{ "type": "bundle", "id": "bundle--6f9ef3df-f502-4937-b7c2-e74aefa589d5", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--ee1af7fe-c2db-446e-ab28-bdb4b4e29c1c", "created": "2023-03-08T12:51:42.067091Z", "modified": "2023-03-10T04:35:51.526813Z", "name": "USCISA", "identity_class": "organization" }, { "type": "file", "spec_version": "2.1", "id": "file--d4342e50-4d39-4382-aa3a-c53ac9a6c951", "hashes": { "MD5": "9e4d9edb07c348b10863d89b6bb08141" } }, { "type": "file", "spec_version": "2.1", "id": "file--b5c372c4-0af9-4205-8e4e-f982d341a9e7", "hashes": { "SHA-1": "65122e5129fc74d6b5ebafcc3376abae0145bc14" } }, { "type": "file", "spec_version": "2.1", "id": "file--2203b95b-3d9f-489b-a1c6-b05a8c4f53b8", "hashes": { "MD5": "0137f688436c468d43b3e50878ec1a1f" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62862ca1-facf-45f2-8e5b-24c195947ecd", "created": "2026-06-24T21:02:46.657468Z", "modified": "2026-06-24T21:02:46.657468Z", "name": "YARA Rule", "pattern": "rule Unauthorized_Proxy_Server_RAT\r\n{\r\nmeta:\r\n Author=\"US-CERT Code Analysis Team\"\r\n\r\nIncident=\"10135536\"\r\n MD5_1 = \"C74E289AD927E81D2A1A56BC73E394AB\"\r\n MD5_2 = \"2950E3741D7AF69E0CA0C5013ABC4209\"\r\n\r\nInfo=\"Detects Proxy Server RAT\"\r\n\r\nsuper_rule = 1\r\n\r\nstrings:\r\n $s0 = {8A043132C288043125FF00000003C299F73D40404900A14440490003D0413BCF72DE5E5FC3}\r\n $s1 = {8A04318844241432C28804318B44241425FF00000003C299F73D40404900A14440490003D0413BCF72D65E5FC3}\r\n $s2 = {8A04318844241432C28804318B44241425FF00000003C299F73D5C394100A16039410003D0413BCF72D65E5FC3}\r\n $s3 = {8A043132C288043125FF00000003C299F73D5C394100A16039410003D0413BCF72DE5E5FC3}\r\n $s4 = {B91A7900008A140780F29A8810404975F4}\r\n $s5 = {399FE192769F839DCE9F2A9D2C9EAD9CEB9FD19CA59F7E9F539CEF9F029F969C6C9E5C9D949FC99F}\r\n $s6 = {8A04318844241432C28804318B44241425FF00000003C299F73D40600910A14460091003D0413BCF72D65E5FC3}\r\nTLP:WHITE\r\nUS-CERT MAR-10135536-B \r\n\r\n\r\n\r\n2 of 12TLP:WHITE\r\n $s7 = {3C5C75208A41014184C074183C72740C3C7474083C6274043C2275088A41014184C075DC}\r\n $s8 = {8B063D9534120077353D59341200722E668B4604663DE8037F24}\r\n $s9 = {8BC88B74241CC1E1052BC88B7C2418C1E1048B5C241403C88D04888B4C242083F9018944240C7523}\r\n$s10 = {8B063D9034120077353D59341200722E668B4604663DE8037F246685C0}\r\n $s11 = {30110FB60148FFC102C20FBEC09941F7F94103D249FFC875E7}\r\n$s12 = {448BE8B84FECC44E41F7EDC1FA038BCAC1E91F03D16BD21A442BEA4183C541}\r\n$s13 = {8A0A80F9627C2380F9797F1E80F9647C0A80F96D7F0580C10BEB0D80F96F7C0A80F9787F05}\r\ncondition:\r\nany of