17577 | — | |
hash2bf26702c6ecbd46f68138cdcd45c034 | — | |
hash38d1d8c3c4ec5ea17c3719af285247cb1d8879c7cf967e1be1197e60d42c01c5 | — | |
hasha1f72c890d0b920f4f4cb2d59df6fa40734de90d | — | |
hash2d330c354c14b39368876392d56fb18c | — | |
hashf86d05c1d7853c06fc5561f8df19b53506b724a83bb29c69b39f004a0f7f82d8 | — | |
hashfb09b89803da071b7b7eb23244771c54d979a873 | — | |
hash15ec5c7125e6c74f740d6fc3376c130d | — | |
hash4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211 | — | |
hash4b0d0ebb0c676efe855bed796221dd475a39ba40 | — | |
hash2a5562de1d3e734d9328a1c78b43c2e5 | — | |
hash203ea478fa4d2d5ef513cad8b51617e0c9f7571bf3a3becf9c267a0d590c6d72 | — | |
hash1d49d462a11a00d8ac9608e49f055961bf79980d | — | |
hash0cc0aa5877cec9109b7a5a0e3a250c72 | — | |
hash1324acd1f720055e7941b39949116dfe72ce2e7792e70128f69e228eb48b0821 | — | |
hash5b69e3e5f4f49cf8b635a57a8c92e17a4f130d50 | — | |
hash2c530adb841114366ce6177ce964a5e6 | — | |
hash873b8fb97b4b0c6d7992f6af15653295788526def41f337c651dc64e8e4aeebd | — | |
hash2508f5ff0c28356c0c3f8e6cae7b750d53495bca | — | |
hashc066b81c4b8b0703f81f8bc6fb432992 | — | |
hash63b4bd01f80d43576c279adf69a5582129e81cc4adbd03675909581643765ea8 | — | |
hash942fd7b4ef1ccf7032a40acad975c7b5905c3c77 | — | |
hash1d30dfa5d8f21d1465409b207115ded6 | — | |
hashed0161f2a3337af5e27a84bea85fb4abe35654f5de22bcb8a503d537952b1e8a | — | |
hash862abce03f7f5de0c466fdbd24ad796578eaa110 | — | |
hash21cffaa7f9bf224ce75e264bfb16dd0d | — | |
hasha605570555620cea6d6be211520525fc95a30961661780da4cc4bafe9864f394 | — | |
hashe74b816f1c6d6347cb40121e0b50dadd0d8f1f97 | — | |
hash20bc53deb7b1214580e9d9efeaa5e9d7 | — | |
hash908777e58161615657663656861c212ac25696741ef69411021474158fa2b4cf | — | |
hashd80be054a569df5f201191dcc4fea0dde9622da5 | — | |
hash9cdda333432f403b408b9fe717163861 | — | |
hashd2f4bf0caed5a442198fcdc43c83c7b27ae04f341a72b270c9ed40778aa77afe | — | |
hash63e113f0a906af82903dbfac3e78bdd2d146e738 | — | |
hashddae18c65d583b41a2157d496a4bde61 | — | |
hasha4ba1e6ab678a1bdf8bc05bea8310d743928a4e2c05bad104e61afdd9cccf9a1 | — | |
hasha61f009e73ae81a18751e9aee39f8121a3902280 | — | |
hash1ffccf6cb3b74d68df2b899fd33127a5 | — | |
hashda22d327124a0ee6a93cd07e85f9804fbc98eda87824ddcf7c8a63d349e87034 | — | |
hash12c508ace6e8aa42be02750d759e720b800bf796 | — | |
hash60efecf4e1b5b2c580329e9afa05db15 | — | |
hash034d29fb89a8f68ba714f1868b2181c4cd59d4a2604630ef1554a6ccf3fe6d75 | — | |
hash7da4e8b743478370fa41fe39a45e3ff2ca2194b3 | — | |
hash0f77143ce98d0b9f69c802789e3b1713 | — | |
hash54a8b8c933633c089f03d07cfbd5cafbf76a6d7095f2706d6604e739bb9c950f | — | |
hashb7fdb5e5b31adfc5ada0de1e05b0c069968e5bce | — | |
hash0b558ee89a7bb32968ef78104f6b9a28 | — | |
hash79c0fe1467dada33e0b097dd772c36229618b7091baa5f10da083f894192a237 | — | |
hash2dd269608dd7f4da171d1a220fe97347162008c7 | — | |
hash139d2561f5c72fabb099a12c16b8960c | — | |
hash2c338055e8245057169f1733846e0490bc4ae117d1dadefe0a3f07a63dc87520 | — | |
hash98040f42103ce3b840dd54bf3490587f141a0bc3 | — | |
hash14a00f517012279af53118a491253e5c | — | |
