DPRK Analysis
IOB - Indicator of Behavior (1000)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
Campaigns (6)
These are the campaigns that can be associated with the actor:
- AppleJeus
- BLINDINGCAN
- Xxxxxxxxxxxx
- Xxxxxxxxxxxx
- Xxxxxxxx
- Xxxxxxxx
IOC - Indicator of Compromise (136)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (24)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (238)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | /admin-panel1.php | predictive | High |
2 | File | /admin/academic/studenview_left.php | predictive | High |
3 | File | /admin/controller/JobLogController.java | predictive | High |
4 | File | /admin/login.php | predictive | High |
5 | File | /ad_js.php | predictive | Medium |
6 | File | /alerts/alertConfigField.php | predictive | High |
7 | File | /API/system/admins/session | predictive | High |
8 | File | /cgi-bin/ExportALLSettings.sh | predictive | High |
9 | File | /config/config.php | predictive | High |
10 | File | /context/%2e/WEB-INF/web.xml | predictive | High |
11 | File | /core/conditions/AbstractWrapper.java | predictive | High |
12 | File | /DataHandler/AM/AM_Handler.ashx | predictive | High |
13 | File | /DataHandler/HandlerAlarmGroup.ashx | predictive | High |
14 | File | /DataHandler/HandlerEnergyType.ashx | predictive | High |
15 | File | /DataHandler/Handler_CFG.ashx | predictive | High |
16 | File | /ECT_Provider/ | predictive | High |
17 | File | /etc/passwd | predictive | Medium |
18 | File | /face-recognition-php/facepay-master/camera.php | predictive | High |
19 | File | /fuel/index.php/fuel/logs/items | predictive | High |
20 | File | /fuel/index.php/fuel/pages/items | predictive | High |
21 | File | /image_zoom.php | predictive | High |
22 | File | /include/config.cache.php | predictive | High |
23 | File | /index.php | predictive | Medium |
24 | File | /mkshop/Men/profile.php | predictive | High |
25 | File | /plugin/ajax.php | predictive | High |
26 | File | /proxy/ | predictive | Low |
27 | File | /public/plugins/ | predictive | High |
28 | File | /rest/api/2/search | predictive | High |
29 | File | /rest/api/latest/projectvalidate/key | predictive | High |
30 | File | /rom-0 | predictive | Low |
31 | File | /xxxxxxx/xxxxxxxx.xxx | predictive | High |
32 | File | /xxx | predictive | Low |
33 | File | /xxxxxxx/ | predictive | Medium |
34 | File | /xxxxxx | predictive | Low |
35 | File | /xxxxxxx/xxxx | predictive | High |
36 | File | /xxxxx/xxxxxxxxxxxxxx | predictive | High |
37 | File | xxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
38 | File | xxxxx.xxx | predictive | Medium |
39 | File | xxxxx/xxxxxxxxx.xxx | predictive | High |
40 | File | xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
41 | File | xxx_xxxxxxx.xxx | predictive | High |
42 | File | xxxxxx.xxx | predictive | Medium |
43 | File | xxxxxx.x | predictive | Medium |
44 | File | xxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
45 | File | xxx_xxxx_xxxx.x | predictive | High |
46 | File | xxx.xxx | predictive | Low |
47 | File | xxx-xxxx.xxx | predictive | Medium |
48 | File | xxx/xxxxxxx.xx | predictive | High |
49 | File | xxxxxxx.xxx | predictive | Medium |
50 | File | xxxxxx_xxxxxxxx.x | predictive | High |
51 | File | xxxxxx_xxxxx.xx | predictive | High |
52 | File | xxxxxx.xxx | predictive | Medium |
53 | File | xxxxxx.xxx | predictive | Medium |
54 | File | xxxxxxx.x | predictive | Medium |
55 | File | xxxxxxxxx.xxxxxxx.xxx | predictive | High |
56 | File | xxxxxxxxxx/xxxx.xxx | predictive | High |
57 | File | xxxxxxx/xxxx.xxx | predictive | High |
