{ "id": "d8f5d22f-ae49-4f47-aa7f-db047a313ec9", "created_at": "2026-04-06T00:09:26.972344Z", "updated_at": "2026-04-10T03:38:19.222466Z", "deleted_at": null, "sha1_hash": "865416ecd04b43840d6e5a592332b48b65199000", "title": "Sanctions Imposed on DPRK IT Workers Generating Revenue for the Kim Regime", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 45540, "plain_text": "Sanctions Imposed on DPRK IT Workers Generating Revenue for\r\nthe Kim Regime\r\nPublished: 2026-02-13 · Archived: 2026-04-05 22:53:10 UTC\r\nWASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC)\r\nsanctioned Song Kum Hyok, (Song), a malicious cyber actor associated with the sanctioned Democratic People’s\r\nRepublic of Korea (DPRK) Reconnaissance General Bureau (RGB) hacking group Andariel.\r\nSong facilitated an information technology (IT) worker scheme in which individuals, often DPRK nationals\r\nworking from countries such as China and Russia, were recruited and provided with falsified identities and\r\nnationalities to obtain employment at unwitting companies to generate revenue for the DPRK regime.  In some\r\ncases, these DPRK IT workers have been known to introduce malware into company networks for additional\r\nexploitation.  OFAC is also sanctioning one individual and four entities involved in a Russia-based IT worker\r\nscheme that has generated revenue for the DPRK. \r\n“Today’s action underscores the importance of vigilance on the DPRK’s continued efforts to clandestinely fund its\r\nWMD and ballistic missile programs,” said Deputy Secretary of the Treasury Michael Faulkender.  “Treasury\r\nremains committed to using all available tools to disrupt the Kim regime’s efforts to circumvent sanctions through\r\nits digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks.”\r\nToday’s designation is part of the U.S. government’s objective to counter the DPRK’s efforts to advance its\r\nstrategic goals through cyber espionage and revenue generation.  On March 2, 2016, the United Nations Security\r\nCouncil (UNSC) adopted Resolution 2270 designating the RGB for its role supporting the Kim regime’s unlawful\r\nweapons development.  Today’s action reaffirms that relevant UNSC resolutions remain in full force.  On\r\nSeptember 13, 2019, OFAC designated the Lazarus Group, Bluenoroff, and Andariel:  all DPRK-sponsored cyber\r\ngroups subordinate to the RGB, which have carried out numerous high-value virtual currency heists to offset the\r\nimpact of U.S. and multilateral sanctions.  Additionally, on May 23, 2023, OFAC designated the Technical\r\nReconnaissance Bureau, which leads the DPRK’s development of offensive cyber tactics and tools, and its\r\nsubordinate cyber unit, the 110th Research Center.\r\nIllicit DPRK IT Worker SchemeS\r\nThe DPRK generates significant revenue through the deployment of IT workers who fraudulently gain\r\nemployment with companies around the world, including in the technology and virtual currency industries.  The\r\nDPRK maintains a workforce of thousands of highly skilled IT workers globally, primarily located in the People’s\r\nRepublic of China and Russia, who generate significant revenue that contributes to its WMD and ballistic missile\r\nprograms.\r\nThese workers are instructed to deliberately obfuscate their identities, locations, and nationalities, typically using\r\nfalse personas, proxy accounts, stolen identities, and falsified or forged documentation to apply for jobs at these\r\ncompanies.  