Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access | Datadog Security Labs
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 8ce616dc-d21c-41d1-9d1f-c7b4e594e6ce |
| Fingerprint | a425191d8e1ee789 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 31, 2024, midnight |
| Added to db | Aug. 31, 2024, 8:18 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access |
| Title | Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access | Datadog Security Labs |
| Detected Hints/Tags/Attributes | 51/3/20 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 230 | ✔ | Datadog Security Labs | https://securitylabs.datadoghq.com/rss/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | npmjs.org |
|
| Details | Domain | 1 | lorenwest.com |
|
| Details | 1 | open_source@lorenwest.com |
||
| Details | File | 156 | package.json |
|
| Details | File | 2 | deference.js |
|
| Details | File | 1 | user.asp |
|
| Details | File | 1 | package.db |
|
| Details | File | 2 | pk.json |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 25 | config.js |
|
| Details | File | 1 | 'package.bat |
|
| Details | File | 1 | package.bat |
|
| Details | File | 4 | run32dll.exe |
|
| Details | File | 45 | 1.zip |
|
| Details | File | 18 | 3.zip |
|
| Details | sha256 | 1 | d2a74db6b9c900ad29a81432af72eee8ed4e22bf61055e7e8f7a5f1a33778277 |
|
| Details | IPv4 | 1 | 142.111.77.196 |
|
| Details | Mandiant Temporary Group Assumption | 1 | TEMP.B |
|
| Details | Url | 1 | http://142.111.77.196/user/user.asp?id=237596 |
|
| Details | Url | 1 | http://142.111.77.196/user/user.asp?id=g6a822b |