I’ve been on the lookout for finding North Korean software. I’ve got a decent collection now. One of the things that I’ve been searching are sites where people are checking running processes. I found this the other day: http://windowfdb.com/i.php?q=ghusb-dll-c-windows-system32

I’ve never heard of the Golden Horse program but some more digging reveals that it’s  “a physical constitution characterization and diagnosis program”: https://books.google.com.sg/books?id=JIlh9nNeadMC&pg=PA249&lpg=PA249&dq=%22golden+horse%22+%22north+korea%22+-paektu+-award+-film+-awards&ots=gy_sDcyaaW&sig=ACfU3U0CciFH3au9bwWz8g2d7MD-H2-XMA&hl=en#v=onepage&q=%22golden%20horse%22%20%22north%20korea%22%20-paektu%20-award%20-film%20-awards&f=false

I haven’t been able to find a copy yet but it’s going on the list of things to watch for

I noticed something interesting browsing through the source of the new DPRK portal site the other day. Specifically, this snippet:

<style>
	p{
	  font-family: '천리마', 'KP CheonRiMa', 'KWP ChonRiMa', 'PRK P Gothic';
	  margin-bottom: 0px;
	}
</style>

I had to Google it, but found the following on a Chinese forum

KP CheonRiMa is a font developed in North Korea. Some further searching lead to the following:

A new site has recently been posted on the DPRK portal website: http://www.naenara.com.kp/sites/national/original/en

Slowly uploading tracks from a North Korean karaoke DVD to the Youtube channel. Playlist can be found here: https://www.youtube.com/playlist?list=PLRGXVVd7-ABKZLyIziA3HoNDCGRX1zy3I

This was an interesting read. It’s an older presentation from 2013 about the capabilites of the Chosun Computer Center. Slide 11 is interesting since the offer mock simulations of major cyber attacks

https://translate.google.com/translate?sl=ko&tl=en&u=https%3A%2F%2Fweb.archive.org%2Fweb%2F20170828032305%2Fhttps%3A%2F%2Fwww.dihur.co.kr%2F360

There’s a couple of VPN’s out there that list having servers in North Korea. I’ve emailed a few of them to get some more information but this post investigates everything nicely and explains why it isn’t true: https://blog.benjojo.co.uk/post/north-korea-dprk-bgp-geoip-fruad

If you aren’t familiar with the Shadow Brokers group there’s a decent article here: https://www.theatlantic.com/technology/archive/2017/05/shadow-brokers/527778/

Looking through the leak there’s one interesting thing that I found. Based on the code it looks like the CIA was using these tools in North Korea. There’s lines specifically looking for Silivaccine running on an endpoint.

If you track North Korea on Shodan one of the most unusual things is the amount of services running on port 8080 that don’t seem to respond to anything. Found this the other day.

MA-App, FinalJust cleaning out some files and uploading some random North Korean documents that I found on different non-North Korean sites.vdocuments.mx_sam-hung-30-help

There’s an interesting error that’s still currently on naenara.com.kp on the home page. Looks like one of the links wasn’t updated and is still pointing to an internal server. The link on the homepage is currently pointing to: http://172.200.200.101/ko/memoirs/index.php?id=205&level=0&order=8&tak=0&action=expand&page=0