{ "type": "bundle", "id": "bundle--a3024295-ae86-40d4-9fe6-e5f1b0a1c2d0", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--018ab958-b94d-441e-991f-a101a5144848", "created": "2023-03-08T12:51:42.869471Z", "modified": "2024-11-07T23:01:18.079469Z", "name": "SentinelOne", "identity_class": "organization" }, { "type": "file", "spec_version": "2.1", "id": "file--5b87331f-5775-482d-a260-89634e994660", "hashes": { "SHA-256": "a61ecbe8a5372c85dcf5d077487f09d01e144128243793d2b97012440dcf106e" } }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--af94d6df-772b-4a8e-8690-2a9f5ba023f5", "value": "67.43.239.146" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--38220d44-2862-4067-b988-4909dbafb4ee", "value": "185.62.58.207" }, { "type": "file", "spec_version": "2.1", "id": "file--60705295-8eaf-4074-a0c3-45991beff990", "hashes": { "SHA-256": "326d7836d580c08cf4b5e587434f6e5011ebf2284bbf3e7c083a8f41dac36ddd" } }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--adae3a96-8718-4739-8394-819ebbc86280", "value": "coingotrade.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--068eaf6f-7e7e-465f-abd3-c0c2aab63c9e", "created": "2026-06-24T19:56:10.815402Z", "modified": "2026-06-24T19:56:10.815402Z", "name": "YARA Rule", "pattern": "rule XProtect_MACOS_b17a97e { meta: description = \"MACOS.b17a97e\" strings: $s1 = { 89 C1 C1 E9 07 48 69 C9 11 08 04 02 48 C1 E9 20 69 C9 80 3F 00 00 F7 D9 } condition: Macho and filesize < 100KB and all of them }", "pattern_type": "yara", "valid_from": "2020-07-27T00:00:00Z" }, { "type": "file", "spec_version": "2.1", "id": "file--80beab63-7bd9-45b5-8ebd-31d9d2f19db7", "hashes": { "SHA-256": "e63640c53204a59ba59f2c310964149ca3616d79adc40a6c3abd5bf669511756" } }, { "type": "file", "spec_version": "2.1", "id": "file--ba1f7327-a2ad-486d-b137-0c1954911341", "hashes": { "SHA-256": "3c2f7b8a167433c95aa919da9216f0624032ac9ed9dec71c3c56cacfd5cd1837" } }, { "type": "file", "spec_version": "2.1", "id": "file--cb62f7f9-59ca-469b-b2db-ab7a811f6b1e", "hashes": { "SHA-256": "36683ce8ec4ab6c07330930b523ee0d68b2b410f654a30c70250da890cfbf3c9" } }, { "type": "file", "spec_version": "2.1", "id": "file--a65ea28e-b565-42f7-bad9-51dc43ed0767", "hashes": { "SHA-256": "90ea1c7806e2d638f4a942b36a533a1da61adedd05a6d80ea1e09527cf2d839b" } }, { "type": "file", "spec_version": "2.1", "id": "file--7da219fa-5e9f-4135-b783-46ece7469baf", "hashes": { "SHA-256": "4f9d2087fadbf7a321a4fbd8d6770a7ace0e4366949b4cfc8cbeb1e9427c02da" } }, { "type": "file", "spec_version": "2.1", "id": "file--04dc25ac-4870-4c66-95cf-353a4c8a6bc1", "hashes": { "SHA-256": "85d7379b7b82d6b7868f64203a444a5098c72ed7ccff6d1dbb536389a5be5a9c" } }, { "type": "file", "spec_version": "2.1", "id": "file--df9e7268-f56d-4020-8af5-2e81ef045bc4", "hashes": { "SHA-256": "035089b4ef4a981f43455ebee7963af9e7502170ca206458f96be668b1e3674a" } }, { "type": "file", "spec_version": "2.1", "id": "file--8d9bf0a8-378c-4ec5-b0dc-9e79fe3c8102", "hashes": { "SHA-256": "2dd57d67e486d6855df8235c15c9657f39e488ff5275d0ce0fcec7fc8566c64b" } }, { "type": "file