OSINT - From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
Severity: mediumType: unknown
OSINT - From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
AI Analysis
Technical Summary
This intelligence report highlights the emerging trend of North Korean remote workers infiltrating Western payroll systems, as identified through OSINT (Open Source Intelligence) methods. The report associates this activity with known North Korean malware families such as Beavertail and InvisibleFerret, which are linked to cyber espionage and network intrusion campaigns. While no specific software vulnerabilities or exploits are detailed, the threat centers on the strategic use of remote employment as a vector for cyber operations. North Korean actors may leverage remote work arrangements to gain persistent access to corporate networks, enabling payload delivery and network activity consistent with espionage or data exfiltration. The lack of patch availability and known exploits suggests this is not a traditional software vulnerability but rather a socio-technical threat involving human factors and operational security gaps. The medium severity rating reflects the moderate certainty (50%) of this activity and the potential for significant impact if adversaries successfully embed themselves within organizational environments. This threat underscores the evolving tactics of nation-state actors who exploit remote work trends to bypass perimeter defenses and conduct covert operations.
Potential Impact
For European organizations, the infiltration of North Korean remote workers poses a multifaceted risk. These actors could gain unauthorized access to sensitive corporate data, intellectual property, and personal information, undermining confidentiality. The presence of such insiders or insider-like actors threatens data integrity and could facilitate sabotage or manipulation of critical systems. Additionally, persistent access may enable lateral movement within networks, increasing the risk of widespread compromise and availability disruptions. Given Europe's reliance on remote work and digital collaboration, this threat could affect sectors including finance, technology, manufacturing, and government. The geopolitical tensions involving North Korea may also elevate the risk of targeted espionage against strategic European assets. Furthermore, the covert nature of this threat complicates detection and response, potentially allowing adversaries to operate undetected for extended periods.
Mitigation Recommendations
European organizations should implement rigorous identity verification and background checks for remote workers, especially those sourced from or with connections to high-risk regions. Enhanced monitoring of remote access sessions and network traffic for anomalous behavior linked to known malware families like Beavertail and InvisibleFerret is critical. Employing zero-trust security models that enforce least privilege and continuous authentication can limit potential lateral movement. Organizations should also conduct regular threat hunting exercises focused on detecting covert payload delivery and network activity patterns associated with North Korean threat actors. Collaboration with national cybersecurity agencies to share intelligence on emerging tactics and indicators is recommended. Finally, raising awareness among HR and security teams about the risks of adversary exploitation of remote work arrangements will help in early identification and mitigation of insider threats.
Affected Countries
United Kingdom, Germany, France, Netherlands, Sweden, Belgium, Italy
Indicators of Compromise
- ip: 135.181.242.24
- ip: 147.124.212.146
- ip: 147.124.212.89
- ip: 147.124.213.11
- ip: 147.124.213.29
- ip: 147.124.214.129
- ip: 147.124.214.131
- ip: 147.124.214.237
- ip: 166.88.132.39
- ip: 167.88.168.152
- ip: 172.86.123.35
- ip: 172.86.97.80
- ip: 185.235.241.208
- ip: 23.106.253.194
- ip: 23.106.253.209
- ip: 23.106.253.215
- ip: 23.254.244.242
- ip: 45.140.147.208
- ip: 67.203.7.163
- ip: 67.203.7.171
- ip: 67.203.7.245
- ip: 95.164.17.24
- domain: mirotalk.net
- domain: payloadrpc.com
- domain: ipcheck.cloud
- domain: regioncheck.net
- domain: w3capi.marketing
- hash: ae83d8531717a5c7696451166acc91f1
- hash: 3b7663f40ab4aa25a97bea17ad1b50eb
- url: GamerHub/server/middlewares/helpers/error.js
- hash: f5e89d2643a1e709f6f34f13b2501779
- hash: 47ebe86edb2a8305e48e142389ad5cd0
- hash: 4aea29dadcfd4fc75a27c9902cb4c623
- hash: 72841d2374648bc70dce53fbdcf69502
- hash: 1aaf8809b7ab4fa6848babe3f970afc0
- hash: 9cc9b773fe099d46eca556b610fd03cb
- hash: 0d4a9a974c4fc579d0699764c69cf0fd
- hash: 2ad64d0252b9778bdf3911e2924a3885
- hash: dee7ae804679b905b07953aa61136d2e
- hash: f713c6aa854c50854e4cac3e541be8cf
- hash: fdcc957f3b0050fcf351d99bcc4743b2
- hash: e23b3f3cea6e8c97ea67ad97b0dc2170
- domain: telegram-mini-app-game-main.zip
