{ "type": "bundle", "id": "bundle--cb7b4824-1a7e-49e9-a740-54be1854e75b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--a96f8bbb-0501-4026-a441-edfe31375afa", "created": "2025-12-03T00:51:50.222128Z", "modified": "2025-12-03T00:53:40.15867Z", "name": "OSM", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--2f602576-1f4f-43ab-8c8a-59e5a66545b1", "value": "api.trongrid.io" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--e26580cb-b6a4-443f-ad9c-8ae8392d47a8", "value": "fullnode.mainnet.aptoslabs.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--c64359ed-1b4a-4861-8c23-1c7f3d8356f2", "value": "outlook.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--b8216169-b8d5-438c-8646-d30abd0a1cd8", "value": "bsc-dataseed.binance.org" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--e2fd9333-7fae-497e-b014-9fadffa31950", "value": "bsc-rpc.publicnode.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--911d0670-6239-4c5c-a075-e41644e3ddb0", "created": "2026-06-24T17:26:37.958895Z", "modified": "2026-06-24T17:26:37.958895Z", "name": "YARA Rule", "pattern": "rule TasksJacker_Blockchain_IOCs\r\n{\r\n meta:\r\n description = \"Detects TasksJacker blockchain C2 addresses\"\r\n author = \"OpenSourceMalware.com\"\r\n date = \"2026-02-20\"\r\n\r\n strings:\r\n $tron1 = \"TMfKQEd7TJJa5xNZJZ2Lep838vrzrs7mAP\"\r\n $tron2 = \"TXfxHUet9pJVU1BgVkBAbrES4YUc1nGzcG\"\r\n $aptos1 = \"0xbe037400670fbf1c32364f762975908dc43eeb38759263e7dfcdabc76380811e\"\r\n $aptos2 = \"0x3f0e5781d0855fb460661ac63257376db1941b2bb522499e4757ecb3ebd5dce3\"\r\n\r\n condition:\r\n any of them\r\n}", "pattern_type": "yara", "valid_from": "2026-03-31T00:00:00Z" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--059d95a2-d54b-4c82-aa0d-3cf26a5122a8", "value": "jacky870120@outlook.com" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--cf7b35da-7585-4fd0-9fb6-a47bffcb51ba", "value": "PolinRider@outlook.com" }, { "type": "report", "spec_version": "2.1", "id": "report--8a6f43fb-9e1a-435c-b8f6-fed9791403ee", "created_by_ref": "identity--a96f8bbb-0501-4026-a441-edfe31375afa", "created": "2026-06-24T17:26:37.980207Z", "modified": "2026-06-24T17:26:37.980207Z", "name": "TasksJacker: Latest DPRK Attack Skips the Fake Interview and Goes Straight to Compromising GitHub Users", "published": "2026-03-31T00:00:00Z", "object_refs": [ "identity--a96f8bbb-0501-4026-a441-edfe31375afa", "domain-name--2f602576-1f4f-43ab-8c8a-59e5a66545b1", "domain-name--e26580cb-b6a4-443f-ad9c-8ae8392d47a8", "domain-name--c64359ed-1b4a-4861-8c23-1c7f3d8356f2", "domain-name--b8216169-b8d5-438c-8646-d30abd0a1cd8", "domain-name--e2fd9333-7fae-497e-b014-9fadffa31950", "indicator--911d0670-6239-4c5c-a075-e41644e3ddb0", "email-addr--059d95a2-d54b-4c82-aa0d-3cf26a5122a8", "email-addr--cf7b35da-7585-4fd0-9fb6-a47bffcb51ba" ], "external_references": [ { "source_name": "source", "url": "https://opensourcemalware.com/blog/tasksjacker-blog-post" } ] } ] }