2018-09-06 • USJustice •
https://www.justice.gov/opa/press-release/file/1092091/download
The excerpt is a U.S. federal criminal complaint against Park Jin Hyok alleging conspiracy and wire-fraud-related computer intrusion activity from at least 2014 through 2017. Its table of contents links the case to North Korean computer networks, Brambul, proxy and DDNS infrastructure, reconnaissance, spear-phishing, the Sony Pictures Entertainment intrusion, financial institution intrusions, and WannaCry. The complaint frames these incidents as connected through accounts, malware families, infrastructure, and personas including Kim Hyon Woo and Chosun Expo accounts accessed from North Korean IP addresses. For DPRK-focused tracking, the document matters because it consolidates law-enforcement evidence across destructive attacks, bank theft activity, defense contractor targeting, South Korean targeting, and global ransomware activity.
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | outlook.com | 2018-09-06 | 2026-04-17 |
| DOMAIN | chosunexpo.com | 2014-08-27 | 2025-11-14 |
| DOMAIN | gmall.com | 2018-09-06 | 2019-06-10 |
| DOMAIN | yaodex.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | subdomain.domain.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | hotma1l.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | wordzen.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | paystore.onedumb.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | hackforums.net | 2018-09-06 | 2018-09-06 |
| DOMAIN | ovhelp.mrbasic.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | fwww.fancug.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | gma1l.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | gmaol.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | lcgmd.strangled.net | 2018-09-06 | 2018-09-06 |
| DOMAIN | hotmaol.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | statis.ignorelist.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | tbs.fartit.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | mlods.strangled.net | 2018-09-06 | 2018-09-06 |
| DOMAIN | geodb.ignorelist.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | shareboard.mrbonus.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | mones.biz | 2018-09-06 | 2018-09-06 |
| DOMAIN | repview.ignorelist.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | spe.sony.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | hotmail.com.getnotify.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | lakers.crabdance.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | sap.domain | 2018-09-06 | 2018-09-06 |
| DOMAIN | cloud.edns.biz | 2018-09-06 | 2018-09-06 |
| DOMAIN | vnistudio.mooo.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | wconsult.longmusic.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | bitdefs.ignorelist.com | 2018-09-06 | 2018-09-06 |
| DOMAIN | mammothscreen.com | 2018-09-06 | 2018-09-06 |
| IPv4 | 6.7.8.9 | 2018-09-06 | 2018-09-06 |
| IPv4 | 149.101.146.50 | 2018-09-06 | 2018-09-06 |
| DOMAIN | update.craftx.biz | 2017-08-30 | 2018-09-06 |
| DOMAIN | download.ns360.info | 2017-08-30 | 2018-09-06 |
| DOMAIN | checkupdates.flashserv.net | 2017-08-30 | 2018-09-06 |
| IPv4 | 84.92.36.96 | 2017-05-22 | 2018-09-06 |
| IPv4 | 87.101.243.252 | 2017-05-22 | 2018-09-06 |
| IPv4 | 196.45.177.52 | 2017-05-22 | 2018-09-06 |
| IPv4 | 184.74.243.67 | 2017-05-22 | 2018-09-06 |
| DOMAIN | tradeboard.mefound.com | 2017-04-03 | 2018-09-06 |
| DOMAIN | movis-es.ignorelist.com | 2017-04-03 | 2018-09-06 |