- hash: dee6eec3f11a3ba187a002eabfb7af3c
- hash: ab4138a74a42c8b83daf7c19587bb001
- hash: 61e07d69fbc48fb5c09503f926994636
- hash: 55cd5526fde209aea11bb41af0eb5c08
- hash: 2300548f253aea742d3b11925fa408d3
- hash: 41b0bb86e6409c08a298888dd7a91717
- hash: 30fbbceb33dbe40f50d3cb94714054fb
- hash: 8ed2ebb511e4436232b09991627790db
- hash: 43ae3120db22521a97e21b9c6ef13715
- hash: efed4ae29e74b01a11a746671fbd924d
- hash: d86f70735c7d53b315a35ddc29258476
- hash: 17f47b20c26fd768bcee7b1c4bab9714
- hash: 135848473382204d759a97aeded76f2c
- hash: eac8edaf5a4637fd964d7a3d87f8189a
- hash: d7783ba8476f1a2f0831f32abf9c3e69
- hash: 7624fc8b47cb58444ff0176edd7f15cb
- hash: 1948c99104e09ecaa0f4cb3fdac276d5
- hash: 7859ef9ca6f7fa800a058d3586164672
- hash: 2ed1b50ed4ca84c0fdde84a585fac536
- hash: 4120ce03d7d662d5ddf10e4565495055
- hash: 48fc7c946c34771b82a5e49a93d405a6
- hash: 560a2438bea7a7421b92f66b4d7c756b
- hash: dbda4a6e6741fa3d7819c3c88ed22e88
- hash: 1ca6bcea09b3b9b3cb338faf8161b7e8
- hash: d7d5b9a70cb001532096c50c419172b0
- hash: ac55b61572eb8424192316c0970ccb54
- hash: 93b7dbf5980de29cf7fb9a610229bb5a
- hash: 907f39788d1d1439eed333091fd16730
- hash: 979bb789ecd5a3881ad3d4823ca8fdc1
- hash: 95362a0f440990992cc9ad04e6675e77
- hash: eb0ba3a1623e95e57fb5a2aedb97d45f
- hash: 58db0d021b75eb2a581c7773844703b5
- hash: 110a7556e2ebcca7255be1c6ee999b94
- hash: c1c1c5b2a76a3d463cb4f7c22c88bbe5
- hash: 4a5d3d5452b1ac7cb2e875f649515e4e
- hash: 1e20dfc8145abced35dd934d5136e5dd
- hash: d3a85f6ccf117fb1cdb506094edddd22
- hash: 5cb77e93ebe96f22741285592cd35100
- hash: 31922228868dc24dfe9b067d2b3c6d18
- hash: 647d26e94b9be5a1237a59d0b2b38442
- hash: 97868b884fc9d01c0cb1f3fa4d80b09f
- hash: 46b2cfef633e6e531928a9c606b40b16
- hash: 67cee5b180370eb03d9606f481e48f36
- hash: 1023860ce2a23e7234685440c2d70e96
- hash: 87656e8df1b1f97213f3b342dd77c986
- hash: a6fad33175e33ab7306e879f4f022662
- hash: 88ba6dd7a5dd31aba0051c532602cc0d
- hash: b91950af0d213c3d28e3a57612ff2c7b
- hash: 355b1bedeb19b546800de5ecc7933849
- hash: 1822bea1d0ec9ae1db9c265386699102
- hash: 31725dc195bb09fc32a842a554cc931b
- hash: 64243391affa5d5a7d195ea4c905b240
- hash: aad9dcd3a2045dafea47eef776ec5b8a
- hash: e8fcc05c328b612918b3384638873a6d
- hash: 53ec27df858d3d133808ec338df29fc6
- hash: b73ba1327abb95eba44a233d9d502c79
- hash: e6d09c7ad340d10109e6781bfb05a319
- hash: 9a40f49b9f9d653fb23c3ffa518f40e7
- hash: f1b78698b108fbf5bfcbb6d7f3bbad76
- hash: c753611ab87bd41cdf4ff9b140440fe2
- hash: fa174cdd22080f11e13844c1e3326cd2
- hash: 95333cc1a3fbe044b0163a1cddb3a8ab
- hash: 87f4cc8abaff811e36c544896c7cd418
- hash: ceea830b55ba3582a9bee3cacd895aff
- hash: d8367aba68353951c23c3094bc536743
- hash: 3b5501885ba5283ec08101bc4cb9d613
- hash: 2f3e5344c5b4614c75d400d18b1bb387
- hash: 8e13d8b8d0c965b95408a2efdde32847
- hash: 2a16962b336cc5296bb4e4230a5e5404
- hash: c8904d694af18e4920bfa9fc5258b2a7
- hash: a07cd2703361ad566c5857a4e8e1652a
- hash: 2688d2ae8691089bc339403524bc51bf
- hash: 6ca874b098ba768ad5814bef9cf409fa
- hash: 4e3d5859e74e11a3903453a1601d1d36
- hash: ebe250b7ca9122231f1d114b12d27821
- hash: 32b3dc926aaad8b3b63e45c408420b43
- hash: c4361acb38701e733f5f02c8e88d4a45
- hash: a839c560076937407ac78b3f9d1c0416
- hash: 093ea7c80ab1a192a91f4132078c02b1
- hash: d8b387a4f76fcb39bb0f3863a6bbb2bd
- hash: c964653d3e1a4c6cf85a9a056ac87793
- hash: e810d8b815d18092320b08acd8944972
- hash: db4dd364ae1e7f149da998453b241c41
- hash: a2d306424dd0a86f41d8fd96e633bff2
- hash: 4751a31aa65c19784f4c3a212c6ee6eb
- hash: cb64ee1765a2ba331fc4e783f5836584
- hash: 3f32d1ddece7ea279b6cc0e5ad279e08
- hash: da94d2b597dd10724a896e51fc500267
- hash: 4150ec9163a697f6e590e46dc004c107
- hash: c6659e8ef3258bde52081297ca82c7f0
- hash: c72ec702a498b1b5ca8a7fa8219088cd
- hash: 13b98f2270c0014cd9a7d3da4c01e1fe
- hash: 24c9a9ec8f0ee27420f631085298f7eb
- hash: 70ebf234ae57103849470c2bd5f1fc35
- hash: f066ff0d68e29220085a9fef43693b07
- hash: 3061d7ed6ce7fd85701b2a8dfcb0c4af
- hash: af79a5e196658e297547d8411d555ef6
- hash: d42200f87471f7ff13db676893148394
- hash: 76149248251b08493cafd94781e00bf0
- hash: 8e943e1cb8752132e7f7eae17f3d8956
- hash: b216f1366a6f27e92e866234f730729c
- hash: 2c4d2fc35055ee199fd01d6c055646b3
- hash: b2c3427392e029dce7ba9e0da6ca2456
- hash: 2acd7ed295c72a6e7f5730dba4ef641f
- hash: 3761e39bd7393548a5f7c153c7ecf1d0
- hash: 39eb2918deb1dfbe3bacbf57fe4e6056
- hash: e28bd43b7969b51d892eb477bda81ef8
- hash: 0192cfdb4016abfb657994d4b4ae48b3
- hash: 57d4c7b05bbb90567a6e21abbb8717d0
- hash: cc9e63fe92e0046762397cd02a595803
- hash: ff49cc59efebb8cba5569058a12d4829
- hash: c6855714d7ea700272ece7056eef4607
- hash: 17e1e62925de680a48c70bf661273b6e
- hash: 9e14033200a7c41ff94535eed8e82c55
- hash: 8244b0c39a2e838465e2902e286525b5
- hash: 02f23222590d318b771c30b29b4f7fe8
- hash: ba574c046177f1ff5a67aa8a04d53e63
- hash: ca294d9ccb1e41dd8592cec7158590cb
- hash: 4174f208a7e29938a27269cd1e23092a
- hash: c1dac497e7625b639432e8ecd97c2987
