IOC pivotioc · domain
tp-globa[.]xyz
KP · DPRKBlueNoroffconfidence · high
Command-and-control domain used by the SUGARLOADER stage of the KANDYKORN intrusion chain; identified in Elastic Security Labs' REF7001 report on the DPRK macOS campaign against blockchain engineers.
- family
- KANDYKORN
- first seen
- Oct 31, 2023
- publisher
- Elastic Security Labs