{ "Event": { "analysis": "1", "date": "2026-05-13", "extends_uuid": "", "info": "[Threat Intel] Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign", "protected": false, "publish_timestamp": "1779547238", "published": true, "threat_level_id": "3", "timestamp": "1779547238", "uuid": "faffe042-8de6-4d2b-8e2b-960e0afc09c7", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#18005c", "local": false, "name": "rectifyq:topic=\"ai\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#7d37d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778756438", "to_ids": false, "type": "link", "uuid": "c9acac34-0874-4fc7-94b2-8929bdde3ac1", "value": "https://www.genians.co.kr/en/blog/threat_intelligence/python?hsCtaAttrib=343278473915", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778756438", "to_ids": false, "type": "text", "uuid": "08adf102-48e0-4392-adc0-e7a1b712fa28", "value": "A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778756438", "to_ids": false, "type": "text", "uuid": "39c40240-083f-47dd-baa8-1f6b9e282857", "value": "Name: Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign\nAuthor: AlienVault\nAdversary: APT37\nTags: [\"compiled python bytecode\", \"apt37\", \"environment variable obfuscation\", \"chinotto\", \"deepfake impersonation\", \"python backdoor\", \"spear-phishing\", \"scheduled tasks persistence\", \"lnk file\"]\nTgtd countries: []\nMlwr families: [\"Chinotto\"]\nAttack_ids: []\nIndustries: [\"Defense\", \"Government\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1778756438", "to_ids": false, "type": "threat-actor", "uuid": "3d742e9b-5f5c-4fd1-909d-b878cda8e2e4", "value": "APT37" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001718", "to_ids": true, "type": "ip-dst", "uuid": "a0202385-d61b-45df-812c-68deb6ecf8e2", "value": "183.111.174.69", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778756438", "to_ids": false, "type": "vulnerability", "uuid": "6e105b08-325a-4ae0-bf14-409365a1275b", "value": "CVE-2018-15982" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001740", "to_ids": true, "type": "domain", "uuid": "25e8ad82-d8f9-4d01-8d09-6ecff5df5b9b", "value": "haeundaejugong.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001761", "to_ids": true, "type": "domain", "uuid": "576fd6a2-7c69-436b-a652-adaa8e2e00ce", "value": "kumdo.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001782", "to_ids": true, "type": "domain", "uuid": "095cf53a-872e-43a2-93c4-7047d5b09daa", "value": "luminix.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001803", "to_ids": true, "type": "domain", "uuid": "28f22fb0-485a-43cb-9d5a-93df4e1d22c9", "value": "hanainternational.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547220", "to_ids": true, "type": "md5", "uuid": "851515b6-0150-44b0-903f-83b8e6380ef7", "value": "804d12b116bb40282fbf245db885c093", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001824", "to_ids": true, "type": "domain", "uuid": "ea264771-02a6-45a9-a4ed-e8e7f75dda10", "value": "attiferstudio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001845", "to_ids": true, "type": "domain", "uuid": "818a42d7-85a8-4078-b11e-e4aa3408161e", "value": "sunlin.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001866", "to_ids": true, "type": "domain", "uuid": "89365757-36fa-4a75-afb8-2ba501e1d8e3", "value": "ableinfo.co.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001888", "to_ids": true, "type": "domain", "uuid": "f7674558-724b-4dfb-94fe-ce06211a1f19", "value": "ycpatent.co.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547222", "to_ids": true, "type": "md5", "uuid": "7cb8a263-039e-4ee5-8d3d-0c2915c5ce15", "value": "09dabe5ab566e50ab4526504345af297", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001909", "to_ids": true, "type": "domain", "uuid": "310f1a9d-12a3-4bfe-a917-03c3d1e11228", "value": "versonnex74.fr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547224", "to_ids": true, "type": "md5", "uuid": "30325189-a068-455e-a616-65072ab0ade9", "value": "33c97fc4eacd73addbae9e6cde54a77d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547225", "to_ids": true, "type": "md5", "uuid": "5ab86865-5d21-4bfa-a80d-60224e056724", "value": "fcb97f87905a33af565b0a4f4e884d61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001930", "to_ids": true, "type": "ip-dst", "uuid": "af2d913c-d8dc-464f-a0e2-6c85d9758798", "value": "114.207