npm Malware, Fake Devs, and Deepfake Videos: These Are A Few of My Favorite DPRK Things
Contents
What started as what I thought was going to be a quick look into a suspicious GitHub organization turned into a much deeper rabbit hole with an active npm backdoor, more than a dozen fake developer personas, and recruitment posts looking for overseas facilitators.
Individually there’s a lot of interesting pieces here but together they map closely to documented DPRK tradecraft. This post walks through hopefully in a cohesive manner how all the pieces come together.
How This Started
The investigation stared with a GitHub organization called Mentonex
.
At first glance it looks almost like a legitimate company but a few things immediately stood out:
- The branding all appeared to be AI generated
- Several contributing accounts were nely created with inactive LinkedIn profiles
- Repositories all appeared to be projects that were taken from other users or repos.
Digging into the repositories made it clear that something was a little off. One repository in particular stood …
Individually there’s a lot of interesting pieces here but together they map closely to documented DPRK tradecraft. This post walks through hopefully in a cohesive manner how all the pieces come together.
How This Started
The investigation stared with a GitHub organization called Mentonex
.
At first glance it looks almost like a legitimate company but a few things immediately stood out:
- The branding all appeared to be AI generated
- Several contributing accounts were nely created with inactive LinkedIn profiles
- Repositories all appeared to be projects that were taken from other users or repos.
Digging into the repositories made it clear that something was a little off. One repository in particular stood …
IoC
https://dev.to/darkbranchcore/when-debugging-became-belonging-what-nearly-15-years-of-helping-developers-taught-me-3amg/comments
https://vynyl.com
https://www.howtica.com/
https://www.ideasvoice.com/fr/pub/entrepreneur/paxton-powers-3
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
00e3e9b82118398b78b9033ce93d7b1fec792dfd
c0c4934fc8b84cd0d699cb5a941a0ec51ee115f60c7e5f9ec2951adaa548a091
https://vynyl.com
https://www.howtica.com/
https://www.ideasvoice.com/fr/pub/entrepreneur/paxton-powers-3
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
00e3e9b82118398b78b9033ce93d7b1fec792dfd
c0c4934fc8b84cd0d699cb5a941a0ec51ee115f60c7e5f9ec2951adaa548a091