{ "type": "bundle", "id": "bundle--f70db9e2-6f25-45a1-b0c7-e5ca99ec5cdd", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--d6462b61-c8eb-4f9d-bbca-7ad3648dd925", "created": "2023-03-10T00:10:51.474854Z", "modified": "2023-03-10T00:17:01.510222Z", "name": "dinu135dk", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--b02e7174-b081-49bc-b6df-2383618ecfba", "value": "mbrainingevents.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dbb93fd4-9567-4c60-ac1c-5fdabb424fa2", "created": "2026-06-24T19:52:35.488253Z", "modified": "2026-06-24T19:52:35.488253Z", "name": "YARA Rule", "pattern": "rule ReflectiveLoader {\r\nmeta:\r\ndescription = \u201cDetects a unspecified hack tool, crack or malware using a reflective loader \u2014 no hard match \u2014 further investigation recommended\u201d\r\nreference = \u201cInternal Research\u201d\r\nscore = 60\r\nstrings:\r\n$s1 = \u201cReflectiveLoader\u201d fullword ascii\r\n$s2 = \u201cReflectivLoader.dll\u201d fullword ascii\r\n$s3 = \u201c?ReflectiveLoader@@\u201d ascii\r\ncondition:\r\nuint16(0) == 0x5a4d and (\r\n1 of them or\r\npe.exports(\u201cReflectiveLoader\u201d) or\r\npe.exports(\u201c_ReflectiveLoader@4\u201d) or\r\npe.exports(\u201c?ReflectiveLoader@@YGKPAX@Z\u201d)\r\n)\r\n}", "pattern_type": "yara", "valid_from": "2020-05-09T00:00:00Z" }, { "type": "file", "spec_version": "2.1", "id": "file--66790a10-fa7d-4647-8c6b-7c5ecd082401", "hashes": { "MD5": "186aa05bfe4739274c3c258be4a5a160" } }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--1c452487-854c-471f-a843-b5ce9e1eb594", "value": "185.62.56.131" }, { "type": "file", "spec_version": "2.1", "id": "file--480e032e-e339-4765-bfe8-938b2a58fd6e", "hashes": { "MD5": "fe2d05365f059d48fd972c79afeee682" } }, { "type": "file", "spec_version": "2.1", "id": "file--14c6b2bb-84cd-4eab-8a0d-e3c096afded9", "hashes": { "MD5": "8451be72b75a38516e7ba7972729909e" } }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b", "created": "2026-06-24T19:52:35.494947Z", "modified": "2026-06-24T19:52:35.494947Z", "name": "Lazarus" }, { "type": "report", "spec_version": "2.1", "id": "report--561fa54e-1790-4154-a896-79e05f724c8d", "created_by_ref": "identity--d6462b61-c8eb-4f9d-bbca-7ad3648dd925", "created": "2026-06-24T19:52:35.521173Z", "modified": "2026-06-24T19:52:35.521173Z", "name": "Lazarus group leverages Covid themed HWP Document", "published": "2020-05-09T00:00:00Z", "object_refs": [ "identity--d6462b61-c8eb-4f9d-bbca-7ad3648dd925", "domain-name--b02e7174-b081-49bc-b6df-2383618ecfba", "indicator--dbb93fd4-9567-4c60-ac1c-5fdabb424fa2", "file--66790a10-fa7d-4647-8c6b-7c5ecd082401", "ipv4-addr--1c452487-854c-471f-a843-b5ce9e1eb594", "file--480e032e-e339-4765-bfe8-938b2a58fd6e", "file--14c6b2bb-84cd-4eab-8a0d-e3c096afded9", "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b" ], "external_references": [ { "source_name": "source", "url": "https://medium.com/@dinu135dk/lazarus-group-leverages-covid-themed-hwp-document-dde6b80d51eb" } ] } ] }