They target employers located in wealthier countries, utilizing a variety of mainstream and industry-https://home.treasury.gov/news/press-releases/sb0190\r\nPage 1 of 3\n\nspecific freelance contracting, payment, and social media and networking platforms.  Applications and software\r\ndeveloped by DPRK IT workers span a range of fields and sectors, including business, health and fitness, social\r\nnetworking, sports, entertainment, and lifestyle.  DPRK IT workers often take on projects that involve virtual\r\ncurrency, and they use virtual currency exchanges and trading platforms to manage funds they receive for contract\r\nwork as well as to launder and remit these funds to the DPRK.\r\nKEY FACILIATOR FOR KIM REGIME’S OVERSEAS IT WORKFORCE\r\nSong is a DPRK-based cyber actor who used foreign-hired IT workers to seek remote employment with U.S.\r\ncompanies and planned to split income with them.  In 2022 and 2023, Song used U.S. persons’ information,\r\nincluding names, social security numbers, and addresses to create aliases for the hired foreign workers.  The\r\nworkers then used the accounts to pose as U.S. persons looking for remote jobs with U.S. companies.\r\nSong is being designated pursuant to Executive Order (E.O.) 13694, as further amended by E.O. 14306, for being\r\nresponsible for or complicit in, or having engaged in, directly or indirectly, the receipt or use for commercial or\r\ncompetitive advantage or private financial gain, or by a commercial entity, outside the United States of funds or\r\neconomic resources, intellectual property, proprietary or business confidential information, personal identifiers, or\r\nfinancial information misappropriated through cyber-enabled means, knowing they have been misappropriated,\r\nwhere the misappropriation of such funds or economic resources, intellectual property, proprietary or business\r\nconfidential information, personal identifiers, or financial information is reasonably likely to result in, or has\r\nmaterially contributed to, a threat to the national security, foreign policy, or economic health or financial stability\r\nof the United States.\r\nASATRYAN IT WORKER NETWORK \r\nGayk Asatryan (Asatryan), a Russian national, has used his Russia-based companies to employ North Korean IT\r\nworkers.  In mid-2024, Asatryan signed a 10-year contract with a DPRK company, Korea Songkwang Trading\r\nGeneral Corporation (Songkwang Trading), to dispatch up to 30 DPRK IT workers to work in Russia for his\r\ncompany, Asatryan Limited Liability Company (Asatryan LLC).  Asatryan also signed a contract with DPRK\r\ncompany Korea Saenal Trading Corporation (Saenal Trading), in which they planned to dispatch 50 DPRK IT\r\nworkers to Russia for his company, Fortuna Limited Liability Company (Fortuna LLC).\r\nOFAC designated Asatryan pursuant to E.O. 13722 for having attempted to engage in, facilitate, or be responsible\r\nfor the exportation of workers from North Korea, including exportation to generate revenue for the Government of\r\nNorth Korea or Workers’ Party of Korea.  Asatryan LLC and Fortuna LLC are designated pursuant to E.O. 13722\r\nfor being owned or controlled by or acting or purporting to act for or on behalf of, directly or indirectly, Asatryan,\r\na person whose property and interests in property are blocked pursuant to E.O. 13722.  