- hash: 01b4a5b9128eb340813d998f622e86cf
- hash: 1c41b0e3324fad69885926bfb43ac29c
- hash: 7057479b707aaf2e7fb0e099179b8315
- hash: 07cbedbcca3724397e86b59109275419
- hash: 4a5fe9ec249bf85c11c7a58912f0492b
- hash: d70fb18cf8d12ee5e70272310bd67bd6
- hash: 7e66df5069b0fd8211dd2e668940f588
- hash: e422e35a8bb2746ddc8449550d07da88
- hash: c2a504f205c2bd220fe48645e95ff21f
- hash: 3b575f9f6886a4ce0acf5d8c39d3a271
- hash: 201f335c160c30b3c809b9699eadcaed
- hash: b11592ddc48fe2d9ede02f1f642c0514
- hash: ff48354b1a7a973bb2fd79d738ef6aea
- hash: 426f2c3a7c3fcfe8a776847902559553
- hash: d2b9dd003635aaf568ceacd4a0d69389
- hash: e4c04d1cdda94e55f8669f990d66eea0
- hash: 0b13f8c5549e2e23217ec50a247c1954
- hash: af2fd54c272d6166ebff5b21dbb5d414
- hash: 99e051296cecc884ac10469e4d245fdc
- hash: d5dc626780641c25454ea835bc86795f
- hash: 7c1b4e2537ea96b77965eaff018578ca
- hash: 5abfc664f0aaa49fe442ef2c9a6e018d
- hash: 226264e22029dd0aa14228e73ec338e8
- hash: c8ab8e3a8c5af5198f950f66307530be
- hash: 74256ba1b9e66137f1df3d30d9345281
- hash: 05d4f890c5583efc491a6b4e4534a0de
- hash: d174d59a71157735e4532ab1af09eab8
- hash: b91a2852a418331eee402ebb3d3cb67e
- hash: 36be9f5a19a1f2bac4c9a5cd128eea47
- hash: dfcd22269febadf0c55e69173f04be5e
- hash: adcd2afe83197be0e4b293696df2e12a
- hash: cf6c400f2fe77d7fe1a8fd284e546ba1
- hash: 86129fb08830fb0e20de4bdd5559c873
- hash: 9ef739293c744e632a6437869b1806f1
- hash: 857e429ebadf0ee393f65d0687e31ab2
- hash: 28e390d57bd634c6945f8beff17c2d0c
- hash: b565c95c4e7b190e36a4542198dfb870
- hash: c2bcb963c53b0ef56f2e037b14fbc230
- hash: cd2f331388f1c804b2936554bcc55172
- hash: 8eab1fe38d3f31026f5a8b6b1bd4dd8f
- hash: fd7ba1a3df65304dc1b5555eecd2847f
- hash: f49c46b464dff149c861a9702acd8172
- hash: 338af0636ade81590319237bf8c3c349
- hash: 0897c17a94d9fc1ec3a306ca3960f195
- hash: bc814cef68ebff8475b50c3b96098044
- hash: 7742ebb77ff1e481b6bcc611df5acb80
- hash: 5d0c93a4b261531f298d80282dc800b7
- hash: 9579942602ca259a5b359ded020ddafe
- hash: 0047edcb1fa4719cded8b2ab095e163e
- hash: 9f2a8263b1035353c165820dcee3c630
- hash: 33bd5633ae0a81166b3e9aaea8fb4d09
- hash: d16e41582fd66274d4fcbfede1d0ec43
- hash: c133e3dfc2ebab9a42ddf72b1323b6cc
- hash: 5216d4cdb1b44f1619fd1c25091990f5
- hash: ae65ec756e1208425ba9cc086b470004
- hash: b2784fe82e6937332beb1f887bf2f290
- hash: 9a62baa9f8bf411034c8136641d68e3d
- hash: 7c642df72c995572296857b0cbe7b1d5
- hash: 2fab226f39851805510e41ebe8a3da94
- hash: c05c4bc4012a2918508f69b54cbd892c
- hash: 5776fea7ca39ef8a93b2cd1b2f8f6fac
- hash: 6f08a9de90ce4b57b9965712742ea70f
- hash: f74e91024d15d044834934f9f05ab448
- hash: 0e6350badfc7e840e10b6e9c9a9ac903
- hash: 575d69e0f6e875e72d09498d83e59571
- hash: b9b21a25267e64420cc1bedaecb158a9
- hash: 40b474e59a2d512742df62666f110677
- hash: 55e9c14c8e88cd36d611f515153c55a1
- hash: 5b3d6ad1477ae5eb33ca86f5acd83100
- hash: b7421ab53a605ba67548447ace11fae8
- hash: ed5109161c11dda88ce51eeda72f2dc8
- hash: e7c5f8598fb577899f0dd66d413520eb
- hash: 1bc2d4bec73491b3d9e8899dba39079b
- hash: fe9cc345f01b1257ade5283db752c95d
- hash: 41fb3eb2b478d645caf517a493ae2c1e
- hash: a44495a48f91dd56c1065d5d7313e441
- hash: 741f261a857705c1d5663d2518b3d96d
- hash: 045e52ce6a64dbebe1d63787eca069ab
- hash: f0b16311f00e3c89312ec6a807c09e9e
- hash: ba5f23012bd756826862cc143b289791
- hash: b11a98847b43f5e89f808b8fc2813885
- hash: b921dcb0204268df810e6bd3afc40884
- hash: 4c6c91def55e9d56cee8c7cec03f9c94
- hash: 0371006a71e3c30131a8ddb86b3dc42d
- hash: 88a30a870931a0df343620490bb2022a
- hash: f61927f661f5a31a828f4ab443c44d90
- hash: 9b3ec2ddbe8fcaffcc260160633a1576
- hash: 23f2399d668f0cdb9e3d03b5d3cb8b0b
- hash: 32f8bf62ec02026829413702deefaf9a
- hash: 20f38afe9f6f317752ebc110fb88217c
- hash: a138a734471ce9bb5904971c4f38e21b
- hash: 0f81da14f039907fd9d050db657398d7
- hash: 4e04b0facc3302f86997c6744085758c
- hash: a9bc13d2cea77d730fa6ac5b533df650
- hash: 05f0fb0adb3e39df8bd970a81786ef4c
- hash: 1feb0310fe4c192f0aa62d7e5348a8f7
- hash: 7426c8cc21ab1a18f9e5f33aee301fef
- hash: 68fa5f31895a8f09f5d0505c5faba7cd
- hash: 8e926f9d1e5f4c15a0c6f56d3718f30e
- hash: 4a72cf93e529231eafad31dfd010d4f5
- hash: 23479da4c404256ff1b7e7e28895c28a
- hash: 57d47bf5cd1f7df0f2993bab514c7ea6
- hash: 26fafbcff71939ed0a4bb95ac6fdd8d2
- hash: 9aa4bdb9ab6b34dfcb6c955cd8785cf6
- hash: 410ac36446fc8ca22a57a11fa7c99b15
- hash: 9629c3633e020473a6f7bf07c8119502
- hash: 11213bd1a6f435f99c33fd3f750475bf
- hash: b980f10c0748e6f501af89fd156e97e5
- hash: 929e3ee8a73c0c72a4fc96ce5550aeaf
- hash: 6f20110c0acfe3cd0fd0e79bc038ff37
- hash: 00449c8302abf2aaab46fa8887294113
- hash: 3e90c91d10489b95bb6a9a9b5d186138
- hash: 2f3e894fd573ebaf34ea151a5944ff97
- hash: f7ca52016798024f5150fb910498623d
- hash: 27407c8dc0d8f3286f78586753cfb7e7
- hash: abd53dc3dd708225dff9d5f473570637
- hash: d21f25b7de459416135587798af8a97f
- hash: ad2568b84e5074bf162839155797f7b2
- hash: 7b75e49344843199f357a0e5d17eb5c1
- hash: 893cb945b96f2bd46beb7acf97fc59ba
