{ "type": "bundle", "id": "bundle--eabba792-b87d-49fa-9b7c-14fbb8a5949b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--48edf75c-7cd8-480a-8950-deb15067ea29", "created": "2026-04-13T05:27:30.708162Z", "modified": "2026-04-22T01:03:40.519059Z", "name": "BreakGlassIntelligence", "identity_class": "organization" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--f3fc3292-7f74-4759-8bde-da14e8b84c88", "value": "152.32.138.146" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--78cee9be-80cc-4ae4-88ad-93725c4a394d", "value": "152.32.243.178" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--f3b3d0d8-ccae-4842-9a3d-230ff1ec1838", "value": "152.32.139.149" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--f55a1681-730f-4e55-8925-06c04db93b19", "value": "167.88.166.204" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--c6a79686-5a46-4d44-9d54-ecea59c4fee6", "value": "118.194.249.109" }, { "type": "file", "spec_version": "2.1", "id": "file--8a00c39d-1447-4dfa-851b-27734aebddf3", "hashes": { "SHA-256": "f239e3fedc4926ff3cf58f95bacff9d8f11289e58036ed507ab3f435dce1b2b1" } }, { "type": "file", "spec_version": "2.1", "id": "file--a872c775-f88f-4b8a-a398-04308bb9e6a0", "hashes": { "SHA-1": "253d232e1485e7e60ff3380999412c773d0a9a14" } }, { "type": "file", "spec_version": "2.1", "id": "file--61fa3d8b-81b1-4602-8072-55d35d980d7e", "hashes": { "MD5": "66126fa42accfb183f72e25b20750b97" } }, { "type": "file", "spec_version": "2.1", "id": "file--04a403ef-6a76-4291-bd30-e15673ecdeea", "hashes": { "MD5": "6db53d66629f95a2d830a4f56e8c69f2" } }, { "type": "file", "spec_version": "2.1", "id": "file--a25b965f-c04a-4602-ad2c-a3b4c4ef9891", "hashes": { "SHA-256": "95f4954ad79fa972bfd4fe217608ed5216c674e8ae6662cb8ffb31dbed50ec63" } }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--1d88a2e4-af26-4b56-9414-5d13d6b7d4a5", "value": "hegui@ucloud.cn" }, { "type": "url", "spec_version": "2.1", "id": "url--40838e3d-e6cc-48a2-96e5-aad0fd02f4d8", "value": "https://ndocs0link.dns.army/?naps" }, { "type": "url", "spec_version": "2.1", "id": "url--cbe0337f-f7c7-4f51-a384-ea4d0990a5c2", "value": "http://link-nid-log.oq7n2.dynv6.net/" }, { "type": "url", "spec_version": "2.1", "id": "url--1b122769-ed5f-41fd-9704-b2ad545143d0", "value": "https://mhjjh.dynv6.net/" }, { "type": "url", "spec_version": "2.1", "id": "url--f0ddc0dd-7f6e-400c-be1e-2bfd7878e209", "value": "https://elecviews85.dynv6.net/?naps" }, { "type": "url", "spec_version": "2.1", "id": "url--badfe96a-ffa2-4629-91de-d073c0c60e40", "value": "http://link-nid-log.oc9bk.dynv6.net/" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--af7bb4b7-fba3-4b42-9cf1-6b3adab5bc97", "value": "mhjjh.dynv6.net" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--0f8ba552-2e7b-4776-996f-daf08099f0bd", "value": "link-nid-log.oq7n2.dynv6.net" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--33c66a17-778d-4faf-baf9-8ac2ff5aa6e5", "value": "elecviews85.dynv6.net" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--2623c8a7-b457-4245-8d78-0889357fef6c", "value": "ndocs0link.dns.army" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--25cf6677-d482-430a-8c81-1c334395487c", "value": "link-nid-log.oc9bk.dynv6.net" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--09bcac71-110d-459b-ab9b-88aebdb48864", "value": "118.194.248.134" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--6c9097e0-8c08-4e09-