.246.156", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547227", "to_ids": true, "type": "md5", "uuid": "2b3f7634-ed93-474f-adfa-d07ab966f2b3", "value": "16d7be5ebc3c2ff1cffbb83b965fd4fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547229", "to_ids": true, "type": "md5", "uuid": "33e09e66-b7f0-4ec2-9e2d-6d31cb575d83", "value": "1aa7751332710f4e963a708243d3d550", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547231", "to_ids": true, "type": "md5", "uuid": "ba7545d5-bcf3-47e9-a1fa-2a81fb8ad82f", "value": "255155bad9af5e2c6cf550ff2a95219d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547233", "to_ids": true, "type": "md5", "uuid": "39a98669-7ac4-40c7-8e4b-174738aecd7d", "value": "7922f91281e8b0fe00518d05bf295b4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547234", "to_ids": true, "type": "md5", "uuid": "74368641-2ba8-42a0-8a48-ee9af65c6244", "value": "abbb362cdfe14b56b3a13a2a55937ee4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547236", "to_ids": true, "type": "md5", "uuid": "343b20cc-2a2b-4143-9126-866559386842", "value": "b5f9cd67cb32f44c138c382e17b06fd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547238", "to_ids": true, "type": "md5", "uuid": "0901212b-462f-48a9-a343-8d8f3e4bb6d7", "value": "f7b2e0cebd7793c8cfee2c7c5b93df9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001951", "to_ids": true, "type": "ip-dst", "uuid": "6c67d471-74ec-435d-b6b1-434ba4054ce2", "value": "211.169.73.104", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001973", "to_ids": true, "type": "ip-dst", "uuid": "18bd6b0d-9aee-4c41-ac43-25165f31aa90", "value": "211.239.157.126", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779001994", "to_ids": true, "type": "ip-dst", "uuid": "1f90c099-237c-4118-8492-3693e8d8411b", "value": "218.150.78.198", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002015", "to_ids": true, "type": "ip-dst", "uuid": "d28221b9-0d5d-44e7-b71c-87d44c570b0d", "value": "220.73.160.23", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002036", "to_ids": true, "type": "domain", "uuid": "033c349c-fda5-4d14-bdff-c5ea2bef6d01", "value": "choisy.fr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002058", "to_ids": true, "type": "domain", "uuid": "43b8e2c7-8d21-4a4c-88d8-ca8279755641", "value": "ezvm.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002079", "to_ids": true, "type": "domain", "uuid": "b9fe9bec-9f79-4fb6-9491-bf02ea1cfc8d", "value": "fe01.co.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002100", "to_ids": true, "type": "domain", "uuid": "3a667ffe-abb2-4715-a5f6-6de5d7962eb3", "value": "intobiz.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002121", "to_ids": true, "type": "domain", "uuid": "ba4aafb7-e4f5-4c72-8c28-b922f452ea45", "value": "kmot.co.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002142", "to_ids": true, "type": "domain", "uuid": "e6b13214-1ccf-4f8a-8854-25c54fc40e5c", "value": "printory.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002163", "to_ids": true, "type": "domain", "uuid": "9aa0305b-d4fc-477d-9847-7201bf4060ad", "value": "settingenv.cat", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002184", "to_ids": true, "type": "domain", "uuid": "589e329b-db4d-4308-8d3e-c5210c79010c", "value": "sjem.co.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002206", "to_ids": true, "type": "domain", "uuid": "b9291aa5-ca94-4f45-837b-aed2e825ed16", "value": "udcontest.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002227", "to_ids": true, "type": "hostname", "uuid": "db98cc10-8179-4304-8fd2-f358ec8ed63e", "value": "oxenhan1.cafe24.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002248", "to_ids": true, "type": "hostname", "uuid": "9e1332d4-9333-45d8-ad20-0d2229c48fb6", "value": "kmot.co.kr", "Tag": [ { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002269", "to_ids": true, "type": "hostname", "uuid": "7b192c4a-3387-4a64-a984-7d3fa3035d6a", "value": "ycpatent.co.kr", "Tag": [ { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002289", "to_ids": true, "type": "hostname", "uuid": "81ffa5ef-36af-480e-bd25-9931c033fb83", "value": "fe01.co.kr", "Tag": [ { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779002311", "to_ids": true, "type": "ip-dst", "uuid": "7f1afb4b-de95-40dc-a2bd-980b94c424f2", "value": "51.158.21.1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ] } }