Songkwang Trading and\r\nSaenal Trading are designated pursuant to E.O. 13810 for being North Korean persons, including North Korean\r\npersons that have engaged in commercial activity that generates revenue for the Government of North Korea or\r\nWorkers’ Party of Korea.\r\nSANCTIONS IMPLICATIONS \r\nAs a result of today’s action, all property and interests in property of the designated or blocked persons described\r\nabove that are in the United States or in the possession or control of U.S. persons are blocked and must be\r\nhttps://home.treasury.gov/news/press-releases/sb0190\r\nPage 2 of 3\n\nreported to OFAC.  In addition, any entities that are owned, directly or indirectly, individually or in the aggregate,\r\n50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific\r\nlicense issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or\r\nwithin (or transiting) the United States that involve any property or interests in property of blocked persons. \r\nViolations of U.S. sanctions may result in the imposition of civil or criminal penalties on U.S. and foreign\r\npersons.  OFAC may impose civil penalties for sanctions violations on a strict liability basis.  OFAC’s Economic\r\nSanctions Enforcement Guidelines provide more information regarding OFAC’s enforcement of U.S. economic\r\nsanctions. In addition, financial institutions and other persons may risk exposure to sanctions for engaging in\r\ncertain transactions or activities involving designated or otherwise blocked persons. The prohibitions include the\r\nmaking of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated or\r\nblocked person, or the receipt of any contribution or provision of funds, goods, or services from any such person. \r\nThe power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to\r\nthe Specially Designated Nationals and Blocked Persons List (SDN List), but also from its willingness to remove\r\npersons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring\r\nabout a positive change in behavior.  For information concerning the process for seeking removal from an OFAC\r\nlist, including the SDN List, or to submit a request, please refer to OFAC’s guidance on Filing a Petition for\r\nRemoval from an OFAC List.\r\nFor more information on the individuals and entity designated today, click here.\r\nTo read the DPRK IT Workers Advisory, click here.\r\nSource: https://home.treasury.gov/news/press-releases/sb0190\r\nhttps://home.treasury.gov/news/press-releases/sb0190\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://home.treasury.gov/news/press-releases/sb0190" ], "report_names": [ "sb0190" ], "threat_actors": [ { "id": "838f6ced-12a4-4893-991a-36d231d96efd", "created_at": "2022-10-25T15:50:23.347455Z", "updated_at": "2026-04-10T02:00:05.295717Z", "deleted_at": null, "main_name": "Andariel", "aliases": [ "Andariel", "Silent Chollima", "PLUTONIUM", "Onyx Sleet" ], "source_name": "MITRE:Andariel", "tools": [ "Rifdoor", "gh0st RAT" ], "source_id": "MITRE", "reports": null }, { "id": "34eea331-d052-4096-ae03-a22f1d090bd4", "created_at": "2025-08-07T02:03:25.073494Z", "updated_at": "2026-04-10T02:00:03.709243Z", "deleted_at": null, "main_name": "NICKEL ACADEMY", "aliases": [ "ATK3 ", "Black Artemis ", "COVELLITE ", "CTG-2460 ", "Citrine Sleet ", "Diamond Sleet ", "Guardians of Peace", "HIDDEN COBRA ", "High Anonymous", "Labyrinth Chollima ", "Lazarus Group ", "NNPT