LABYRINTH CHOLLIMA Evolves into Three Adversaries

2026-01-29 Crowd Strike

https://www.crowdstrike.com/en-us/blog/labyrinth-chollima-evolves-into-three-adversaries/

Thumbnail for LABYRINTH CHOLLIMA Evolves into Three Adversaries

CrowdStrike reassesses LABYRINTH CHOLLIMA as having evolved into three specialized DPRK-nexus adversaries: GOLDEN CHOLLIMA, PRESSURE CHOLLIMA, and a narrower core LABYRINTH CHOLLIMA espionage group. GOLDEN CHOLLIMA focuses on sustained cryptocurrency and fintech theft using Jeus and AppleJeus lineage tooling, malicious Python packages, cloud pivots, and recent SnakeBaker or NodalBaker deployments. PRESSURE CHOLLIMA pursues high-value digital-asset theft with lower-prevalence implants such as SparkDownloader, Scuzzyfuss, and TwoPence Electric delivered through malicious Node.js and Python projects. Core LABYRINTH CHOLLIMA remains focused on espionage against defense, manufacturing, industrial, logistics, and shipping targets, using Hoplight-lineage malware, FudModule capabilities, zero-days, WhatsApp delivery, employment lures, and trojanized applications. Shared infrastructure, code, and tradecraft indicate coordination across distinct DPRK operational units serving both revenue generation and intelligence collection.

Indicators of Compromise

Type Value First Seen Last Seen
HASH f749c7e84809ffc3939eaed06ad90e1… 2026-01-29 2026-04-03
HASH fc885b323172106ab6f2f0cc77b6099… 2026-01-29 2026-04-03
HASH 666c50b8b772101b0e2e35ff1de52a2… 2026-01-29 2026-04-03
HASH 512877c98fd83cd51bb287da4462b44… 2026-01-29 2026-04-03
HASH 73edc54abb3d6b8df6bd1e4a77c3733… 2026-01-29 2026-04-03
HASH d0cf9c1f87eac9b8879684a041dd6a2… 2026-01-29 2026-04-03
HASH 453d8bd3e2069bc50703eb4c5d278aa… 2026-01-29 2026-04-03
HASH ceccb2339088fa2d6337082704bbf67… 2026-01-29 2026-04-03
HASH a795964bc2be442f142f5aea9886ddf… 2026-01-29 2026-04-03
HASH d2359630e84f59984ac7ddebdece931… 2026-01-29 2026-04-03
HASH 2110a6e89d98a626f846ec8deccbac0… 2026-01-29 2026-04-03
HASH 2ef212f433b722b734d80b41a2364a4… 2026-01-29 2026-04-03
HASH 357c9daf6c4343286a9a85a27bc25de… 2026-01-29 2026-04-03
HASH 56e51244e258c39293463c8cf02f5dd… 2026-01-29 2026-04-03
HASH b6995c31a7ee88392fc25fd6d1a3a79… 2026-01-29 2026-04-03
HASH d2e743216d17e97c8d1913d376d4609… 2026-01-29 2026-04-03
HASH b9f6a9d4f837f5b8a5dc9987a91ba44… 2026-01-29 2026-04-03
HASH 1579347265f948f9646931335d57e79… 2026-01-29 2026-04-03
HASH f9586fdf4e0a65b17ee32bc3c3f493a… 2026-01-29 2026-04-03
HASH fde50c3a373ebc2661e08c99c1cb50d… 2026-01-29 2026-04-03
HASH 7dee2bd4e317d12c9a2923d05315268… 2026-01-29 2026-04-03
HASH e0aa5ef3af26681a8c8b46d95656580… 2026-01-29 2026-04-03
HASH 0518a163b90e7246a349440164d02d1… 2026-01-29 2026-04-03
HASH ff32bc1c756d560d8a9815db458f438… 2025-09-01 2026-04-03
HASH 58f2972c6a8fc743543f7b8c4df085c… 2024-12-23 2026-04-03
HASH 081804b491c70bfa63ecdbe9fd4618d… 2024-09-09 2026-04-03
HASH cbd1634cf7c638f2faf5e3ec79137db… 2024-09-02 2026-04-03
HASH fe948451df90df80c8028b969bf89ec… 2022-12-01 2026-04-03
HASH 9ba02f8a985ec1a99ab7b78fa678f26… 2022-04-18 2026-04-03
HASH dced1acbbe11db2b9e7ae44a617f3c1… 2022-04-18 2026-04-03
HASH a61ecbe8a5372c85dcf5d077487f09d… 2020-07-27 2026-04-03
HASH 05feed9762bc46b47a7dc5c469add9f… 2020-02-25 2026-04-03
HASH 4fe3c853ab237005f7d62324535dd64… 2017-02-12 2026-04-03

Related Actors

Related Reports

« Back