", "spec_version": "2.1", "id": "file--cde0b477-2255-4748-bdef-b5f7cf09e1a9", "hashes": { "SHA-256": "3bb96bfaf492782b38985f4bd6b7e7f9dc22c1332b42bb74b16041298fd31f93" } }, { "type": "file", "spec_version": "2.1", "id": "file--b64a0895-7e6a-4c7a-823f-0a5a50cf4d41", "hashes": { "SHA-256": "8783f6755fd3d478fc58040da03d056f9cad12f199ec4dcd90632c6804e0e643" } }, { "type": "file", "spec_version": "2.1", "id": "file--d7872801-f0f8-405a-b77d-f8af926f88b1", "hashes": { "SHA-256": "65cc7663fa5c5665ad5d9c6bec2b6257612f9f0c0ce7e4399e6dc8b464ea88c0" } }, { "type": "url", "spec_version": "2.1", "id": "url--9956d2ed-903c-43ad-bb92-93d61c0d372a", "value": "https://audiopodcasts.co/verify.php" }, { "type": "url", "spec_version": "2.1", "id": "url--427d2577-149b-4421-84f5-93fbbf4a101d", "value": "https://audiopodcasts.co" }, { "type": "url", "spec_version": "2.1", "id": "url--449de435-86a0-4b6d-84c6-7f7a848b7ef9", "value": "https://fudcitydelivers.com/net.php" }, { "type": "url", "spec_version": "2.1", "id": "url--35ff8a45-176c-468d-93f1-b74299273813", "value": "https://lastedforcast.com/list.php" }, { "type": "url", "spec_version": "2.1", "id": "url--735ce7a8-8ee0-4ab1-ba69-f3a7992c5879", "value": "https://sctemarkets.com" }, { "type": "url", "spec_version": "2.1", "id": "url--2e46dba6-ca9c-4412-9358-6203904727d5", "value": "https://coingotrade.com/update_coingotrade.php" }, { "type": "url", "spec_version": "2.1", "id": "url--e737d1f7-b644-4655-bc6a-2cb7749628a8", "value": "https://lastedforcast.com" }, { "type": "url", "spec_version": "2.1", "id": "url--aaceae2d-218a-46b2-af3f-4af3e1d3f266", "value": "http://applepkg.com/product/new/iContact.pkg" }, { "type": "url", "spec_version": "2.1", "id": "url--51c47683-6d0e-485c-a717-354459eb5f49", "value": "https://sctemarkets.com/net.php" }, { "type": "url", "spec_version": "2.1", "id": "url--3e028be6-6798-4e9a-ac79-7a496acecf08", "value": "https://fudcitydelivers.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--c3a11f86-37bd-46f2-88d6-2210da4ba413", "value": "sctemarkets.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--1a402c67-c826-4f3f-8eca-0413d4b3aef8", "value": "applepkg.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--0a3add58-371b-4cbd-a5f4-bada52900a99", "value": "audiopodcasts.co" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--b66d4704-d816-4e79-afcc-1d216aed3c50", "value": "fudcitydelivers.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--8766265a-10a5-4ccc-ad64-4bdc99841bb5", "value": "lastedforcast.com" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--e1d6ab85-33c3-4d1d-b0d0-fd130d6d4abc", "value": "160.20.147.253" }, { "type": "file", "spec_version": "2.1", "id": "file--945a4a4c-a69c-455a-aaf0-05a3a2bef802", "hashes": { "SHA-256": "899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53" } }, { "type": "url", "spec_version": "2.1", "id": "url--10932074-f09e-4d6a-b437-fa3ad6e66bac", "value": "https://loneeaglerecords.com/wp-content/uploads/2020/01/images.tgz.001" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