Group", "New Romanic Cyber Army Team", "Temp.Hermit ", "UNC577 ", "Who Am I?", "Whois Team", "ZINC " ], "source_name": "Secureworks:NICKEL ACADEMY", "tools": [ "Destover", "KorHigh", "Volgmer" ], "source_id": "Secureworks", "reports": null }, { "id": "7187a642-699d-44b2-9c69-498c80bce81f", "created_at": "2025-08-07T02:03:25.105688Z", "updated_at": "2026-04-10T02:00:03.78394Z", "deleted_at": null, "main_name": "NICKEL TAPESTRY", "aliases": [ "CL-STA-0237 ", "CL-STA-0241 ", "DPRK IT Workers", "Famous Chollima ", "Jasper Sleet Microsoft", "Purpledelta Recorded Future", "Storm-0287 ", "UNC5267 ", "Wagemole " ], "source_name": "Secureworks:NICKEL TAPESTRY", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "110e7160-a8cc-4a66-8550-f19f7d418117", "created_at": "2023-01-06T13:46:38.427592Z", "updated_at": "2026-04-10T02:00:02.969896Z", "deleted_at": null, "main_name": "Silent Chollima", "aliases": [ "Onyx Sleet", "PLUTONIUM", "OperationTroy", "Guardian of Peace", "GOP", "WHOis Team", "Andariel", "Subgroup: Andariel" ], "source_name": "MISPGALAXY:Silent Chollima", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "bc6e3644-3249-44f3-a277-354b7966dd1b", "created_at": "2022-10-25T16:07:23.760559Z", "updated_at": "2026-04-10T02:00:04.741239Z", "deleted_at": null, "main_name": "Andariel", "aliases": [ "APT 45", "Andariel", "G0138", "Jumpy Pisces", "Onyx Sleet", "Operation BLACKMINE", "Operation BLACKSHEEP/Phase 3.", "Operation Blacksmith", "Operation DESERTWOLF/Phase 3", "Operation GHOSTRAT", "Operation GoldenAxe", "Operation INITROY/Phase 1", "Operation INITROY/Phase 2", "Operation Mayday", "Operation VANXATM", "Operation XEDA", "Plutonium", "Silent Chollima", "Stonefly" ], "source_name": "ETDA:Andariel", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "732597b1-40a8-474c-88cc-eb8a421c29f1", "created_at": "2025-08-07T02:03:25.087732Z", "updated_at": "2026-04-10T02:00:03.776007Z", "deleted_at": null, "main_name": "NICKEL GLADSTONE", "aliases": [ "APT38 ", "ATK 117 ", "Alluring Pisces ", "Black Alicanto ", "Bluenoroff ", "CTG-6459 ", "Citrine Sleet ", "HIDDEN COBRA ", "Lazarus Group", "Sapphire Sleet ", "Selective Pisces ", "Stardust Chollima ", "T-APT-15 ", "TA444 ", "TAG-71 " ], "source_name": "Secureworks:NICKEL GLADSTONE", "tools": [ "AlphaNC", "Bankshot", "CCGC_Proxy", "Ratankba", "RustBucket", "SUGARLOADER", "SwiftLoader", "Wcry" ], "source_id": "Secureworks", "reports": null }, { "id": "a2b92056-9378-4749-926b-7e10c4500dac", "created_at": "2023-01-06T13:46:38.430595Z", "updated_at": "2026-04-10T02:00:02.971571Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "Operation DarkSeoul", "Bureau 121", "Group 77", "APT38", "NICKEL GLADSTONE", "G0082", "COPERNICIUM", "Moonstone Sleet", "Operation GhostSecret", "APT 38", "Appleworm", "Unit 121", "ATK3", "G0032", "ATK117", "NewRomanic Cyber Army Team", "Nickel Academy", "Sapphire Sleet", "Lazarus group", "Hastati Group", "Subgroup: Bluenoroff", "Operation Troy", "Black Artemis", "Dark Seoul", "Andariel", "Labyrinth Chollima", "Operation AppleJeus", "COVELLITE", "Citrine Sleet", "DEV-0139", "DEV-1222", "Hidden Cobra", "Bluenoroff", "Stardust Chollima", "Whois Hacking Team", "Diamond Sleet", "TA404", "BeagleBoyz", "APT-C-26" ], "source_name": "MISPGALAXY:Lazarus Group", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "771d9263-076e-4b6e-bd58-92b6555eb739", "created_at": "2025-08-07T02:03:25.092436Z", "updated_at": "2026-04-10T02:00:03.758541Z", "deleted_at": null, "main_name": "NICKEL