DomainMediumSignal 50/100
dprk-research.kmsec.uk
First Seen
Apr 17, 2026
Last Seen
Apr 23, 2026
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
3 reports50% confidence
3
Source reports
50%
Confidence score
Category tags
active scanatobdprkgolangindicatoripv4networknodejsreaves3 minresearchedt1027t1059.007t1098.004threat actortor node
Activity Timeline
Apr 23Apr 23
Threat Activity Heatmap
· Peak: 2026-04-23LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
3
Reports
First seenApr 17, 2026
Last seenApr 23, 2026
VirusTotal
Not checked
WHOIS
- description
- The analysis of the Ottercookie infrastructure reveals a network of cyber operations associated with entities linked to the Democratic People's Republic of Korea (DPRK). While the focus has primarily been on DPRK IT workers, various groups are involved in diverse schemes, including recruiting developers to work on code repositories supplied by threat actors. The malware produced through these collaborations primarily targets credential and cryptocurrency theft, with notable families including InvisibleFerret, BeaverTail, OtterCookie, and Golang-based malware variants.
- raw
- Expiry date: 13-May-2026 Last updated: 13-Apr-2025 Registered on: 13-May-2021 kayleigh.ns.cloudflare.com yew.ns.cloudflare.com
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 month ago · Last seen 1 month ago
Appeared in 3 threat reports