{ "type": "bundle", "id": "bundle--a936da87-4c41-4c7d-be47-f91d43b4b2f4", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--6173f923-5e4d-4c81-b4d7-70b1660fb48d", "created": "2023-03-08T12:51:52.610752Z", "modified": "2023-03-08T12:51:52.610827Z", "name": "Hvs-consulting", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--95f647a5-370c-4bd2-ab5a-4e71082ab904", "value": "turnscor.com" }, { "type": "url", "spec_version": "2.1", "id": "url--d05dd461-a643-46f6-95a9-cee8f3b17041", "value": "https://www.gonnelli.it/uploads/catalogo/thumbs/thumb.asp" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--bd90443c-5251-47ac-b926-3ae7e948d81c", "value": "vega.mh-tec.jp" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--53124a49-05ba-457c-99e2-31dc33438ef5", "value": "bootcamp-coders.cnm.edu" }, { "type": "url", "spec_version": "2.1", "id": "url--92c6bc40-cf90-448d-a7be-4cb30e0c8722", "value": "https://www.astedams.it/photos/image/image.asp" }, { "type": "url", "spec_version": "2.1", "id": "url--a03e9def-50f4-4578-820e-877efdb105d4", "value": "https://www.sanlorenzoyacht.com/newsl/include/inc-map.asp" }, { "type": "url", "spec_version": "2.1", "id": "url--501fb635-7a9b-4f66-8af3-095e1ba4a09b", "value": "https://www.automercado.co.cr/empleo/css/main.jsp" }, { "type": "url", "spec_version": "2.1", "id": "url--e56d4ce8-d17b-41a8-8561-936d09e40420", "value": "https://www.curiofirenze.com/include/inc-site.asp" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0edb4a0e-cfaf-4b74-a6c4-de4d772f5b27", "created": "2026-06-24T19:43:52.775787Z", "modified": "2026-06-24T19:43:52.775787Z", "name": "YARA Rule", "pattern": "rule HvS_APT37_webshell_controllers_asp {\r\nmeta:\r\ndescription = \" Webshell named controllers.asp or inc-basket-offer.asp used by APT37\"\r\nlicense = \"https://creativecommons.org/licenses/by-nc/4.0/\"\r\nauthor = \"Moritz Oettle\"\r\ndate = \"2020-12-15\"\r\nreference = \"https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf\"\r\nhash = \"829462fc6d84aae04a962dfc919d0a392265fbf255eab399980d2b021e385517\"\r\nstrings:\r\n$s0 = \"<%@Language=VBScript.Encode\" ascii\r\n// Case permutations of the word SeRvEr encoded with the Microsoft Script Encoder followed by \u201c.scriptrimeOut\u201d\r\n$x1 = { 64 7F 44 2D 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x2 = { 64 7F 49 2D 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x3 = { 64 7F 49 2D 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x4 = { 64 7F 49 23 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x5 = { 64 7F 49 23 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x6 = { 64 7F 49 23 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x7 = { 64 7F 49 23 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x8 = { 64 41 44 2D 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x9 = { 64 41 44 2D 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x10 = { 64 41 44 2D 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x11 = { 64 41 44 2D 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x12 = { 64 7F 44 2D 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x13 = { 64 41 44 23 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x14 = { 64 41 44 23 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x15 = { 64 41 44 23 