Well this turned out to be sort of a bummer. Last night I noticed on Shodan that 175.45.176.21 has a domain futurere.com.kp associated with it. I started doing some digging into it and really the only thing that I could find at first was the associated hostname mail1.futurere.com.kp. That’s not really anything too noteworthy, neither is the fact that future.com.kp redirected to naenara.com.kp.

What was interesting though is that the site pyongyangtimes.com.kp has a separate sites directory that had a number of websites which included Future Re. I put my notes below, they’re broken out into site title, potential URL for the site, and then the actual URL on pyongyangtimes.com.kp

• Polestar – future.com.kp – https://www.pyongyangtimes.com.kp/sites/polestar
• Future Re – future.com.kp – https://www.pyongyangtimes.com.kp/sites/refuture
• Pyongyang Ryugyong Foodstuff Co. Ltd – ??? – https://www.pyongyangtimes.com.kp/sites/ryugyong
• The Central Committee of the Korea Federation for Protection of the Disabled – ??? – https://www.pyongyangtimes.com.kp/sites/kfpd
• Unjong Hi-tech Development Park – ??? – https://www.pyongyangtimes.com.kp/sites/unjong
• Kim Il Sung – Kim Jong Il Foundation – ??? – https://www.pyongyangtimes.com.kp/sites/kkf

This was all very interesting at 2 in the morning but I took some notes and went to sleep. I woke up the next morning and all of the sites were taken down. All of the sites that I had found the night before were no longer online.

Even pyongyangtimes.com.kp was displaying an error.

Now, most of the sites are available at http://www.naenara.com.kp/main/index/en/first but it’s still interesting to see that they were hosted elsewhere for a short time.

On an Amtrak and crawling the internet for interesting North Korea items. I haven’t been able to verify anything on the page but the author seems to claim that there are 7 ip’s that are associated with the North Korean army: https://translate.google.com/translate?sl=auto&tl=en&u=http%3A%2F%2Fkelvinsecteam.blogspot.com%2F2015%2F01%2Fkorea-del-norte-y-su-red-actual.html

Started a YouTube channel posting videos from North Korea: https://www.youtube.com/channel/UCuWrXLF2tEj4xgxvcRvp5mQ/

I’ve been working on tracking down North Korean software. Will post some over the next few days. Working on getting copies of the dictionaries and get rid of the error message. Originally found that information was posted online here: https://processchecker.com/file/Nnr60.exe.html

If you want to take a look at the help manual you can download it here: vdocuments.mx_sam-hung-30-help

Looks like there are two new sites that came online recently. Will be digging into these further.

Korean Art –  http://www.korart.sca.kp/

Ryomyong – http://www.ryomyong.edu.kp/kp/

According to an article from the Pyongyang Times earlier this year, it looks like Red Star 4.0 is finally finished. This matches what we’ve been seeing as more sites are now showing 4.0 as their OS version

Click to access 6.pdf

Nothing too exciting of a find, but thought it was still interesting. Found an organizational chart for the Pyongyang International Information Center of New Technology and Economy

More information about PIINTEC and an overview of their facilities can be found from this Powerpoint from 2004: dprk_piintecbrochure

Tracking the active torrenting in North Korea reveals some interesting things. Someone really loves Modern Family, but this also reveals more about the devices inside of North Korea based on the drivers they are downloading:

Here’s a list of the most common IP’s that have been torrenting in the last few months:

175.45.177.173
175.45.177.180
175.45.177.184
175.45.177.186

175.45.178.17
175.45.178.19
175.45.178.21
175.45.178.23
175.45.178.25
175.45.178.31
175.45.178.102
175.45.178.115

http://175.45.176.83/

This should be exciting to see what happens here:

Open index found on https://175.45.178.131. Nothing interesting in the certificate. Looks like a few php frameworks.