lazarusholic

Everyday is lazarus.dayβ

GitLab Threat Intelligence Team reveals North Korean tradecraft

2026-02-19, Gitlab
https://about.gitlab.com/blog/gitlab-threat-intelligence-reveals-north-korean-tradecraft/
#ContagiousInterview #ITWorker

Contents

Published on: February 19, 2026
96 min read
Gain threat intelligence about North Koreaâs Contagious Interview and fake IT worker campaigns and learn how GitLab disrupted their operations.
Weâre sharing intelligence on threat actors associated with North Korean Contagious Interview and IT worker campaigns to raise awareness of emerging trends in operations and tradecraft. We hope this analysis helps the broader security community defend against evolving threats and address the industry-wide challenge of threat actors using legitimate platforms and tools for their operations. Publishing this intelligence reflects our commitment to disrupting threat actor infrastructure. Our security team continuously monitors for accounts that violate our platformâs terms of use and maintains controls designed to prevent the creation of accounts from U.S.-embargoed countries in accordance with applicable trade control laws.
There is no action needed by GitLab customers and GitLab remains secure.
Since at least 2022, North Korean nation-state threat actors have posed as recruiters to induce …

IoC

https://vscode-config-settings.vercel.app/settings/windows?flag=5
http://chainlink-api-v3.cloud/api/service/token/3ae1d04a7c1a35b9edf045a7d131c4a7
http://chainlink-api-v3.com/api/service/token/b2040f01294c183945fdbe487022cf8e
https://vscode-config-settings.vercel.app/settings/windows?flag=3
https://vscode-load.vercel.app/settings/linux?flag=4
https://vscode-load.vercel.app/settings/linux?flag=9
https://astraluck-vercel.vercel.app/api/data
https://jsonkeeper.com/b/PCDZO
https://api.npoint.io/f4be0f7713a6fcdaac8b
https://jsonkeeper.com/b/WCXNT
https://jsonkeeper.com/b/DMVPT
https://jsonkeeper.com/b/XRGF3
https://vscode-config-settings.vercel.app/settings/linux?flag=5
https://vscode-load.vercel.app/settings/windows?flag=2
https://vscode-load.vercel.app/settings/mac?flag=9
https://api-server-mocha.vercel.app/api/ipcheck-encrypted/823
https://jsonkeeper.com/b/L4T7Y
http://chainlink-api-v3.com/api/service/token/7d6c3b0f7d1f3ae96e1d116cbeff2875
https://api.npoint.io/c82d987dd2a0fb62e87f
https://vscode-load.vercel.app/settings/mac?flag=2
https://jsonkeeper.com/b/FM8D6
https://api.npoint.io/62755a9b33836b5a6c28
https://vscode-config-settings.vercel.app/settings/linux?flag=8
https://api-server-mocha.vercel.app/api/ipcheck-encrypted/81
https://googlezauthtoken.vercel.app/checkStatus?id=S
https://api-server-mocha.vercel.app/api/ipcheck-encrypted/99
http://w3capi.marketing/api/v2/node/d6a8d0d14d3fbb3d5e66c8b007b7a2eb
https://getpngdata.vercel.app/api/data
https://jsonkeeper.com/b/XV3WO
https://jsonkeeper.com/b/E7GKK
https://api-server-mocha.vercel.app/api/ipcheck-encrypted/212
https://vscode-config-settings.vercel.app/settings/mac?flag=3
https://bs-production.up.railway.app/on
https://vscode-config-settings.vercel.app/settings/linux?flag=3
https://vscode-config-settings.vercel.app/settings/mac?flag=8
https://api.npoint.io/d1ef256fc2ad6213726e
https://jsonkeeper.com/b/GLGT4
https://api.npoint.io/b68a5c259541ec53bb5d
