Analytical Insights on IoCs

Annual Number of IoCs

Growth of extracted indicators over time, reflecting both threat actor activity levels and improvements in IOC collection and coverage.

Categories

Distribution of IOC types (IPv4, domain, hash, URL, email, etc.) across the dataset, showing which indicator categories are most commonly observed.

World Map of IPs

Geographic distribution of IPv4 indicators based on ASN geolocation data, revealing the countries where DPRK-linked infrastructure is most concentrated.

IPs by Country

Countries hosting the most tracked IP indicators, useful for identifying infrastructure hotspots and prioritizing network-level blocking.

IOCs by Related Report Count

Indicators appearing across the most reports, suggesting persistent or reused infrastructure shared between campaigns.

Reports by IOC Count

Reports with the highest number of extracted indicators, representing the most technically detailed analyses in the dataset.

ASNs by IP Count

Autonomous systems hosting the most tracked IP indicators, useful for infrastructure pivoting and identifying hosting providers favored by DPRK actors.

Domains by URL Count

Root domains with the most associated malicious URLs, indicating prolific C2 servers or malware delivery infrastructure.