Reconnecting to live updates…
OSINT - From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
Severity: mediumType: unknown
OSINT - From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
AI Analysis
Technical Summary
The report titled 'From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West' is an OSINT-based intelligence piece indicating an emerging trend where North Korean nationals, potentially linked to state-sponsored cyber operations, are increasingly present as remote workers within Western organizations. The intelligence references malware families such as Beavertail and InvisibleFerret, which have been associated with North Korean cyber espionage campaigns involving network activity and payload delivery. While no specific software vulnerabilities or exploits are detailed, the threat vector is primarily through insider access and covert infiltration rather than technical exploitation. This presence enables potential unauthorized access to sensitive corporate networks, intellectual property, and critical infrastructure data. The report carries a medium severity rating and a 50% certainty level, reflecting moderate confidence in the intelligence. No patches or direct mitigations exist since this is not a software vulnerability but rather an operational threat. The risk is compounded by the difficulty in detecting such insiders and the potential for lateral movement within networks. The intelligence underscores the importance of monitoring for anomalous network activity and the use of behavioral analytics to identify suspicious insider behavior. The involvement of North Korean threat actors aligns with their historical focus on espionage, financial theft, and disruption. The report is tagged with TLP:WHITE and TLP:CLEAR, indicating it is intended for broad distribution and awareness. Overall, this threat represents a strategic risk to organizations relying on remote workforce models without stringent identity and access management controls.
Potential Impact
For European organizations, the presence of North Korean remote workers linked to state-sponsored cyber operations poses significant risks to confidentiality, integrity, and availability of sensitive data and systems. Potential impacts include espionage, intellectual property theft, financial fraud, and disruption of critical infrastructure operations. The covert nature of insider threats complicates detection and response, increasing the risk of prolonged unauthorized access and data exfiltration. Organizations in sectors such as finance, telecommunications, energy, and government are particularly vulnerable due to the strategic value of their data and services. The integration of remote workers, especially from regions with adversarial geopolitical relations, can introduce backdoors or facilitate supply chain compromises. This threat can undermine trust in remote workforce models and may lead to regulatory scrutiny under European data protection and cybersecurity laws. The medium severity reflects a moderate but tangible risk that requires proactive management to prevent escalation into more damaging incidents.
Mitigation Recommendations
European organizations should implement rigorous identity verification and background checks for remote workers, especially those from high-risk regions. Deploy continuous monitoring solutions that leverage behavioral analytics and anomaly detection to identify suspicious insider activities. Enforce strict network segmentation and least privilege access principles to limit lateral movement opportunities. Utilize multi-factor authentication and zero-trust network architectures to reduce the risk of unauthorized access. Conduct regular security awareness training focused on insider threat recognition and reporting. Integrate threat intelligence feeds related to North Korean cyber activities to enhance detection capabilities. Establish clear policies for remote work and supply chain security, including contractual obligations for transparency and security compliance. Collaborate with national cybersecurity agencies to share intelligence and receive guidance on emerging threats. Finally, perform regular audits and penetration testing to identify and remediate potential weaknesses in remote access infrastructure.
Affected Countries
United Kingdom, Germany, France, Netherlands, Sweden, Belgium, Italy
Indicators of Compromise
- ip: 135.181.242.24
- ip: 147.124.212.146
- ip: 147.124.212.89
- ip: 147.124.213.11
- ip: 147.124.213.29
- ip: 147.124.214.129
- ip: 147.124.214.131
- ip: 147.124.214.237
- ip: 166.88.132.39
- ip: 167.88.168.152
- ip: 172.86.123.35
- ip: 172.86.97.80
- ip: 185.235.241.208
- ip: 23.106.253.194
- ip: 23.106.253.209
- ip: 23.106.253.215
- ip: 23.254.244.242
- ip: 45.140.147.208
- ip: 67.203.7.163
- ip: 67.203.7.171
- ip: 67.203.7.245
- ip: 95.164.17.24
- domain: mirotalk.net
- domain: payloadrpc.com
- domain: ipcheck.cloud
- domain: regioncheck.net
- domain: w3capi.marketing
- hash: ae83d8531717a5c7696451166acc91f1
- hash: 3b7663f40ab4aa25a97bea17ad1b50eb
- url: GamerHub/server/middlewares/helpers/error.js