58 | File | xxxxxx/xxxx/xxxxxxxx.x | predictive | High |
59 | File | xxxxxxx/xxx/xxx/xxx/xxxx_xxx.x | predictive | High |
60 | File | xxxxxxx/xxx/xxx_xxxxxxx.x | predictive | High |
61 | File | xxxxxxx/xxxxx/xxxxx/xxxxxxx.x | predictive | High |
62 | File | xx/xxxx/xxxxxx.x | predictive | High |
63 | File | xx/xxxxx/xxxxxxx.x | predictive | High |
64 | File | xxxx/xxxxxxx/xxxx/xxxxxxxxxxx/xxxxx.xxx | predictive | High |
65 | File | xxxx_xxxxxxx.xxx.xxx | predictive | High |
66 | File | x/x | predictive | Low |
67 | File | xxxxx.xxx | predictive | Medium |
68 | File | xxxxx.xxx/xxxxxxx/xxxxx/xxxxx | predictive | High |
69 | File | xxxxx.xxx/xxxxxxx/xxxxx/xxxxxxxxx | predictive | High |
70 | File | xxxxx.xxx/xxxxxxx/xxxx/xxxxxxxxxxx | predictive | High |
71 | File | xxxxx.xxx/xxxxxxx/xxxx/xxxxx | predictive | High |
72 | File | xxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxx | predictive | High |
73 | File | xxxxx.xxx?x=/xxxx/xxxxxxxxxxxx/xxxxxxx | predictive | High |
74 | File | xxxxx.xxx?x=/xxxx/xxxxxxxxxxxx/xxxxxxxx | predictive | High |
75 | File | xxxxxx.x | predictive | Medium |
76 | File | xxxx_xxxxx.xxx | predictive | High |
77 | File | xxx.x/xxxxxx.x | predictive | High |
78 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
79 | File | xxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
80 | File | xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx | predictive | High |
81 | File | xxxxxxx/xxx_xxx.x | predictive | High |
82 | File | xxxxx.xxx | predictive | Medium |
83 | File | xxxxx.xxx | predictive | Medium |
84 | File | xxxxxxxxxx.xxx | predictive | High |
85 | File | xxx-xxxxxxxx/xxxx.xxx | predictive | High |
86 | File | xxxxxxxx_xxxx.xxx | predictive | High |
87 | File | xxxxxxxx.xx | predictive | Medium |
88 | File | xxxxxxx/xxxxx/xx_xxxxxx.x | predictive | High |
89 | File | xxx_xxxxx.x | predictive | Medium |
90 | File | xxx/xxxx/xxxxxx.x | predictive | High |
91 | File | xxxx.xxxxxx.xx | predictive | High |
92 | File | xxx_xxxxxxxx.x | predictive | High |
93 | File | xxxxxxxxxxx.xxx | predictive | High |
94 | File | xxx_xxxx.x | predictive | Medium |
95 | File | xx_xxx.x | predictive | Medium |
96 | File | xxxxxxxx.xxx | predictive | Medium |
97 | File | xxxxxxxxxxx-xxxx.xx | predictive | High |
98 | File | xx/xxxx | predictive | Low |
99 | File | xxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xx | predictive | High |
100 | File | xxxxxxxxxx.xx | predictive | High |
101 | File | xxxxxxx.xxx | predictive | Medium |
102 | File | xxxxxxx/xxxxx/xxxxx-xxxxxxxxx.x | predictive | High |
103 | File | xxxxx/xxxxxxx.x | predictive | High |
104 | File | xxxxxxxxxx.xxx | predictive | High |
105 | File | xxxx\xxxxxxx\xxxxxxx\xxxxxxxx_xxxxxx.xxx | predictive | High |
106 | File | xxx.xxx | predictive | Low |
107 | File | xxxxxxxxxxxxxxxxxxxx | predictive | High |
108 | File | xxxxxxxxxx.xx | predictive | High |
109 | File | xxxxxx.xxx | predictive | Medium |
110 | File | xxxx_xxx_xx.x | predictive | High |
111 | File | xxxxxxx/xxxxxxx/xxxxxxxx.xxxx | predictive | High |
112 | File | xxxxxxx.x | predictive | Medium |
113 | File | xxxxxx.xx | predictive | Medium |
114 | File | xxxxxx.xxx | predictive | Medium |
115 | File | xxxxxxx.x | predictive | Medium |
116 | File | xxxx/xxxxxx.xxx | predictive | High |
117 | File | xxxxxxx.xxx | predictive | Medium |
118 | File | xxxxxxxxxx.x | predictive | Medium |
119 | File | xxx_xxxx.x | predictive | Medium |
120 | File | xxxxxx.x | predictive | Medium |
121 | File | xxxxxxxxx.xxx | predictive | High |
