{ "type": "bundle", "id": "bundle--0738bfc9-8739-414b-bc83-29a21a311c88", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--a96f8bbb-0501-4026-a441-edfe31375afa", "created": "2025-12-03T00:51:50.222128Z", "modified": "2025-12-03T00:53:40.15867Z", "name": "OSM", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--2f602576-1f4f-43ab-8c8a-59e5a66545b1", "value": "api.trongrid.io" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--e26580cb-b6a4-443f-ad9c-8ae8392d47a8", "value": "fullnode.mainnet.aptoslabs.com" }, { "type": "url", "spec_version": "2.1", "id": "url--938e6f5d-1b6e-42de-a358-27d0651d4905", "value": "https://fullnode.mainnet.aptoslabs.com/v1/accounts/0xbe037.../transactions" }, { "type": "url", "spec_version": "2.1", "id": "url--288cb7d1-6933-49ff-b076-38aa780c074e", "value": "https://wolf-studios-frontend.vercel.app/" }, { "type": "url", "spec_version": "2.1", "id": "url--d322e057-7b25-4eac-9703-892058cfe99a", "value": "https://api.trongrid.io/v1/accounts/TMfKQEd7TJJa5xNZJZ2Lep838vrzrs7mAP/transactions" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--4cb4ad18-8623-477d-a9ee-e84112c24753", "value": "gowreesh-vt.github.io" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--e305d9e4-4a63-4f60-98e5-ca6bc9710200", "value": "shop.ceenami.com" }, { "type": "url", "spec_version": "2.1", "id": "url--a43554da-6bfe-4f94-8d2f-c3ff1573c001", "value": "https://api.trongrid.io/v1/accounts/" }, { "type": "url", "spec_version": "2.1", "id": "url--a31c9dc8-d5ba-48b0-8b26-f9afdf03d7dc", "value": "https://fullnode.mainnet.aptoslabs.com/v1/accounts/" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--b8216169-b8d5-438c-8646-d30abd0a1cd8", "value": "bsc-dataseed.binance.org" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--e2fd9333-7fae-497e-b014-9fadffa31950", "value": "bsc-rpc.publicnode.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--269ad315-cc00-4445-851d-b05010e3966e", "created": "2026-06-24T19:55:48.847459Z", "modified": "2026-06-24T19:55:48.847459Z", "name": "YARA Rule", "pattern": "rule rmcej_otb_payload {\r\n meta:\r\n description = \"Detects rmcej%otb% shuffle-cipher JS payload injected into config files\"\r\n author = \"OpenSourceMalware.com\"\r\n date = \"2026-03-07\"\r\n severity = \"high\"\r\n\r\n strings:\r\n $marker = \"rmcej%otb%\"\r\n $global = \"global['!']\"\r\n $seed1 = \"2857687\"\r\n $seed2 = \"2667686\"\r\n $varname = \"_$_1e42\"\r\n\r\n condition:\r\n $marker or ($global and $seed1) or ($varname and $seed2)\r\n}", "pattern_type": "yara", "valid_from": "2026-03-08T00:00:00Z" }, { "type": "file", "spec_version": "2.1", "id": "file--0b734599-050a-4127-a918-09c811117470", "hashes": { "SHA-1": "7af8f530f537ec4fae33afb4abb63f9111594229" } }, { "type": "file", "spec_version": "2.1", "id": "file--a2e04034-479f-41a8-9c76-07b4f85e9365", "hashes": { "SHA-1": "05e169512fdfb8f3492f0a259b445b2d0d629cba" } }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--517f1d6a-514b-592b-8216-43a310ad6d08", "created": "2026-06-24T19:55:48.853956Z", "modified": "2026-06-24T19:55:48.853956Z", "name": "ContagiousInterview" }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--21a5efde-6a09-5457-b095-3687a21fa8b8", "created": "2026-06-24T19:55:48.858806Z", "modified": "2026-06-24T19:55:48.858806Z", "name": "PolinRider" }, { "type": "report", "spec_version": "2.1", "id": "report--d7fe6e11-cda7-4ba5-b65b-c6d5e12d7cd1", "created_by_ref": "identity--a96f8bbb-0501-4026-a441-edfe31375afa", "created": "2026-06-24T19:55:48.859813Z", "modified": "2026-06-24T19:55:48.859813Z", "name": "PolinRider: DPRK Threat Actor Implants Malware in Hundreds of GitHub Repos", "published": "2026-03-08T00:00:00Z", "object_refs": [ "identity--a96f8bbb-0501-4026-a441-edfe31375afa", "domain-name--2f602576-1f4f-43ab-8c8a-59e5a66545b1", "domain-name--e26580cb-b6a4-443f-ad9c-8ae8392d47a8", "url--938e6f5d-1b6e-42de-a358-27d0651d4905", "url--288cb7d1-6933-49ff-b076-38aa780c074e", "url--d322e057-7b25-4eac-9703-892058cfe99a", "domain-name--4cb4ad18-8623-477d-a9ee-e84112c24753", "domain-name--e305d9e4-4a63-4f60-98e5-ca6bc9710200", "url--a43554da-6bfe-4f94-8d2f-c3ff1573c001", "url--a31c9dc8-d5ba-48b0-8b26-f9afdf03d7dc", "domain-name--b8216169-b8d5-438c-8646-d30abd0a1cd8", "domain-name--e2fd9333-7fae-497e-b014-9fadffa31950", "indicator--269ad315-cc00-4445-851d-b05010e3966e", "file--0b734599-050a-4127-a918-09c811117470", "file--a2e04034-479f-41a8-9c76-07b4f85e9365", "threat-actor--517f1d6a-514b-592b-8216-43a310ad6d08", "threat-actor--21a5efde-6a09-5457-b095-3687a21fa8b8" ], "external_references": [ { "source_name": "source", "url": "https://opensourcemalware.com/blog/polinrider-attack" } ] } ] }