9980-e550e9a0a5a2", "value": "118.194.248.246" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--0e19a070-2153-41c1-add4-75dd5b1babe4", "value": "118.194.248.183" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--56db2ea4-f249-4a75-a0f8-70b1e4d8d131", "value": "152.32.243.215" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--1b94d705-8bb2-4c7c-8c33-4ce34cc1a049", "value": "118.193.69.19" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--b4dcefed-b780-4acf-ba2d-a5385ffc26d2", "value": "27.102.137.140" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--8b97cc03-31f2-4f26-a8a9-c0c2c1f8f7e0", "value": "101.36.114.231" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--dfda561b-b03f-4efa-b6ef-7d5d18b1ceac", "value": "101.36.114.66" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--c441c972-73cd-452d-8234-893dd8d706b8", "value": "27.102.138.125" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5230718c-0d00-4431-8aa5-d5c19e6daafd", "value": "ucloud.cn" }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1", "created": "2026-06-24T19:46:42.165189Z", "modified": "2026-06-24T19:46:42.165189Z", "name": "Kimsuky" }, { "type": "report", "spec_version": "2.1", "id": "report--89562b2b-3838-451f-8700-2b1f8ad60847", "created_by_ref": "identity--48edf75c-7cd8-480a-8950-deb15067ea29", "created": "2026-06-24T19:46:42.180738Z", "modified": "2026-06-24T19:46:42.180738Z", "name": "Kimsuky's Five-Stage GrimResource Loader: When an MMC File Becomes a Shellcode Injector", "published": "2026-03-12T00:00:00Z", "object_refs": [ "identity--48edf75c-7cd8-480a-8950-deb15067ea29", "ipv4-addr--f3fc3292-7f74-4759-8bde-da14e8b84c88", "ipv4-addr--78cee9be-80cc-4ae4-88ad-93725c4a394d", "ipv4-addr--f3b3d0d8-ccae-4842-9a3d-230ff1ec1838", "ipv4-addr--f55a1681-730f-4e55-8925-06c04db93b19", "ipv4-addr--c6a79686-5a46-4d44-9d54-ecea59c4fee6", "file--8a00c39d-1447-4dfa-851b-27734aebddf3", "file--a872c775-f88f-4b8a-a398-04308bb9e6a0", "file--61fa3d8b-81b1-4602-8072-55d35d980d7e", "file--04a403ef-6a76-4291-bd30-e15673ecdeea", "file--a25b965f-c04a-4602-ad2c-a3b4c4ef9891", "email-addr--1d88a2e4-af26-4b56-9414-5d13d6b7d4a5", "url--40838e3d-e6cc-48a2-96e5-aad0fd02f4d8", "url--cbe0337f-f7c7-4f51-a384-ea4d0990a5c2", "url--1b122769-ed5f-41fd-9704-b2ad545143d0", "url--f0ddc0dd-7f6e-400c-be1e-2bfd7878e209", "url--badfe96a-ffa2-4629-91de-d073c0c60e40", "domain-name--af7bb4b7-fba3-4b42-9cf1-6b3adab5bc97", "domain-name--0f8ba552-2e7b-4776-996f-daf08099f0bd", "domain-name--33c66a17-778d-4faf-baf9-8ac2ff5aa6e5", "domain-name--2623c8a7-b457-4245-8d78-0889357fef6c", "domain-name--25cf6677-d482-430a-8c81-1c334395487c", "ipv4-addr--09bcac71-110d-459b-ab9b-88aebdb48864", "ipv4-addr--6c9097e0-8c08-4e09-9980-e550e9a0a5a2", "ipv4-addr--0e19a070-2153-41c1-add4-75dd5b1babe4", "ipv4-addr--56db2ea4-f249-4a75-a0f8-70b1e4d8d131", "ipv4-addr--1b94d705-8bb2-4c7c-8c33-4ce34cc1a049", "ipv4-addr--b4dcefed-b780-4acf-ba2d-a5385ffc26d2", "ipv4-addr--8b97cc03-31f2-4f26-a8a9-c0c2c1f8f7e0", "ipv4-addr--dfda561b-b03f-4efa-b6ef-7d5d18b1ceac", "ipv4-addr--c441c972-73cd-452d-8234-893dd8d706b8", "domain-name--5230718c-0d00-4431-8aa5-d5c19e6daafd", "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1" ], "external_references": [ { "source_name": "source", "url": "https://intel.breakglass.tech/post/kimsuky-s-five-stage-grimresource-loader-when-an-mmc-file-becomes-a-shellcode-injector" } ] } ] }