- hash: cfcabc3960dc4c52fb851f9361b89b28
- hash: 3b3c10203aed1aee0c2ab0453c17a56c
- hash: 5104f5842eee8cf169287bc8e057417d
- hash: 062f6b14c9d3cc121ed074c63a585d5c
- hash: f53f9b7bb22a74618c82ead0f97de729
- hash: 42acf7c9b5272ff13d4410b66864a2d7
- hash: 319fbfc60733d897cd2e3ca527659ea4
- hash: 232bf5f6c40251292393cb9d57d7cc3f
- hash: 57e202fe5c6faac4b46ce2fee4630c34
- hash: 5eee2912bafe61313fa11ce3dbcff0a1
- hash: 30c05a3d427828fef09ccafd92c428fd
- hash: 1902f90849eb89ff9a9c24da2cd7cd7c
- hash: 7d2601be0edd6ccdeea2ce0f5955aac0
- hash: 8f5eaab794333bc8fceb4c4d6faf3b06
- hash: e6f10c5ab64c4a09aa89102d738ec0fd
- hash: fd5db4498b1756e98e8bdd9509899bde
- hash: 08fc25dd8e4e65b4d3d52b8634c22d5c
- hash: ed99570f009ad0b69964586c851d109c
- hash: 41c52e8f7d87ed4688cf31b7b62310a7
- hash: 16a1f41da042bb596076c5abf2204b8e
- hash: 4ed67c870ce287948877a69088bf0d64
- hash: e609d3614b1838d08ab587d23949b4af
- hash: e4761462a4fc35c24c3a46871f5a4121
- hash: e1cc7a54f0881d46fa51bf4068d96c56
- hash: d3c7876be837a86ed230930f31ad8aa0
- hash: a3e71adcfae12ace68613a1c7bb62f04
- hash: 3aa7fdc958ef727b31c1c8999111e1eb
- hash: c0700f70ce1222267de16de47cb066e3
- hash: 92a17fefba6f6e2b6c471806c669fa57
- hash: 5a6bb1e5781780ced86e2fdc2e241486
- hash: 9b23360229297cf3eb26a2b12c7ad096
- hash: 58181033f994529ea5d439dfe5f3310a
- hash: c0f79e9aa02afc7a062cd53e0402f9ce
- hash: 908f8011fddb0a7ce57107bf781c65f0
- hash: 92ddfe3d4915fd04b44f2e2b33889898
- hash: 4d2f538dab0ee9ff0a47438215cdfbe6
- hash: bde5736a16fcdd6c20608929161041ff
- hash: 32300bf9cca4630f19baf4759d61ba28
- hash: b66896d389d48029d8833516d6536833
- hash: 8ee1c5eb3fcec226b26e7784bf3794ee
- hash: 7e7636f8fa7fe8858e56f4ed975f37ef
- hash: d86af3c6d1c1c027dd6f4dbd05309cf3
- hash: d7109d0ee374d0256aad557e6a87d9ce
- hash: 0c73e01ba08bded0305385e5fb45402e
- hash: 9134f2a673eb76cf77ae778840eeadb9
- hash: 78d5f1fc46015efbe54b871216eed7c8
- hash: 91c89af52df3e3067ab2d3d619fcd345
- file: MiroTalk.dmg
- hash: d24d19a892c6afbd53d8a6e2a4a1f88c
- file: MiroTalk.msi
- hash: fb71fc9f4c0a5ff53f301d83b7462f89
- file: Jami.exe
- hash: 8ebca0b7ef7dbfc14da3ee39f478e880
- file: FCCCall.msi
- hash: ed60b3913e6694f4a0ed2fe25551bd1f
- file: FCCCall.exe
- hash: dc77044fe8d35882015eaa99ca31f826
- file: FCCCall.msi
- hash: b9693b6541a22d01b100b867375279e6
- file: FCCCall.exe
- hash: bf82e3b5d25d167c168cc6600e797c53
- file: FCCCall.dmg
- hash: 20ac88502e69f65ea3fc6ccd90978f0e
- file: FCCCall.msi
- hash: efc41a0887fd65246cda9323035f9746
- file: FCCCall.exe
- hash: 1bb8b1d0282727ab9bc2deb3570cf272
- file: FCCCall.dmg
- hash: 767fce5fae7f2f7091811b401f2b16d8
- file: FCCCall.msi
- hash: f677620a092f4b8d46e43d0b0b62c89d
- file: FCCCall.exe
- hash: 6ab14c7b7c7c43011d607027d3582686
- file: FCCCall.msi
- hash: f82510d541e56d7021f020f8b4d6a6d0
- file: FCCCall.exe
- url: https://github.com/Satyam-G5
- url: https://github.com/aufeine
- url: https://github.com/dhayaprabhu
- url: https://github.com/bridgitlab
- url: https://github.com/CodePapaya
- url: https://github.com/bmstoreJ
- url: https://github.com/Allgoritex
- url: https://github.com/plannet-plannet
- url: https://github.com/komeq1120
- url: https://github.com/masharsiddiqui
- url: https://github.com/ZoroDefi
- url: https://github.com/davidbizna95
- url: https://github.com/Kamo-Smbatyan
- url: https://github.com/DavidBeanvide
- url: https://gitlab.com/benhermas
- url: https://bitbucket.org/grempe012
- url: https://bitbucket.org/ritechdev
- link: https://www.zscaler.com/blogs/security-research/pyongyang-your-payroll-rise-north-korean-remote-workers-west
- text: In November 2023, a security vendor discovered that North Korean threat actors were using the Contagious Interview and WageMole campaigns to procure remote employment opportunities in Western countries, thus evading financial sanctions against North Korea (DPRK). The Contagious Interview campaign focuses on stealing data, while WageMole uses that stolen data, along with other social engineering techniques, to help these threat actors land remote jobs. Zscaler ThreatLabz recently discovered how the threat actors have continued to update their Contagious Interview campaign tactics by improving the obfuscation of their scripts with advanced techniques and dynamic loading. The threat actors also expanded their arsenal by supporting both Windows and macOS application formats in their infection chains, while keeping their core capabilities intact. By monitoring the installed BeaverTail (JavaScript) and InvisibleFerret (Python) scripts, we confirmed that the attackers stole source code, cryptocurrency data, and personal information from victims. The threat actors managed to infect over 100 devices across multiple operating systems within a short time. In this blog, we’ll dive into the improvements made to Contagious Interview scripts, the new formats that are now supported, and share exclusive insights into the campaign’s victims.
