{
    "type": "bundle",
    "id": "bundle--bacc6441-547b-46ae-bb9e-e19851b24afd",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--51c7b646-021e-4510-a5cd-85bbe60eb05c",
            "created": "2023-03-10T00:12:24.458705Z",
            "modified": "2023-03-10T00:12:24.458849Z",
            "name": "emptyregisters",
            "identity_class": "organization"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--405b9d83-d449-4bf7-a8f5-55e394f97604",
            "created": "2026-06-24T19:49:28.345928Z",
            "modified": "2026-06-24T19:49:28.345928Z",
            "name": "YARA Rule",
            "pattern": "rule LazarusDocJan2019_01\r\n{\r\nmeta:\r\nauthor = \u201cSilas Cutler\u201d\r\ndescription = \u201cDetection for Lazarus Payload from Jan 2019\u201d\r\nref = \u201chttps://twitter.com/DrunkBinary/status/1090625122883510274\"\r\nversion = \u201c0.1\u201d\r\nstrings:\r\n$ = \u201c\\\u201dMain Invoked.\\\u201d\u201d\r\n$ = \u201c\\\u201dMain Returned.\\\u201d\u201d\r\n$ = \u201c%sd.%se%sc %s > %s 2>&1\u201d\r\ncondition:\r\nall of them\r\n}",
            "pattern_type": "yara",
            "valid_from": "2019-02-12T00:00:00Z"
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--cad27133-9afb-4f93-9890-763e82aa912e",
            "hashes": {
                "SHA-256": "625f63364312cec78a4c91abedba868d551d79185ff73e388f561017b13347f0"
            }
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--cacb9ffb-a392-4cab-828b-2b7fa4815a81",
            "value": "poem.ekosa.org"
        },
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b",
            "created": "2026-06-24T19:49:28.349761Z",
            "modified": "2026-06-24T19:49:28.349761Z",
            "name": "Lazarus"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--3c07afde-d0de-400b-8d92-12e695076f9b",
            "created_by_ref": "identity--51c7b646-021e-4510-a5cd-85bbe60eb05c",
            "created": "2026-06-24T19:49:28.350794Z",
            "modified": "2026-06-24T19:49:28.350794Z",
            "name": "Lazarus downloader brief analysis",
            "published": "2019-02-12T00:00:00Z",
            "object_refs": [
                "identity--51c7b646-021e-4510-a5cd-85bbe60eb05c",
                "indicator--405b9d83-d449-4bf7-a8f5-55e394f97604",
                "file--cad27133-9afb-4f93-9890-763e82aa912e",
                "domain-name--cacb9ffb-a392-4cab-828b-2b7fa4815a81",
                "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b"
            ],
            "external_references": [
                {
                    "source_name": "source",
                    "url": "https://medium.com/emptyregisters/lazarus-downloader-brief-analy-17875f342d96"
                }
            ]
        }
    ]
}