- hash: f5e89d2643a1e709f6f34f13b2501779
- hash: 47ebe86edb2a8305e48e142389ad5cd0
- hash: 4aea29dadcfd4fc75a27c9902cb4c623
- hash: 72841d2374648bc70dce53fbdcf69502
- hash: 1aaf8809b7ab4fa6848babe3f970afc0
- hash: 9cc9b773fe099d46eca556b610fd03cb
- hash: 0d4a9a974c4fc579d0699764c69cf0fd
- hash: 2ad64d0252b9778bdf3911e2924a3885
- hash: dee7ae804679b905b07953aa61136d2e
- hash: f713c6aa854c50854e4cac3e541be8cf
- hash: fdcc957f3b0050fcf351d99bcc4743b2
- hash: e23b3f3cea6e8c97ea67ad97b0dc2170
- domain: telegram-mini-app-game-main.zip
- hash: dee6eec3f11a3ba187a002eabfb7af3c
- hash: ab4138a74a42c8b83daf7c19587bb001
- hash: 61e07d69fbc48fb5c09503f926994636
- hash: 55cd5526fde209aea11bb41af0eb5c08
- hash: 2300548f253aea742d3b11925fa408d3
- hash: 41b0bb86e6409c08a298888dd7a91717
- hash: 30fbbceb33dbe40f50d3cb94714054fb
- hash: 8ed2ebb511e4436232b09991627790db
- hash: 43ae3120db22521a97e21b9c6ef13715
- hash: efed4ae29e74b01a11a746671fbd924d
- hash: d86f70735c7d53b315a35ddc29258476
- hash: 17f47b20c26fd768bcee7b1c4bab9714
- hash: 135848473382204d759a97aeded76f2c
- hash: eac8edaf5a4637fd964d7a3d87f8189a
- hash: d7783ba8476f1a2f0831f32abf9c3e69
- hash: 7624fc8b47cb58444ff0176edd7f15cb
- hash: 1948c99104e09ecaa0f4cb3fdac276d5
- hash: 7859ef9ca6f7fa800a058d3586164672
- hash: 2ed1b50ed4ca84c0fdde84a585fac536
- hash: 4120ce03d7d662d5ddf10e4565495055
- hash: 48fc7c946c34771b82a5e49a93d405a6
- hash: 560a2438bea7a7421b92f66b4d7c756b
- hash: dbda4a6e6741fa3d7819c3c88ed22e88
- hash: 1ca6bcea09b3b9b3cb338faf8161b7e8
- hash: d7d5b9a70cb001532096c50c419172b0
- hash: ac55b61572eb8424192316c0970ccb54
- hash: 93b7dbf5980de29cf7fb9a610229bb5a
- hash: 907f39788d1d1439eed333091fd16730
- hash: 979bb789ecd5a3881ad3d4823ca8fdc1
- hash: 95362a0f440990992cc9ad04e6675e77
- hash: eb0ba3a1623e95e57fb5a2aedb97d45f
- hash: 58db0d021b75eb2a581c7773844703b5
- hash: 110a7556e2ebcca7255be1c6ee999b94
- hash: c1c1c5b2a76a3d463cb4f7c22c88bbe5
- hash: 4a5d3d5452b1ac7cb2e875f649515e4e
- hash: 1e20dfc8145abced35dd934d5136e5dd
- hash: d3a85f6ccf117fb1cdb506094edddd22
- hash: 5cb77e93ebe96f22741285592cd35100
- hash: 31922228868dc24dfe9b067d2b3c6d18
- hash: 647d26e94b9be5a1237a59d0b2b38442
- hash: 97868b884fc9d01c0cb1f3fa4d80b09f
- hash: 46b2cfef633e6e531928a9c606b40b16
- hash: 67cee5b180370eb03d9606f481e48f36
- hash: 1023860ce2a23e7234685440c2d70e96
- hash: 87656e8df1b1f97213f3b342dd77c986
- hash: a6fad33175e33ab7306e879f4f022662
- hash: 88ba6dd7a5dd31aba0051c532602cc0d
- hash: b91950af0d213c3d28e3a57612ff2c7b
- hash: 355b1bedeb19b546800de5ecc7933849
- hash: 1822bea1d0ec9ae1db9c265386699102
- hash: 31725dc195bb09fc32a842a554cc931b
- hash: 64243391affa5d5a7d195ea4c905b240
- hash: aad9dcd3a2045dafea47eef776ec5b8a
- hash: e8fcc05c328b612918b3384638873a6d
- hash: 53ec27df858d3d133808ec338df29fc6
- hash: b73ba1327abb95eba44a233d9d502c79
- hash: e6d09c7ad340d10109e6781bfb05a319
- hash: 9a40f49b9f9d653fb23c3ffa518f40e7
- hash: f1b78698b108fbf5bfcbb6d7f3bbad76
- hash: c753611ab87bd41cdf4ff9b140440fe2
- hash: fa174cdd22080f11e13844c1e3326cd2
- hash: 95333cc1a3fbe044b0163a1cddb3a8ab
- hash: 87f4cc8abaff811e36c544896c7cd418
- hash: ceea830b55ba3582a9bee3cacd895aff
- hash: d8367aba68353951c23c3094bc536743
- hash: 3b5501885ba5283ec08101bc4cb9d613
- hash: 2f3e5344c5b4614c75d400d18b1bb387
- hash: 8e13d8b8d0c965b95408a2efdde32847
- hash: 2a16962b336cc5296bb4e4230a5e5404
- hash: c8904d694af18e4920bfa9fc5258b2a7
- hash: a07cd2703361ad566c5857a4e8e1652a
- hash: 2688d2ae8691089bc339403524bc51bf
- hash: 6ca874b098ba768ad5814bef9cf409fa
- hash: 4e3d5859e74e11a3903453a1601d1d36
- hash: ebe250b7ca9122231f1d114b12d27821
- hash: 32b3dc926aaad8b3b63e45c408420b43
- hash: c4361acb38701e733f5f02c8e88d4a45
- hash: a839c560076937407ac78b3f9d1c0416
- hash: 093ea7c80ab1a192a91f4132078c02b1
- hash: d8b387a4f76fcb39bb0f3863a6bbb2bd
- hash: c964653d3e1a4c6cf85a9a056ac87793
- hash: e810d8b815d18092320b08acd8944972
- hash: db4dd364ae1e7f149da998453b241c41
- hash: a2d306424dd0a86f41d8fd96e633bff2
- hash: 4751a31aa65c19784f4c3a212c6ee6eb
- hash: cb64ee1765a2ba331fc4e783f5836584
- hash: 3f32d1ddece7ea279b6cc0e5ad279e08
- hash: da94d2b597dd10724a896e51fc500267
- hash: 4150ec9163a697f6e590e46dc004c107
- hash: c6659e8ef3258bde52081297ca82c7f0
- hash: c72ec702a498b1b5ca8a7fa8219088cd
- hash: 13b98f2270c0014cd9a7d3da4c01e1fe
- hash: 24c9a9ec8f0ee27420f631085298f7eb
- hash: 70ebf234ae57103849470c2bd5f1fc35
- hash: f066ff0d68e29220085a9fef43693b07
- hash: 3061d7ed6ce7fd85701b2a8dfcb0c4af
- hash: af79a5e196658e297547d8411d555ef6
- hash: d42200f87471f7ff13db676893148394
- hash: 76149248251b08493cafd94781e00bf0
- hash: 8e943e1cb8752132e7f7eae17f3d8956
- hash: b216f1366a6f27e92e866234f730729c
- hash: 2c4d2fc35055ee199fd01d6c055646b3
- hash: b2c3427392e029dce7ba9e0da6ca2456
- hash: 2acd7ed295c72a6e7f5730dba4ef641f
- hash: 3761e39bd7393548a5f7c153c7ecf1d0
- hash: 39eb2918deb1dfbe3bacbf57fe4e6056
- hash: e28bd43b7969b51d892eb477bda81ef8
- hash: 0192cfdb4016abfb657994d4b4ae48b3
- hash: 57d4c7b05bbb90567a6e21abbb8717d0
- hash: cc9e63fe92e0046762397cd02a595803
- hash: ff49cc59efebb8cba5569058a12d4829
