Suspicious activity in GitHub associated with Lazarus Group
2024-08-23 • Coinmonks •
The Coinmonks report follows a suspected Lazarus-linked GitHub network centered on accounts connected to Devmaster929 and Warmice71. It describes fake developer and recruiter profiles that act as follower nodes, boost credibility for target personas, monitor real users, and split roles by the types of accounts they follow, including developers, companies, and female profiles. The investigation also surfaces GitHub-themed phishing and redirect infrastructure, including domains and URLs tied to copied GitHub assets, suspicious profile mirrors, and C2 or phishing IPs listed in the source. The evidence supports treating the activity as a coordinated DPRK-aligned social-engineering ecosystem rather than normal GitHub spam.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 76.76.21.21 | 2019-06-04 | 2026-05-28 |
| IPv4 | 76.76.21.22 | 2024-08-23 | 2026-04-24 |
| IPv4 | 172.67.141.26 | 2024-08-23 | 2026-04-07 |
| IPv4 | 188.114.96.3 | 2024-08-23 | 2025-11-09 |
| IPv4 | 188.114.97.3 | 2024-08-23 | 2025-11-09 |
| IPv4 | 76.76.21.241 | 2024-08-23 | 2025-11-08 |
| DOMAIN | yhype.me | 2024-08-23 | 2025-08-28 |
| DOMAIN | web3.career | 2024-08-23 | 2025-08-25 |
| IPv4 | 76.76.21.142 | 2024-08-23 | 2025-03-27 |
| URL | https://brolab.dev/ | 2024-08-23 | 2024-08-23 |
| URL | https://www.transferthought.com/ | 2024-08-23 | 2024-08-23 |
| URL | https://tayler.wiki/ | 2024-08-23 | 2024-08-23 |
| URL | https://erwinhofmann.onrender.c… | 2024-08-23 | 2024-08-23 |
| URL | http://github.njzjz.win/ | 2024-08-23 | 2024-08-23 |
| URL | https://alertmanager.bbcore.co/ | 2024-08-23 | 2024-08-23 |
| URL | http://github.jonnyl.in/ | 2024-08-23 | 2024-08-23 |
| URL | http://github.quentin.paris/ | 2024-08-23 | 2024-08-23 |
| URL | http://github.leol.me/ | 2024-08-23 | 2024-08-23 |
| URL | http://github.razem.io/ | 2024-08-23 | 2024-08-23 |
| URL | http://horstexplorer.de/ | 2024-08-23 | 2024-08-23 |
| URL | http://github.felipeoliveira.xy… | 2024-08-23 | 2024-08-23 |
| URL | https://patience.onrender.com/ | 2024-08-23 | 2024-08-23 |
| URL | https://krishnaprasad12.netlify… | 2024-08-23 | 2024-08-23 |
| URL | https://9y4yg.r.sp1-brevo.net/m… | 2024-08-23 | 2024-08-23 |
| URL | https://buildblox.xyz/ | 2024-08-23 | 2024-08-23 |
| URL | https://ramin3d.netlify.app/ | 2024-08-23 | 2024-08-23 |
| URL | https://elbert-ainstein.github.… | 2024-08-23 | 2024-08-23 |
| URL | https://web3.career/ | 2024-08-23 | 2024-08-23 |
| URL | https://evilgon.vercel.app/ | 2024-08-23 | 2024-08-23 |
| URL | https://dcmpx.remotevs.com | 2024-08-23 | 2024-08-23 |
| URL | https://attractive-portfolio-te… | 2024-08-23 | 2024-08-23 |
| URL | https://yhype.me/ | 2024-08-23 | 2024-08-23 |
| URL | https://dev.mw/ | 2024-08-23 | 2024-08-23 |
| URL | http://github.obm.one/ | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.dilloid.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.oasis-ddns.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | mu.dou44oshge.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.gwentmaster.eu.org | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.obm.one | 2024-08-23 | 2024-08-23 |
| DOMAIN | speedgithub.pages.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | allesman.net | 2024-08-23 | 2024-08-23 |
| DOMAIN | 9y4yg.r.sp1-brevo.net | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.thomas-miller.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | mfauth.net | 2024-08-23 | 2024-08-23 |
| DOMAIN | alertmanager.bbcore.co | 2024-08-23 | 2024-08-23 |
| DOMAIN | ilancosta.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.josephamcdonald.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.apicage.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | prakashgowri.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | ten.245trdgfrs43.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.kxpsado.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | lucaliebenberg.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | secure2.gustav.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.felipeoliveira.xyz | 2024-08-23 | 2024-08-23 |
| DOMAIN | campanagerald.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | xvp-essentials-qa-automation.co… | 2024-08-23 | 2024-08-23 |
| DOMAIN | horstexplorer.de | 2024-08-23 | 2024-08-23 |
| DOMAIN | roopdilawar.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.surj.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | dcmpx.remotevs.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | cpil-ms-service-referral-code.d… | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.louiscad.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.sunjianxun.eu.org | 2024-08-23 | 2024-08-23 |
| DOMAIN | qi7.245trdgfrs43.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | vedanthramanathan.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.leol.me | 2024-08-23 | 2024-08-23 |
| DOMAIN | kairostay.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | brolab.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | dc.aerhtt.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | tracking.tldrnewsletter.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.matiasbaldanza.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.nixon.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | shitatmiyu.github.io | 2024-08-23 | 2024-08-23 |