--336ab584-8a3d-4020-b387-100b94bf5b59", "value": "loneeaglerecords.com" }, { "type": "file", "spec_version": "2.1", "id": "file--017a7dce-37d7-472f-80cc-d64713722748", "hashes": { "SHA-256": "d91c233b2f1177357387c29d92bd3f29fab7b90760e59a893a0f447ef2cb4715" } }, { "type": "file", "spec_version": "2.1", "id": "file--cc8e29b5-5f17-4fec-a005-400eba7902a2", "hashes": { "SHA-256": "735365ef9aa6cca946cfef9a4b85f68e7f9f03011da0cf5f5ab517a381e40d02" } }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b", "created": "2026-06-24T19:56:10.833206Z", "modified": "2026-06-24T19:56:10.833206Z", "name": "Lazarus" }, { "type": "report", "spec_version": "2.1", "id": "report--bb4197b6-87f4-460b-a9fc-227c764e1be4", "created_by_ref": "identity--018ab958-b94d-441e-991f-a101a5144848", "created": "2026-06-24T19:56:10.834248Z", "modified": "2026-06-24T19:56:10.834248Z", "name": "Four Distinct Families of Lazarus Malware Target Apple\u2019s macOS Platform", "published": "2020-07-27T00:00:00Z", "object_refs": [ "identity--018ab958-b94d-441e-991f-a101a5144848", "file--5b87331f-5775-482d-a260-89634e994660", "ipv4-addr--af94d6df-772b-4a8e-8690-2a9f5ba023f5", "ipv4-addr--38220d44-2862-4067-b988-4909dbafb4ee", "file--60705295-8eaf-4074-a0c3-45991beff990", "domain-name--adae3a96-8718-4739-8394-819ebbc86280", "indicator--068eaf6f-7e7e-465f-abd3-c0c2aab63c9e", "file--80beab63-7bd9-45b5-8ebd-31d9d2f19db7", "file--ba1f7327-a2ad-486d-b137-0c1954911341", "file--cb62f7f9-59ca-469b-b2db-ab7a811f6b1e", "file--a65ea28e-b565-42f7-bad9-51dc43ed0767", "file--7da219fa-5e9f-4135-b783-46ece7469baf", "file--04dc25ac-4870-4c66-95cf-353a4c8a6bc1", "file--df9e7268-f56d-4020-8af5-2e81ef045bc4", "file--8d9bf0a8-378c-4ec5-b0dc-9e79fe3c8102", "file--cde0b477-2255-4748-bdef-b5f7cf09e1a9", "file--b64a0895-7e6a-4c7a-823f-0a5a50cf4d41", "file--d7872801-f0f8-405a-b77d-f8af926f88b1", "url--9956d2ed-903c-43ad-bb92-93d61c0d372a", "url--427d2577-149b-4421-84f5-93fbbf4a101d", "url--449de435-86a0-4b6d-84c6-7f7a848b7ef9", "url--35ff8a45-176c-468d-93f1-b74299273813", "url--735ce7a8-8ee0-4ab1-ba69-f3a7992c5879", "url--2e46dba6-ca9c-4412-9358-6203904727d5", "url--e737d1f7-b644-4655-bc6a-2cb7749628a8", "url--aaceae2d-218a-46b2-af3f-4af3e1d3f266", "url--51c47683-6d0e-485c-a717-354459eb5f49", "url--3e028be6-6798-4e9a-ac79-7a496acecf08", "domain-name--c3a11f86-37bd-46f2-88d6-2210da4ba413", "domain-name--1a402c67-c826-4f3f-8eca-0413d4b3aef8", "domain-name--0a3add58-371b-4cbd-a5f4-bada52900a99", "domain-name--b66d4704-d816-4e79-afcc-1d216aed3c50", "domain-name--8766265a-10a5-4ccc-ad64-4bdc99841bb5", "ipv4-addr--e1d6ab85-33c3-4d1d-b0d0-fd130d6d4abc", "file--945a4a4c-a69c-455a-aaf0-05a3a2bef802", "url--10932074-f09e-4d6a-b437-fa3ad6e66bac", "domain-name--336ab584-8a3d-4020-b387-100b94bf5b59", "file--017a7dce-37d7-472f-80cc-d64713722748", "file--cc8e29b5-5f17-4fec-a005-400eba7902a2", "threat-actor--af08d5c9-f507-5ed5-9986-7ffea3df195b" ], "external_references": [ { "source_name": "source", "url": "https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/" } ] } ] }