ThreatFox IOC Database
You are viewing the ThreatFox database entry for url http://209.127.36.71:2938/juche/bongyeo/chongsang.
Database Entry
| IOC ID: | 1845986 |
|---|---|
| IOC: | http://209.127.36.71:2938/juche/bongyeo/chongsang |
| IOC Type : | url |
| Threat Type : | botnet_cc |
| Malware: | Unknown malware |
| Confidence Level : | Confidence level is elevated (75%) |
| Is compromised? : | False |
| ASN: | AS55286 SERVER-MANIA |
| Country: | CA |
| First seen: | 2026-07-07 09:42:02 UTC |
| Last seen: | never |
| UUID: | 5000bf38-79e1-11f1-97fa-42010aa4000a |
| Reporter | Anonymous |
| Reward | 5 credits from ThreatFox |
| Tags: | chollima Hvnc kyracs naenara RAT stealer |
Anonymous
Active HVNC RAT C2 server confirmed via VirusTotal sandbox execution.Malware sample makes direct HTTP requests to this host with HTTP 200 responses.
SHA256: 6da482b10a4bd2c8a05bfb17563bd42d65e6e15b9973e3054fef11031969bf7a
VT behavior: https://www.virustotal.com/gui/file/6da482b10a4bd2c8a05bfb17563bd42d65e6e15b9973e3054fef11031969bf7a/behavior
Panel features: HVNC, browser profile cloning, credential theft.
Actor uses North Korea-themed path obfuscation (/juche/bongyeo/).
CA