- hash: c6855714d7ea700272ece7056eef4607
- hash: 17e1e62925de680a48c70bf661273b6e
- hash: 9e14033200a7c41ff94535eed8e82c55
- hash: 8244b0c39a2e838465e2902e286525b5
- hash: 02f23222590d318b771c30b29b4f7fe8
- hash: ba574c046177f1ff5a67aa8a04d53e63
- hash: ca294d9ccb1e41dd8592cec7158590cb
- hash: 4174f208a7e29938a27269cd1e23092a
- hash: c1dac497e7625b639432e8ecd97c2987
- hash: 01b4a5b9128eb340813d998f622e86cf
- hash: 1c41b0e3324fad69885926bfb43ac29c
- hash: 7057479b707aaf2e7fb0e099179b8315
- hash: 07cbedbcca3724397e86b59109275419
- hash: 4a5fe9ec249bf85c11c7a58912f0492b
- hash: d70fb18cf8d12ee5e70272310bd67bd6
- hash: 7e66df5069b0fd8211dd2e668940f588
- hash: e422e35a8bb2746ddc8449550d07da88
- hash: c2a504f205c2bd220fe48645e95ff21f
- hash: 3b575f9f6886a4ce0acf5d8c39d3a271
- hash: 201f335c160c30b3c809b9699eadcaed
- hash: b11592ddc48fe2d9ede02f1f642c0514
- hash: ff48354b1a7a973bb2fd79d738ef6aea
- hash: 426f2c3a7c3fcfe8a776847902559553
- hash: d2b9dd003635aaf568ceacd4a0d69389
- hash: e4c04d1cdda94e55f8669f990d66eea0
- hash: 0b13f8c5549e2e23217ec50a247c1954
- hash: af2fd54c272d6166ebff5b21dbb5d414
- hash: 99e051296cecc884ac10469e4d245fdc
- hash: d5dc626780641c25454ea835bc86795f
- hash: 7c1b4e2537ea96b77965eaff018578ca
- hash: 5abfc664f0aaa49fe442ef2c9a6e018d
- hash: 226264e22029dd0aa14228e73ec338e8
- hash: c8ab8e3a8c5af5198f950f66307530be
- hash: 74256ba1b9e66137f1df3d30d9345281
- hash: 05d4f890c5583efc491a6b4e4534a0de
- hash: d174d59a71157735e4532ab1af09eab8
- hash: b91a2852a418331eee402ebb3d3cb67e
- hash: 36be9f5a19a1f2bac4c9a5cd128eea47
- hash: dfcd22269febadf0c55e69173f04be5e
- hash: adcd2afe83197be0e4b293696df2e12a
- hash: cf6c400f2fe77d7fe1a8fd284e546ba1
- hash: 86129fb08830fb0e20de4bdd5559c873
- hash: 9ef739293c744e632a6437869b1806f1
- hash: 857e429ebadf0ee393f65d0687e31ab2
- hash: 28e390d57bd634c6945f8beff17c2d0c
- hash: b565c95c4e7b190e36a4542198dfb870
- hash: c2bcb963c53b0ef56f2e037b14fbc230
- hash: cd2f331388f1c804b2936554bcc55172
- hash: 8eab1fe38d3f31026f5a8b6b1bd4dd8f
- hash: fd7ba1a3df65304dc1b5555eecd2847f
- hash: f49c46b464dff149c861a9702acd8172
- hash: 338af0636ade81590319237bf8c3c349
- hash: 0897c17a94d9fc1ec3a306ca3960f195
- hash: bc814cef68ebff8475b50c3b96098044
- hash: 7742ebb77ff1e481b6bcc611df5acb80
- hash: 5d0c93a4b261531f298d80282dc800b7
- hash: 9579942602ca259a5b359ded020ddafe
- hash: 0047edcb1fa4719cded8b2ab095e163e
- hash: 9f2a8263b1035353c165820dcee3c630
- hash: 33bd5633ae0a81166b3e9aaea8fb4d09
- hash: d16e41582fd66274d4fcbfede1d0ec43
- hash: c133e3dfc2ebab9a42ddf72b1323b6cc
- hash: 5216d4cdb1b44f1619fd1c25091990f5
- hash: ae65ec756e1208425ba9cc086b470004
- hash: b2784fe82e6937332beb1f887bf2f290
- hash: 9a62baa9f8bf411034c8136641d68e3d
- hash: 7c642df72c995572296857b0cbe7b1d5
- hash: 2fab226f39851805510e41ebe8a3da94
- hash: c05c4bc4012a2918508f69b54cbd892c
- hash: 5776fea7ca39ef8a93b2cd1b2f8f6fac
- hash: 6f08a9de90ce4b57b9965712742ea70f
- hash: f74e91024d15d044834934f9f05ab448
- hash: 0e6350badfc7e840e10b6e9c9a9ac903
- hash: 575d69e0f6e875e72d09498d83e59571
- hash: b9b21a25267e64420cc1bedaecb158a9
- hash: 40b474e59a2d512742df62666f110677
- hash: 55e9c14c8e88cd36d611f515153c55a1
- hash: 5b3d6ad1477ae5eb33ca86f5acd83100
- hash: b7421ab53a605ba67548447ace11fae8
- hash: ed5109161c11dda88ce51eeda72f2dc8
- hash: e7c5f8598fb577899f0dd66d413520eb
- hash: 1bc2d4bec73491b3d9e8899dba39079b
- hash: fe9cc345f01b1257ade5283db752c95d
- hash: 41fb3eb2b478d645caf517a493ae2c1e
- hash: a44495a48f91dd56c1065d5d7313e441
- hash: 741f261a857705c1d5663d2518b3d96d
- hash: 045e52ce6a64dbebe1d63787eca069ab
- hash: f0b16311f00e3c89312ec6a807c09e9e
- hash: ba5f23012bd756826862cc143b289791
- hash: b11a98847b43f5e89f808b8fc2813885
- hash: b921dcb0204268df810e6bd3afc40884
- hash: 4c6c91def55e9d56cee8c7cec03f9c94
- hash: 0371006a71e3c30131a8ddb86b3dc42d
- hash: 88a30a870931a0df343620490bb2022a
- hash: f61927f661f5a31a828f4ab443c44d90
- hash: 9b3ec2ddbe8fcaffcc260160633a1576
- hash: 23f2399d668f0cdb9e3d03b5d3cb8b0b
- hash: 32f8bf62ec02026829413702deefaf9a
- hash: 20f38afe9f6f317752ebc110fb88217c
- hash: a138a734471ce9bb5904971c4f38e21b
- hash: 0f81da14f039907fd9d050db657398d7
- hash: 4e04b0facc3302f86997c6744085758c
- hash: a9bc13d2cea77d730fa6ac5b533df650
- hash: 05f0fb0adb3e39df8bd970a81786ef4c
- hash: 1feb0310fe4c192f0aa62d7e5348a8f7
- hash: 7426c8cc21ab1a18f9e5f33aee301fef
- hash: 68fa5f31895a8f09f5d0505c5faba7cd
- hash: 8e926f9d1e5f4c15a0c6f56d3718f30e
- hash: 4a72cf93e529231eafad31dfd010d4f5
- hash: 23479da4c404256ff1b7e7e28895c28a
- hash: 57d47bf5cd1f7df0f2993bab514c7ea6
- hash: 26fafbcff71939ed0a4bb95ac6fdd8d2
- hash: 9aa4bdb9ab6b34dfcb6c955cd8785cf6
- hash: 410ac36446fc8ca22a57a11fa7c99b15
- hash: 9629c3633e020473a6f7bf07c8119502
- hash: 11213bd1a6f435f99c33fd3f750475bf
- hash: b980f10c0748e6f501af89fd156e97e5
- hash: 929e3ee8a73c0c72a4fc96ce5550aeaf
- hash: 6f20110c0acfe3cd0fd0e79bc038ff37
- hash: 00449c8302abf2aaab46fa8887294113
- hash: 3e90c91d10489b95bb6a9a9b5d186138
- hash: 2f3e894fd573ebaf34ea151a5944ff97
- hash: f7ca52016798024f5150fb910498623d
- hash: 27407c8dc0d8f3286f78586753cfb7e7
