{ "type": "bundle", "id": "bundle--5fd298e0-e8e8-442d-b555-c5fdeacb74f8", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--5d199e7e-198c-47e8-ad62-397e3bd362e2", "created": "2023-03-08T12:51:51.400428Z", "modified": "2024-08-19T23:43:12.521753Z", "name": "Group-IB", "identity_class": "organization" }, { "type": "url", "spec_version": "2.1", "id": "url--feec94d2-4253-4b59-a296-b52c710d8ea4", "value": "https://filedn.com/lY24cv0IfefboNEIN0I9gqR" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--e16e4e68-a843-40fb-917c-0b23e2654923", "value": "filedn.com" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--a487436d-8929-46d4-9998-212edb239314", "value": "104.168.165.203" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--1836ccdd-b973-4b33-afd0-ec45331c55d8", "value": "104.168.157.45" }, { "type": "file", "spec_version": "2.1", "id": "file--2d07bc4d-5404-48ce-8121-b7fde55813da", "hashes": { "SHA-256": "9111d458d5665b1bf463859792e950fe8d8186df9a6a3241360dc11f34d018c2" } }, { "type": "file", "spec_version": "2.1", "id": "file--9c192590-687f-46da-a703-7c957266990a", "hashes": { "SHA-256": "e87177e07ab9651b48664c3d22334248e012e8a2bab02f65c93fedd79af0a74f" } }, { "type": "file", "spec_version": "2.1", "id": "file--3f9117f8-f5ea-4c34-9328-fba36b7efc61", "hashes": { "SHA-256": "7464850d7d6891418c503d0e1732812d7703d6c1fd5cf3c821f3c202786f9422" } }, { "type": "file", "spec_version": "2.1", "id": "file--07c7a75a-9b02-4a40-9262-b63f4d7f4e18", "hashes": { "SHA-256": "022344029b8bf951ba02b11025fe26c99193cb7c8a482c33862c9bbaa5e5528e" } }, { "type": "file", "spec_version": "2.1", "id": "file--6c50a240-cd24-42aa-b8e7-72b3ceea0c74", "hashes": { "SHA-256": "176e8a5a7b6737f8d3464c18a77deef778ec2b9b42b7e7eafc888aeaf2758c2d" } }, { "type": "file", "spec_version": "2.1", "id": "file--81bb220b-6a5f-4cc3-a1a1-531621d82390", "hashes": { "SHA-256": "f3e6e8df132155daf1d428dff61f0ca53ecd02015a0a0bbe1ad237519ab3cb58" } }, { "type": "file", "spec_version": "2.1", "id": "file--ab14d16a-b364-4c71-805a-4996857cb795", "hashes": { "SHA-256": "48ee5d0d44a015876d867fa515b04c1998fecf19badcbd69f4f3fa8497d57215" } }, { "type": "file", "spec_version": "2.1", "id": "file--2a885f78-095b-491f-8aea-b0c6502a7e36", "hashes": { "SHA-256": "4bce97eff4430708299a1bb4142b9d359d8adf77a2e1673bf76485df25e6d357" } }, { "type": "file", "spec_version": "2.1", "id": "file--4892d8c8-fd9c-49ac-99de-4af2f3a641cc", "hashes": { "SHA-256": "878e3701df9b0abdaa7094e22d067c8398a9fc842cabe917fd5f75f2c84d8552" } }, { "type": "file", "spec_version": "2.1", "id": "file--0b3c101d-0381-4eb7-b724-62261cf2d7ce", "hashes": { "SHA-256": "a4cab67569d0b35c249dc536fb25dabdc12839ed4e945c59ec826c0a241b792a" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cda367ec-2d82-4d8e-aa8c-41acc829d0a9", "created": "2026-06-24T21:08:32.313605Z", "modified": "2026-06-24T21:08:32.313605Z", "name": "YARA Rule", "pattern": "rule rustyattr\r\n{\r\n meta:\r\n author = \"Sharmine Low\"\r\n company = \"Group-IB\"\r\n family = \"rustyattr\"\r\n description = \"Detects rust binary of rustyattr\"\r\n severity = 9\r\n date = \"2024-10-30\"\r\n sample = \"176e8a5a7b6737f8d3464c18a77deef778ec2b9b42b7e7eafc888aeaf2758c2d\"\r\n\r\n strings:\r\n $s1 = \"run_command\"\r\n $s2 = \"get_application_properties\"\r\n $s3 = \"get_application_path\"\r\n $s4 = \"close_main_window\"\r\n $s5 = \"show_main_window\"\r\n\r\n $r1 = \"window.