HYATT", "aliases": [ "APT45 ", "Andariel", "Dark Seoul", "Jumpy Pisces ", "Onyx Sleet ", "RIFLE Campaign", "Silent Chollima ", "Stonefly ", "UN614 " ], "source_name": "Secureworks:NICKEL HYATT", "tools": [ "ActiveX 0-day", "DTrack", "HazyLoad", "HotCriossant", "Rifle", "UnitBot", "Valefor" ], "source_id": "Secureworks", "reports": null }, { "id": "32a223a8-3c79-4146-87c5-8557d38662ae", "created_at": "2022-10-25T15:50:23.703698Z", "updated_at": "2026-04-10T02:00:05.261989Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "Lazarus Group", "Labyrinth Chollima", "HIDDEN COBRA", "Guardians of Peace", "NICKEL ACADEMY", "Diamond Sleet" ], "source_name": "MITRE:Lazarus Group", "tools": [ "RawDisk", "Proxysvc", "BADCALL", "FALLCHILL", "WannaCry", "MagicRAT", "HOPLIGHT", "TYPEFRAME", "Dtrack", "HotCroissant", "HARDRAIN", "Dacls", "KEYMARBLE", "TAINTEDSCRIBE", "AuditCred", "netsh", "ECCENTRICBANDWAGON", "AppleJeus", "BLINDINGCAN", "ThreatNeedle", "Volgmer", "Cryptoistic", "RATANKBA", "Bankshot" ], "source_id": "MITRE", "reports": null }, { "id": "f426f0a0-faef-4c0e-bcf8-88974116c9d0", "created_at": "2022-10-25T15:50:23.240383Z", "updated_at": "2026-04-10T02:00:05.299433Z", "deleted_at": null, "main_name": "APT38", "aliases": [ "APT38", "NICKEL GLADSTONE", "BeagleBoyz", "Bluenoroff", "Stardust Chollima", "Sapphire Sleet", "COPERNICIUM" ], "source_name": "MITRE:APT38", "tools": [ "ECCENTRICBANDWAGON", "HOPLIGHT", "Mimikatz", "KillDisk", "DarkComet" ], "source_id": "MITRE", "reports": null }, { "id": "1bdb91cf-f1a6-4bed-8cfa-c7ea1b635ebd", "created_at": "2022-10-25T16:07:23.766784Z", "updated_at": "2026-04-10T02:00:04.7432Z", "deleted_at": null, "main_name": "Bluenoroff", "aliases": [ "APT 38", "ATK 117", "Alluring Pisces", "Black Alicanto", "Bluenoroff", "CTG-6459", "Copernicium", "G0082", "Nickel Gladstone", "Sapphire Sleet", "Selective Pisces", "Stardust Chollima", "T-APT-15", "TA444", "TAG-71", "TEMP.Hermit" ], "source_name": "ETDA:Bluenoroff", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "f32df445-9fb4-4234-99e0-3561f6498e4e", "created_at": "2022-10-25T16:07:23.756373Z", "updated_at": "2026-04-10T02:00:04.739611Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "APT-C-26", "ATK 3", "Appleworm", "Citrine Sleet", "DEV-0139", "Diamond Sleet", "G0032", "Gleaming Pisces", "Gods Apostles", "Gods Disciples", "Group 77", "Guardians of Peace", "Hastati Group", "Hidden Cobra", "ITG03", "Jade Sleet", "Labyrinth Chollima", "Lazarus Group", "NewRomanic Cyber Army Team", "Operation 99", "Operation AppleJeus", "Operation AppleJeus sequel", "Operation Blockbuster: Breach of Sony Pictures Entertainment", "Operation CryptoCore", "Operation Dream Job", "Operation Dream Magic", "Operation Flame", "Operation GhostSecret", "Operation In(ter)caption", "Operation LolZarus", "Operation Marstech Mayhem", "Operation No Pineapple!", "Operation North Star", "Operation Phantom Circuit", "Operation Sharpshooter", "Operation SyncHole", "Operation Ten Days of Rain / DarkSeoul", "Operation Troy", "SectorA01", "Slow Pisces", "TA404", "TraderTraitor", "UNC2970", "UNC4034", "UNC4736", "UNC4899", "UNC577", "Whois Hacking Team" ], "source_name": "ETDA:Lazarus Group", "tools": [ "3CX Backdoor", "3Rat Client", "3proxy", "AIRDRY", "ARTFULPIE", "ATMDtrack", "AlphaNC", "Alreay", "Andaratm", "AngryRebel", "AppleJeus", "Aryan", "AuditCred", "BADCALL", "BISTROMATH", "BLINDINGCAN", "BTC