| DOMAIN | round-tooth-4.hjbyghbn.workers.… | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.wqj666.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | vu.dou44oshge.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | discordgophers.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | michaelheinhold.github.io | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.020327.xyz | 2024-08-23 | 2024-08-23 |
| DOMAIN | dev.mw | 2024-08-23 | 2024-08-23 |
| DOMAIN | mszx.847537757.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.suhasbacchu.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.razem.io | 2024-08-23 | 2024-08-23 |
| DOMAIN | glen-simmons.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | patience.onrender.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | kaanbas.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | ghcr.colinxu.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.njzjz.win | 2024-08-23 | 2024-08-23 |
| DOMAIN | elbert-ainstein.github.io | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.546946.xyz | 2024-08-23 | 2024-08-23 |
| DOMAIN | mayamessinger-037be608e01f302ba… | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.ian2018.cn | 2024-08-23 | 2024-08-23 |
| DOMAIN | winter2024.lsdfjsdkfjl.workers.… | 2024-08-23 | 2024-08-23 |
| DOMAIN | cloudflare-pages-url-shortener-… | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.josefjantzen.de | 2024-08-23 | 2024-08-23 |
| DOMAIN | afonsosantos.me | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.tsingyoung.uk | 2024-08-23 | 2024-08-23 |
| DOMAIN | hj-4gz.pages.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | trojan-7uj.pages.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | hub.anxl.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | designrknight.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.bassadin.de | 2024-08-23 | 2024-08-23 |
| DOMAIN | songhao-li.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | erwinhofmann.onrender.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.quentin.paris | 2024-08-23 | 2024-08-23 |
| DOMAIN | meilu.sanwago.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | login.atxconsulting.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | ghcr1.739527.xyz | 2024-08-23 | 2024-08-23 |
| DOMAIN | git.phoenixcloud.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | user-management-doc.dev.bosch-e… | 2024-08-23 | 2024-08-23 |
| DOMAIN | hash-brown.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | simonferns.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | milosmekota.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.zlrwp.cn | 2024-08-23 | 2024-08-23 |
| DOMAIN | k8s.hitictoc.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.208886.xyz | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.yafb.net | 2024-08-23 | 2024-08-23 |
| DOMAIN | ning.245trdgfrs43.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | ji.bosfiewgsew.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | four.245trdgfrs43.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | dea42.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | stevenlexr.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | roshanpaudel.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.tiy163.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | nu.dou44oshge.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.thrasymache.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | ghcr.iamdalao.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | uv.bosfiewgsew.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | sparks.orbzzy.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | buildblox.xyz | 2024-08-23 | 2024-08-23 |
| DOMAIN | nft.khtain.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | crazii.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | gitlab.319838.xyz | 2024-08-23 | 2024-08-23 |
| DOMAIN | yv.bosfiewgsew.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | ghp.itku.org | 2024-08-23 | 2024-08-23 |
| DOMAIN | iu.dou44oshge.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.517010.xyz | 2024-08-23 | 2024-08-23 |
| DOMAIN | agency.rccodex.co | 2024-08-23 | 2024-08-23 |
| DOMAIN | mv.bosfiewgsew.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | gh.whitespider.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.seenke.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.cnfaq.cn | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.jonnyl.in | 2024-08-23 | 2024-08-23 |
| DOMAIN | k8s.sqlboy.me | 2024-08-23 | 2024-08-23 |
| DOMAIN | rust.hoelweb.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.hbcraft.cn | 2024-08-23 | 2024-08-23 |
| DOMAIN | one2.245trdgfrs43.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | fv.bosfiewgsew.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | git.pkarr.org | 2024-08-23 | 2024-08-23 |
| DOMAIN | late-sea-43aa.piper1136752612.w… | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.com.justnull.cn | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.zjzj.xyz | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.thejus.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.unterdrueckt.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | omed-dev.de | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.anthonywritesco.de | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.czhiming.cn | 2024-08-23 | 2024-08-23 |
| DOMAIN | favicon.getsona.io | 2024-08-23 | 2024-08-23 |
| DOMAIN | booking.gustav.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | tayler.wiki | 2024-08-23 | 2024-08-23 |
| DOMAIN | one1.245trdgfrs43.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | ning1.245trdgfrs43.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | test.blueice233666.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.fushudi.cn | 2024-08-23 | 2024-08-23 |
