Indicators of Compromise - Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations  


[IP Address]		[Description]								
5.253.43.122		Beavertail malware C&C							
45.61.150.31		Beavertail malware C&C							
45.61.151.174		Beavertail malware C&C							
94.232.247.192		Beavertail malware C&C							
172.86.80.145		Beavertail malware C&C							
185.153.182.241		Beavertail malware C&C							
185.235.241.208		Beavertail malware C&C							
37.221.126.117		Beavertail malware C&C							
45.12.141.170		Beavertail malware C&C							
88.119.169.226		Beavertail malware C&C							
95.164.18.177		Beavertail malware C&C							
95.164.33.66		Beavertail malware C&C							
95.217.124.253		Beavertail malware C&C							
171.22.127.221		Beavertail malware C&C							
175.45.176.21		Call back IP address for DPRK IT workers abroad				
175.45.176.22		Call back IP address for DPRK IT workers abroad				
188.43.33.250		Server to crack password hashes						
188.43.136.115		Call back IP address for DPRK IT workers abroad				
188.43.136.116		Call back IP address for DPRK IT workers abroad				
5.180.24.82		Egress node: DPRK aligned activity, via RDP from by RU IP addresses	
5.253.41.207		Egress node: DPRK aligned activity, via RDP from by RU IP addresses	
37.221.125.200		Egress node: DPRK aligned activity, via RDP from by RU IP addresses	
45.8.146.117		Egress node: DPRK aligned activity, via RDP from by RU IP addresses	
45.8.146.226		Egress node: DPRK aligned activity, via RDP from by RU IP addresses	
45.83.140.51		Egress node: DPRK aligned activity, via RDP from by RU IP addresses	
45.142.213.118		Egress node: DPRK aligned activity, via RDP from by RU IP addresses	
74.119.192.244		Egress node: DPRK aligned activity, via RDP from by RU IP addresses	
74.119.194.244		Egress node: DPRK aligned activity, via RDP from by RU IP addresses	
94.131.96.32		Egress node: DPRK aligned activity, via RDP from by RU IP addresses	
94.131.101.119		Egress node: DPRK aligned activity, connected from by RU IP addresses	
103.35.188.149		Egress node: DPRK aligned activity, connected from by RU IP addresses	
103.35.191.100		Egress node: DPRK aligned activity, connected from by RU IP addresses	
103.47.67.26		Egress node: DPRK aligned activity, connected from by RU IP addresses	
103.231.72.236		Egress node: DPRK aligned activity, connected from by RU IP addresses	
166.88.61.53		Egress node: DPRK aligned activity, connected from by RU IP addresses	
171.22.120.200		Egress node: DPRK aligned activity, connected from by RU IP addresses	
193.178.210.229		Egress node: DPRK aligned activity, connected from by RU IP addresses	
		

[URL]				[Description]				
lianxinxiao.com			Beavertail C&C				
blocknovas.com			Website of fake company BlockNovas	
gitlab.blocknovas.com		Private GitLab site	
bookings.blocknovas.com		Interview Reservation Site 	
softglide.co			Website of fake company	
worldenterprise-beta.com	Website of fake company	
apply-blocknovas.site		Job interview site	
easydriver.cloud		Malware hosting