ioc[.]one - OSINT Cyber Threat Intelligence Database

From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Obfuscated Files Or Information
country:	Switzerland North Korea Netherlands Estonia Germany Nigeria India Pakistan Italy Japan Kenya Spain Lithuania
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials From Password Stores - T1555 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Data From Local System - T1533 Encrypted/Encoded File - T1027.013 Exfiltration Over C2 Channel - T1646 File And Directory Discovery - T1420 File Transfer Protocols - T1071.002 Javascript - T1059.007 Keylogging - T1056.001 Keylogging - T1417.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Social Media Accounts - T1585.001 Social Media Accounts - T1586.001 Software - T1592.002 Spearphishing Via Service - T1566.003 Ssh - T1021.004 Web Protocols - T1071.001 Web Protocols - T1437.001 Standard Application Layer Protocol - T1071 Browser Extensions - T1176 Command-Line Interface - T1059 Data From Local System - T1005 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 Obfuscated Files Or Information - T1027 Spearphishing Via Service - T1194 System Information Discovery - T1082 User Execution - T1204 User Execution

Show in Graph

Common Information

Type	Value
UUID	f2add6ef-2b43-4230-a337-f0045aaafc86
Fingerprint	2434be93830f97b1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 4, 2024, midnight
Added to db	Nov. 4, 2024, 5:03 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
Title	From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
Detected Hints/Tags/Attributes	151/4/24

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/pyongyang-your-payroll-rise-north-korean-remote-workers-west
Details	Source	https://malware.news/t/from-pyongyang-to-your-payroll-the-rise-of-north-korean-remote-workers-in-the-west/88087

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08
Details	405	✔	Blogs Feed	https://www.zscaler.com/blogs/feeds	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	397	asp.net
Details	Domain	675	www.linkedin.com
Details	Domain	1	degencryptojobs.com
Details	Domain	1	web3.career
Details	File	1	queue.bat
Details	File	1	wake.pl
Details	File	674	node.js
Details	File	31	react.js
Details	MITRE ATT&CK Techniques	22	T1566.003
Details	MITRE ATT&CK Techniques	93	T1059.007
Details	MITRE ATT&CK Techniques	59	T1059.006
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	13	T1027.013
Details	MITRE ATT&CK Techniques	125	T1555.003
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	31	T1071.002
Details	MITRE ATT&CK Techniques	422	T1041
Details	Url	1	https://www.linkedin.com/in/frank-schoneberg-a089832a4
Details	Url	1	https://www.linkedin.com/in/logan-collins-374404306
Details	Url	1	https://www.linkedin.com/in/adam-song05