122 | File | xx/xxx.x | predictive | Medium |
123 | File | xxxxxx.xxx | predictive | Medium |
124 | File | xxxx/xxxxxxxx/xxxxxxxx.xxxx | predictive | High |
125 | File | xxxxxxxx/ | predictive | Medium |
126 | File | xxxxxxxxxx.xxxx | predictive | High |
127 | File | xxxxxx-xxxxx.xxx | predictive | High |
128 | File | xxx.xxxx | predictive | Medium |
129 | File | xxxxxxx/xxxx/xxx/xxxx.xxx | predictive | High |
130 | File | xxxxxxx.xxx.xxx | predictive | High |
131 | File | xxxxxxxxx.x | predictive | Medium |
132 | File | xxxxx/xxxxxxxx | predictive | High |
133 | File | xxxxxxxx.x | predictive | Medium |
134 | File | \xxxxxxxx.xxx | predictive | High |
135 | File | ~/xxxxx-xxxxx.xxx | predictive | High |
136 | File | ~/xxxxxx-xxxx.xxx | predictive | High |
137 | File | ~/xxxxx-xxxxxxxx.xxx | predictive | High |
138 | File | ~/xxxxxx-xxxxx.xxx | predictive | High |
139 | File | ~/xxx/xxxxxxxxx/xxxx/xxxx/xxxxxx.xxx | predictive | High |
140 | File | ~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxx | predictive | High |
141 | File | ~/xxxxxxxxxxxxx-xxxxxxxxxxxxxx.xxx | predictive | High |
142 | File | ~/xxx/xxxxxxxxx/xxxxxxxxxxxx.xxx | predictive | High |
143 | File | ~/xxxxxxx-xxxxxxx-xxxxxx.xxx | predictive | High |
144 | File | ~/xxxx-xxxxxxxxxx-xxxxx.xxx | predictive | High |
145 | File | ~/xxxx/xxxxxxxxxx.xxx | predictive | High |
146 | File | ~/xxxxx/xxxxxxxxxxxxx.xxxx.xxx | predictive | High |
147 | Library | xxxxx.xxx | predictive | Medium |
148 | Library | xxxxxx.xxx | predictive | Medium |
149 | Library | xx_xxx.xxx | predictive | Medium |
150 | Library | xxx/xxxxxxx/xxxxxxxxx.xxx | predictive | High |
151 | Library | xxx/xxxxxx/xxxxx_xxxx.xx | predictive | High |
152 | Library | xxx/xxx/xxxxx.xx | predictive | High |
153 | Library | xxxxxxxxxxx.x | predictive | High |
154 | Library | xxxxxx.xxx | predictive | Medium |
155 | Library | xxxxxxxx.xxx | predictive | Medium |
156 | Argument | $xxxxxxx['xxx_xxxx'] | predictive | High |
157 | Argument | $_xxxxxx["xxx_xxxx"] | predictive | High |
158 | Argument | xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx: | predictive | High |
159 | Argument | xxxx | predictive | Low |
160 | Argument | xxxxxx | predictive | Low |
161 | Argument | xxxxxxxxxxxxx | predictive | High |
162 | Argument | xxxxxx | predictive | Low |
163 | Argument | xxxxxxxx_xxxx | predictive | High |
164 | Argument | xxx | predictive | Low |
165 | Argument | xxxxxx | predictive | Low |
166 | Argument | xxxxxxx | predictive | Low |
167 | Argument | xxxxxxxxx xxxx | predictive | High |
168 | Argument | xxxxxxx-xxxxxx | predictive | High |
169 | Argument | xx xxxx | predictive | Low |
170 | Argument | xxxxxxxxxxxx | predictive | Medium |
171 | Argument | xxxxxxxxxx | predictive | Medium |
172 | Argument | xxxxx | predictive | Low |
173 | Argument | xxxxxxxxx | predictive | Medium |
174 | Argument | xxxxxxxxxxxxxxx | predictive | High |
175 | Argument | xxxxx | predictive | Low |
176 | Argument | xx_xxxxx_xx | predictive | Medium |
177 | Argument | xxxxx | predictive | Low |
178 | Argument | xxxxxxx | predictive | Low |
179 | Argument | xxxxx_xxxx_xxxx | predictive | High |
180 | Argument | xxxxx | predictive | Low |
181 | Argument | xxxxx xxxx/xxxx xxxx | predictive | High |
182 | Argument | xxxxxxxxxxxxxxxxxxx | predictive | High |
183 | Argument | xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxxxxxxxx | predictive | High |
184 | Argument | xx | predictive | Low |
185 | Argument | xx/xxxxxxxxxxx | predictive | High |
186 | Argument | xxxxxx_xxx_xxxx | predictive | High |
