{
    "type": "bundle",
    "id": "bundle--501235e8-78ff-4bbd-900f-ebbc2155b629",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--0b1cac3e-021d-41d0-89d9-5dc4905fa75a",
            "created": "2023-03-08T12:51:54.415344Z",
            "modified": "2023-03-08T12:51:54.415422Z",
            "name": "Threatconnect",
            "identity_class": "organization"
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--a3b0b7d3-e246-4af4-96cc-8ae727c2e691",
            "hashes": {
                "MD5": "1e14ded758c5dd7b41fe20297935eeef"
            }
        },
        {
            "type": "email-addr",
            "spec_version": "2.1",
            "id": "email-addr--74b6fce9-f914-4244-8d7a-2e02399b5430",
            "value": "jackjacko@tutamail.com"
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--1156b5d4-7756-4cb1-a1e1-01d0d431898d",
            "value": "http://www.fireeye.fr/blog/threat-research/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html"
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--e7f438ca-a2eb-41c0-9eef-156ca6c2a115",
            "value": "https://paste.cryptolaemus.com/emotet/2020/06/22/emotet-c2-rsa-update-06-22-20-1.html"
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--7ad892e4-d035-44b1-80f4-9f1597f69efc",
            "value": "security-confirm.bmail-org.com"
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--7bae7310-0461-417b-b526-16639e3c6e73",
            "hashes": {
                "MD5": "c315de8ac15b51163a3bc075063a58aa"
            }
        },
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1",
            "created": "2026-06-24T23:49:18.981523Z",
            "modified": "2026-06-24T23:49:18.981523Z",
            "name": "Kimsuky"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--354d3537-e874-4f7a-acf6-51d74c554b8e",
            "created_by_ref": "identity--0b1cac3e-021d-41d0-89d9-5dc4905fa75a",
            "created": "2026-06-24T23:49:18.986535Z",
            "modified": "2026-06-24T23:49:18.986535Z",
            "name": "More Kimsuky \u201cAutoUpdate\u201d Malware",
            "published": "2020-06-25T00:00:00Z",
            "object_refs": [
                "identity--0b1cac3e-021d-41d0-89d9-5dc4905fa75a",
                "file--a3b0b7d3-e246-4af4-96cc-8ae727c2e691",
                "email-addr--74b6fce9-f914-4244-8d7a-2e02399b5430",
                "url--1156b5d4-7756-4cb1-a1e1-01d0d431898d",
                "url--e7f438ca-a2eb-41c0-9eef-156ca6c2a115",
                "domain-name--7ad892e4-d035-44b1-80f4-9f1597f69efc",
                "file--7bae7310-0461-417b-b526-16639e3c6e73",
                "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1"
            ],
            "external_references": [
                {
                    "source_name": "source",
                    "url": "https://web.archive.org/web/20210412184505/https://threatconnect.com/blog/threatconnect-kimsuky-autoupdate-malware-research-roundup/"
                }
            ]
        }
    ]
}