Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 1b4ac6dd-a6e2-4c8b-8afb-88bee5ce26ac |
| Fingerprint | 6e08c433517593e1 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Sept. 23, 2024, 2:10 p.m. |
| Added to db | Sept. 23, 2024, 4:38 p.m. |
| Last updated | Nov. 17, 2024, 5:46 p.m. |
| Headline | Staying a Step Ahead: Mitigating the DPRK IT Worker Threat |
| Title | Staying a Step Ahead: Mitigating the DPRK IT Worker Threat |
| Detected Hints/Tags/Attributes | 84/2/64 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 158 | ✔ | Malware Analysis, News and Indicators - Latest topics | https://malware.news/latest.rss | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 6 | reliablesite.net |
|
| Details | Domain | 295 | amazon.com |
|
| Details | Domain | 2 | daniel-ayala.netlify.app |
|
| Details | Domain | 50 | cloud.google.com |
|
| Details | File | 1 | dprk-it-worker-fig1a.max |
|
| Details | File | 9 | -1000x1000.png |
|
| Details | File | 1 | dprk-it-worker-fig2a.max |
|
| Details | File | 1 | dprk-it-worker-fig3.max |
|
| Details | IPv4 | 2 | 103.244.174.154 |
|
| Details | IPv4 | 2 | 104.129.55.3 |
|
| Details | IPv4 | 2 | 104.206.40.138 |
|
| Details | IPv4 | 2 | 104.223.97.2 |
|
| Details | IPv4 | 2 | 104.223.98.2 |
|
| Details | IPv4 | 2 | 104.243.33.74 |
|
| Details | IPv4 | 2 | 104.250.148.58 |
|
| Details | IPv4 | 2 | 109.82.113.75 |
|
| Details | IPv4 | 2 | 113.227.237.46 |
|
| Details | IPv4 | 2 | 119.155.190.202 |
|
| Details | IPv4 | 2 | 123.190.56.214 |
|
| Details | IPv4 | 2 | 155.94.255.2 |
|
| Details | IPv4 | 2 | 174.128.251.99 |
|
| Details | IPv4 | 2 | 18.144.99.240 |
|
| Details | IPv4 | 2 | 184.12.141.109 |
|
| Details | IPv4 | 2 | 192.119.10.67 |
|
| Details | IPv4 | 2 | 192.119.11.250 |
|
| Details | IPv4 | 2 | 192.74.247.161 |
|
| Details | IPv4 | 2 | 198.135.49.154 |
|
| Details | IPv4 | 2 | 198.2.228.20 |
|
| Details | IPv4 | 2 | 198.23.148.18 |
|
| Details | IPv4 | 2 | 199.115.99.34 |
|
| Details | IPv4 | 2 | 204.188.232.195 |
|
| Details | IPv4 | 2 | 207.126.89.11 |
|
| Details | IPv4 | 2 | 208.68.173.244 |
|
| Details | IPv4 | 2 | 23.105.155.2 |
|
| Details | IPv4 | 4 | 23.237.32.34 |
|
| Details | IPv4 | 2 | 3.15.4.158 |
|
| Details | IPv4 | 2 | 37.19.199.133 |
|
| Details | IPv4 | 2 | 37.19.221.228 |
|
| Details | IPv4 | 2 | 37.43.225.43 |
|
| Details | IPv4 | 2 | 38.140.49.92 |
|
| Details | IPv4 | 2 | 38.42.94.148 |
|
| Details | IPv4 | 2 | 42.84.228.232 |
|
| Details | IPv4 | 2 | 5.244.93.199 |
|
| Details | IPv4 | 2 | 50.39.182.185 |
|
| Details | IPv4 | 2 | 51.39.228.134 |
|
| Details | IPv4 | 2 | 54.200.217.128 |
|
| Details | IPv4 | 2 | 60.20.1.234 |
|
| Details | IPv4 | 2 | 66.115.157.242 |
|
| Details | IPv4 | 2 | 67.129.13.170 |
|
| Details | IPv4 | 2 | 67.82.9.140 |
|
| Details | IPv4 | 2 | 68.197.75.194 |
|
| Details | IPv4 | 4 | 70.39.103.3 |
|
| Details | IPv4 | 2 | 71.112.196.114 |
|
| Details | IPv4 | 2 | 71.112.196.115 |
|
| Details | IPv4 | 2 | 72.193.13.228 |
|
| Details | IPv4 | 2 | 74.222.20.18 |
|
| Details | IPv4 | 2 | 74.63.233.50 |
|
| Details | IPv4 | 2 | 98.179.96.75 |
|
| Details | Mandiant Uncategorized Groups | 13 | UNC5267 |
|
| Details | Url | 1 | https://storage.googleapis.com/gweb-cloudblog-publish/images/dprk-it-worker-fig1a.max-1000x1000.png |
|
| Details | Url | 1 | https://storage.googleapis.com/gweb-cloudblog-publish/images/dprk-it-worker-fig2a.max-1000x1000.png |
|
| Details | Url | 1 | https://storage.googleapis.com/gweb-cloudblog-publish/images/dprk-it-worker-fig3.max-1000x1000.png |
|
| Details | Url | 2 | https://daniel-ayala.netlify.app |
|
| Details | Url | 1 | https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat |