Shares tag: JumpCloud • Shares 32 IOCs • Published within a month
JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity
2023-07-20 • Sentinel One •
The IOCs are linked to a wide variety of activity we attribute to DPRK, overall centric to the supply chain targeting approach seen in previous campaigns. While the following is not a strong indicator of attribution alone, it’s noteworthy that specific patterns in how the domains are constructed and used follow a similar pattern to other DPRK linked campaigns we track. The DPRK demonstrates a profound understanding of the benefits derived from meticulously selecting high-value targets as a pivot point to conduct supply chain attacks into fruitful networks. Reviewing the newly released indicators of compromise, we associate the cluster of threat activity to a North Korean state sponsored APT.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 66.187.75.186 | 2023-07-12 | 2026-01-21 |
| IPv4 | 185.152.67.39 | 2023-07-12 | 2026-01-21 |
| IPv4 | 70.39.103.3 | 2023-07-12 | 2025-04-24 |
| DOMAIN | primerosauxiliosperu.com | 2023-07-12 | 2024-09-09 |
| DOMAIN | celasllc.com | 2018-08-15 | 2024-03-05 |
| DOMAIN | centos-pkg.org | 2023-07-12 | 2023-08-07 |
| DOMAIN | centos-repos.org | 2023-07-12 | 2023-08-07 |
| DOMAIN | npmaudit.com | 2023-07-18 | 2023-08-02 |
| DOMAIN | npmjscloud.com | 2023-07-18 | 2023-08-02 |
| DOMAIN | tradingprice.net | 2023-06-23 | 2023-08-02 |
| DOMAIN | npmcloudjs.com | 2023-06-23 | 2023-08-02 |
| DOMAIN | bi2price.com | 2023-06-23 | 2023-08-02 |
| DOMAIN | npmjsregister.com | 2023-06-23 | 2023-08-02 |
| DOMAIN | npm-pool.org | 2023-07-20 | 2023-07-20 |
| DOMAIN | skylerhaupt.com | 2023-07-20 | 2023-07-20 |
| DOMAIN | junknomad.com | 2023-07-20 | 2023-07-20 |
| DOMAIN | insatageram.com | 2023-07-20 | 2023-07-20 |
| DOMAIN | dadiwarm.com | 2023-07-20 | 2023-07-20 |
| DOMAIN | nodepkg.com | 2023-07-20 | 2023-07-20 |
| IPv4 | 142.44.178.222 | 2023-07-20 | 2023-07-20 |
| IPv4 | 216.189.145.247 | 2023-07-20 | 2023-07-20 |
| DOMAIN | toyourownbeat.com | 2023-07-12 | 2023-07-20 |
| DOMAIN | launchruse.com | 2023-07-12 | 2023-07-20 |
| DOMAIN | reggedrobin.com | 2023-07-12 | 2023-07-20 |
| DOMAIN | nomadpkg.com | 2023-07-12 | 2023-07-20 |
| DOMAIN | datadog-cloud.com | 2023-07-12 | 2023-07-20 |
| DOMAIN | datadog-graph.com | 2023-07-12 | 2023-07-20 |
| DOMAIN | zscaler-api.org | 2023-07-12 | 2023-07-20 |
| DOMAIN | alwaysckain.com | 2023-07-12 | 2023-07-20 |
| DOMAIN | nomadpkgs.com | 2023-07-12 | 2023-07-20 |
| DOMAIN | canolagroove.com | 2023-07-12 | 2023-07-20 |
| IPv4 | 162.19.3.23 | 2023-07-12 | 2023-07-20 |
| IPv4 | 51.254.24.19 | 2023-07-12 | 2023-07-20 |
| IPv4 | 23.29.115.171 | 2023-07-12 | 2023-07-20 |
| IPv4 | 192.185.5.189 | 2023-07-12 | 2023-07-20 |
| IPv4 | 144.217.92.197 | 2023-07-12 | 2023-07-20 |
| IPv4 | 100.21.104.112 | 2023-07-12 | 2023-07-20 |
| IPv4 | 104.223.86.8 | 2023-07-12 | 2023-07-20 |
| IPv4 | 23.95.182.5 | 2023-07-12 | 2023-07-20 |
| IPv4 | 78.141.223.50 | 2023-07-12 | 2023-07-20 |
| IPv4 | 167.114.188.40 | 2023-07-12 | 2023-07-20 |
| IPv4 | 89.44.9.202 | 2023-07-12 | 2023-07-20 |
| IPv4 | 116.202.251.38 | 2023-07-12 | 2023-07-20 |
| IPv4 | 45.82.250.186 | 2023-07-12 | 2023-07-20 |
| IPv4 | 162.241.248.14 | 2023-07-12 | 2023-07-20 |
| IPv4 | 91.234.199.179 | 2023-07-12 | 2023-07-20 |
| IPv4 | 179.43.151.196 | 2023-07-12 | 2023-07-20 |
Related Reports
Shares tags: JumpCloud, NPM • Shares 1 IOC • Published within a week
Shares tag: NPM • Shares 6 IOCs • Published within a month
Shares tag: NPM • Shares 5 IOCs • Published within a week
Shares tag: NPM • Shares 4 IOCs • Published within a month
2025-07-28 •
40% Match
#TraderTraitor
#JumpCloud
#NPM
#DMM
#Bybit
#T1082
#T1041
#T1555
#T1071.001
#T1195.002
#T1059.006
#T1059.007
#T1027
#T1204.002
#T1566.002
#T1566.003
#T1566.001
#T1059
#T1199
#T1105
#T1553.002
#T1552.004
#T1195.001
#T1078
#T1087.004
#T1580
#T1578.005
#T1588.003
#T1550.004
#T1609
Shares tags: JumpCloud, NPM