{
    "type": "bundle",
    "id": "bundle--2c2a2839-2725-4a58-9f12-6c32a1eb9641",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--6861dbe8-b780-4188-bcb9-b38a430b0e4a",
            "created": "2023-03-28T23:20:20.363332Z",
            "modified": "2023-03-28T23:21:50.908435Z",
            "name": "ThreatMon",
            "identity_class": "organization"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f39bd1d6-c2a2-46fc-b5dc-f13bc0a13624",
            "created": "2026-06-24T21:04:30.653514Z",
            "modified": "2026-06-24T21:04:30.653514Z",
            "name": "YARA Rule",
            "pattern": "rule Armageddon_Pteranodon\r\n{\r\nmeta:\r\nauthor = \"seyitsec\"\r\ndate = \"2023-03-24\"\r\nhash\r\n\r\n=\r\n\r\n\"d0ec6d91cf9e7c64cf11accadf18f8b5a18a10efbecb28f797b3dbbf74ae846d\"\r\nstrings:\r\nstr1=\u201dIUAvx6CHOil92jqFiHCjiPhzDC\u201d\r\nstr2=\u201d172.93.193.158\u201d\r\nstr3=\u201d/Data/goldll/proc.php\u201d\r\nstr4=\u201dcmd.exe /c c:\\users\\public\\libraries\\Phone.ini\u201d\r\n\r\ncondition:\r\nall of ($str*)\r\n}",
            "pattern_type": "yara",
            "valid_from": "2023-03-28T00:00:00Z"
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--3ea6c5de-8505-40d1-bb96-1f6338632aaa",
            "hashes": {
                "SHA-256": "d0ec6d91cf9e7c64cf11accadf18f8b5a18a10efbecb28f797b3dbbf74ae846d"
            }
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--fabca0de-b62d-4b84-83ae-91a833136880",
            "value": "172.93.193.158"
        },
        {
            "type": "threat-actor",
            "spec_version": "2.1",
            "id": "threat-actor--3be555f5-1f0d-5001-b84a-c6c910760fd0",
            "created": "2026-06-24T21:04:30.659532Z",
            "modified": "2026-06-24T21:04:30.659532Z",
            "name": "APT37"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--87b37c71-757a-4dc3-8ca9-347c1e655065",
            "created_by_ref": "identity--6861dbe8-b780-4188-bcb9-b38a430b0e4a",
            "created": "2026-06-24T21:04:30.675441Z",
            "modified": "2026-06-24T21:04:30.675441Z",
            "name": "Chinotto Backdoor Technical Analysis of the APT Reaper\u2019s Powerful Weapon",
            "published": "2023-03-28T00:00:00Z",
            "object_refs": [
                "identity--6861dbe8-b780-4188-bcb9-b38a430b0e4a",
                "indicator--f39bd1d6-c2a2-46fc-b5dc-f13bc0a13624",
                "file--3ea6c5de-8505-40d1-bb96-1f6338632aaa",
                "ipv4-addr--fabca0de-b62d-4b84-83ae-91a833136880",
                "threat-actor--3be555f5-1f0d-5001-b84a-c6c910760fd0"
            ],
            "external_references": [
                {
                    "source_name": "source",
                    "url": "https://threatmon.io/wp-content/uploads/2023/03/Chinotto_Backdoor_Technical_Analysis_of_the_APT_Reapers_Powerful.pdf"
                }
            ]
        }
    ]
}