- hash: abd53dc3dd708225dff9d5f473570637
- hash: d21f25b7de459416135587798af8a97f
- hash: ad2568b84e5074bf162839155797f7b2
- hash: 7b75e49344843199f357a0e5d17eb5c1
- hash: 893cb945b96f2bd46beb7acf97fc59ba
- hash: cfcabc3960dc4c52fb851f9361b89b28
- hash: 3b3c10203aed1aee0c2ab0453c17a56c
- hash: 5104f5842eee8cf169287bc8e057417d
- hash: 062f6b14c9d3cc121ed074c63a585d5c
- hash: f53f9b7bb22a74618c82ead0f97de729
- hash: 42acf7c9b5272ff13d4410b66864a2d7
- hash: 319fbfc60733d897cd2e3ca527659ea4
- hash: 232bf5f6c40251292393cb9d57d7cc3f
- hash: 57e202fe5c6faac4b46ce2fee4630c34
- hash: 5eee2912bafe61313fa11ce3dbcff0a1
- hash: 30c05a3d427828fef09ccafd92c428fd
- hash: 1902f90849eb89ff9a9c24da2cd7cd7c
- hash: 7d2601be0edd6ccdeea2ce0f5955aac0
- hash: 8f5eaab794333bc8fceb4c4d6faf3b06
- hash: e6f10c5ab64c4a09aa89102d738ec0fd
- hash: fd5db4498b1756e98e8bdd9509899bde
- hash: 08fc25dd8e4e65b4d3d52b8634c22d5c
- hash: ed99570f009ad0b69964586c851d109c
- hash: 41c52e8f7d87ed4688cf31b7b62310a7
- hash: 16a1f41da042bb596076c5abf2204b8e
- hash: 4ed67c870ce287948877a69088bf0d64
- hash: e609d3614b1838d08ab587d23949b4af
- hash: e4761462a4fc35c24c3a46871f5a4121
- hash: e1cc7a54f0881d46fa51bf4068d96c56
- hash: d3c7876be837a86ed230930f31ad8aa0
- hash: a3e71adcfae12ace68613a1c7bb62f04
- hash: 3aa7fdc958ef727b31c1c8999111e1eb
- hash: c0700f70ce1222267de16de47cb066e3
- hash: 92a17fefba6f6e2b6c471806c669fa57
- hash: 5a6bb1e5781780ced86e2fdc2e241486
- hash: 9b23360229297cf3eb26a2b12c7ad096
- hash: 58181033f994529ea5d439dfe5f3310a
- hash: c0f79e9aa02afc7a062cd53e0402f9ce
- hash: 908f8011fddb0a7ce57107bf781c65f0
- hash: 92ddfe3d4915fd04b44f2e2b33889898
- hash: 4d2f538dab0ee9ff0a47438215cdfbe6
- hash: bde5736a16fcdd6c20608929161041ff
- hash: 32300bf9cca4630f19baf4759d61ba28
- hash: b66896d389d48029d8833516d6536833
- hash: 8ee1c5eb3fcec226b26e7784bf3794ee
- hash: 7e7636f8fa7fe8858e56f4ed975f37ef
- hash: d86af3c6d1c1c027dd6f4dbd05309cf3
- hash: d7109d0ee374d0256aad557e6a87d9ce
- hash: 0c73e01ba08bded0305385e5fb45402e
- hash: 9134f2a673eb76cf77ae778840eeadb9
- hash: 78d5f1fc46015efbe54b871216eed7c8
- hash: 91c89af52df3e3067ab2d3d619fcd345
- file: MiroTalk.dmg
- hash: d24d19a892c6afbd53d8a6e2a4a1f88c
- file: MiroTalk.msi
- hash: fb71fc9f4c0a5ff53f301d83b7462f89
- file: Jami.exe
- hash: 8ebca0b7ef7dbfc14da3ee39f478e880
- file: FCCCall.msi
- hash: ed60b3913e6694f4a0ed2fe25551bd1f
- file: FCCCall.exe
- hash: dc77044fe8d35882015eaa99ca31f826
- file: FCCCall.msi
- hash: b9693b6541a22d01b100b867375279e6
- file: FCCCall.exe
- hash: bf82e3b5d25d167c168cc6600e797c53
- file: FCCCall.dmg
- hash: 20ac88502e69f65ea3fc6ccd90978f0e
- file: FCCCall.msi
- hash: efc41a0887fd65246cda9323035f9746
- file: FCCCall.exe
- hash: 1bb8b1d0282727ab9bc2deb3570cf272
- file: FCCCall.dmg
- hash: 767fce5fae7f2f7091811b401f2b16d8
- file: FCCCall.msi
- hash: f677620a092f4b8d46e43d0b0b62c89d
- file: FCCCall.exe
- hash: 6ab14c7b7c7c43011d607027d3582686
- file: FCCCall.msi
- hash: f82510d541e56d7021f020f8b4d6a6d0
- file: FCCCall.exe
- url: https://github.com/Satyam-G5
- url: https://github.com/aufeine
- url: https://github.com/dhayaprabhu
- url: https://github.com/bridgitlab
- url: https://github.com/CodePapaya
- url: https://github.com/bmstoreJ
- url: https://github.com/Allgoritex
- url: https://github.com/plannet-plannet
- url: https://github.com/komeq1120
- url: https://github.com/masharsiddiqui
- url: https://github.com/ZoroDefi
- url: https://github.com/davidbizna95
- url: https://github.com/Kamo-Smbatyan
- url: https://github.com/DavidBeanvide
- url: https://gitlab.com/benhermas
- url: https://bitbucket.org/grempe012
- url: https://bitbucket.org/ritechdev
- link: https://www.zscaler.com/blogs/security-research/pyongyang-your-payroll-rise-north-korean-remote-workers-west
- text: In November 2023, a security vendor discovered that North Korean threat actors were using the Contagious Interview and WageMole campaigns to procure remote employment opportunities in Western countries, thus evading financial sanctions against North Korea (DPRK). The Contagious Interview campaign focuses on stealing data, while WageMole uses that stolen data, along with other social engineering techniques, to help these threat actors land remote jobs. Zscaler ThreatLabz recently discovered how the threat actors have continued to update their Contagious Interview campaign tactics by improving the obfuscation of their scripts with advanced techniques and dynamic loading. The threat actors also expanded their arsenal by supporting both Windows and macOS application formats in their infection chains, while keeping their core capabilities intact. By monitoring the installed BeaverTail (JavaScript) and InvisibleFerret (Python) scripts, we confirmed that the attackers stole source code, cryptocurrency data, and personal information from victims. The threat actors managed to infect over 100 devices across multiple operating systems within a short time. In this blog, we’ll dive into the improvements made to Contagious Interview scripts, the new formats that are now supported, and share exclusive insights into the campaign’s victims.