them\r\n}", "pattern_type": "yara", "valid_from": "2017-12-21T00:00:00Z" }, { "type": "file", "spec_version": "2.1", "id": "file--d7186f17-55ee-49ff-8236-c6727ba3193f", "hashes": { "SHA-1": "f4088bca25fd9ee78119458bfb300721266ecbcb" } }, { "type": "file", "spec_version": "2.1", "id": "file--162b56d2-9b09-436c-a302-ea670fb36cd5", "hashes": { "MD5": "4dfa17c0b8e612b8d4db9cea10b5a3d7" } }, { "type": "file", "spec_version": "2.1", "id": "file--fc5cf976-f1b8-492b-93d7-71535ebba1a0", "hashes": { "MD5": "2de998d058c83ca559bc6a4b4b4d40b6" } }, { "type": "file", "spec_version": "2.1", "id": "file--4e5993dd-99d8-4afa-a6d7-ea707fdc6f49", "hashes": { "MD5": "caef1f2015675da6b139275b4c7c86d3" } }, { "type": "file", "spec_version": "2.1", "id": "file--2f7b83ad-2019-4824-bb6d-0443353e2693", "hashes": { "MD5": "6c330d24bbac0cdc751eb2033a2ab6c7" } }, { "type": "file", "spec_version": "2.1", "id": "file--9dfa060b-fe5c-40a6-abc9-8f947f44a7b9", "hashes": { "MD5": "c3349c549162ffa3b8148d564efdfd0e" } }, { "type": "file", "spec_version": "2.1", "id": "file--9479653a-6153-42c8-89ce-9417f92a29a3", "hashes": { "MD5": "1ce8e90ffa2199ff32be8b977e9a441b" } }, { "type": "file", "spec_version": "2.1", "id": "file--a4a79526-44b0-4bc0-8b23-c97f8ce67f68", "hashes": { "MD5": "e385ce08c1c7b68edfc2150f3682b256" } }, { "type": "file", "spec_version": "2.1", "id": "file--165c8ce1-4747-4eda-9db3-7b6c3f9e5938", "hashes": { "SHA-1": "af9db3ed2605572e9897d71086308873045be47b" } }, { "type": "file", "spec_version": "2.1", "id": "file--350c2134-9b02-4ec9-a256-486e23431b9b", "hashes": { "MD5": "f77d3025527d202bbe572f5791d038d3" } }, { "type": "file", "spec_version": "2.1", "id": "file--57b8d803-6575-42bc-a97c-28a822fa7752", "hashes": { "MD5": "51e2667d68017283e27efb2950932c58" } }, { "type": "file", "spec_version": "2.1", "id": "file--f69383e2-db87-45c4-905d-75a460d5e853", "hashes": { "MD5": "03e0ab7f93b56899460fda790387d7c1" } }, { "type": "file", "spec_version": "2.1", "id": "file--7c39c7f5-1e73-43e2-9c01-5c81ffe3853b", "hashes": { "MD5": "15e68b7d71ae9401600fbf50c1f37e66" } }, { "type": "file", "spec_version": "2.1", "id": "file--b65eb401-c7df-4e37-ab3c-0b1cb21a58d2", "hashes": { "MD5": "fc9e40100d8dfae2df0f30a3414f50ec" } }, { "type": "file", "spec_version": "2.1", "id": "file--eb2659c2-66b2-42f5-89fd-c22999f1ed5b", "hashes": { "SHA-1": "771f7d69a476d5b0b7c942bdc21e86691dabba89" } }, { "type": "file", "spec_version": "2.1", "id": "file--a27521c6-ba95-42e9-ad07-7058b6dec51b", "hashes": { "MD5": "a5166df020ef131fd115707cf8e284ce" } }, { "type": "file", "spec_version": "2.1", "id": "file--1bbc3bf4-f822-4ade-a0ed-8d9ea76513d8", "hashes": { "MD5": "964b291ad9bafa471da3f80fb262dbe7" } }, { "type": "file", "spec_version": "2.1", "id": "file--07fe68c0-78c0-4e32-9ad2-47f72bb120a2", "hashes": { "MD5": "