Changer", "BUFFETLINE", "BanSwift", "Bankshot", "Bitrep", "Bitsran", "BlindToad", "Bookcode", "BootWreck", "BottomLoader", "Brambul", "BravoNC", "Breut", "COLDCAT", "COPPERHEDGE", "CROWDEDFLOUNDER", "Castov", "CheeseTray", "CleanToad", "ClientTraficForwarder", "CollectionRAT", "Concealment Troy", "Contopee", "CookieTime", "Cyruslish", "DAVESHELL", "DBLL Dropper", "DLRAT", "DRATzarus", "DRATzarus RAT", "Dacls", "Dacls RAT", "DarkComet", "DarkKomet", "DeltaCharlie", "DeltaNC", "Dembr", "Destover", "DoublePulsar", "Dozer", "Dtrack", "Duuzer", "DyePack", "ECCENTRICBANDWAGON", "ELECTRICFISH", "Escad", "EternalBlue", "FALLCHILL", "FYNLOS", "FallChill RAT", "Farfli", "Fimlis", "FoggyBrass", "FudModule", "Fynloski", "Gh0st RAT", "Ghost RAT", "Gopuram", "HARDRAIN", "HIDDEN COBRA RAT/Worm", "HLOADER", "HOOKSHOT", "HOPLIGHT", "HOTCROISSANT", "HOTWAX", "HTTP Troy", "Hawup", "Hawup RAT", "Hermes", "HotCroissant", "HotelAlfa", "Hotwax", "HtDnDownLoader", "Http Dr0pper", "ICONICSTEALER", "Joanap", "Jokra", "KANDYKORN", "KEYMARBLE", "Kaos", "KillDisk", "KillMBR", "Koredos", "Krademok", "LIGHTSHIFT", "LIGHTSHOW", "LOLBAS", "LOLBins", "Lazarus", "LightlessCan", "Living off the Land", "MATA", "MBRkiller", "MagicRAT", "Manuscrypt", "Mimail", "Mimikatz", "Moudour", "Mydoom", "Mydoor", "Mytob", "NACHOCHEESE", "NachoCheese", "NestEgg", "NickelLoader", "NineRAT", "Novarg", "NukeSped", "OpBlockBuster", "PCRat", "PEBBLEDASH", "PLANKWALK", "POOLRAT", "PSLogger", "PhanDoor", "Plink", "PondRAT", "PowerBrace", "PowerRatankba", "PowerShell RAT", "PowerSpritz", "PowerTask", "Preft", "ProcDump", "Proxysvc", "PuTTY Link", "QUICKRIDE", "QUICKRIDE.POWER", "Quickcafe", "QuiteRAT", "R-C1", "ROptimizer", "Ratabanka", "RatabankaPOS", "Ratankba", "RatankbaPOS", "RawDisk", "RedShawl", "Rifdoor", "Rising Sun", "Romeo-CoreOne", "RomeoAlfa", "RomeoBravo", "RomeoCharlie", "RomeoCore", "RomeoDelta", "RomeoEcho", "RomeoFoxtrot", "RomeoGolf", "RomeoHotel", "RomeoMike", "RomeoNovember", "RomeoWhiskey", "Romeos", "RustBucket", "SHADYCAT", "SHARPKNOT", "SIGFLIP", "SIMPLESEA", "SLICKSHOES", "SORRYBRUTE", "SUDDENICON", "SUGARLOADER", "SheepRAT", "SierraAlfa", "SierraBravo", "SierraCharlie", "SierraJuliett-MikeOne", "SierraJuliett-MikeTwo", "SimpleTea", "SimplexTea", "SmallTiger", "Stunnel", "TAINTEDSCRIBE", "TAXHAUL", "TFlower", "TOUCHKEY", "TOUCHMOVE", "TOUCHSHIFT", "TOUCHSHOT", "TWOPENCE", "TYPEFRAME", "Tdrop", "Tdrop2", "ThreatNeedle", "Tiger RAT", "TigerRAT", "Trojan Manuscript", "Troy", "TroyRAT", "VEILEDSIGNAL", "VHD", "VHD Ransomware", "VIVACIOUSGIFT", "VSingle", "ValeforBeta", "Volgmer", "Vyveva", "W1_RAT", "Wana Decrypt0r", "WanaCry", "WanaCrypt", "WanaCrypt0r", "WannaCry", "WannaCrypt", "WannaCryptor", "WbBot", "Wcry", "Win32/KillDisk.NBB", "Win32/KillDisk.NBC", "Win32/KillDisk.NBD", "Win32/KillDisk.NBH", "Win32/KillDisk.NBI", "WinorDLL64", "Winsec", "WolfRAT", "Wormhole", "YamaBot", "Yort", "ZetaNile", "concealment_troy", "http_troy", "httpdr0pper", "httpdropper", "klovbot", "sRDI" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434166, "ts_updated_at": 1775792299, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/865416ecd04b43840d6e5a592332b48b65199000.pdf", "text": "https://archive.orkl.eu/865416ecd04b43840d6e5a592332b48b65199000.txt", "img": "https://archive.orkl.eu/865416ecd04b43840d6e5a592332b48b65199000.jpg" } }