- text: Blog
OSINT - From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
0
MediumUnknownmisp-galaxy:country="north korea"misp-galaxy:malpedia="beavertail"misp-galaxy:software="beavertail"type:osintosint:lifetime="perpetual"osint:certainty="50"tlp:whitetlp:clearmisp-galaxy:malpedia="invisibleferret"misp-galaxy:producer="zscaler"
Published: Wed Jul 30 2025 (07/30/2025, 00:00:00 UTC)
Source: CIRCL OSINT Feed
Vendor/Project: type
Product: osint
Description
OSINT - From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
AI-Powered Analysis
AILast updated: 10/22/2025, 01:20:17 UTC
Technical Analysis
The report titled 'From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West' is an OSINT-based intelligence piece indicating an emerging trend where North Korean nationals, potentially linked to state-sponsored cyber operations, are increasingly present as remote workers within Western organizations. The intelligence references malware families such as Beavertail and InvisibleFerret, which have been associated with North Korean cyber espionage campaigns involving network activity and payload delivery. While no specific software vulnerabilities or exploits are detailed, the threat vector is primarily through insider access and covert infiltration rather than technical exploitation. This presence enables potential unauthorized access to sensitive corporate networks, intellectual property, and critical infrastructure data. The report carries a medium severity rating and a 50% certainty level, reflecting moderate confidence in the intelligence. No patches or direct mitigations exist since this is not a software vulnerability but rather an operational threat. The risk is compounded by the difficulty in detecting such insiders and the potential for lateral movement within networks. The intelligence underscores the importance of monitoring for anomalous network activity and the use of behavioral analytics to identify suspicious insider behavior. The involvement of North Korean threat actors aligns with their historical focus on espionage, financial theft, and disruption. The report is tagged with TLP:WHITE and TLP:CLEAR, indicating it is intended for broad distribution and awareness. Overall, this threat represents a strategic risk to organizations relying on remote workforce models without stringent identity and access management controls.
Potential Impact
For European organizations, the presence of North Korean remote workers linked to state-sponsored cyber operations poses significant risks to confidentiality, integrity, and availability of sensitive data and systems. Potential impacts include espionage, intellectual property theft, financial fraud, and disruption of critical infrastructure operations. The covert nature of insider threats complicates detection and response, increasing the risk of prolonged unauthorized access and data exfiltration. Organizations in sectors such as finance, telecommunications, energy, and government are particularly vulnerable due to the strategic value of their data and services. The integration of remote workers, especially from regions with adversarial geopolitical relations, can introduce backdoors or facilitate supply chain compromises. This threat can undermine trust in remote workforce models and may lead to regulatory scrutiny under European data protection and cybersecurity laws. The medium severity reflects a moderate but tangible risk that requires proactive management to prevent escalation into more damaging incidents.
Mitigation Recommendations
European organizations should implement rigorous identity verification and background checks for remote workers, especially those from high-risk regions. Deploy continuous monitoring solutions that leverage behavioral analytics and anomaly detection to identify suspicious insider activities. Enforce strict network segmentation and least privilege access principles to limit lateral movement opportunities. Utilize multi-factor authentication and zero-trust network architectures to reduce the risk of unauthorized access. Conduct regular security awareness training focused on insider threat recognition and reporting. Integrate threat intelligence feeds related to North Korean cyber activities to enhance detection capabilities. Establish clear policies for remote work and supply chain security, including contractual obligations for transparency and security compliance. Collaborate with national cybersecurity agencies to share intelligence and receive guidance on emerging threats. Finally, perform regular audits and penetration testing to identify and remediate potential weaknesses in remote access infrastructure.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Uuid
- 11352988-db69-4d22-89fc-6f84689edfab
- Original Timestamp
- 1753866923
Indicators of Compromise
Ip
| Value | Description | Copy |
|---|---|---|
ip135.181.242.24 | contagiousinterview iocs - C2 | |
ip147.124.212.146 | contagiousinterview iocs - C2 | |
ip147.124.212.89 | contagiousinterview iocs - C2 | |
ip147.124.213.11 | contagiousinterview iocs - C2 | |
ip147.124.213.29 | contagiousinterview iocs - C2 | |
ip147.124.214.129 | contagiousinterview iocs - C2 | |
ip147.124.214.131 | contagiousinterview iocs - C2 | |
ip147.124.214.237 | contagiousinterview iocs - C2 | |
ip166.88.132.39 | contagiousinterview iocs - C2 | |
ip167.88.168.152 | contagiousinterview iocs - C2 | |
ip172.86.123.35 | contagiousinterview iocs - C2 | |
ip172.86.97.80 | contagiousinterview iocs - C2 | |
ip185.235.241.208 | contagiousinterview iocs - C2 | |
ip23.106.253.194 | contagiousinterview iocs - C2 | |
ip23.106.253.209 | contagiousinterview iocs - C2 | |
ip23.106.253.215 | contagiousinterview iocs - C2 | |
ip23.254.244.242 | contagiousinterview iocs - C2 | |
ip45.140.147.208 | contagiousinterview iocs - C2 | |
ip67.203.7.163 | contagiousinterview iocs - C2 | |
ip67.203.7.171 | contagiousinterview iocs - C2 | |
ip67.203.7.245 | contagiousinterview iocs - C2 | |
ip95.164.17.24 | contagiousinterview iocs - C2 |
Domain
| Value | Description | Copy |
|---|---|---|
domainmirotalk.net | contagiousinterview iocs - C2 | |
domainpayloadrpc.com | contagiousinterview iocs - C2 | |
domainipcheck.cloud | contagiousinterview iocs - C2 | |
domainregioncheck.net | contagiousinterview iocs - C2 | |
domainw3capi.marketing | contagiousinterview iocs - C2 | |
domaintelegram-mini-app-game-main.zip | packed_beavertail_hashes.txt |
Hash
| Value | Description | Copy |
|---|---|---|
hashae83d8531717a5c7696451166acc91f1 | packed_beavertail_hashes.txt | |
hash3b7663f40ab4aa25a97bea17ad1b50eb | packed_beavertail_hashes.txt | |
hashf5e89d2643a1e709f6f34f13b2501779 | packed_beavertail_hashes.txt | |
hash47ebe86edb2a8305e48e142389ad5cd0 | packed_beavertail_hashes.txt | |
hash4aea29dadcfd4fc75a27c9902cb4c623 | packed_beavertail_hashes.txt | |
hash72841d2374648bc70dce53fbdcf69502 | packed_beavertail_hashes.txt | |
hash1aaf8809b7ab4fa6848babe3f970afc0 | packed_beavertail_hashes.txt | |
hash9cc9b773fe099d46eca556b610fd03cb | packed_beavertail_hashes.txt | |
hash0d4a9a974c4fc579d0699764c69cf0fd | packed_beavertail_hashes.txt | |
hash2ad64d0252b9778bdf3911e2924a3885 | packed_beavertail_hashes.txt | |
hashdee7ae804679b905b07953aa61136d2e | packed_beavertail_hashes.txt | |
hashf713c6aa854c50854e4cac3e541be8cf | packed_beavertail_hashes.txt | |
hashfdcc957f3b0050fcf351d99bcc4743b2 | packed_beavertail_hashes.txt | |
hashe23b3f3cea6e8c97ea67ad97b0dc2170 | packed_beavertail_hashes.txt | |
hashdee6eec3f11a3ba187a002eabfb7af3c | packed_beavertail_hashes.txt | |
hashab4138a74a42c8b83daf7c19587bb001 | packed_beavertail_hashes.txt | |
hash61e07d69fbc48fb5c09503f926994636 | packed_beavertail_hashes.txt | |
hash55cd5526fde209aea11bb41af0eb5c08 | packed_beavertail_hashes.txt | |
hash2300548f253aea742d3b11925fa408d3 | packed_beavertail_hashes.txt | |
hash41b0bb86e6409c08a298888dd7a91717 | packed_beavertail_hashes.txt | |
hash30fbbceb33dbe40f50d3cb94714054fb | packed_beavertail_hashes.txt | |
hash8ed2ebb511e4436232b09991627790db | packed_beavertail_hashes.txt | |
hash43ae3120db22521a97e21b9c6ef13715 | packed_beavertail_hashes.txt | |
hashefed4ae29e74b01a11a746671fbd924d | packed_beavertail_hashes.txt | |
hashd86f70735c7d53b315a35ddc29258476 | packed_beavertail_hashes.txt | |
hash17f47b20c26fd768bcee7b1c4bab9714 | — | |
hash135848473382204d759a97aeded76f2c | — | |
hasheac8edaf5a4637fd964d7a3d87f8189a | — | |