720f2fd596b0523ad6da7864337a3e3a" } }, { "type": "file", "spec_version": "2.1", "id": "file--34cbcedf-4464-457d-8612-76ee12d413fe", "hashes": { "MD5": "a679879146f59c7ba1b29ff42851a5ed" } }, { "type": "file", "spec_version": "2.1", "id": "file--6b13e835-3122-4b2b-aa7b-1758d18bef0d", "hashes": { "MD5": "6e90fb74568b471c2699f72b7cae68dc" } }, { "type": "file", "spec_version": "2.1", "id": "file--8595cc00-2c44-4094-84d6-65478e2ad657", "hashes": { "MD5": "62a4ecd0721de04fc52f5fcef933ee44" } }, { "type": "file", "spec_version": "2.1", "id": "file--f1fd9c3b-70fa-4c6f-aa68-7f4fd3cb3bb3", "hashes": { "MD5": "114d8db4843748d79861b49343c8b7ca" } }, { "type": "file", "spec_version": "2.1", "id": "file--15d8d7cc-f6a1-4fce-a754-133bc7f9b025", "hashes": { "MD5": "d25e32c2f4c243f8b0fb537b73c6f07c" } }, { "type": "file", "spec_version": "2.1", "id": "file--02347451-36db-45a2-bbbc-b9147dc3b9eb", "hashes": { "MD5": "f4c5b7ebe0ffb8c5d5632877552f2e23" } }, { "type": "file", "spec_version": "2.1", "id": "file--1e2a20b9-938a-4e96-86a9-aa9e2e39ff33", "hashes": { "MD5": "f0a1309490c5ee84dedc04b035c45cd0" } }, { "type": "file", "spec_version": "2.1", "id": "file--fa4da444-67ba-470f-99f7-9ae337003834", "hashes": { "MD5": "aa336c62ce0214b5ffe1d41d93d6e99b" } }, { "type": "file", "spec_version": "2.1", "id": "file--7da1c48d-50b9-41ae-9088-b88361d6a1db", "hashes": { "MD5": "4aef9d49dc3fe0af76cecb93904875c0" } }, { "type": "file", "spec_version": "2.1", "id": "file--2e212a91-c628-4b8c-b589-add63a17ded9", "hashes": { "SHA-1": "bbf1ff28e84766ad27683cc9078d16f0493cdbab" } }, { "type": "file", "spec_version": "2.1", "id": "file--6a21316b-791f-43ea-b05b-fd68d81918ec", "hashes": { "MD5": "5271c65208ed70fad30077524f371ed8" } }, { "type": "file", "spec_version": "2.1", "id": "file--dd914ac1-09e4-40eb-92eb-bce490359d31", "hashes": { "MD5": "3dfc4d44b2b523659f00d8945225bc60" } }, { "type": "file", "spec_version": "2.1", "id": "file--71b7d1d3-9731-48b7-8c6c-2ef5af1910c0", "hashes": { "MD5": "ab32b3c672765e57e0892dc1f046728a" } }, { "type": "file", "spec_version": "2.1", "id": "file--34d3d7c0-c45b-4581-9bb4-e337b1071f98", "hashes": { "MD5": "bc433c07b82c684a09d26e014c0cefdb" } }, { "type": "file", "spec_version": "2.1", "id": "file--dab53e93-2134-41ae-be94-2053c302a85d", "hashes": { "MD5": "620f0b67a91f7f74151bc5be745b7110" } }, { "type": "file", "spec_version": "2.1", "id": "file--ee7cc77c-76ae-4445-aebc-34f3a0d5835d", "hashes": { "MD5": "fc14f0c7ff263b01c27ac84ff16072e6" } }, { "type": "file", "spec_version": "2.1", "id": "file--26e4c34e-425d-41e6-a8c7-7b74617deb1a", "hashes": { "MD5": "d2cf27a072c85308a12b834aa3150af0" } }, { "type": "file", "spec_version": "