{ "type": "bundle", "id": "bundle--066ff1b9-f776-4ac8-a9e5-3539e3ca01ea", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--2b81ac94-301c-4ad2-9570-be4d616d870c", "created": "2023-03-08T12:51:45.55441Z", "modified": "2024-10-04T00:29:05.547086Z", "name": "Securonix", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--18d42973-ae2d-4798-b17c-fa3598d74d76", "value": "ip-api.com" }, { "type": "url", "spec_version": "2.1", "id": "url--626a7140-1ac3-4516-8a1d-f2ca705ce9cd", "value": "http://ip-api.com/json" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--99062b30-67a9-42c7-868e-5f6796304cd3", "value": "67.203.7.171" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--b5f1b200-42eb-418c-834f-0c84c1665bff", "value": "67.203.123.171" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--4b035845-9901-407a-91b1-80eb4b8ebbab", "value": "77.37.37.81" }, { "type": "file", "spec_version": "2.1", "id": "file--d768d4ff-5e12-45ac-a69b-c7a80aaa16d2", "hashes": { "SHA-256": "63238b8d083553a8341bf6599d3d601fbf06708792642ad513b5e03d5e770e9b" } }, { "type": "file", "spec_version": "2.1", "id": "file--df0575f4-deb0-45f8-b770-4c9abdd7d904", "hashes": { "SHA-256": "bc4a082e2b999d18ef2d7de1948b2bfd9758072f5945e08798f47827686621f2" } }, { "type": "file", "spec_version": "2.1", "id": "file--d8d2db35-9067-4656-b2e5-8829a094f06e", "hashes": { "SHA-256": "2d10b48454537a8977affde99f6edcbb7cd6016d3683f9c28a4ec01b127f64d8" } }, { "type": "file", "spec_version": "2.1", "id": "file--f40a78f5-bb71-4559-ae7c-dd5a4885b603", "hashes": { "SHA-256": "b31f5bde1bdbc2dfd453b91bab2e9be0becec555ee6edd70744c77f2ad15d18c" } }, { "type": "file", "spec_version": "2.1", "id": "file--2beaa373-d7a6-482a-ac24-febe823a8f39", "hashes": { "SHA-256": "eff2a9fca46425063dca080466427353dc52ac225d9df7c1ef0ec8ba49109b71" } }, { "type": "file", "spec_version": "2.1", "id": "file--4b39e562-e5c6-4880-8acd-d4e2a3a51334", "hashes": { "SHA-256": "0639d8eaad9df842d6f358831b0d4c654ec4d9ebec037ab5defa240060956925" } }, { "type": "file", "spec_version": "2.1", "id": "file--95cf8299-a6fe-45e7-ba6d-37b852e6c5b3", "hashes": { "SHA-256": "6263b94884726751bf4de6f1a4dc309fb19f29b53cce0d5ec521a6c0f5119264" } }, { "type": "file", "spec_version": "2.1", "id": "file--1e5ed3dd-7750-4960-a1cc-0fa58cd00439", "hashes": { "SHA-256": "7e5828382c9ef9cd7a643bc329154a37fe046346fd2cf4698da2b91050c9fe12" } }, { "type": "url", "spec_version": "2.1", "id": "url--01bc7f6e-ae20-4017-a5ee-b7a8e33a8fb2", "value": "http://de.ztec.store:8000/www/run.py" }, { "type": "url", "spec_version": "2.1", "id": "url--2c355c78-5b31-4619-949d-5826241e8e3e", "value": "http://de.ztec.store:8000" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--83c467d6-d01f-4fec-84ec-d9797004a970", "value": "de.ztec.store" }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--dc9f09e9-c894-53f2-b8c7-e83de1a6be9a", "created": "2026-06-24T22:42:37.773231Z", "modified": "2026-06-24T22:42:37.773231Z", "name": "DevPopper" }, { "type": "report", "spec_version": "2.1", "id": "report--226185bb-8a10-41b8-bbc5-44899b8174d0", "created_by_ref": "identity--2b81ac94-301c-4ad2-9570-be4d616d870c", "created": "2026-06-24T22:42:37.787775Z", "modified": "2026-06-24T22:42:37.787775Z", "name": "Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering", "published": "2024-07-31T00:00:00Z", "object_refs": [ "identity--2b81ac94-301c-4ad2-9570-be4d616d870c", "domain-name--18d42973-ae2d-4798-b17c-fa3598d74d76", "url--626a7140-1ac3-4516-8a1d-f2ca705ce9cd", "ipv4-addr--99062b30-67a9-42c7-868e-5f6796304cd3", "ipv4-addr--b5f1b200-42eb-418c-834f-0c84c1665bff", "ipv4-addr--4b035845-9901-407a-91b1-80eb4b8ebbab", "file--d768d4ff-5e12-45ac-a69b-c7a80aaa16d2", "file--df0575f4-deb0-45f8-b770-4c9abdd7d904", "file--d8d2db35-9067-4656-b2e5-8829a094f06e", "file--f40a78f5-bb71-4559-ae7c-dd5a4885b603", "file--2beaa373-d7a6-482a-ac24-febe823a8f39", "file--4b39e562-e5c6-4880-8acd-d4e2a3a51334", "file--95cf8299-a6fe-45e7-ba6d-37b852e6c5b3", "file--1e5ed3dd-7750-4960-a1cc-0fa58cd00439", "url--01bc7f6e-ae20-4017-a5ee-b7a8e33a8fb2", "url--2c355c78-5b31-4619-949d-5826241e8e3e", "domain-name--83c467d6-d01f-4fec-84ec-d9797004a970", "threat-actor--dc9f09e9-c894-53f2-b8c7-e83de1a6be9a" ], "external_references": [ { "source_name": "source", "url": "https://www.securonix.com/blog/research-update-threat-actors-behind-the-devpopper-campaign-have-retooled-and-are-continuing-to-target-software-developers-via-social-engineering/" } ] } ] }