hashd7783ba8476f1a2f0831f32abf9c3e69 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7624fc8b47cb58444ff0176edd7f15cb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1948c99104e09ecaa0f4cb3fdac276d5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7859ef9ca6f7fa800a058d3586164672 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2ed1b50ed4ca84c0fdde84a585fac536 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4120ce03d7d662d5ddf10e4565495055 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash48fc7c946c34771b82a5e49a93d405a6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash560a2438bea7a7421b92f66b4d7c756b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashdbda4a6e6741fa3d7819c3c88ed22e88 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1ca6bcea09b3b9b3cb338faf8161b7e8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd7d5b9a70cb001532096c50c419172b0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashac55b61572eb8424192316c0970ccb54 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash93b7dbf5980de29cf7fb9a610229bb5a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash907f39788d1d1439eed333091fd16730 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash979bb789ecd5a3881ad3d4823ca8fdc1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash95362a0f440990992cc9ad04e6675e77 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasheb0ba3a1623e95e57fb5a2aedb97d45f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash58db0d021b75eb2a581c7773844703b5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash110a7556e2ebcca7255be1c6ee999b94 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc1c1c5b2a76a3d463cb4f7c22c88bbe5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4a5d3d5452b1ac7cb2e875f649515e4e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1e20dfc8145abced35dd934d5136e5dd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd3a85f6ccf117fb1cdb506094edddd22 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5cb77e93ebe96f22741285592cd35100 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash31922228868dc24dfe9b067d2b3c6d18 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash647d26e94b9be5a1237a59d0b2b38442 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash97868b884fc9d01c0cb1f3fa4d80b09f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash46b2cfef633e6e531928a9c606b40b16 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash67cee5b180370eb03d9606f481e48f36 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1023860ce2a23e7234685440c2d70e96 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash87656e8df1b1f97213f3b342dd77c986 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha6fad33175e33ab7306e879f4f022662 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash88ba6dd7a5dd31aba0051c532602cc0d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb91950af0d213c3d28e3a57612ff2c7b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash355b1bedeb19b546800de5ecc7933849 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1822bea1d0ec9ae1db9c265386699102 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash31725dc195bb09fc32a842a554cc931b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash64243391affa5d5a7d195ea4c905b240 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashaad9dcd3a2045dafea47eef776ec5b8a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe8fcc05c328b612918b3384638873a6d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash53ec27df858d3d133808ec338df29fc6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb73ba1327abb95eba44a233d9d502c79 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe6d09c7ad340d10109e6781bfb05a319 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9a40f49b9f9d653fb23c3ffa518f40e7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf1b78698b108fbf5bfcbb6d7f3bbad76 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc753611ab87bd41cdf4ff9b140440fe2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashfa174cdd22080f11e13844c1e3326cd2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash95333cc1a3fbe044b0163a1cddb3a8ab | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash87f4cc8abaff811e36c544896c7cd418 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashceea830b55ba3582a9bee3cacd895aff | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd8367aba68353951c23c3094bc536743 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3b5501885ba5283ec08101bc4cb9d613 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2f3e5344c5b4614c75d400d18b1bb387 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8e13d8b8d0c965b95408a2efdde32847 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2a16962b336cc5296bb4e4230a5e5404 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc8904d694af18e4920bfa9fc5258b2a7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha07cd2703361ad566c5857a4e8e1652a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2688d2ae8691089bc339403524bc51bf | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash6ca874b098ba768ad5814bef9cf409fa | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4e3d5859e74e11a3903453a1601d1d36 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashebe250b7ca9122231f1d114b12d27821 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash32b3dc926aaad8b3b63e45c408420b43 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc4361acb38701e733f5f02c8e88d4a45 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha839c560076937407ac78b3f9d1c0416 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash093ea7c80ab1a192a91f4132078c02b1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd8b387a4f76fcb39bb0f3863a6bbb2bd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc964653d3e1a4c6cf85a9a056ac87793 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe810d8b815d18092320b08acd8944972 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashdb4dd364ae1e7f149da998453b241c41 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha2d306424dd0a86f41d8fd96e633bff2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4751a31aa65c19784f4c3a212c6ee6eb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashcb64ee1765a2ba331fc4e783f5836584 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3f32d1ddece7ea279b6cc0e5ad279e08 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashda94d2b597dd10724a896e51fc500267 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4150ec9163a697f6e590e46dc004c107 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc6659e8ef3258bde52081297ca82c7f0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc72ec702a498b1b5ca8a7fa8219088cd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash13b98f2270c0014cd9a7d3da4c01e1fe | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash24c9a9ec8f0ee27420f631085298f7eb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash70ebf234ae57103849470c2bd5f1fc35 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf066ff0d68e29220085a9fef43693b07 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3061d7ed6ce7fd85701b2a8dfcb0c4af | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashaf79a5e196658e297547d8411d555ef6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd42200f87471f7ff13db676893148394 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash76149248251b08493cafd94781e00bf0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8e943e1cb8752132e7f7eae17f3d8956 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb216f1366a6f27e92e866234f730729c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2c4d2fc35055ee199fd01d6c055646b3 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb2c3427392e029dce7ba9e0da6ca2456 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2acd7ed295c72a6e7f5730dba4ef641f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3761e39bd7393548a5f7c153c7ecf1d0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash39eb2918deb1dfbe3bacbf57fe4e6056 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe28bd43b7969b51d892eb477bda81ef8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0192cfdb4016abfb657994d4b4ae48b3 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash57d4c7b05bbb90567a6e21abbb8717d0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashcc9e63fe92e0046762397cd02a595803 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashff49cc59efebb8cba5569058a12d4829 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc6855714d7ea700272ece7056eef4607 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash17e1e62925de680a48c70bf661273b6e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9e14033200a7c41ff94535eed8e82c55 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8244b0c39a2e838465e2902e286525b5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash02f23222590d318b771c30b29b4f7fe8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashba574c046177f1ff5a67aa8a04d53e63 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashca294d9ccb1e41dd8592cec7158590cb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4174f208a7e29938a27269cd1e23092a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc1dac497e7625b639432e8ecd97c2987 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash01b4a5b9128eb340813d998f622e86cf | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1c41b0e3324fad69885926bfb43ac29c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7057479b707aaf2e7fb0e099179b8315 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash07cbedbcca3724397e86b59109275419 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4a5fe9ec249bf85c11c7a58912f0492b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd70fb18cf8d12ee5e70272310bd67bd6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7e66df5069b0fd8211dd2e668940f588 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe422e35a8bb2746ddc8449550d07da88 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc2a504f205c2bd220fe48645e95ff21f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3b575f9f6886a4ce0acf5d8c39d3a271 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash201f335c160c30b3c809b9699eadcaed | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb11592ddc48fe2d9ede02f1f642c0514 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashff48354b1a7a973bb2fd79d738ef6aea | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash426f2c3a7c3fcfe8a776847902559553 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd2b9dd003635aaf568ceacd4a0d69389 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe4c04d1cdda94e55f8669f990d66eea0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0b13f8c5549e2e23217ec50a247c1954 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashaf2fd54c272d6166ebff5b21dbb5d414 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash99e051296cecc884ac10469e4d245fdc | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd5dc626780641c25454ea835bc86795f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7c1b4e2537ea96b77965eaff018578ca | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5abfc664f0aaa49fe442ef2c9a6e018d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash226264e22029dd0aa14228e73ec338e8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc8ab8e3a8c5af5198f950f66307530be | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash74256ba1b9e66137f1df3d30d9345281 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash05d4f890c5583efc491a6b4e4534a0de | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd174d59a71157735e4532ab1af09eab8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb91a2852a418331eee402ebb3d3cb67e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash36be9f5a19a1f2bac4c9a5cd128eea47 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashdfcd22269febadf0c55e69173f04be5e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashadcd2afe83197be0e4b293696df2e12a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashcf6c400f2fe77d7fe1a8fd284e546ba1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash86129fb08830fb0e20de4bdd5559c873 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9ef739293c744e632a6437869b1806f1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash857e429ebadf0ee393f65d0687e31ab2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash28e390d57bd634c6945f8beff17c2d0c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb565c95c4e7b190e36a4542198dfb870 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc2bcb963c53b0ef56f2e037b14fbc230 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashcd2f331388f1c804b2936554bcc55172 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8eab1fe38d3f31026f5a8b6b1bd4dd8f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashfd7ba1a3df65304dc1b5555eecd2847f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf49c46b464dff149c861a9702acd8172 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash338af0636ade81590319237bf8c3c349 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0897c17a94d9fc1ec3a306ca3960f195 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashbc814cef68ebff8475b50c3b96098044 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7742ebb77ff1e481b6bcc611df5acb80 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5d0c93a4b261531f298d80282dc800b7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9579942602ca259a5b359ded020ddafe | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0047edcb1fa4719cded8b2ab095e163e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9f2a8263b1035353c165820dcee3c630 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash33bd5633ae0a81166b3e9aaea8fb4d09 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd16e41582fd66274d4fcbfede1d0ec43 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc133e3dfc2ebab9a42ddf72b1323b6cc | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5216d4cdb1b44f1619fd1c25091990f5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashae65ec756e1208425ba9cc086b470004 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb2784fe82e6937332beb1f887bf2f290 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9a62baa9f8bf411034c8136641d68e3d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7c642df72c995572296857b0cbe7b1d5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2fab226f39851805510e41ebe8a3da94 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc05c4bc4012a2918508f69b54cbd892c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5776fea7ca39ef8a93b2cd1b2f8f6fac | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash6f08a9de90ce4b57b9965712742ea70f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf74e91024d15d044834934f9f05ab448 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0e6350badfc7e840e10b6e9c9a9ac903 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash575d69e0f6e875e72d09498d83e59571 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb9b21a25267e64420cc1bedaecb158a9 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash40b474e59a2d512742df62666f110677 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash55e9c14c8e88cd36d611f515153c55a1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5b3d6ad1477ae5eb33ca86f5acd83100 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb7421ab53a605ba67548447ace11fae8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashed5109161c11dda88ce51eeda72f2dc8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe7c5f8598fb577899f0dd66d413520eb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1bc2d4bec73491b3d9e8899dba39079b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashfe9cc345f01b1257ade5283db752c95d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash41fb3eb2b478d645caf517a493ae2c1e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha44495a48f91dd56c1065d5d7313e441 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash741f261a857705c1d5663d2518b3d96d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash045e52ce6a64dbebe1d63787eca069ab | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf0b16311f00e3c89312ec6a807c09e9e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashba5f23012bd756826862cc143b289791 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb11a98847b43f5e89f808b8fc2813885 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb921dcb0204268df810e6bd3afc40884 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4c6c91def55e9d56cee8c7cec03f9c94 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0371006a71e3c30131a8ddb86b3dc42d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash88a30a870931a0df343620490bb2022a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf61927f661f5a31a828f4ab443c44d90 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9b3ec2ddbe8fcaffcc260160633a1576 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash23f2399d668f0cdb9e3d03b5d3cb8b0b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash32f8bf62ec02026829413702deefaf9a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash20f38afe9f6f317752ebc110fb88217c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha138a734471ce9bb5904971c4f38e21b | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0f81da14f039907fd9d050db657398d7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4e04b0facc3302f86997c6744085758c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha9bc13d2cea77d730fa6ac5b533df650 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash05f0fb0adb3e39df8bd970a81786ef4c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1feb0310fe4c192f0aa62d7e5348a8f7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7426c8cc21ab1a18f9e5f33aee301fef | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash68fa5f31895a8f09f5d0505c5faba7cd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8e926f9d1e5f4c15a0c6f56d3718f30e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4a72cf93e529231eafad31dfd010d4f5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash23479da4c404256ff1b7e7e28895c28a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash57d47bf5cd1f7df0f2993bab514c7ea6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash26fafbcff71939ed0a4bb95ac6fdd8d2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9aa4bdb9ab6b34dfcb6c955cd8785cf6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash410ac36446fc8ca22a57a11fa7c99b15 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9629c3633e020473a6f7bf07c8119502 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash11213bd1a6f435f99c33fd3f750475bf | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb980f10c0748e6f501af89fd156e97e5 