- text: Blog
OSINT - From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
Medium
Unknownmisp-galaxy:country="north korea"misp-galaxy:malpedia="beavertail"misp-galaxy:software="beavertail"type:osintosint:lifetime="perpetual"osint:certainty="50"tlp:whitetlp:clearmisp-galaxy:malpedia="invisibleferret"misp-galaxy:producer="zscaler"
Published: Wed Jul 30 2025 (07/30/2025, 00:00:00 UTC)
Source: CIRCL OSINT Feed
Vendor/Project: type
Product: osint
Description
OSINT - From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
AI-Powered Analysis
AILast updated: 08/25/2025, 01:16:53 UTC
Technical Analysis
This intelligence report highlights the emerging trend of North Korean remote workers infiltrating Western payroll systems, as identified through OSINT (Open Source Intelligence) methods. The report associates this activity with known North Korean malware families such as Beavertail and InvisibleFerret, which are linked to cyber espionage and network intrusion campaigns. While no specific software vulnerabilities or exploits are detailed, the threat centers on the strategic use of remote employment as a vector for cyber operations. North Korean actors may leverage remote work arrangements to gain persistent access to corporate networks, enabling payload delivery and network activity consistent with espionage or data exfiltration. The lack of patch availability and known exploits suggests this is not a traditional software vulnerability but rather a socio-technical threat involving human factors and operational security gaps. The medium severity rating reflects the moderate certainty (50%) of this activity and the potential for significant impact if adversaries successfully embed themselves within organizational environments. This threat underscores the evolving tactics of nation-state actors who exploit remote work trends to bypass perimeter defenses and conduct covert operations.
Potential Impact
For European organizations, the infiltration of North Korean remote workers poses a multifaceted risk. These actors could gain unauthorized access to sensitive corporate data, intellectual property, and personal information, undermining confidentiality. The presence of such insiders or insider-like actors threatens data integrity and could facilitate sabotage or manipulation of critical systems. Additionally, persistent access may enable lateral movement within networks, increasing the risk of widespread compromise and availability disruptions. Given Europe's reliance on remote work and digital collaboration, this threat could affect sectors including finance, technology, manufacturing, and government. The geopolitical tensions involving North Korea may also elevate the risk of targeted espionage against strategic European assets. Furthermore, the covert nature of this threat complicates detection and response, potentially allowing adversaries to operate undetected for extended periods.
Mitigation Recommendations
European organizations should implement rigorous identity verification and background checks for remote workers, especially those sourced from or with connections to high-risk regions. Enhanced monitoring of remote access sessions and network traffic for anomalous behavior linked to known malware families like Beavertail and InvisibleFerret is critical. Employing zero-trust security models that enforce least privilege and continuous authentication can limit potential lateral movement. Organizations should also conduct regular threat hunting exercises focused on detecting covert payload delivery and network activity patterns associated with North Korean threat actors. Collaboration with national cybersecurity agencies to share intelligence on emerging tactics and indicators is recommended. Finally, raising awareness among HR and security teams about the risks of adversary exploitation of remote work arrangements will help in early identification and mitigation of insider threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Uuid
- 11352988-db69-4d22-89fc-6f84689edfab
- Original Timestamp
- 1753866923
Indicators of Compromise
Ip
| Value | Description | Copy |
|---|---|---|
ip135.181.242.24 | contagiousinterview iocs - C2 | |
ip147.124.212.146 | contagiousinterview iocs - C2 | |
ip147.124.212.89 | contagiousinterview iocs - C2 | |
ip147.124.213.11 | contagiousinterview iocs - C2 | |
ip147.124.213.29 | contagiousinterview iocs - C2 | |
ip147.124.214.129 | contagiousinterview iocs - C2 | |
ip147.124.214.131 | contagiousinterview iocs - C2 | |
ip147.124.214.237 | contagiousinterview iocs - C2 | |
ip166.88.132.39 | contagiousinterview iocs - C2 | |
ip167.88.168.152 | contagiousinterview iocs - C2 | |
ip172.86.123.35 | contagiousinterview iocs - C2 | |
ip172.86.97.80 | contagiousinterview iocs - C2 | |
ip185.235.241.208 | contagiousinterview iocs - C2 | |
ip23.106.253.194 | contagiousinterview iocs - C2 | |
ip23.106.253.209 | contagiousinterview iocs - C2 | |
ip23.106.253.215 | contagiousinterview iocs - C2 | |
ip23.254.244.242 | contagiousinterview iocs - C2 | |
ip45.140.147.208 | contagiousinterview iocs - C2 | |
ip67.203.7.163 | contagiousinterview iocs - C2 | |
ip67.203.7.171 | contagiousinterview iocs - C2 | |
ip67.203.7.245 | contagiousinterview iocs - C2 | |
ip95.164.17.24 | contagiousinterview iocs - C2 |
Domain
| Value | Description | Copy |
|---|---|---|
domainmirotalk.net | contagiousinterview iocs - C2 | |
domainpayloadrpc.com | contagiousinterview iocs - C2 | |
domainipcheck.cloud | contagiousinterview iocs - C2 | |
domainregioncheck.net | contagiousinterview iocs - C2 | |
domainw3capi.marketing | contagiousinterview iocs - C2 | |
domaintelegram-mini-app-game-main.zip | packed_beavertail_hashes.txt |
Hash
| Value | Description | Copy |
|---|---|---|
hashae83d8531717a5c7696451166acc91f1 | packed_beavertail_hashes.txt | |
hash3b7663f40ab4aa25a97bea17ad1b50eb | packed_beavertail_hashes.txt | |
hashf5e89d2643a1e709f6f34f13b2501779 | packed_beavertail_hashes.txt | |
hash47ebe86edb2a8305e48e142389ad5cd0 | packed_beavertail_hashes.txt | |
hash4aea29dadcfd4fc75a27c9902cb4c623 | packed_beavertail_hashes.txt | |
hash72841d2374648bc70dce53fbdcf69502 | packed_beavertail_hashes.txt | |
hash1aaf8809b7ab4fa6848babe3f970afc0 | packed_beavertail_hashes.txt | |
hash9cc9b773fe099d46eca556b610fd03cb | packed_beavertail_hashes.txt | |
hash0d4a9a974c4fc579d0699764c69cf0fd | packed_beavertail_hashes.txt | |
hash2ad64d0252b9778bdf3911e2924a3885 | packed_beavertail_hashes.txt | |
hashdee7ae804679b905b07953aa61136d2e | packed_beavertail_hashes.txt | |
hashf713c6aa854c50854e4cac3e541be8cf | packed_beavertail_hashes.txt | |
hashfdcc957f3b0050fcf351d99bcc4743b2 | packed_beavertail_hashes.txt | |
hashe23b3f3cea6e8c97ea67ad97b0dc2170 | packed_beavertail_hashes.txt | |
hashdee6eec3f11a3ba187a002eabfb7af3c | packed_beavertail_hashes.txt | |
hashab4138a74a42c8b83daf7c19587bb001 | packed_beavertail_hashes.txt | |
hash61e07d69fbc48fb5c09503f926994636 | packed_beavertail_hashes.txt | |
hash55cd5526fde209aea11bb41af0eb5c08 | packed_beavertail_hashes.txt | |
hash2300548f253aea742d3b11925fa408d3 | packed_beavertail_hashes.txt | |
hash41b0bb86e6409c08a298888dd7a91717 | packed_beavertail_hashes.txt | |
hash30fbbceb33dbe40f50d3cb94714054fb | packed_beavertail_hashes.txt | |
hash8ed2ebb511e4436232b09991627790db | packed_beavertail_hashes.txt | |
hash43ae3120db22521a97e21b9c6ef13715 | packed_beavertail_hashes.txt | |
hashefed4ae29e74b01a11a746671fbd924d | packed_beavertail_hashes.txt | |
hashd86f70735c7d53b315a35ddc29258476 | packed_beavertail_hashes.txt | |
hash17f47b20c26fd768bcee7b1c4bab9714 | — | |
hash135848473382204d759a97aeded76f2c | — | |
hasheac8edaf5a4637fd964d7a3d87f8189a | — | |