| DOMAIN | two1.245trdgfrs43.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | chatgpt-public.pages.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github-7va.pages.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | hv.bosfiewgsew.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | vless-page-proxy.pages.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | xu.dou44oshge.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.daw.org.cn | 2024-08-23 | 2024-08-23 |
| DOMAIN | steamraven.xyz | 2024-08-23 | 2024-08-23 |
| DOMAIN | test.zqcnrc.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | matthewbill.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | iamdobhal.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | k8s.daisy-docker.xyz | 2024-08-23 | 2024-08-23 |
| DOMAIN | github-stats.jiangmingtao.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | docs.testapi.exact-framework.io | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.mhummel.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | oauth2.bbcore.co | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.cashen.eu.org | 2024-08-23 | 2024-08-23 |
| DOMAIN | git.ginobi.uk | 2024-08-23 | 2024-08-23 |
| DOMAIN | github.gparrello.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | k8s.iamdalao.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | test-proxy.wzc3340.workers.dev | 2024-08-23 | 2024-08-23 |
| DOMAIN | alertmanager.khatex.com | 2024-08-23 | 2024-08-23 |
| DOMAIN | kajitsy.ru | 2024-08-23 | 2024-08-23 |
| IPv4 | 140.82.113.4 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.218.69 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.201.168 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.193.246 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.217.68 | 2024-08-23 | 2024-08-23 |
| IPv4 | 3.72.140.173 | 2024-08-23 | 2024-08-23 |
| IPv4 | 167.71.206.18 | 2024-08-23 | 2024-08-23 |
| IPv4 | 4.237.22.38 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.140.218 | 2024-08-23 | 2024-08-23 |
| IPv4 | 140.82.114.3 | 2024-08-23 | 2024-08-23 |
| IPv4 | 76.76.21.61 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.171.157 | 2024-08-23 | 2024-08-23 |
| IPv4 | 76.76.21.164 | 2024-08-23 | 2024-08-23 |
| IPv4 | 188.114.96.9 | 2024-08-23 | 2024-08-23 |
| IPv4 | 76.76.21.123 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.138.210 | 2024-08-23 | 2024-08-23 |
| IPv4 | 140.82.121.3 | 2024-08-23 | 2024-08-23 |
| IPv4 | 76.76.21.93 | 2024-08-23 | 2024-08-23 |
| IPv4 | 16.162.188.62 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.218.131 | 2024-08-23 | 2024-08-23 |
| IPv4 | 43.153.219.66 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.157.118 | 2024-08-23 | 2024-08-23 |
| IPv4 | 52.58.254.253 | 2024-08-23 | 2024-08-23 |
| IPv4 | 8.217.217.28 | 2024-08-23 | 2024-08-23 |
| IPv4 | 85.13.132.10 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.163.75 | 2024-08-23 | 2024-08-23 |
| IPv4 | 76.76.21.9 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.193.90 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.134.188 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.208.204 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.220.221 | 2024-08-23 | 2024-08-23 |
| IPv4 | 39.107.52.162 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.66.46.220 | 2024-08-23 | 2024-08-23 |
| IPv4 | 212.132.64.126 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.187.114 | 2024-08-23 | 2024-08-23 |
| IPv4 | 155.248.176.223 | 2024-08-23 | 2024-08-23 |
| IPv4 | 216.24.57.252 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.204.21 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.205.93 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.151.205 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.217.249 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.166.67 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.211.119 | 2024-08-23 | 2024-08-23 |
| IPv4 | 81.143.214.55 | 2024-08-23 | 2024-08-23 |
| IPv4 | 140.82.112.3 | 2024-08-23 | 2024-08-23 |
| IPv4 | 140.82.112.4 | 2024-08-23 | 2024-08-23 |
| IPv4 | 76.76.21.98 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.145.17 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.147.83 | 2024-08-23 | 2024-08-23 |
| IPv4 | 162.19.142.161 | 2024-08-23 | 2024-08-23 |
| IPv4 | 45.153.56.227 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.188.112 | 2024-08-23 | 2024-08-23 |
| IPv4 | 172.67.181.86 | 2024-08-23 | 2024-08-23 |
| IPv4 | 140.82.121.4 | 2024-08-23 | 2024-08-23 |
| IPv4 | 3.70.101.28 | 2024-08-23 | 2024-08-23 |
| IPv4 | 20.27.177.113 | 2024-08-23 | 2024-08-23 |
| IPv4 | 185.12.116.109 | 2024-08-23 | 2024-08-23 |
| IPv4 | 140.82.113.3 | 2024-08-23 | 2024-08-23 |
| IPv4 | 150.230.26.250 | 2024-08-23 | 2024-08-23 |
| URL | https://trademarktoday-nextjs.v… | 2024-08-23 | 2024-08-23 |
Related Actors
Related Reports
2024-09-04 •
80% Match
#ContagiousInterview
#BeaverTail
#InvisibleFerret
#MiroTalk
#Lazarus
#CivetQ
#FCCCall
Shares tags: ContagiousInterview, Lazarus • Published within a month
Shares tags: ContagiousInterview, Lazarus • Same author: Coinmonks
Shares tags: ContagiousInterview, Lazarus
2025-02-07 •
65% Match
#ContagiousInterview
#Lazarus
#ClickFix
#T1082
#T1041
#T1555
#T1056.001
#T1027
#T1204.002
#T1555.003
#T1027.002
#T1564.001
#T1016
#T1033
#T1546.008
Shares tags: ContagiousInterview, Lazarus
Shares tags: ContagiousInterview, Lazarus
Shares tags: ContagiousInterview, Lazarus