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash929e3ee8a73c0c72a4fc96ce5550aeaf | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash6f20110c0acfe3cd0fd0e79bc038ff37 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash00449c8302abf2aaab46fa8887294113 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3e90c91d10489b95bb6a9a9b5d186138 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash2f3e894fd573ebaf34ea151a5944ff97 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf7ca52016798024f5150fb910498623d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash27407c8dc0d8f3286f78586753cfb7e7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashabd53dc3dd708225dff9d5f473570637 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd21f25b7de459416135587798af8a97f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashad2568b84e5074bf162839155797f7b2 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7b75e49344843199f357a0e5d17eb5c1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash893cb945b96f2bd46beb7acf97fc59ba | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashcfcabc3960dc4c52fb851f9361b89b28 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3b3c10203aed1aee0c2ab0453c17a56c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5104f5842eee8cf169287bc8e057417d | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash062f6b14c9d3cc121ed074c63a585d5c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashf53f9b7bb22a74618c82ead0f97de729 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash42acf7c9b5272ff13d4410b66864a2d7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash319fbfc60733d897cd2e3ca527659ea4 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash232bf5f6c40251292393cb9d57d7cc3f | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash57e202fe5c6faac4b46ce2fee4630c34 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5eee2912bafe61313fa11ce3dbcff0a1 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash30c05a3d427828fef09ccafd92c428fd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash1902f90849eb89ff9a9c24da2cd7cd7c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7d2601be0edd6ccdeea2ce0f5955aac0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8f5eaab794333bc8fceb4c4d6faf3b06 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe6f10c5ab64c4a09aa89102d738ec0fd | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashfd5db4498b1756e98e8bdd9509899bde | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash08fc25dd8e4e65b4d3d52b8634c22d5c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashed99570f009ad0b69964586c851d109c | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash41c52e8f7d87ed4688cf31b7b62310a7 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash16a1f41da042bb596076c5abf2204b8e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4ed67c870ce287948877a69088bf0d64 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe609d3614b1838d08ab587d23949b4af | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe4761462a4fc35c24c3a46871f5a4121 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashe1cc7a54f0881d46fa51bf4068d96c56 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd3c7876be837a86ed230930f31ad8aa0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hasha3e71adcfae12ace68613a1c7bb62f04 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash3aa7fdc958ef727b31c1c8999111e1eb | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc0700f70ce1222267de16de47cb066e3 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash92a17fefba6f6e2b6c471806c669fa57 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash5a6bb1e5781780ced86e2fdc2e241486 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9b23360229297cf3eb26a2b12c7ad096 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash58181033f994529ea5d439dfe5f3310a | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashc0f79e9aa02afc7a062cd53e0402f9ce | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash908f8011fddb0a7ce57107bf781c65f0 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash92ddfe3d4915fd04b44f2e2b33889898 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash4d2f538dab0ee9ff0a47438215cdfbe6 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashbde5736a16fcdd6c20608929161041ff | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash32300bf9cca4630f19baf4759d61ba28 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashb66896d389d48029d8833516d6536833 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash8ee1c5eb3fcec226b26e7784bf3794ee | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash7e7636f8fa7fe8858e56f4ed975f37ef | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd86af3c6d1c1c027dd6f4dbd05309cf3 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hashd7109d0ee374d0256aad557e6a87d9ce | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash0c73e01ba08bded0305385e5fb45402e | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash9134f2a673eb76cf77ae778840eeadb9 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash78d5f1fc46015efbe54b871216eed7c8 | # NOTE: These indicators include archive NPM packages and corresponding JavaScript inside the ZIP archive. | |
hash91c89af52df3e3067ab2d3d619fcd345 | — | |
hashd24d19a892c6afbd53d8a6e2a4a1f88c | — | |
hashfb71fc9f4c0a5ff53f301d83b7462f89 | — | |
hash8ebca0b7ef7dbfc14da3ee39f478e880 | — | |
hashed60b3913e6694f4a0ed2fe25551bd1f | — | |
hashdc77044fe8d35882015eaa99ca31f826 | — | |
hashb9693b6541a22d01b100b867375279e6 | — | |
hashbf82e3b5d25d167c168cc6600e797c53 | — | |
hash20ac88502e69f65ea3fc6ccd90978f0e | — | |
hashefc41a0887fd65246cda9323035f9746 | — | |
hash1bb8b1d0282727ab9bc2deb3570cf272 | — | |
hash767fce5fae7f2f7091811b401f2b16d8 | — | |
hashf677620a092f4b8d46e43d0b0b62c89d | — | |
hash6ab14c7b7c7c43011d607027d3582686 | — | |
hashf82510d541e56d7021f020f8b4d6a6d0 | — |
Url
| Value | Description | Copy |
|---|---|---|
urlGamerHub/server/middlewares/helpers/error.js | packed_beavertail_hashes.txt | |
urlhttps://github.com/Satyam-G5 | — | |
urlhttps://github.com/aufeine | — | |
urlhttps://github.com/dhayaprabhu | — | |
urlhttps://github.com/bridgitlab | — | |
urlhttps://github.com/CodePapaya | — | |
urlhttps://github.com/bmstoreJ | — | |
urlhttps://github.com/Allgoritex | — | |
urlhttps://github.com/plannet-plannet | — | |
urlhttps://github.com/komeq1120 | — | |
urlhttps://github.com/masharsiddiqui | — | |
urlhttps://github.com/ZoroDefi | — | |
urlhttps://github.com/davidbizna95 | — | |
urlhttps://github.com/Kamo-Smbatyan | — | |
urlhttps://github.com/DavidBeanvide | — | |
urlhttps://gitlab.com/benhermas | — | |
urlhttps://bitbucket.org/grempe012 | — | |
urlhttps://bitbucket.org/ritechdev | — |
File
| Value | Description | Copy |
|---|---|---|
fileMiroTalk.dmg | — | |
fileMiroTalk.msi | — | |
fileJami.exe | — | |
fileFCCCall.msi | — | |
fileFCCCall.exe | — | |
fileFCCCall.msi | — | |
fileFCCCall.exe | — | |
fileFCCCall.dmg | — | |
fileFCCCall.msi | — | |
fileFCCCall.exe | — | |
fileFCCCall.dmg | — | |
fileFCCCall.msi | — | |
fileFCCCall.exe | — | |
fileFCCCall.msi | — | |
fileFCCCall.exe | — |
Link
| Value | Description | Copy |
|---|---|---|
linkhttps://www.zscaler.com/blogs/security-research/pyongyang-your-payroll-rise-north-korean-remote-workers-west | — |
Text
| Value | Description | Copy |
|---|---|---|
textIn November 2023, a security vendor discovered that North Korean threat actors were using the Contagious Interview and WageMole campaigns to procure remote employment opportunities in Western countries, thus evading financial sanctions against North Korea (DPRK). The Contagious Interview campaign focuses on stealing data, while WageMole uses that stolen data, along with other social engineering techniques, to help these threat actors land remote jobs.
Zscaler ThreatLabz recently discovered how the threat actors have continued to update their Contagious Interview campaign tactics by improving the obfuscation of their scripts with advanced techniques and dynamic loading. The threat actors also expanded their arsenal by supporting both Windows and macOS application formats in their infection chains, while keeping their core capabilities intact. By monitoring the installed BeaverTail (JavaScript) and InvisibleFerret (Python) scripts, we confirmed that the attackers stole source code, cryptocurrency data, and personal information from victims. The threat actors managed to infect over 100 devices across multiple operating systems within a short time.
In this blog, we’ll dive into the improvements made to Contagious Interview scripts, the new formats that are now supported, and share exclusive insights into the campaign’s victims. | — | |
textBlog | — |
Threat ID: 688a1b6ead5a09ad00a5ad0c
Added to database: 7/30/2025, 1:17:34 PM
Last enriched: 10/22/2025, 1:20:17 AM
Last updated: 10/30/2025, 4:10:41 PM
Views: 97
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.