hashd7783ba8476f1a2f0831f32abf9c3e69 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7624fc8b47cb58444ff0176edd7f15cb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1948c99104e09ecaa0f4cb3fdac276d5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7859ef9ca6f7fa800a058d3586164672 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2ed1b50ed4ca84c0fdde84a585fac536 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4120ce03d7d662d5ddf10e4565495055 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash48fc7c946c34771b82a5e49a93d405a6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash560a2438bea7a7421b92f66b4d7c756b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashdbda4a6e6741fa3d7819c3c88ed22e88 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1ca6bcea09b3b9b3cb338faf8161b7e8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd7d5b9a70cb001532096c50c419172b0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashac55b61572eb8424192316c0970ccb54 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash93b7dbf5980de29cf7fb9a610229bb5a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash907f39788d1d1439eed333091fd16730 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash979bb789ecd5a3881ad3d4823ca8fdc1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash95362a0f440990992cc9ad04e6675e77 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasheb0ba3a1623e95e57fb5a2aedb97d45f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash58db0d021b75eb2a581c7773844703b5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash110a7556e2ebcca7255be1c6ee999b94 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc1c1c5b2a76a3d463cb4f7c22c88bbe5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4a5d3d5452b1ac7cb2e875f649515e4e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1e20dfc8145abced35dd934d5136e5dd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd3a85f6ccf117fb1cdb506094edddd22 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5cb77e93ebe96f22741285592cd35100 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash31922228868dc24dfe9b067d2b3c6d18 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash647d26e94b9be5a1237a59d0b2b38442 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash97868b884fc9d01c0cb1f3fa4d80b09f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash46b2cfef633e6e531928a9c606b40b16 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash67cee5b180370eb03d9606f481e48f36 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1023860ce2a23e7234685440c2d70e96 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash87656e8df1b1f97213f3b342dd77c986 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha6fad33175e33ab7306e879f4f022662 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash88ba6dd7a5dd31aba0051c532602cc0d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb91950af0d213c3d28e3a57612ff2c7b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash355b1bedeb19b546800de5ecc7933849 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1822bea1d0ec9ae1db9c265386699102 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash31725dc195bb09fc32a842a554cc931b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash64243391affa5d5a7d195ea4c905b240 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashaad9dcd3a2045dafea47eef776ec5b8a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe8fcc05c328b612918b3384638873a6d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash53ec27df858d3d133808ec338df29fc6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb73ba1327abb95eba44a233d9d502c79 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe6d09c7ad340d10109e6781bfb05a319 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9a40f49b9f9d653fb23c3ffa518f40e7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf1b78698b108fbf5bfcbb6d7f3bbad76 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc753611ab87bd41cdf4ff9b140440fe2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashfa174cdd22080f11e13844c1e3326cd2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash95333cc1a3fbe044b0163a1cddb3a8ab | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash87f4cc8abaff811e36c544896c7cd418 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashceea830b55ba3582a9bee3cacd895aff | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd8367aba68353951c23c3094bc536743 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3b5501885ba5283ec08101bc4cb9d613 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2f3e5344c5b4614c75d400d18b1bb387 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8e13d8b8d0c965b95408a2efdde32847 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2a16962b336cc5296bb4e4230a5e5404 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc8904d694af18e4920bfa9fc5258b2a7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha07cd2703361ad566c5857a4e8e1652a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2688d2ae8691089bc339403524bc51bf | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash6ca874b098ba768ad5814bef9cf409fa | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4e3d5859e74e11a3903453a1601d1d36 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashebe250b7ca9122231f1d114b12d27821 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash32b3dc926aaad8b3b63e45c408420b43 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc4361acb38701e733f5f02c8e88d4a45 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha839c560076937407ac78b3f9d1c0416 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash093ea7c80ab1a192a91f4132078c02b1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd8b387a4f76fcb39bb0f3863a6bbb2bd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc964653d3e1a4c6cf85a9a056ac87793 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe810d8b815d18092320b08acd8944972 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashdb4dd364ae1e7f149da998453b241c41 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha2d306424dd0a86f41d8fd96e633bff2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4751a31aa65c19784f4c3a212c6ee6eb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashcb64ee1765a2ba331fc4e783f5836584 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3f32d1ddece7ea279b6cc0e5ad279e08 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashda94d2b597dd10724a896e51fc500267 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4150ec9163a697f6e590e46dc004c107 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc6659e8ef3258bde52081297ca82c7f0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc72ec702a498b1b5ca8a7fa8219088cd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash13b98f2270c0014cd9a7d3da4c01e1fe | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash24c9a9ec8f0ee27420f631085298f7eb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash70ebf234ae57103849470c2bd5f1fc35 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf066ff0d68e29220085a9fef43693b07 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3061d7ed6ce7fd85701b2a8dfcb0c4af | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashaf79a5e196658e297547d8411d555ef6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd42200f87471f7ff13db676893148394 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash76149248251b08493cafd94781e00bf0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8e943e1cb8752132e7f7eae17f3d8956 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb216f1366a6f27e92e866234f730729c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2c4d2fc35055ee199fd01d6c055646b3 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb2c3427392e029dce7ba9e0da6ca2456 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2acd7ed295c72a6e7f5730dba4ef641f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3761e39bd7393548a5f7c153c7ecf1d0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash39eb2918deb1dfbe3bacbf57fe4e6056 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe28bd43b7969b51d892eb477bda81ef8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0192cfdb4016abfb657994d4b4ae48b3 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash57d4c7b05bbb90567a6e21abbb8717d0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashcc9e63fe92e0046762397cd02a595803 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashff49cc59efebb8cba5569058a12d4829 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc6855714d7ea700272ece7056eef4607 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash17e1e62925de680a48c70bf661273b6e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9e14033200a7c41ff94535eed8e82c55 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8244b0c39a2e838465e2902e286525b5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash02f23222590d318b771c30b29b4f7fe8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashba574c046177f1ff5a67aa8a04d53e63 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashca294d9ccb1e41dd8592cec7158590cb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4174f208a7e29938a27269cd1e23092a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc1dac497e7625b639432e8ecd97c2987 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash01b4a5b9128eb340813d998f622e86cf | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1c41b0e3324fad69885926bfb43ac29c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7057479b707aaf2e7fb0e099179b8315 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash07cbedbcca3724397e86b59109275419 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4a5fe9ec249bf85c11c7a58912f0492b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd70fb18cf8d12ee5e70272310bd67bd6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7e66df5069b0fd8211dd2e668940f588 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe422e35a8bb2746ddc8449550d07da88 