North Korean IT Farms IoC Document and Recommendations
Contents
These are the IP addresses the North Koreans are using to connect to American companies via remote desktop software like Anydesk. The North Koreans also use trusted platforms like Webex, Microsoft Teams, etc to take control of the device without setting off EDR systems. They do this using "take control" features or plugins built into these tools. These pseudo-remote desktop control apps need to be stripped of their remote desktop control features in corporate environments as they cannot be easily detected via EDR systems.
âIoC's:
155.94.255.2 â Rustdesk logs
104.223.97.2 â Rustdesk logs
83.234.227.35 â Rustdesk logs
83.234.227.37 â Rustdesk logs
83.234.227.38 â Rustdesk logs
104.223.98.2 â Rustdesk logs
83.234.227.33 â Rustdesk logs
83.234.227.34 â Rustdesk logs
173.205.94.156 â Rustdesk logs
83.234.227.36 â Rustdesk logs
38.170.181.10 â Rustdesk logs
209.127.228.186 â Rustdesk logs
51.195.140.214 â Rustdesk logs
207.126.86.121 â Rustdesk logs
51.161.196.51 â Rustdesk logs
Recommendations for detection/prevention:
Hand out company laptops instead of allowing employee's to bring their own device.
â
Secure company devices and endpoints with EDR software …
âIoC's:
155.94.255.2 â Rustdesk logs
104.223.97.2 â Rustdesk logs
83.234.227.35 â Rustdesk logs
83.234.227.37 â Rustdesk logs
83.234.227.38 â Rustdesk logs
104.223.98.2 â Rustdesk logs
83.234.227.33 â Rustdesk logs
83.234.227.34 â Rustdesk logs
173.205.94.156 â Rustdesk logs
83.234.227.36 â Rustdesk logs
38.170.181.10 â Rustdesk logs
209.127.228.186 â Rustdesk logs
51.195.140.214 â Rustdesk logs
207.126.86.121 â Rustdesk logs
51.161.196.51 â Rustdesk logs
Recommendations for detection/prevention:
Hand out company laptops instead of allowing employee's to bring their own device.
â
Secure company devices and endpoints with EDR software …
IoC
83.234.227.37
209.127.228.186
83.234.227.35
155.94.255.2
104.223.97.2
83.234.227.36
83.234.227.34
51.195.140.214
104.223.98.2
207.126.86.121
83.234.227.38
51.161.196.51
38.170.181.10
83.234.227.33
173.205.94.156
209.127.228.186
83.234.227.35
155.94.255.2
104.223.97.2
83.234.227.36
83.234.227.34
51.195.140.214
104.223.98.2
207.126.86.121
83.234.227.38
51.161.196.51
38.170.181.10
83.234.227.33
173.205.94.156