hash26a98b752fd8e700776f11bad4169a0670824d5b5b9337f3c8f46fac33bc03e8 | — | |
hash7d66c1f36b4b48d990461ec44d626793ade6a8d1 | — | |
hash37e7d679cd4aa788ec63f27cb02962ea | — | |
hashb55e9d65a3130f543360a9c488d35475d4789ee7a32a4e94d02f33c21a172bcb | — | |
hash4e93797dd3b383050cf0ee585aa5b5525efb2380 | — | |
hashb077ba5af1dfbd4ac523923eab56bcd4 | — | |
hash4a08b78d410bc3d9b78dd63b146767f293dc3f3f6f8092352d2aa2f589e9c772 | — | |
hashf3b774e921eaad9335b9c057dd49b918c5dae4a6 | — | |
hash04d0856afb1aa9168377d6aa579c5403 | — | |
hashe637c86ae20a7f36a0ad43618b00c48f47b5591a03af3fb689a16c45afa43733 | — | |
hasha9ff1ebb548f5bba600d38e709ff331749fa9971 | — | |
hash4626ed60dfc8deaf75477bc06bd39be7 | — | |
hash2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2 | — | |
hash6f4b6938ac8fd9591fc399219dbaf4347d8b444b | — | |
hash768c84100d6e3181a26fa50261129287 | — | |
hash780e7edbfad5f68051c2039036b00b304d3f828fdbee85d2d09edbcc6d07ea34 | — | |
hashd3b233d6d8b11235929e4a0cbdb12eefdd47d927 | — | |
hash946f787c129bf469298aa881fb0843f4 | — | |
hash32beeda8cffc2ecc689ea2529194cf806955879a334ec68176864d1e6c09800c | — | |
hash851ba2182b37bc7380420a986840e16f73947413 | — | |
hashc9d70bf370172609da848fa785989939 | — | |
hashba3c79dbeca0234fa838ae4c956409115556f437372aeeb0737206d71caf4a38 | — | |
hash25d94c9ab7635ff330dabe96780f330f7f2ba775 | — | |
hash0085bc8ce16ef17643909c4799ead02b | — | |
hasha9c404e100bfd2716a8f6bfafc07b0bd6175bedb047d10b94390c79249258272 | — | |
hash700acc4e48eae84f80f4dbaf74bf60b79efd49bd | — | |
hash68ce092f1a3d19852ea32db8388de5c7 | — | |
hash25c2f4703cbaa1ff4dbcfcc16a10b29ef35ccc174b71b21de360d898540889f8 | — | |
hash6618e25dd49b68f7b2b266eb2d787e6f05c964bc | — | |
hash7e609404cc258bbe283bea6ddd7af293 | — | |
hash502136707a70b768800640224e48c634057dc651892113b62522f0dd2fcf1e87 | — | |
hash1f6c7c9219f6b6ea30cd481968ae1a038789be67 | — | |
hash0821884168a644f3c27176a52763acc9 | — | |
hashe7fae41c0bd8d3d95253bd75dce99015599ecc404bd8d737cec305fc3e4dd018 | — | |
hash636f2c20183b45691b742949d49b3d6c218c9cce | — | |
hash8ca84c206fe8436dcc92bf6c1f7cf168 | — | |
hash7943bf9cc7b2adf50f7f92dd37347381e6d0aef23b34a3cd0a3afcda1d72e16d | — | |
hash11f646095495d625e7d71038578cc838a6d5e111 | — | |
hash18df13900f118158c33df904c662e875 | — | |
hash98d4471fe549bb3067ac2f2d9afd50ed1baaddab41ec4270834989e7f1ade14d | — | |
hash75c516dde8415494c288e349d440ce778dede8e3 | — | |
hash107f917a5ddb4d3947233fbc9d47ddc8 | — | |
hash2d41b04f5d86047dc2353a10595418b0d5239c22112f36eb9d253b2e8b6eb0d0 | — |
Threat ID: 682c7adae3e6de8ceb777cc6
Added to database: 5/20/2025, 12:51:38 PM
Last enriched: 6/19/2025, 2:18:40 PM
Last updated: 7/26/2025, 9:16:21 AM
Views: 11
Related Threats
CVE-2025-54886: CWE-502: Deserialization of Untrusted Data in skops-dev skops
HighThreatFox IOCs for 2025-08-07
MediumCVE-2025-53787: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in Microsoft Microsoft 365 Copilot's Business Chat
HighCVE-2025-26513: 267 in NetApp SAN Host Utilities for Windows
HighCVE-2025-51629: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.