Ketman's Guide to Identifying a Suspicious Github Account Associated with DPRK
Contents
Investigation
The investigation into the threat actor associated with DPRK activities has revealed several interesting insights into how to track this actor’s activity based on their own presentation on GitHub. This analysis allowed us to identify their context through their followers and following patterns within two to three degrees of separation. Additionally, it was found that the use of certain images can also be a key aspect when analyzing these networks related to this actor
How to Identify a Suspicious GitHub Account Associated with DPRK Threat Actors
We can also identify a GitHub account based on its actual context - such as country, connections, social networks, and social activity - and analyze its relationships within that context, including follower and following patterns.
When analyzing an account to determine if it might be related to a group threat actor like Lazarus, it’s essential to consider the following aspects:
-
Creation Date: Many accounts were created between May …
The investigation into the threat actor associated with DPRK activities has revealed several interesting insights into how to track this actor’s activity based on their own presentation on GitHub. This analysis allowed us to identify their context through their followers and following patterns within two to three degrees of separation. Additionally, it was found that the use of certain images can also be a key aspect when analyzing these networks related to this actor
How to Identify a Suspicious GitHub Account Associated with DPRK Threat Actors
We can also identify a GitHub account based on its actual context - such as country, connections, social networks, and social activity - and analyze its relationships within that context, including follower and following patterns.
When analyzing an account to determine if it might be related to a group threat actor like Lazarus, it’s essential to consider the following aspects:
-
Creation Date: Many accounts were created between May …
IoC
https://github.com/shortdoom/gh-fake-analyzer
https://github.com/orgs/Finalgoal231/discussions/69
https://github.com/orgs/Finalgoal231/discussions/69