https://api.npoint.io/159a15993f79c22e8ff6
https://jsonkeeper.com/b/8RLOV
https://jsonkeeper.com/b/CNMYL
https://vscode-config-settings.vercel.app/settings/mac?flag=5
https://vscode-load.vercel.app/settings/windows?flag=9
https://jwt-alpha-woad.vercel.app/api
https://web3-metric-analytics.vercel.app/api/getMoralisData
http://chainlink-api-v3.com/api/service/token/1a049de15ad9d038a35f0e8b162dff76
https://api.npoint.io/b1f111907933b88418e4
https://vscode-load.vercel.app/settings/windows?flag=4
https://zone-api-navy.vercel.app/api/ip-check/99
https://api.npoint.io/e6a6bfb97a294115677d
https://metric-analytics.vercel.app/api/getMoralisData
http://openmodules.org/api/service/token/f90ec1a7066e8a5d0218c405ba68c58c
https://vscode-load-config.vercel.app/settings/windows?flag=3
https://api.npoint.io/d4dfbbac8d7c44470beb
https://jsonkeeper.com/b/PQPTZ
https://vscode-load-config.vercel.app/settings/linux?flag=3
https://ip-check-server.vercel.app/api/ip-check-encrypted/3aeb34a37
https://getApilatency.onrender.com/checkStatus
https://api.mocki.io/v2/8sg8bhsv/tracks/errors/665232
https://ip-api-test.vercel.app/api/ip-check-encrypted/3aeb34a38
https://api.npoint.io/f96fb4e8596bf650539c
https://vscode-load-config.vercel.app/settings/mac?flag=3
https://vscode-config-settings.vercel.app/settings/windows?flag=8
https://jsonkeeper.com/b/E4YPZ
https://jsonkeeper.com/b/4NAKK
https://api-server-mocha.vercel.app/api/ipcheck-encrypted/823T52
https://vscode-load.vercel.app/settings/mac?flag=4
http://chainlink-api-v3.cloud/api/service/token/792a2e10b9eaf9f0a73a71916e4269bc
https://vscode-load.vercel.app/settings/linux?flag=2
https://api-server-mocha.vercel.app/api/ipcheck-encrypted/106
https://pngconvert-p0kl4fodi-jhones-projects-f8ddbcbe.vercel.app/api
193.38.244.17
222.252.194.204
193.227.129.196
95.182.97.53
103.152.100.221
54.37.207.54
152.26.229.34
152.26.231.94
222.252.194.29
34.122.58.60
152.26.229.42
179.1.195.163
74.255.219.229
157.245.59.236
107.178.11.226
45.189.252.218
64.92.82.58
67.43.236.19
37.210.118.247
203.150.128.86
152.26.231.86
152.26.231.42
72.10.160.92
67.43.227.227
153.92.214.226
195.159.124.57
113.160.133.32
194.104.136.243
144.217.207.22
82.180.146.116
152.26.229.47
171.228.181.120
38.183.146.125
57.128.201.50
14.225.215.117
107.189.8.240
37.46.135.225
38.158.202.121
204.12.227.114
51.159.75.249
72.10.160.171
185.92.220.208
172.105.247.219
121.132.60.117
103.174.81.10
1.20.169.90
152.26.231.83
152.26.231.93
103.106.112.166
111.197.183.74
147.28.155.20
67.43.227.226
143.110.226.180
45.81.115.86
139.178.67.134
178.63.180.104
64.92.82.59
125.26.238.166
72.10.164.178
152.26.229.83
115.72.1.61
200.24.159.153
50.6.193.80
148.72.168.81
200.60.20.11
2.59.181.125
94.23.153.15
152.26.229.46
195.85.250.12
67.43.236.20
171.99.253.154
4.7.147.233
67.43.228.253
45.119.114.203
103.155.199.28
23.237.145.36
152.26.229.93
194.164.206.37
173.255.223.18
184.168.124.233
61.198.87.1
152.26.229.86
47.220.151.116
103.39.70.248
117.1.101.198
146.190.114.113
45.144.166.24
103.190.171.37
31.41.216.122
[email protected]
[email protected]
792a2e10b9eaf9f0a73a71916e4269bc
3ae1d04a7c1a35b9edf045a7d131c4a7
d6a8d0d14d3fbb3d5e66c8b007b7a2eb
7d6c3b0f7d1f3ae96e1d116cbeff2875
b2040f01294c183945fdbe487022cf8e
1a049de15ad9d038a35f0e8b162dff76
f90ec1a7066e8a5d0218c405ba68c58c