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x16 = { 64 41 44 23 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x17 = { 64 41 49 2D 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x18 = { 64 41 49 2D 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x19 = { 64 41 49 2D 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x20 = { 64 41 49 2D 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x21 = { 64 41 49 23 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x22 = { 64 41 49 23 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x23 = { 64 7F 44 2D 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x24 = { 64 41 49 23 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x25 = { 64 41 49 23 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x26 = { 6A 7F 44 2D 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x27 = { 6A 7F 44 2D 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x28 = { 6A 7F 44 2D 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x29 = { 6A 7F 44 2D 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x30 = { 6A 7F 44 23 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x31 = { 6A 7F 44 23 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x32 = { 6A 7F 44 23 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x33 = { 6A 7F 44 23 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x34 = { 64 7F 44 2D 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x35 = { 6A 7F 49 2D 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x36 = { 6A 7F 49 2D 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x37 = { 6A 7F 49 2D 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x38 = { 6A 7F 49 2D 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x39 = { 6A 7F 49 23 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x40 = { 6A 7F 49 23 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x41 = { 6A 7F 49 23 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x42 = { 6A 7F 49 23 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x43 = { 6A 41 44 2D 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x44 = { 6A 41 44 2D 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x45 = { 64 7F 44 23 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x46 = { 6A 41 44 2D 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x47 = { 6A 41 44 2D 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x48 = { 6A 41 44 23 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x49 = { 6A 41 44 23 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x50 = { 6A 41 44 23 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x51 = { 6A 41 44 23 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x52 = { 6A 41 49 2D 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x53 = { 6A 41 49 2D 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x54 = { 6A 41 49 2D 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x55 = { 6A 41 49 2D 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x56 = { 64 7F 44 23 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x57 = { 6A 41 49 23 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x58 = { 6A 41 49 23 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x59 = { 6A 41 49 23 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x60 = { 6A 41 49 23 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x61 = { 64 7F 44 23 41 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x62 = { 64 7F 44 23 41 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x63 = { 64 7F 49 2D 7F 44 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\n$x64 = { 64 7F 49 2D 7F 49 63 2F 6D 4D 6B 61 4F 59 62 3A 6E 72 21 59 }\r\ncondition:\r\nfilesize > 50KB and filesize < 200KB and ( $s0 and 1 of ($x*) )\r\n}", "pattern_type": "yara", "valid_from": "2020-12-15T00:00:00Z" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--badb4871-9eef-45c6-a72c-b9c4f4d06678", "created": "2026-06-24T19:43:52.776446Z", "modified": "2026-06-24T19:43:52.776446Z", "name": "YARA Rule", "pattern": "rule HvS_APT37_mimikatz_loader_DF012 {\r\nmeta:\r\ndescription = \"Loader for encrypted Mimikatz variant used by APT37\"\r\nlicense = \"https://creativecommons.org/licenses/by-nc/4.0/\"\r\nauthor = \"Marc Stroebel\"\r\ndate = \"2020-12-15\"\r\nreference = \"https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf\"\r\nhash = \"42e4a9aeff3744bbbc0e82fd5b93eb9b078460d8f40e0b61b27b699882f521be\"\r\nstrings:\r\n$s1 = \".?AVCEncryption@@\" fullword ascii\r\n$s2 = \"afrfa\"\r\ncondition:\r\nuint16(0) == 0x5a4d and filesize < 200KB and\r\n(pe.imphash() == \"fa0b87c7e07d21001355caf7b5027219\") and (all of them)\r\n}", "pattern_type": "yara", "valid_from": "2020-12-15T00:00:00Z" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bdf2dd8b-a866-432b-9def-c6cc27df36d9", "created": "2026-06-24T19:43:52.777077Z", "modified": "2026-06-24T19:43:52.777077Z", "name": "YARA Rule", "pattern": "rule HvS_APT37_webshell_img_thumbs_asp {\r\nmeta:\r\ndescription = \"Webshell named img.asp, thumbs.asp or thumb.asp used by APT37\"\r\nlicense = \"https://creativecommons.org/licenses/by-nc/4.0/\"\r\nauthor = \"Moritz Oettle\"\r\ndate = \"2020-12-15\"\r\nreference = \"https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf\"\r\nhash = \"94d2448d3794ae3f29678a7337473d259b5cfd1c7f703fe53ee6c84dd10a48ef\"\r\nstrings:\r\n$s1 = \"strMsg = \\\"E : F\\\"\" fullword ascii\r\n$s2 = \"strMsg = \\\"S : \\\" & Len(fileData)\" fullword ascii\r\n$s3 = \"Left(workDir, InStrRev(workDir, \\\"/\\\")) & \\\"video\\\"\"\r\n$a1 = \"Server.CreateObject(\\\"Scripting.FileSystemObject\\\")\" fullword ascii\r\n$a2 = \"Dim tmpPath, workDir\" fullword ascii\r\n$a3 = \"Dim objFSO, objTextStream\" fullword ascii\r\n$a4 = \"workDir = Request.ServerVariables(\\\"URL\\\")\" fullword ascii\r\n$a5 = \"InStrRev(workDir, \\\"/\\\")\" ascii\r\n\r\n}\r\n\r\n$g1 = \"WriteFile = 0\" fullword ascii\r\n$g2 = \"fileData = Request.Form(\\\"fp\\\")\" fullword ascii\r\n$g3 = \"fileName = Request.Form(\\\"fr\\\")\" fullword ascii\r\n$g4 = \"Err.Clear()\" fullword ascii\r\n$g5 = \"Option Explicit\" fullword ascii\r\ncondition:\r\nfilesize < 2KB and (( 1 of ($s*) ) or (3 of ($a*)) or (5 of ($g*)))\r\n\r\n\u00a9 2020 HvS-Consulting AG\r\n\r\nTLP-White\r\n\r\npage 25 of 27\r\n\r\n\f\r\nrule HvS_APT37_webshell_template_query_asp {\r\nmeta:\r\ndescription = \" Webshell named template-query.aspimg.asp used by APT37\"\r\nlicense = \"https://creativecommons.org/licenses/by-nc/4.0/\"\r\nauthor = \"Moritz Oettle\"\r\ndate = \"2020-12-15\"\r\nreference = \"https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf\"\r\nhash = \"961a66d01c86fa5982e0538215b17fb9fae2991331dfea812b8c031e2ceb0d90\"\r\nstrings:\r\n$g1 = \"server.scripttimeout=600\" fullword ascii\r\n$g2 = \"response.buffer=true\" fullword ascii\r\n$g3 = \"response.expires=-1\" fullword ascii\r\n$g4 = \"session.timeout=600\" fullword ascii\r\n$a1 = \"redhat hacker\" ascii\r\n$a2 = \"want_pre.asp\" ascii\r\n$a3 = \"vgo=\\\"admin\\\"\" ascii\r\n$a4 = \"ywc=false\" ascii\r\n\r\n}", "pattern_type": "yara", "valid_from": "2020-12-15T00:00:00Z" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f0445c5-12dc-437b-b3c4-5f4d05fdc55e", "created": "2026-06-24T19:43:52.777949Z", "modified": "2026-06-24T19:43:52.777949Z", "name": "YARA Rule", "pattern": "rule HvS_APT37_RAT_loader {\r\nmeta:\r\ndescription = \"iconcash.db\"\r\nlicense = \"https://creativecommons.org/licenses/by-nc/4.0/\"\r\nauthor = \"Marc Stroebel\"\r\ndate = \"2020-12-15\"\r\nhash = \"b70e66d387e42f5f04b69b9eb15306036702ab8a50b16f5403289b5388292db9\"\r\nreference1 = \"https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf\"\r\nreference2 = \"https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a\"\r\ncondition:\r\n(pe.version_info[\"OriginalFilename\"] contains \"MFC_DLL.dll\") and\r\n(pe.exports(\"SMain\") and pe.exports(\"SMainW\") )\r\n}", "pattern_type": "yara", "valid_from": "2020-12-15T00:00:00Z" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e3909881-9292-49c0-9b0e-f3a66327e550", "created": "2026-06-24T19:43:52.778554Z", "modified": "2026-06-24T19:43:52.778554Z", "name": "YARA Rule", "pattern": "rule HvS_APT37_cred_tool {\r\nmeta:\r\ndescription = \"Unknown cred tool used by APT37\"\r\nlicense = \"https://creativecommons.org/licenses/by-nc/4.0/\"\r\nauthor = \"Markus Poelloth\"\r\ndate = \"2020-12-15\"\r\nreference = \"https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf\"\r\nstrings:\r\n$s1 = \"\r\n\" fullword ascii\r\n$s2 = \"Domain Login\" fullword ascii\r\n$s3 = \"IEShims_GetOriginatingThreadContext\" fullword ascii\r\n$s4 = \" Type Descriptor'\" fullword ascii\r\n$s5 = \"User: %s\" fullword ascii\r\n$s6 = \"Pass: %s\" fullword ascii\r\n$s7 = \" \" fullword ascii\r\n$s8 = \"E@c:\\\\u\" fullword ascii\r\ncondition:\r\nfilesize < 500KB and 7 of them\r\n}", "pattern_type": "yara", "valid_from": "2020-12-15T00:00:00Z" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b317e5ae-6fd2-40e6-8b34-0bfd1560fbff", "created": "2026-06-24T19:43:52.779133Z", "modified": "2026-06-24T19:43:52.779133Z", "name": "YARA Rule", "pattern": "rule HvS_APT37_smb_scanner {\r\nmeta:\r\ndescription = \"Unknown smb login scanner used by APT37\"\r\nlicense = \"https://creativecommons.org/licenses/by-nc/4.0/\"\r\nauthor = \"Marc Stroebel\"\r\ndate = \"2020-12-15\"\r\nreference1 = \"https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf\"\r\nreference2 = \"https://www.hybridanalysis.com/sample/d16163526242508d6961f061aaffe3ae5321bd64d8ceb6b2788f1570757595fc?environmentId=2\"\r\nstrings:\r\n$s1 = \"Scan.exe StartIP EndIP ThreadCount logfilePath [Username Password Deep]\" fullword ascii\r\n$s2 = \"%s - %s:(Username - %s / Password - %s\" fullword ascii\r\n$s3 = \"Load mpr.dll Error \" fullword ascii\r\n$s4 = \"Load Netapi32.dll Error \" fullword ascii\r\n$s5 = \"%s U/P not Correct! - %d\" fullword ascii\r\n$s6 = \"GetNetWorkInfo Version 1.0\" fullword wide\r\n$s7 = \"Hello World!