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc2a504f205c2bd220fe48645e95ff21f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3b575f9f6886a4ce0acf5d8c39d3a271 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash201f335c160c30b3c809b9699eadcaed | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb11592ddc48fe2d9ede02f1f642c0514 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashff48354b1a7a973bb2fd79d738ef6aea | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash426f2c3a7c3fcfe8a776847902559553 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd2b9dd003635aaf568ceacd4a0d69389 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe4c04d1cdda94e55f8669f990d66eea0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0b13f8c5549e2e23217ec50a247c1954 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashaf2fd54c272d6166ebff5b21dbb5d414 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash99e051296cecc884ac10469e4d245fdc | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd5dc626780641c25454ea835bc86795f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7c1b4e2537ea96b77965eaff018578ca | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5abfc664f0aaa49fe442ef2c9a6e018d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash226264e22029dd0aa14228e73ec338e8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc8ab8e3a8c5af5198f950f66307530be | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash74256ba1b9e66137f1df3d30d9345281 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash05d4f890c5583efc491a6b4e4534a0de | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd174d59a71157735e4532ab1af09eab8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb91a2852a418331eee402ebb3d3cb67e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash36be9f5a19a1f2bac4c9a5cd128eea47 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashdfcd22269febadf0c55e69173f04be5e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashadcd2afe83197be0e4b293696df2e12a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashcf6c400f2fe77d7fe1a8fd284e546ba1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash86129fb08830fb0e20de4bdd5559c873 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9ef739293c744e632a6437869b1806f1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash857e429ebadf0ee393f65d0687e31ab2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash28e390d57bd634c6945f8beff17c2d0c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb565c95c4e7b190e36a4542198dfb870 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc2bcb963c53b0ef56f2e037b14fbc230 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashcd2f331388f1c804b2936554bcc55172 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8eab1fe38d3f31026f5a8b6b1bd4dd8f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashfd7ba1a3df65304dc1b5555eecd2847f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf49c46b464dff149c861a9702acd8172 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash338af0636ade81590319237bf8c3c349 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0897c17a94d9fc1ec3a306ca3960f195 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashbc814cef68ebff8475b50c3b96098044 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7742ebb77ff1e481b6bcc611df5acb80 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5d0c93a4b261531f298d80282dc800b7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9579942602ca259a5b359ded020ddafe | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0047edcb1fa4719cded8b2ab095e163e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9f2a8263b1035353c165820dcee3c630 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash33bd5633ae0a81166b3e9aaea8fb4d09 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd16e41582fd66274d4fcbfede1d0ec43 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc133e3dfc2ebab9a42ddf72b1323b6cc | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5216d4cdb1b44f1619fd1c25091990f5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashae65ec756e1208425ba9cc086b470004 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb2784fe82e6937332beb1f887bf2f290 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9a62baa9f8bf411034c8136641d68e3d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7c642df72c995572296857b0cbe7b1d5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2fab226f39851805510e41ebe8a3da94 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc05c4bc4012a2918508f69b54cbd892c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5776fea7ca39ef8a93b2cd1b2f8f6fac | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash6f08a9de90ce4b57b9965712742ea70f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf74e91024d15d044834934f9f05ab448 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0e6350badfc7e840e10b6e9c9a9ac903 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash575d69e0f6e875e72d09498d83e59571 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb9b21a25267e64420cc1bedaecb158a9 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash40b474e59a2d512742df62666f110677 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash55e9c14c8e88cd36d611f515153c55a1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5b3d6ad1477ae5eb33ca86f5acd83100 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb7421ab53a605ba67548447ace11fae8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashed5109161c11dda88ce51eeda72f2dc8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe7c5f8598fb577899f0dd66d413520eb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1bc2d4bec73491b3d9e8899dba39079b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashfe9cc345f01b1257ade5283db752c95d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash41fb3eb2b478d645caf517a493ae2c1e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha44495a48f91dd56c1065d5d7313e441 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash741f261a857705c1d5663d2518b3d96d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash045e52ce6a64dbebe1d63787eca069ab | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf0b16311f00e3c89312ec6a807c09e9e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashba5f23012bd756826862cc143b289791 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb11a98847b43f5e89f808b8fc2813885 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb921dcb0204268df810e6bd3afc40884 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4c6c91def55e9d56cee8c7cec03f9c94 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0371006a71e3c30131a8ddb86b3dc42d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash88a30a870931a0df343620490bb2022a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf61927f661f5a31a828f4ab443c44d90 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9b3ec2ddbe8fcaffcc260160633a1576 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash23f2399d668f0cdb9e3d03b5d3cb8b0b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash32f8bf62ec02026829413702deefaf9a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash20f38afe9f6f317752ebc110fb88217c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha138a734471ce9bb5904971c4f38e21b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0f81da14f039907fd9d050db657398d7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4e04b0facc3302f86997c6744085758c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha9bc13d2cea77d730fa6ac5b533df650 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash05f0fb0adb3e39df8bd970a81786ef4c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1feb0310fe4c192f0aa62d7e5348a8f7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7426c8cc21ab1a18f9e5f33aee301fef | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash68fa5f31895a8f09f5d0505c5faba7cd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8e926f9d1e5f4c15a0c6f56d3718f30e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4a72cf93e529231eafad31dfd010d4f5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash23479da4c404256ff1b7e7e28895c28a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash57d47bf5cd1f7df0f2993bab514c7ea6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash26fafbcff71939ed0a4bb95ac6fdd8d2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9aa4bdb9ab6b34dfcb6c955cd8785cf6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash410ac36446fc8ca22a57a11fa7c99b15 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9629c3633e020473a6f7bf07c8119502 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash11213bd1a6f435f99c33fd3f750475bf | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb980f10c0748e6f501af89fd156e97e5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash929e3ee8a73c0c72a4fc96ce5550aeaf | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash6f20110c0acfe3cd0fd0e79bc038ff37 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash00449c8302abf2aaab46fa8887294113 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3e90c91d10489b95bb6a9a9b5d186138 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2f3e894fd573ebaf34ea151a5944ff97 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf7ca52016798024f5150fb910498623d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash27407c8dc0d8f3286f78586753cfb7e7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashabd53dc3dd708225dff9d5f473570637 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd21f25b7de459416135587798af8a97f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashad2568b84e5074bf162839155797f7b2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7b75e49344843199f357a0e5d17eb5c1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash893cb945b96f2bd46beb7acf97fc59ba | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashcfcabc3960dc4c52fb851f9361b89b28 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3b3c10203aed1aee0c2ab0453c17a56c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5104f5842eee8cf169287bc8e057417d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash062f6b14c9d3cc121ed074c63a585d5c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf53f9b7bb22a74618c82ead0f97de729 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash42acf7c9b5272ff13d4410b66864a2d7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash319fbfc60733d897cd2e3ca527659ea4 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash232bf5f6c40251292393cb9d57d7cc3f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash57e202fe5c6faac4b46ce2fee4630c34 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5eee2912bafe61313fa11ce3dbcff0a1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash30c05a3d427828fef09ccafd92c428fd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1902f90849eb89ff9a9c24da2cd7cd7c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7d2601be0edd6ccdeea2ce0f5955aac0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8f5eaab794333bc8fceb4c4d6faf3b06 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe6f10c5ab64c4a09aa89102d738ec0fd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashfd5db4498b1756e98e8bdd9509899bde | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash08fc25dd8e4e65b4d3d52b8634c22d5c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashed99570f009ad0b69964586c851d109c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash41c52e8f7d87ed4688cf31b7b62310a7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash16a1f41da042bb596076c5abf2204b8e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4ed67c870ce287948877a69088bf0d64 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe609d3614b1838d08ab587d23949b4af | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe4761462a4fc35c24c3a46871f5a4121 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe1cc7a54f0881d46fa51bf4068d96c56 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd3c7876be837a86ed230930f31ad8aa0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha3e71adcfae12ace68613a1c7bb62f04 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3aa7fdc958ef727b31c1c8999111e1eb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc0700f70ce1222267de16de47cb066e3 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash92a17fefba6f6e2b6c471806c669fa57 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5a6bb1e5781780ced86e2fdc2e241486 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9b23360229297cf3eb26a2b12c7ad096 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash58181033f994529ea5d439dfe5f3310a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc0f79e9aa02afc7a062cd53e0402f9ce | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash908f8011fddb0a7ce57107bf781c65f0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash92ddfe3d4915fd04b44f2e2b33889898 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4d2f538dab0ee9ff0a47438215cdfbe6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashbde5736a16fcdd6c20608929161041ff | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash32300bf9cca4630f19baf4759d61ba28 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb66896d389d48029d8833516d6536833 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8ee1c5eb3fcec226b26e7784bf3794ee | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7e7636f8fa7fe8858e56f4ed975f37ef | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd86af3c6d1c1c027dd6f4dbd05309cf3 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd7109d0ee374d0256aad557e6a87d9ce | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0c73e01ba08bded0305385e5fb45402e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9134f2a673eb76cf77ae778840eeadb9 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash78d5f1fc46015efbe54b871216eed7c8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash91c89af52df3e3067ab2d3d619fcd345 | — | |
hashd24d19a892c6afbd53d8a6e2a4a1f88c | — | |
hashfb71fc9f4c0a5ff53f301d83b7462f89 | — | |
hash8ebca0b7ef7dbfc14da3ee39f478e880 | — | |
hashed60b3913e6694f4a0ed2fe25551bd1f | — | |
hashdc77044fe8d35882015eaa99ca31f826 | — | |
hashb9693b6541a22d01b100b867375279e6 | — | |
hashbf82e3b5d25d167c168cc6600e797c53 | — | |
hash20ac88502e69f65ea3fc6ccd90978f0e | — | |
hashefc41a0887fd65246cda9323035f9746 | — | |
hash1bb8b1d0282727ab9bc2deb3570cf272 | — | |
hash767fce5fae7f2f7091811b401f2b16d8 | — | |
hashf677620a092f4b8d46e43d0b0b62c89d | — | |
hash6ab14c7b7c7c43011d607027d3582686 | — | |
hashf82510d541e56d7021f020f8b4d6a6d0 | — |
Url
| Value | Description | Copy |
|---|---|---|
urlGamerHub/server/middlewares/helpers/error.js | packed_beavertail_hashes.txt | |
urlhttps://github.com/Satyam-G5 | — | |
urlhttps://github.com/aufeine | — | |
urlhttps://github.com/dhayaprabhu | — | |
urlhttps://github.com/bridgitlab | — | |
urlhttps://github.com/CodePapaya | — | |
urlhttps://github.com/bmstoreJ | — | |
urlhttps://github.com/Allgoritex | — | |
urlhttps://github.com/plannet-plannet | — | |
urlhttps://github.com/komeq1120 | — | |
urlhttps://github.com/masharsiddiqui | — | |
urlhttps://github.com/ZoroDefi | — | |
urlhttps://github.com/davidbizna95 | — | |
urlhttps://github.com/Kamo-Smbatyan | — | |
urlhttps://github.com/DavidBeanvide | — | |
urlhttps://gitlab.com/benhermas | — | |
urlhttps://bitbucket.org/grempe012 | — | |
urlhttps://bitbucket.org/ritechdev | — |
File
| Value | Description | Copy |
|---|---|---|
fileMiroTalk.dmg | — | |
fileMiroTalk.msi | — | |
fileJami.exe | — | |
fileFCCCall.msi | — | |
fileFCCCall.exe | — | |
fileFCCCall.msi | — | |
fileFCCCall.exe | — | |
fileFCCCall.dmg | — | |
fileFCCCall.msi | — | |
fileFCCCall.exe | — | |
fileFCCCall.dmg | — | |
fileFCCCall.msi | — | |
fileFCCCall.exe | — | |
fileFCCCall.msi | — | |
fileFCCCall.exe | — |
Link
| Value | Description | Copy |
|---|---|---|
linkhttps://www.zscaler.com/blogs/security-research/pyongyang-your-payroll-rise-north-korean-remote-workers-west | — |
Text
| Value | Description | Copy |
|---|---|---|
textIn November 2023, a security vendor discovered that North Korean threat actors were using the Contagious Interview and WageMole campaigns to procure remote employment opportunities in Western countries, thus evading financial sanctions against North Korea (DPRK). The Contagious Interview campaign focuses on stealing data, while WageMole uses that stolen data, along with other social engineering techniques, to help these threat actors land remote jobs.
Zscaler ThreatLabz recently discovered how the threat actors have continued to update their Contagious Interview campaign tactics by improving the obfuscation of their scripts with advanced techniques and dynamic loading. The threat actors also expanded their arsenal by supporting both Windows and macOS application formats in their infection chains, while keeping their core capabilities intact. By monitoring the installed BeaverTail (JavaScript) and InvisibleFerret (Python) scripts, we confirmed that the attackers stole source code, cryptocurrency data, and personal information from victims. The threat actors managed to infect over 100 devices across multiple operating systems within a short time.
In this blog, we’ll dive into the improvements made to Contagious Interview scripts, the new formats that are now supported, and share exclusive insights into the campaign’s victims. | — | |
textBlog | — |
Threat ID: 688a1b6ead5a09ad00a5ad0c
Added to database: 7/30/2025, 1:17:34 PM
Last enriched: 8/25/2025, 1:16:53 AM
Last updated: 9/13/2025, 10:29:47 AM
Views: 46
Related Threats
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.