ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://209.127.36.71:2938/juche/bongyeo/chongsang.

Database Entry


IOC ID:1845986
IOC: http://209.127.36.71:2938/juche/bongyeo/chongsang
IOC Type :url
Threat Type :botnet_cc
Malware: Unknown malware
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS55286 SERVER-MANIA
Country:- CA
First seen:2026-07-07 09:42:02 UTC
Last seen:never
UUID:5000bf38-79e1-11f1-97fa-42010aa4000a
Reporter Anonymous
Reward 5 credits from ThreatFox
Tags:chollima Hvnc kyracs naenara RAT stealer

Avatar
Anonymous
Active HVNC RAT C2 server confirmed via VirusTotal sandbox execution.
Malware sample makes direct HTTP requests to this host with HTTP 200 responses.

SHA256: 6da482b10a4bd2c8a05bfb17563bd42d65e6e15b9973e3054fef11031969bf7a
VT behavior: https://www.virustotal.com/gui/file/6da482b10a4bd2c8a05bfb17563bd42d65e6e15b9973e3054fef11031969bf7a/behavior

Panel features: HVNC, browser profile cloning, credential theft.
Actor uses North Korea-themed path obfuscation (/juche/bongyeo/).