← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign
WHITE CyberHunter_NL 2026-05-13 Modified: 2026-05-13
40
IOCs
MEDIUM VOLUME
c2 serverlnk filefigurenorth koreapython bytecodecompiled pythonpythonapt37 grouppython runtimeoffsetpowershellaprilinitial accessattackexecutionfirstcodecookiepathtrojanmaliciousfriday
Indicators of Compromise (40)
All IPv4 CVE FileHash-MD5 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
IPv4 114.207.246.156 CC=KR ASN=AS9318 sk broadband co ltd 2026-05-13
IPv4 183.111.174.69 CC=KR ASN=AS4766 korea telecom 2026-05-13
CVE CVE-2018-15982 2026-05-13
FileHash-MD5 09dabe5ab566e50ab4526504345af297 2026-05-13
FileHash-MD5 16d7be5ebc3c2ff1cffbb83b965fd4fb 2026-05-13
FileHash-MD5 1aa7751332710f4e963a708243d3d550 2026-05-13
FileHash-MD5 255155bad9af5e2c6cf550ff2a95219d 2026-05-13
FileHash-MD5 33c97fc4eacd73addbae9e6cde54a77d 2026-05-13
FileHash-MD5 7922f91281e8b0fe00518d05bf295b4a 2026-05-13
FileHash-MD5 804d12b116bb40282fbf245db885c093 2026-05-13
FileHash-MD5 abbb362cdfe14b56b3a13a2a55937ee4 2026-05-13
FileHash-MD5 b5f9cd67cb32f44c138c382e17b06fd6 2026-05-13
FileHash-MD5 f7b2e0cebd7793c8cfee2c7c5b93df9c 2026-05-13
FileHash-MD5 fcb97f87905a33af565b0a4f4e884d61 2026-05-13
IPv4 211.169.73.104 CC=KR ASN=AS3786 lg dacom corporation 2026-05-13
IPv4 211.239.157.126 CC=KR ASN=AS9848 sejong telecom 2026-05-13
IPv4 218.150.78.198 CC=KR ASN=AS4766 korea telecom 2026-05-13
IPv4 220.73.160.23 CC=KR ASN=AS4766 korea telecom 2026-05-13
IPv4 51.158.21.1 CC=FR ASN=AS12876 online s.a.s. 2026-05-13
URL https://www.genians.com/ 2026-05-13
domain ableinfo.co.kr 2026-05-13
domain attiferstudio.com 2026-05-13
domain choisy.fr 2026-05-13
domain ezvm.kr 2026-05-13
domain fe01.co.kr 2026-05-13
domain haeundaejugong.com 2026-05-13
domain hanainternational.net 2026-05-13
domain intobiz.kr 2026-05-13
domain kmot.co.kr 2026-05-13
domain kumdo.org 2026-05-13
domain luminix.kr 2026-05-13
domain printory.kr 2026-05-13
domain settingenv.cat 2026-05-13
domain sjem.co.kr 2026-05-13
domain sunlin.org 2026-05-13
domain udcontest.com 2026-05-13
domain versonnex74.fr 2026-05-13
domain ycpatent.co.kr 2026-05-13
email tac@genians.com 2026-05-13
hostname www.genians.com 2026-05-13
References (1)
↗ https://www.genians.co.kr/en/blog/threat_intelligence/python?hsCtaAttrib=343278473915