187 | Argument | xxx | predictive | Low |
188 | Argument | xxx | predictive | Low |
189 | Argument | xxxx | predictive | Low |
190 | Argument | xxxxxxx | predictive | Low |
191 | Argument | xx_xxxxxxx | predictive | Medium |
192 | Argument | xxxx_xxxxxx | predictive | Medium |
193 | Argument | xxxx_xxxx | predictive | Medium |
194 | Argument | xxxx | predictive | Low |
195 | Argument | xxxxxxx | predictive | Low |
196 | Argument | xxxxxxx | predictive | Low |
197 | Argument | xxxx | predictive | Low |
198 | Argument | xxxxxx | predictive | Low |
199 | Argument | xxxx_xx | predictive | Low |
200 | Argument | xxx_xx_xxxx/xxx_xx_xxxxxxxx | predictive | High |
201 | Argument | xxx | predictive | Low |
202 | Argument | xxxxxxx | predictive | Low |
203 | Argument | xxxxxx | predictive | Low |
204 | Argument | xxxxxx_xxxx | predictive | Medium |
205 | Argument | xxxxxxxx_xxxx | predictive | High |
206 | Argument | xxxxxxxxxx | predictive | Medium |
207 | Argument | xxxxxxxxxxxx | predictive | Medium |
208 | Argument | xxxx | predictive | Low |
209 | Argument | xxxxxx | predictive | Low |
210 | Argument | xxxxxxxxx | predictive | Medium |
211 | Argument | xxxxxxxxx | predictive | Medium |
212 | Argument | xxxxxx_xxxx_xxx | predictive | High |
213 | Argument | xxx | predictive | Low |
214 | Argument | xxx | predictive | Low |
215 | Argument | xxxxx | predictive | Low |
216 | Argument | xxxxxxxx-xxxxxxxx | predictive | High |
217 | Argument | xxxx | predictive | Low |
218 | Argument | xxx-xxx | predictive | Low |
219 | Argument | xxx | predictive | Low |
220 | Argument | xxxx | predictive | Low |
221 | Argument | xxxxxx | predictive | Low |
222 | Argument | xxxxxxxx | predictive | Medium |
223 | Argument | xxxxxxxxxxx | predictive | Medium |
224 | Argument | xxxx_xxxxxxxxx | predictive | High |
225 | Argument | xxxx | predictive | Low |
226 | Argument | xxx | predictive | Low |
227 | Argument | xxxxx_xxxxxxxxxx_xxxxx | predictive | High |
228 | Argument | _xxxxxxxx | predictive | Medium |
229 | Input Value | %xx%xx | predictive | Low |
230 | Input Value | ../ | predictive | Low |
231 | Input Value | xxxxxx | predictive | Low |
232 | Input Value | \xxxxx | predictive | Low |
233 | Input Value | \xxx\xxx\xxx\xxx | predictive | High |
234 | Pattern | xxxx | predictive | Low |
235 | Network Port | xxx/xx (xxx) | predictive | Medium |
236 | Network Port | xxx/xx (xxxxxx) | predictive | High |
237 | Network Port | xxx/xxx (xxxx) | predictive | High |
238 | Network Port | xxx xxxxxx xxxx | predictive | High |
References (13)
The following list contains external sources which discuss the actor and the associated activities:
- http://blog.trendmicro.co.jp/archives/16218
- https://en.wikipedia.org/wiki/Internet_in_North_Korea#IP_address_ranges
- https://github.com/blackorbird/APT_REPORT/tree/master/International%20Strategic/Korea
- https://github.com/mandatoryprogrammer/NorthKoreaDNSLeak
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/DPRK
- https://raidforums.com/Thread-North-Korean-IP-Addresses-300
- https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf
- https://us-cert.cisa.gov/ncas/alerts/aa21-048a
- https://us-cert.cisa.gov/ncas/analysis-reports/AR19-100A
- https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a
- https://www.cisa.gov/uscert/ncas/analysis-reports/ar20-045g
- https://www.threatminer.org/report.php?q=HPSRSecurityBriefing_Episode16_NorthKorea.pdf&y=2014
- https://www.threatminer.org/report.php?q=SuspectedNorthKoreanCyberEspionageCampaignTargetsMultipleForeignMinistriesandThinkTanks.pdf&y=2019