__TAURI__.\"\r\n\r\n condition:\r\n all of ($s*) and $r1\r\n}", "pattern_type": "yara", "valid_from": "2024-11-13T00:00:00Z" }, { "type": "url", "spec_version": "2.1", "id": "url--544237f2-c330-4193-bd90-b2b3630f957c", "value": "https://support.docsend.site/519529/check" }, { "type": "url", "spec_version": "2.1", "id": "url--f4c5ef09-cb0e-4ac9-b681-a22b7570e509", "value": "https://support.cloudstore.business/256977/check" }, { "type": "url", "spec_version": "2.1", "id": "url--0006ebf1-e2f0-4a0a-95c9-f8f361d67848", "value": "https://filedn.com/lY24cv0IfefboNEIN0I9gqR/dragonfly/Discussion%20Points%20for%20Synergy%20Exploration_Over.pdf" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--1860a959-3012-4bc6-a707-91fb0cc28d2b", "value": "support.cloudstore.business" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--cf9ccbe9-273b-4138-a2f4-19ae8dc41502", "value": "support.docsend.site" }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b", "created": "2026-06-24T21:08:32.321139Z", "modified": "2026-06-24T21:08:32.321139Z", "name": "Lazarus" }, { "type": "report", "spec_version": "2.1", "id": "report--23d21bef-7a82-4403-b132-2a2148d75438", "created_by_ref": "identity--5d199e7e-198c-47e8-ad62-397e3bd362e2", "created": "2026-06-24T21:08:32.328775Z", "modified": "2026-06-24T21:08:32.328775Z", "name": "Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes", "published": "2024-11-13T00:00:00Z", "object_refs": [ "identity--5d199e7e-198c-47e8-ad62-397e3bd362e2", "url--feec94d2-4253-4b59-a296-b52c710d8ea4", "domain-name--e16e4e68-a843-40fb-917c-0b23e2654923", "ipv4-addr--a487436d-8929-46d4-9998-212edb239314", "ipv4-addr--1836ccdd-b973-4b33-afd0-ec45331c55d8", "file--2d07bc4d-5404-48ce-8121-b7fde55813da", "file--9c192590-687f-46da-a703-7c957266990a", "file--3f9117f8-f5ea-4c34-9328-fba36b7efc61", "file--07c7a75a-9b02-4a40-9262-b63f4d7f4e18", "file--6c50a240-cd24-42aa-b8e7-72b3ceea0c74", "file--81bb220b-6a5f-4cc3-a1a1-531621d82390", "file--ab14d16a-b364-4c71-805a-4996857cb795", "file--2a885f78-095b-491f-8aea-b0c6502a7e36", "file--4892d8c8-fd9c-49ac-99de-4af2f3a641cc", "file--0b3c101d-0381-4eb7-b724-62261cf2d7ce", "indicator--cda367ec-2d82-4d8e-aa8c-41acc829d0a9", "url--544237f2-c330-4193-bd90-b2b3630f957c", "url--f4c5ef09-cb0e-4ac9-b681-a22b7570e509", "url--0006ebf1-e2f0-4a0a-95c9-f8f361d67848", "domain-name--1860a959-3012-4bc6-a707-91fb0cc28d2b", "domain-name--cf9ccbe9-273b-4138-a2f4-19ae8dc41502", "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b" ], "external_references": [ { "source_name": "source", "url": "https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/" } ] } ] }