← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC&TTP - Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations
WHITE Void Dokkaebi celestre 2025-04-25 Modified: 2025-05-24
8
IOCs
LOW VOLUME
本研究揭示了与朝鲜网络犯罪活动(归属 Void Dokkaebi/Famous Chollima)有关的一组俄罗斯 IP 地址段与基础设施。该基础设施隐藏在商业 VPN、代理与大批 VPS/RDP 服务器组成的多层匿名网络之后,分配给位于俄罗斯哈桑(距朝鲜边境 1 英里)与哈巴罗夫斯克的两家公司。
cryptocurrencyBlockNovasfrostyferretbeavertailsocial engineeringinvisible ferretanonymization networks
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (8)
All domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain apply-blocknovas.site 2025-04-25
domain blocknovas.com 2025-04-25
domain easydriver.cloud 2025-04-25
domain lianxinxiao.com 2025-04-25
domain softglide.co 2025-04-25
domain worldenterprise-beta.com 2025-04-25
hostname bookings.blocknovas.com 2025-04-25
hostname gitlab.blocknovas.com 2025-04-25
References (2)
↗ https://documents.trendmicro.com/assets/txt/IOCs_VoidDokkaebi_2t9ScKI5.txt ↗ https://www.trendmicro.com/en_us/research/25/d/russian-infrastructure-north-korean-cybercrime.html