{ "type": "bundle", "id": "bundle--400942c6-29a9-4e11-bdda-20cad853bed4", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--31413e25-eeb6-4d87-8eb4-58a0c5652baa", "created": "2023-03-08T12:51:46.632587Z", "modified": "2025-03-11T11:46:59.41875Z", "name": "NCCGroup", "identity_class": "organization" }, { "type": "url", "spec_version": "2.1", "id": "url--29667c08-5fa1-47be-bddb-fd33bed3fd76", "value": "https://www.advantims.com/GfxCPL.xsl" }, { "type": "file", "spec_version": "2.1", "id": "file--78c63cbb-6b05-4155-b5be-987d1def7b24", "hashes": { "SHA-256": "949bfce2125d76f2d21084f187c681397d113e1bbdc550694a7bce7f451a6e69" } }, { "type": "file", "spec_version": "2.1", "id": "file--ac705427-ca45-43b2-a8a9-3ce76e686675", "hashes": { "SHA-256": "f188eec1268fd49bdc7375fc5b77ded657c150875fede1a4d797f818d2514e88" } }, { "type": "file", "spec_version": "2.1", "id": "file--3efc9171-6f14-4b86-b2c1-d32e1a926c19", "hashes": { "SHA-256": "bdf9fffe1c9ffbeec307c536a2369eefb2a2c5d70f33a1646a15d6d152c2a6fa" } }, { "type": "file", "spec_version": "2.1", "id": "file--dc6c781d-fe77-47db-aebe-5d3cebee3539", "hashes": { "SHA-256": "d6b55dae813a4acd461d1d36ff7ef2597b6a8112feb07fac0cfc46af963690dc" } }, { "type": "file", "spec_version": "2.1", "id": "file--a34c196c-6acf-42ff-b6e8-1b889a70ccf8", "hashes": { "SHA-256": "47a342545d8df9c2c1e0e945f2c4fca3a440dc00cff40727abff12d307c8c788" } }, { "type": "file", "spec_version": "2.1", "id": "file--ad1d9bf5-5b93-43ad-894c-1dd02d767324", "hashes": { "SHA-256": "cabb45c99ffd8dd189e4e3ed5158fac1d0de4e2782dd704b2b595db5f63e2610" } }, { "type": "file", "spec_version": "2.1", "id": "file--d1f106c5-ae01-46b7-a08d-b1cf04915189", "hashes": { "SHA-256": "c0c8a97a04b4d3c7709760fcbe36dc61e3cec294ed4180069131df53b4211da3" } }, { "type": "url", "spec_version": "2.1", "id": "url--2bf20e4a-9169-4635-a962-e752e80e065f", "value": "https://www.advantims.com/Sync.xsl" }, { "type": "url", "spec_version": "2.1", "id": "url--55b253cf-8e86-4433-8b01-9e6a1f39b7c2", "value": "http://ropgadget.com/posts/abusing_win_functions.html" }, { "type": "url", "spec_version": "2.1", "id": "url--126dd444-b5f7-4bfb-92d3-4341d95aced0", "value": "http://crmute.com/custom.css" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--a6bb025f-8d92-4768-9ff3-7eeb4a5db4ca", "value": "crmute.com" }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b", "created": "2026-06-24T16:50:48.764244Z", "modified": "2026-06-24T16:50:48.764244Z", "name": "Lazarus" }, { "type": "report", "spec_version": "2.1", "id": "report--5669a7b2-dd42-46bd-bea2-4af2e89470cd", "created_by_ref": "identity--31413e25-eeb6-4d87-8eb4-58a0c5652baa", "created": "2026-06-24T16:50:48.76536Z", "modified": "2026-06-24T16:50:48.76536Z", "name": "RIFT: Analysing a Lazarus Shellcode Execution Method", "published": "2021-01-23T00:00:00Z", "object_refs": [ "identity--31413e25-eeb6-4d87-8eb4-58a0c5652baa", "url--29667c08-5fa1-47be-bddb-fd33bed3fd76", "file--78c63cbb-6b05-4155-b5be-987d1def7b24", "file--ac705427-ca45-43b2-a8a9-3ce76e686675", "file--3efc9171-6f14-4b86-b2c1-d32e1a926c19", "file--dc6c781d-fe77-47db-aebe-5d3cebee3539", "file--a34c196c-6acf-42ff-b6e8-1b889a70ccf8", "file--ad1d9bf5-5b93-43ad-894c-1dd02d767324", "file--d1f106c5-ae01-46b7-a08d-b1cf04915189", "url--2bf20e4a-9169-4635-a962-e752e80e065f", "url--55b253cf-8e86-4433-8b01-9e6a1f39b7c2", "url--126dd444-b5f7-4bfb-92d3-4341d95aced0", "domain-name--a6bb025f-8d92-4768-9ff3-7eeb4a5db4ca", "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b" ], "external_references": [ { "source_name": "source", "url": "https://research.nccgroup.com/2021/01/23/rift-analysing-a-lazarus-shellcode-execution-method/" } ] } ] }