Uptime Hamster: 15d 6h 36mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza onyx

onyx

2 incidentes 1 paises 0 sectores ransomware KP Ultimo: 2026-06-29
Aliases: APT ONYXSLEET, apt-45, apt45, onyx sleet, silent chollima, PLUTONIUM o Onyx Sleet en fuentes no verificadas
Ver en IntelTracker → APTTrail →
Onyx is a ransomware group that first appeared in April 2022, operating with the primary motivation of financial profit through file encryption and data exfiltration for ransom. The group is notable for consistently employing double extortion tactics, threatening public release of sensitive victim data if ransom demands are not fulfilled. Onyx has shown an evolving operational posture, moving towards incorporating zero-day vulnerabilities into its campaigns and refining its attack methods to avoid detection.

Aliases del actor

APT ONYXSLEETapt-45apt45onyx sleetsilent chollimaPLUTONIUM o Onyx Sleet en fuentes no verificadas

Actores similares

apt-onyxsleetactor · 1Pearl Sleetapt · 0Silent Chollimaapt · 0Opal Sleetapt · 0Ruby Sleetapt · 0apt-45actor · 2apt-c-27actor · 2apt-c-01actor · 2apt-c-12actor · 1apt-18actor · 1

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
DLS / leak siteunknownotx.alienvault.comAPT ONYXSLEET indicators and references
DLS / leak siteunknownwww.microsoft.comAPT ONYXSLEET indicators and references
Repositoriounknowngithub.comAPT ONYXSLEET indicators and references
DLS / leak siteunknownraw.githubusercontent.comAPT ONYXSLEET indicators and references
DLS / leak siteunknownotx.alienvault.comAPT ONYXSLEET indicators and references
DLS / onionupmrdxtxy6vqeqbmb4rvbvueh2kukb3e3mhu3wdothqn7242gztxyzycid.oniononyx
DLS / leak siteunknownransomware.anggipradana.comRansomware Group: onyx
Tecnicas MITRE
T1070.004, T1486, T1059.001, T1047, T1566.001
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

United States (1)

Paises objetivo (SOCRadar)

BrazilGermanyEstoniaGuatemalaIndiaJapanKorea, Republic ofMexicoUnited States

Sectores objetivo (SOCRadar)

Construction of BuildingsFood ManufacturingSoftware PublishersEnterprises & HoldingManufacturingConstructionPublic AdministrationOil & GasBeverag & Tobacco ManufacturingEducational Services

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com