{ "type": "bundle", "id": "bundle--1d77030d-769e-485d-9c95-f2d21874c647", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--6a12359a-7ef0-4ef8-96c9-2fff0e08d993", "created": "2025-08-01T04:27:13.112345Z", "modified": "2025-08-01T04:28:11.388739Z", "name": "Domaintools", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--63830358-8f2a-4324-9762-f612d23b1f96", "value": "tw.systexcloud.com" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--64ed7030-47ec-438d-a08f-aaf0cc6ef436", "value": "59.125.159.81" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--a01e27de-256e-4f94-88b2-6b149f7075f8", "value": "118.163.30.45" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--49b03dfa-8ba9-456b-9b85-bdc0af339441", "value": "163.29.3.119" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--84c258c7-4e35-4880-9b3f-01f379a87588", "value": "nid-security.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--441ee6e8-0461-444b-84fa-1c4fa098667d", "value": "dtc-tpe.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--1d544897-6ccd-4e73-a170-ed40d5ae52a6", "value": "caa.org" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--7347aa9b-616e-4a96-89cd-e3152b7c8b09", "value": "wuzak.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--0b164e7e-74ed-418e-9ccf-82e73b28511b", "value": "zhihu.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--f8de008d-5f23-4a23-a8fb-d810c5e1e830", "value": "html-load.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--7899e049-5351-41e9-a081-60b84739c19f", "value": "mlogin.mdfapps.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--c2bfba80-b2ed-4874-a7e8-459a3b90cf0c", "value": "koala-app.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--bec6f3df-5b7b-4d66-bae5-c36f969f8fe3", "value": "webcloud-notice.com" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--276994bf-af92-4602-a3f9-c14cd0250265", "value": "122.114.233.77" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--7b4b66a9-00c5-44ba-91c8-8cb5eee4f5b7", "value": "118.163.30.46" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--2ff943b0-e4e8-4d97-be1b-9983491b02e1", "value": "218.92.0.210" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--06c64f91-56a9-4303-b2fc-a0bfd13fe496", "value": "23.95.213.210" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--1838bf11-f32c-4870-b7c2-ea87d1f150f0", "value": "59.125.159.254" }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1", "created": "2026-06-24T23:57:08.169575Z", "modified": "2026-06-24T23:57:08.169575Z", "name": "Kimsuky" }, { "type": "report", "spec_version": "2.1", "id": "report--3819066e-8797-4098-9f22-5b8ce8d8c5ba", "created_by_ref": "identity--6a12359a-7ef0-4ef8-96c9-2fff0e08d993", "created": "2026-06-24T23:57:08.181335Z", "modified": "2026-06-24T23:57:08.181335Z", "name": "Inside the Kimsuky Leak: How the \u201cKim\u201d Dump Exposed North Korea\u2019s Credential Theft Playbook", "published": "2025-09-05T00:00:00Z", "object_refs": [ "identity--6a12359a-7ef0-4ef8-96c9-2fff0e08d993", "domain-name--63830358-8f2a-4324-9762-f612d23b1f96", "ipv4-addr--64ed7030-47ec-438d-a08f-aaf0cc6ef436", "ipv4-addr--a01e27de-256e-4f94-88b2-6b149f7075f8", "ipv4-addr--49b03dfa-8ba9-456b-9b85-bdc0af339441", "domain-name--84c258c7-4e35-4880-9b3f-01f379a87588", "domain-name--441ee6e8-0461-444b-84fa-1c4fa098667d", "domain-name--1d544897-6ccd-4e73-a170-ed40d5ae52a6", "domain-name--7347aa9b-616e-4a96-89cd-e3152b7c8b09", "domain-name--0b164e7e-74ed-418e-9ccf-82e73b28511b", "domain-name--f8de008d-5f23-4a23-a8fb-d810c5e1e830", "domain-name--7899e049-5351-41e9-a081-60b84739c19f", "domain-name--c2bfba80-b2ed-4874-a7e8-459a3b90cf0c", "domain-name--bec6f3df-5b7b-4d66-bae5-c36f969f8fe3", "ipv4-addr--276994bf-af92-4602-a3f9-c14cd0250265", "ipv4-addr--7b4b66a9-00c5-44ba-91c8-8cb5eee4f5b7", "ipv4-addr--2ff943b0-e4e8-4d97-be1b-9983491b02e1", "ipv4-addr--06c64f91-56a9-4303-b2fc-a0bfd13fe496", "ipv4-addr--1838bf11-f32c-4870-b7c2-ea87d1f150f0", "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1" ], "external_references": [ { "source_name": "source", "url": "https://dti.domaintools.com/inside-the-kimsuky-leak-how-the-kim-dump-exposed-north-koreas-credential-theft-playbook/" } ] } ] }