\" fullword wide\r\n$s8 = \"%s Error: %ld\" fullword ascii\r\n$s9 = \"%s U/P Correct!\" fullword ascii\r\n$s10 = \"%s --------\" fullword ascii\r\n$s11 = \"%s%-30s%I64d\" fullword ascii\r\n$s12 = \"%s%-30s(DIR)\" fullword ascii\r\n$s13 = \"%04d-%02d-%02d %02d:%02d\" fullword ascii\r\n$s14 = \"Share:\r\nLocal Path:\r\nUses:\r\nDescriptor:\" fullword ascii\r\n$s15 = \"Share:\r\nType:\r\nRemark:\" fullword ascii\r\ncondition:\r\nuint16(0) == 0x5a4d and filesize < 200KB and (10 of them)\r\n}", "pattern_type": "yara", "valid_from": "2020-12-15T00:00:00Z" }, { "type": "file", "spec_version": "2.1", "id": "file--cb3ab8a7-7d30-4f21-bf8e-02bf5703e47d", "hashes": { "SHA-256": "94d2448d3794ae3f29678a7337473d259b5cfd1c7f703fe53ee6c84dd10a48ef" } }, { "type": "file", "spec_version": "2.1", "id": "file--070657e2-3a11-4f2d-9b48-d8097a08f2e2", "hashes": { "SHA-256": "d16163526242508d6961f061aaffe3ae5321bd64d8ceb6b2788f1570757595fc" } }, { "type": "file", "spec_version": "2.1", "id": "file--400c48f3-9cf1-4b8d-91f4-bde3dce9d059", "hashes": { "MD5": "fa0b87c7e07d21001355caf7b5027219" } }, { "type": "file", "spec_version": "2.1", "id": "file--76cac614-1e04-4995-94f3-0e91dbd50a98", "hashes": { "SHA-256": "961a66d01c86fa5982e0538215b17fb9fae2991331dfea812b8c031e2ceb0d90" } }, { "type": "file", "spec_version": "2.1", "id": "file--c139cfe9-1840-4292-8189-2675859c860a", "hashes": { "SHA-1": "f09d9c7783adb4a44d48c77e412319e1c9cd4384" } }, { "type": "file", "spec_version": "2.1", "id": "file--51836dba-fb46-45ae-be54-833a7e2724e4", "hashes": { "SHA-256": "42e4a9aeff3744bbbc0e82fd5b93eb9b078460d8f40e0b61b27b699882f521be" } }, { "type": "file", "spec_version": "2.1", "id": "file--8f28d7ef-d0fc-4a12-9b0b-90eaa23766b6", "hashes": { "SHA-256": "829462fc6d84aae04a962dfc919d0a392265fbf255eab399980d2b021e385517" } }, { "type": "url", "spec_version": "2.1", "id": "url--4f34357e-2c52-491d-934c-ce41f1be6025", "value": "https://www.leemble.com/" }, { "type": "url", "spec_version": "2.1", "id": "url--f9fc875e-034f-4511-be14-ef53aad1b04e", "value": "http://support.medicalinthecloud.com/TechCenter/include/slide.asp" }, { "type": "url", "spec_version": "2.1", "id": "url--5c01ac69-2bd0-4924-8878-610351a1b2d2", "value": "https://www.paghera.com/content/view/thumb/info.asp" }, { "type": "url", "spec_version": "2.1", "id": "url--17a665d7-0ede-4a93-a5a7-6d1fb9a4b4c8", "value": "https://www.ancaaste.it/uploads/form/02E319AF73A33547343B71D5CB1064BC.dotm" }, { "type": "url", "spec_version": "2.1", "id": "url--983a89c1-0af8-4af0-9d51-f254b376a355", "value": "https://www.fabianiarte.com/pdf/thumbs/thumb.asp" }, { "type": "url", "spec_version": "2.1", "id": "url--e623374b-8f7a-4e2e-8b2e-d6dd492a5d4b", "value": "https://bootcamp-coders.cnm.edu/~dmcdonald21/emojireview/storage/framework.php" }, { "type": "url", "spec_version": "2.1", "id": "url--15d72a06-6dc3-4179-905f-c7b3f257067a", "value": "https://www.forecareer.com/gdcareer/officetemplate20nab.asp?iqxml=NVcareer183991" }, { "type": "url", "spec_version": "2.1", "id": "url--030f52fb-8a06-489c-bc0d-d132c4651812", "value": "https://95octane.com/" }, { "type": "url", "spec_version": "2.1", "id": "url--1d553c2a-fa21-4cce-83e1-4d9ecf07ad3c", "value": "https://www.apars-surgery.org/bbs/bbs_files/board_photo/menu.php" }, { "type": "url", "spec_version": "2.1", "id": "url--9f6b35ac-6722-4de1-b9ba-e03037df764b", "value": "http://indoweb.org/love/data/common/common.php" }, { "type": "url", "spec_version": "2.1", "id": "url--3ac576a6-8a3b-4a52-b61e-3a76fa65e73a", "value": "https://www.fabianiarte.com/uploads/imgup/21it-23792.jpg" }, { "type": "url", "spec_version": "2.1", "id": "url--478cf618-f8f1-4991-958e-176518f11e46", "value": "http://www.mannpublicwhseltd.com/cservice.asp" }, { "type": "url", "spec_version": "2.1", "id": "url--6f9a0cae-07d4-4cc4-b4d5-e943f4f0b9fe", "value": "https://yakufreshperu.com/facturacion/public/css/main.php" }, { "type": "url", "spec_version": "2.1", "id": "url--5f0554d1-e964-4ed7-9cbd-c80fd7338ecf", "value": "https://turnscor.com/ACT/images/slide/view.jsp" }, { "type": "url", "spec_version": "2.1", "id": "url--7223f930-f1a1-45ee-ac78-8f11df4f1e22", "value": "https://www.lyzeum.com/popup/popup.asp" }, { "type": "url", "spec_version": "2.1", "id": "url--640b3745-f9f3-4062-bada-91e32aa80df3", "value": "https://www.reseau-canope.fr/conventions/css/en/edit.jsp" }, { "type": "url", "spec_version": "2.1", "id": "url--76849974-54b1-48c5-a17e-211a47f581c5", "value": "https://www.index-consulting.jp/eng/news/index.php" }, { "type": "url", "spec_version": "2.1", "id": "url--e903bf93-b43d-4248-a7b7-b8128088d4e3", "value": "https://www.shikshakibaat.com/classes/detail.jsp" }, { "type": "url", "spec_version": "2.1", "id": "url--8c83ffc5-67c2-4464-b3ba-e3eaa978c301", "value": "http://www.hirokawaunso.co.jp/wordpress/wp-includes/review.php" }, { "type": "url", "spec_version": "2.1", "id": "url--c977352f-0ef7-4863-9d27-ecddc58b5537", "value": "https://www.hansolhope.or.kr/welfare/notice/view.jsp" }, { "type": "url", "spec_version": "2.1", "id": "url--c8de5738-147f-4fee-b15c-f27d0fde3922", "value": "http://admin.shcpa.co.kr/_asapro2/formmail/lib.php" }, { "type": "url", "spec_version": "2.1", "id": "url--4fea0200-242c-4c88-bef5-b89f6617ed7f", "value": "https://www.calculadoras.mx/themes/pack/pilot.php" }, { "type": "url", "spec_version": "2.1", "id": "url--95ccbf79-1ab8-4cbe-99ce-6c39a9bb6227", "value": "https://www.fidesarte.it/thumb/multibox/style/common.asp" }, { "type": "url", "spec_version": "2.1", "id": "url--8e5b70b3-8cd3-4cec-b613-2c1768ce6780", "value": "https://www.emilypress.com/CMWorking/Static/service/center.asp" }, { "type": "url", "spec_version": "2.1", "id": "url--9f1d7f1b-bf18-429d-a2b3-6af42aa64268", "value": "https://www.factmag.com/" }, { "type": "url", "spec_version": "2.1", "id": "url--c7c33922-45c7-436a-856e-7715e0ed6945", "value": "https://acanicjquery.com/slides/style.php" }, { "type": "url", "spec_version": "2.1", "id": "url--7970a0ef-9ce3-4b5f-b803-5a5461179ee8", "value": "http://pennontraders.com/assets/slides/view.jsp" }, { "type": "url", "spec_version": "2.1", "id": "url--d8291300-a6a9-4ce2-9208-f63d9a8c5995", "value": "https://prestigein-am.jp/akita/wp-includes/wp-rss1.php" }, { "type": "url", "spec_version": "2.1", "id": "url--23feaf91-3815-4534-8be9-a4a2dfeb3bbf", "value": "https://www.gonnelli.it" }, { "type": "url", "spec_version": "2.1", "id": "url--a57865df-54a1-4ab2-a083-ef0501ab8f87", "value": "https://genieaccount.com/images/common/common.asp" }, { "type": "url", "spec_version": "2.1", "id": "url--b6f87d6e-ebd4-429e-8f1f-4e0bdb7fbcfc", "value": "https://www.ne-ba.org/" }, { "type": "url", "spec_version": "2.1", "id": "url--718a61d9-20d3-4bee-b2dc-74cc486d0d00", "value": "http://www.anisweb.org/layout/site/style/preview.jsp" }, { "type": "url", "spec_version": "2.1", "id": "url--421fe8ef-0c08-4424-86ef-a84ee76884a0", "value": "https://vega.mh-tec.jp/.well-known/index.php" }, { "type": "url", "spec_version": "2.1", "id": "url--331d135c-970f-464c-be1b-b37d71147b4c", "value": "https://www.arumdaunresort.com/admin/html/user/contact.asp" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5cbbfd58-b103-4de5-bbe4-faceae1c9b51", "value": "cache.io" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--77e60959-2e42-4e29-b8ed-2e96afeb3e9c", "value": "95octane.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--db2c92f2-cf92-47a7-8644-dae6d0467cac", "value": "admin.shcpa.co.kr" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--a2a379a1-b89e-45bc-b7df-efe2c5348e7d", "value": "acanicjquery.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--8977a87b-9e60-4388-b42e-f2e964bbd521", "value": "comms.io" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--88ef0afd-4f78-47a9-a9ce-89d6dd8e4906", "value": "support.medicalinthecloud.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--6c05cae8-46cf-47ee-8b80-434bad1d1377", "value": "yakufreshperu.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--91781fb7-226f-4833-822f-d8cc46abb8fa", "value": "navcache.io" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--b6e5e912-c6d1-44f6-a6e3-c6433de7c30b", "value": "pennontraders.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--1c7dd874-6b61-431d-92fe-13d999a507a9", "value": "prestigein-am.jp" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--7fb11512-eb5a-4150-a270-c864df4f98f1", "value": "genieaccount.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--f172e210-de6a-4ae1-8519-f15223cf2e91", "value": "indoweb.org" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--52d7fb53-1bca-4b80-aa6b-6bca7fe7cfb7", "value": "137.74.114.227" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--287bd74a-2822-418e-a94a-ba7be2985ffa", "value": "125.206.177.152" }, { "type": "file", "spec_version": "2.1", "id": "file--20079df5-5c9d-4842-a310-acb8ce6f0b3b", "hashes": { "SHA-256": "b70e66d387e42f5f04b69b9eb15306036702ab8a50b16f5403289b5388292db9" } }, { "type": "file", "spec_version": "2.1", "id": "file--9a271410-5892-4df9-8bce-abea0348519a", "hashes": { "MD5": "02e319af73a33547343b71d5cb1064bc" } }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b", "created": "2026-06-24T19:43:52.805405Z", "modified": "2026-06-24T19:43:52.805405Z", "name": "Lazarus" }, { "type": "report", "spec_version": "2.1", "id": "report--75631619-f697-465c-86bc-52f7a59a9858", "created_by_ref": "identity--6173f923-5e4d-4c81-b4d7-70b1660fb48d", "created": "2026-06-24T19:43:52.830351Z", "modified": "2026-06-24T19:43:52.830351Z", "name": "Greetings from Lazarus", "published": "2020-12-15T00:00:00Z", "object_refs": [ "identity--6173f923-5e4d-4c81-b4d7-70b1660fb48d", "domain-name--95f647a5-370c-4bd2-ab5a-4e71082ab904", "url--d05dd461-a643-46f6-95a9-cee8f3b17041", "domain-name--bd90443c-5251-47ac-b926-3ae7e948d81c", "domain-name--53124a49-05ba-457c-99e2-31dc33438ef5", "url--92c6bc40-cf90-448d-a7be-4cb30e0c8722", "url--a03e9def-50f4-4578-820e-877efdb105d4", "url--501fb635-7a9b-4f66-8af3-095e1ba4a09b", "url--e56d4ce8-d17b-41a8-8561-936d09e40420", "indicator--0edb4a0e-cfaf-4b74-a6c4-de4d772f5b27", "indicator--badb4871-9eef-45c6-a72c-b9c4f4d06678", "indicator--bdf2dd8b-a866-432b-9def-c6cc27df36d9", "indicator--8f0445c5-12dc-437b-b3c4-5f4d05fdc55e", "indicator--e3909881-9292-49c0-9b0e-f3a66327e550", "indicator--b317e5ae-6fd2-40e6-8b34-0bfd1560fbff", "file--cb3ab8a7-7d30-4f21-bf8e-02bf5703e47d", "file--070657e2-3a11-4f2d-9b48-d8097a08f2e2", "file--400c48f3-9cf1-4b8d-91f4-bde3dce9d059", "file--76cac614-1e04-4995-94f3-0e91dbd50a98", "file--c139cfe9-1840-4292-8189-2675859c860a", "file--51836dba-fb46-45ae-be54-833a7e2724e4", "file--8f28d7ef-d0fc-4a12-9b0b-90eaa23766b6", "url--4f34357e-2c52-491d-934c-ce41f1be6025", "url--f9fc875e-034f-4511-be14-ef53aad1b04e", "url--5c01ac69-2bd0-4924-8878-610351a1b2d2", "url--17a665d7-0ede-4a93-a5a7-6d1fb9a4b4c8", "url--983a89c1-0af8-4af0-9d51-f254b376a355", "url--e623374b-8f7a-4e2e-8b2e-d6dd492a5d4b", "url--15d72a06-6dc3-4179-905f-c7b3f257067a", "url--030f52fb-8a06-489c-bc0d-d132c4651812", "url--1d553c2a-fa21-4cce-83e1-4d9ecf07ad3c", "url--9f6b35ac-6722-4de1-b9ba-e03037df764b", "url--3ac576a6-8a3b-4a52-b61e-3a76fa65e73a", "url--478cf618-f8f1-4991-958e-176518f11e46", "url--6f9a0cae-07d4-4cc4-b4d5-e943f4f0b9fe", "url--5f0554d1-e964-4ed7-9cbd-c80fd7338ecf", "url--7223f930-f1a1-45ee-ac78-8f11df4f1e22", "url--640b3745-f9f3-4062-bada-91e32aa80df3", "url--76849974-54b1-48c5-a17e-211a47f581c5", "url--e903bf93-b43d-4248-a7b7-b8128088d4e3", "url--8c83ffc5-67c2-4464-b3ba-e3eaa978c301", "url--c977352f-0ef7-4863-9d27-ecddc58b5537", "url--c8de5738-147f-4fee-b15c-f27d0fde3922", "url--4fea0200-242c-4c88-bef5-b89f6617ed7f", "url--95ccbf79-1ab8-4cbe-99ce-6c39a9bb6227", "url--8e5b70b3-8cd3-4cec-b613-2c1768ce6780", "url--9f1d7f1b-bf18-429d-a2b3-6af42aa64268", "url--c7c33922-45c7-436a-856e-7715e0ed6945", "url--7970a0ef-9ce3-4b5f-b803-5a5461179ee8", "url--d8291300-a6a9-4ce2-9208-f63d9a8c5995", "url--23feaf91-3815-4534-8be9-a4a2dfeb3bbf", "url--a57865df-54a1-4ab2-a083-ef0501ab8f87", "url--b6f87d6e-ebd4-429e-8f1f-4e0bdb7fbcfc", "url--718a61d9-20d3-4bee-b2dc-74cc486d0d00", "url--421fe8ef-0c08-4424-86ef-a84ee76884a0", "url--331d135c-970f-464c-be1b-b37d71147b4c", "domain-name--5cbbfd58-b103-4de5-bbe4-faceae1c9b51", "domain-name--77e60959-2e42-4e29-b8ed-2e96afeb3e9c", "domain-name--db2c92f2-cf92-47a7-8644-dae6d0467cac", "domain-name--a2a379a1-b89e-45bc-b7df-efe2c5348e7d", "domain-name--8977a87b-9e60-4388-b42e-f2e964bbd521", "domain-name--88ef0afd-4f78-47a9-a9ce-89d6dd8e4906", "domain-name--6c05cae8-46cf-47ee-8b80-434bad1d1377", "domain-name--91781fb7-226f-4833-822f-d8cc46abb8fa", "domain-name--b6e5e912-c6d1-44f6-a6e3-c6433de7c30b", "domain-name--1c7dd874-6b61-431d-92fe-13d999a507a9", "domain-name--7fb11512-eb5a-4150-a270-c864df4f98f1", "domain-name--f172e210-de6a-4ae1-8519-f15223cf2e91", "ipv4-addr--52d7fb53-1bca-4b80-aa6b-6bca7fe7cfb7", "ipv4-addr--287bd74a-2822-418e-a94a-ba7be2985ffa", "file--20079df5-5c9d-4842-a310-acb8ce6f0b3b", "file--9a271410-5892-4df9-8bce-abea0348519a", "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b" ], "external_references": [ { "source_name": "source", "url": "https://www.hvs-consulting.de/public/ThreatReport-Lazarus.pdf" } ] } ] }