2.1", "id": "file--7577985a-8342-42f9-b711-4139a226679f", "hashes": { "MD5": "c74e289ad927e81d2a1a56bc73e394ab" } }, { "type": "file", "spec_version": "2.1", "id": "file--b5e8d408-a0a3-4260-a87e-22d91e42da35", "hashes": { "MD5": "941009d7534325e92b5a0183b05aec00" } }, { "type": "file", "spec_version": "2.1", "id": "file--4834a899-c46d-47e3-9780-a311138f8e4e", "hashes": { "MD5": "2950e3741d7af69e0ca0c5013abc4209" } }, { "type": "file", "spec_version": "2.1", "id": "file--1eec3b80-4024-4e31-8de4-6eca45ae6cec", "hashes": { "MD5": "f5391c0baa8c69ab8fc159089099c8c4" } }, { "type": "file", "spec_version": "2.1", "id": "file--b80907eb-3f13-46e6-816f-8da40e014ae5", "hashes": { "MD5": "0e0f176e5767c4f278df968c7364e815" } }, { "type": "file", "spec_version": "2.1", "id": "file--f12801f3-a26b-41ae-afc3-40a158f95c7c", "hashes": { "SHA-1": "350778fc552918dddf84ea3a4c956e9996afe0d5" } }, { "type": "file", "spec_version": "2.1", "id": "file--8ec8f2b3-456d-4e5f-b0d2-06709e526d22", "hashes": { "MD5": "cfc3f97af184f52c091a175eda4587b8" } }, { "type": "file", "spec_version": "2.1", "id": "file--a97e5044-ba4e-4fcb-81c5-6b13a4ac6c04", "hashes": { "SHA-1": "566243e09a3d19828c243c799f638ae34469d967" } }, { "type": "file", "spec_version": "2.1", "id": "file--884f46b7-2966-4938-af6f-c98c772e99e5", "hashes": { "MD5": "ceb5df2b67157dbc6b6aac93c8524f3d" } }, { "type": "file", "spec_version": "2.1", "id": "file--1958cfc1-6032-43dd-95e0-9a6879dbcf69", "hashes": { "MD5": "1cfe81260eb717a1b917d7b3d1349851" } }, { "type": "file", "spec_version": "2.1", "id": "file--efa2fca8-a5b9-4e4b-bbc7-ac41146cb4d0", "hashes": { "MD5": "5b8468fde2fdd44adf4eba4d955fa265" } }, { "type": "file", "spec_version": "2.1", "id": "file--0e6c83f8-a3df-4ada-8a3d-9008fa35f810", "hashes": { "MD5": "f82e3e0c1cadda61be2ed2885911bd3d" } }, { "type": "file", "spec_version": "2.1", "id": "file--508e3734-0ceb-4d0e-b313-c8700814b136", "hashes": { "MD5": "b94f8f257f9ebfb122acf253691a713e" } }, { "type": "file", "spec_version": "2.1", "id": "file--ff47608f-3434-481b-833f-931ae2f99f7b", "hashes": { "MD5": "324652d914c29aa7a7081d418add47dc" } }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--144818da-aadb-576a-82f4-f05e15a3bb28", "created": "2026-06-24T21:02:46.688683Z", "modified": "2026-06-24T21:02:46.688683Z", "name": "HiddenCobra" }, { "type": "report", "spec_version": "2.1", "id": "report--e2cd9ced-a7f2-459e-baf3-80b220658879", "created_by_ref": "identity--ee1af7fe-c2db-446e-ab28-bdb4b4e29c1c", "created": "2026-06-24T21:02:46.691244Z", "modified": "2026-06-24T21:02:46.691244Z", "name": "North Korean Trojan: BANKSHOT", "published": "2017-12-21T00:00:00Z", "object_refs": [ "identity--ee1af7fe-c2db-446e-ab28-bdb4b4e29c1c", "file--d4342e50-4d39-4382-aa3a-c53ac9a6c951", "file--b5c372c4-0af9-4205-8e4e-f982d341a9e7", "file--2203b95b-3d9f-489b-a1c6-b05a8c4f53b8", "indicator--62862ca1-facf-45f2-8e5b-24c195947ecd", "file--d7186f17-55ee-49ff-8236-c6727ba3193f", "file--162b56d2-9b09-436c-a302-ea670fb36cd5", "file--fc5cf976-f1b8-492b-93d7-71535ebba1a0", "file--4e5993dd-99d8-4afa-a6d7-ea707fdc6f49", "file--2f7b83ad-2019-4824-bb6d-0443353e2693", "file--9dfa060b-fe5c-40a6-abc9-8f947f44a7b9", "file--9479653a-6153-42c8-89ce-9417f92a29a3", "file--a4a79526-44b0-4bc0-8b23-c97f8ce67f68", "file--165c8ce1-4747-4eda-9db3-7b6c3f9e5938", "file--350c2134-9b02-4ec9-a256-486e23431b9b", "file--57b8d803-6575-42bc-a97c-28a822fa7752", "file--f69383e2-db87-45c4-905d-75a460d5e853", "file--7c39c7f5-1e73-43e2-9c01-5c81ffe3853b", "file--b65eb401-c7df-4e37-ab3c-0b1cb21a58d2", "file--eb2659c2-66b2-42f5-89fd-c22999f1ed5b", "file--a27521c6-ba95-42e9-ad07-7058b6dec51b", "file--1bbc3bf4-f822-4ade-a0ed-8d9ea76513d8", "file--07fe68c0-78c0-4e32-9ad2-47f72bb120a2", "file--34cbcedf-4464-457d-8612-76ee12d413fe", "file--6b13e835-3122-4b2b-aa7b-1758d18bef0d", "file--8595cc00-2c44-4094-84d6-65478e2ad657", "file--f1fd9c3b-70fa-4c6f-aa68-7f4fd3cb3bb3", "file--15d8d7cc-f6a1-4fce-a754-133bc7f9b025", "file--02347451-36db-45a2-bbbc-b9147dc3b9eb", "file--1e2a20b9-938a-4e96-86a9-aa9e2e39ff33", "file--fa4da444-67ba-470f-99f7-9ae337003834", "file--7da1c48d-50b9-41ae-9088-b88361d6a1db", "file--2e212a91-c628-4b8c-b589-add63a17ded9", "file--6a21316b-791f-43ea-b05b-fd68d81918ec", "file--dd914ac1-09e4-40eb-92eb-bce490359d31", "file--71b7d1d3-9731-48b7-8c6c-2ef5af1910c0", "file--34d3d7c0-c45b-4581-9bb4-e337b1071f98", "file--dab53e93-2134-41ae-be94-2053c302a85d", "file--ee7cc77c-76ae-4445-aebc-34f3a0d5835d", "file--26e4c34e-425d-41e6-a8c7-7b74617deb1a", "file--7577985a-8342-42f9-b711-4139a226679f", "file--b5e8d408-a0a3-4260-a87e-22d91e42da35", "file--4834a899-c46d-47e3-9780-a311138f8e4e", "file--1eec3b80-4024-4e31-8de4-6eca45ae6cec", "file--b80907eb-3f13-46e6-816f-8da40e014ae5", "file--f12801f3-a26b-41ae-afc3-40a158f95c7c", "file--8ec8f2b3-456d-4e5f-b0d2-06709e526d22", "file--a97e5044-ba4e-4fcb-81c5-6b13a4ac6c04", "file--884f46b7-2966-4938-af6f-c98c772e99e5", "file--1958cfc1-6032-43dd-95e0-9a6879dbcf69", "file--efa2fca8-a5b9-4e4b-bbc7-ac41146cb4d0", "file--0e6c83f8-a3df-4ada-8a3d-9008fa35f810", "file--508e3734-0ceb-4d0e-b313-c8700814b136", "file--ff47608f-3434-481b-833f-931ae2f99f7b", "threat-actor--144818da-aadb-576a-82f4-f05e15a3bb28" ], "external_references": [ { "source_name": "source", "url": "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDF" } ] } ] }