{
    "type": "bundle",
    "id": "bundle--915cf2ce-a045-45b3-a789-d7c31fec9ab2",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--18a3a1f0-eb3d-4bbc-904e-ee52948913a7",
            "created": "2023-03-08T12:51:43.431426Z",
            "modified": "2023-03-08T12:51:43.431505Z",
            "name": "Malwarebytes",
            "identity_class": "organization"
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--4914d5f4-9661-4d01-b6e3-16f289ad62bf",
            "hashes": {
                "SHA-256": "2a253c2aa1db3f809c86f410e4bd21f680b7235d951567f24d614d8e4d041576"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--7bc3150e-67f8-4f19-a878-a44a465e6cfc",
            "hashes": {
                "SHA-256": "a42844fc9cb7f80ca49726b3589700fa47bdacf787202d0461c753e7c73cfd2a"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--ec2ae2b7-fdc0-48a2-bb83-1ec7bb59bc0b",
            "hashes": {
                "SHA-256": "3c59ad7c4426e8396369f084c35a2bd3f0caa3ba1d1a91794153507210a77c90"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--284a98c7-e529-4950-a829-7a215e7178a8",
            "hashes": {
                "SHA-256": "c7ccd2aee0bddaf0e6c8f68edba14064e4a9948981231491a87a277e0047c0cb"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--3e942dd4-9513-449c-91eb-ba388fe45a69",
            "hashes": {
                "SHA-256": "676ae680967410e0f245df0b6163005d8799c84e2f8f87bad6b5e30295554e08"
            }
        },
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--3be555f5-1f0d-5001-b84a-c6c910760fd0",
            "created": "2026-06-24T23:58:33.509241Z",
            "modified": "2026-06-24T23:58:33.509241Z",
            "name": "APT37"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--10aab2c2-007c-4d31-af9e-564dcb5b12a5",
            "created_by_ref": "identity--18a3a1f0-eb3d-4bbc-904e-ee52948913a7",
            "created": "2026-06-24T23:58:33.512204Z",
            "modified": "2026-06-24T23:58:33.512204Z",
            "name": "Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat",
            "published": "2021-01-06T00:00:00Z",
            "object_refs": [
                "identity--18a3a1f0-eb3d-4bbc-904e-ee52948913a7",
                "file--4914d5f4-9661-4d01-b6e3-16f289ad62bf",
                "file--7bc3150e-67f8-4f19-a878-a44a465e6cfc",
                "file--ec2ae2b7-fdc0-48a2-bb83-1ec7bb59bc0b",
                "file--284a98c7-e529-4950-a829-7a215e7178a8",
                "file--3e942dd4-9513-449c-91eb-ba388fe45a69",
                "threat-actor--3be555f5-1f0d-5001-b84a-c6c910760fd0"
            ],
            "external_references": [
                {
                    "source_name": "source",
                    "url": "https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/"
                }
            ]
        }
    ]
}