{ "type": "bundle", "id": "bundle--46e71eb6-117c-44ed-b241-3da8d41036ce", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--1fccd592-25a0-4cda-9627-ebe8eb44fc83", "created": "2023-03-08T12:51:53.039568Z", "modified": "2023-03-08T12:51:53.039645Z", "name": "Cybereason", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--4419d2ab-2479-4718-a9e5-0d3e6bf6ddcf", "value": "api.ipify.org" }, { "type": "file", "spec_version": "2.1", "id": "file--ad444233-bba1-4109-833a-958587b2d456", "hashes": { "SHA-1": "5f1ad1787106de9725005d8da33d815d0994ee83" } }, { "type": "file", "spec_version": "2.1", "id": "file--d53ffb38-5d6c-4e7a-9b5a-40b403951c3e", "hashes": { "SHA-1": "9ebb541dcb24d564448a6f5e00c613b73eba7148" } }, { "type": "file", "spec_version": "2.1", "id": "file--3f319757-c910-4744-a9ef-5b739e3d72a7", "hashes": { "MD5": "55c60b5d13499341d72f5a34c632cfd9" } }, { "type": "file", "spec_version": "2.1", "id": "file--2162f347-5c72-4b76-8fdc-81faca239912", "hashes": { "SHA-1": "f3683a0c12154e8bf44d9d942db3eac9e930e7a5" } }, { "type": "file", "spec_version": "2.1", "id": "file--b985ca9f-975f-4d97-969d-69926767b67a", "hashes": { "SHA-1": "46c595e580719a4c54f55b4041f81d6e50ab4062" } }, { "type": "file", "spec_version": "2.1", "id": "file--760f6c62-00c4-475d-8d21-46f43e6290f7", "hashes": { "SHA-1": "b388243bf5899c99091ac2df13339f141659bbd4" } }, { "type": "file", "spec_version": "2.1", "id": "file--5e072f88-ff15-4933-a0de-c880c3b30cef", "hashes": { "MD5": "d4cb942aa18eff519dcbcae88a0a99fb" } }, { "type": "file", "spec_version": "2.1", "id": "file--b3bc705d-7daf-49bd-8f5d-469a8a6bcf0b", "hashes": { "MD5": "6e8516ca48318fb2904e2027b5350b26" } }, { "type": "file", "spec_version": "2.1", "id": "file--a882fc5f-4ce3-4898-b8cb-2b2d25c0a608", "hashes": { "SHA-1": "3ed09498214d93c9ec14a15286546d242ad58943" } }, { "type": "file", "spec_version": "2.1", "id": "file--29567e4b-30c8-4faf-9c33-9df833d5fd42", "hashes": { "SHA-1": "e75983b073ff0632e35e237f6622466c2699687c" } }, { "type": "file", "spec_version": "2.1", "id": "file--5e187a8a-135e-4934-9616-dbee84fe2113", "hashes": { "SHA-1": "bd26238fb7d7e16ea79073d882bba00d34dd859c" } }, { "type": "file", "spec_version": "2.1", "id": "file--aeb94210-1d6a-4e14-8b87-2ff095d3db6d", "hashes": { "SHA-1": "4bba60ff11f8b150b004960c658ad74a707ebcea" } }, { "type": "file", "spec_version": "2.1", "id": "file--08d18bcf-2e74-47ad-a9dd-15cc45d41786", "hashes": { "SHA-1": "e5dc7c8bfa285b61dda1618f0ade9c256be75d1a" } }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--924bc1fc-7346-4997-958f-233ac4ffc708", "value": "chishir.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--1598a6cd-c953-4ce8-8542-27cc58ad3d1a", "value": "northracing.net" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--aa7969d4-70b2-4a4a-a4a6-6054edbe3af3", "value": "23.95.97.59" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--2b869b86-6da3-411b-90ff-887ab9699c9f", "value": "91.12.89.129" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--82dde6f4-b0f3-4ddb-a56c-6b8516e41c46", "value": "199.217.115.53" }, { "type": "report", "spec_version": "2.1", "id": "report--dd6b8da6-7042-4637-bbf6-b7e3a85b1bb8", "created_by_ref": "identity--1fccd592-25a0-4cda-9627-ebe8eb44fc83", "created": "2026-06-24T21:17:42.873513Z", "modified": "2026-06-24T21:17:42.873513Z", "name": "ROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE", "published": "2019-12-11T00:00:00Z", "object_refs": [ "identity--1fccd592-25a0-4cda-9627-ebe8eb44fc83", "domain-name--4419d2ab-2479-4718-a9e5-0d3e6bf6ddcf", "file--ad444233-bba1-4109-833a-958587b2d456", "file--d53ffb38-5d6c-4e7a-9b5a-40b403951c3e", "file--3f319757-c910-4744-a9ef-5b739e3d72a7", "file--2162f347-5c72-4b76-8fdc-81faca239912", "file--b985ca9f-975f-4d97-969d-69926767b67a", "file--760f6c62-00c4-475d-8d21-46f43e6290f7", "file--5e072f88-ff15-4933-a0de-c880c3b30cef", "file--b3bc705d-7daf-49bd-8f5d-469a8a6bcf0b", "file--a882fc5f-4ce3-4898-b8cb-2b2d25c0a608", "file--29567e4b-30c8-4faf-9c33-9df833d5fd42", "file--5e187a8a-135e-4934-9616-dbee84fe2113", "file--aeb94210-1d6a-4e14-8b87-2ff095d3db6d", "file--08d18bcf-2e74-47ad-a9dd-15cc45d41786", "domain-name--924bc1fc-7346-4997-958f-233ac4ffc708", "domain-name--1598a6cd-c953-4ce8-8542-27cc58ad3d1a", "ipv4-addr--aa7969d4-70b2-4a4a-a4a6-6054edbe3af3", "ipv4-addr--2b869b86-6da3-411b-90ff-887ab9699c9f", "ipv4-addr--82dde6f4-b0f3-4ddb-a56c-6b8516e41c46" ], "external_references": [ { "source_name": "source", "url": "https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware" } ] } ] }