{ "type": "bundle", "id": "bundle--95bd5d41-48b1-427a-9db7-765fd8b5eb7d", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--3c419327-e652-4e91-8f18-a6f9d12ba756", "created": "2023-03-08T12:51:56.203314Z", "modified": "2026-01-06T23:28:11.277197Z", "name": "Objective-see", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--7bbf57a7-7525-420f-8f76-6cfcab5c1304", "value": "visualstudiofactory.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--0e4151c7-e343-4b9e-be74-b0b7253bd2de", "value": "akamaitechcloudservices.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--c84f9e68-157d-4676-9d6c-c99bbd66b160", "value": "officestoragebox.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--76b49f68-671a-479e-a126-9cf5564ac27f", "value": "msstorageboxes.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--c904bcfc-85fb-45fd-966a-e602dc0097b4", "value": "globalkeystroke.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--e7b77417-ff9b-4aac-8305-63f492fb5ab8", "value": "airbseeker.com" }, { "type": "url", "spec_version": "2.1", "id": "url--9740950d-39e8-46e8-9079-5e598b60f584", "value": "https://sbmsa.wiki/blog/_insert" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--b53aaf51-0e38-45b6-8f16-b7539699ac8e", "value": "sbmsa.wiki" }, { "type": "file", "spec_version": "2.1", "id": "file--234b9659-70dd-4efd-82fb-f45e35ab70bb", "hashes": { "SHA-1": "5555494424668e99d3173e03a74c86801f09f4a9" } }, { "type": "url", "spec_version": "2.1", "id": "url--bef6403b-2f24-446b-80d5-0cd73a8613fe", "value": "https://globalkeystroke.com/pockbackx.php" }, { "type": "url", "spec_version": "2.1", "id": "url--a1838218-86db-43c5-821e-f8d8e90e582f", "value": "https://airbseeker.com/rediret.php" }, { "type": "url", "spec_version": "2.1", "id": "url--3cf3fb1e-e872-4574-ab4d-c3aeef69810f", "value": "https://www.woodmate.it/administrator/help/en-GB/bins/tags/taghelper.php" }, { "type": "url", "spec_version": "2.1", "id": "url--417f6d82-fe2d-4a80-8f4f-e613c2567d29", "value": "https://akamaitechcloudservices.com/v2/fileapi" }, { "type": "file", "spec_version": "2.1", "id": "file--800701c6-b0f4-4992-b091-901a3899f916", "hashes": { "MD5": "451c23709ecd5a8461ad060f6346930c" } }, { "type": "file", "spec_version": "2.1", "id": "file--49fea009-69bb-4ec9-bb06-ac90e0512135", "hashes": { "SHA-1": "55554944839216049d683075bc3f5a8628778bb8" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c8c279c-2fad-40eb-bfae-0699ab64d593", "created": "2026-06-24T19:57:07.089915Z", "modified": "2026-06-24T19:57:07.089915Z", "name": "YARA Rule", "pattern": "rule MTI_Hunting_POOLRAT {\r\nmeta:\r\nauthor = \"Mandiant\"\r\n...\r\nmd5 = \"451c23709ecd5a8461ad060f6346930c\"\r\n01\r\n02\r\n03\r\n04\r\n05\r\nrule XProtect_MACOS_c723519 {\r\nmeta:\r\ndescription = \"MACOS.c723519\"\r\nstrings:\r\n$s1 = { 5F 6D 5F 43 6F 6E 66 69 67 }\r\n$s2 = { 5F 5F 5A 39 53 65 74 43 6F 6E 66 69 67 76 }\r\n$s3 = { 5F 5F 5A 31 30 4C 6F 61 64 43 6F 6E 66 69 67 76 }\r\n...\r\ncondition:\r\nMacho and filesize < 100KB and all of them\r\n}", "pattern_type": "yara", "valid_from": "2023-08-10T00:00:00Z" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--12bd5549-1399-4965-9a5a-a5185ae33f6f", "value": "taomm.org" }, { "type": "report", "spec_version": "2.1", "id": "report--f548bdae-12d0-4e9e-9bd6-476e7a6e8e85", "created_by_ref": "identity--3c419327-e652-4e91-8f18-a6f9d12ba756", "created": "2026-06-24T19:57:07.099699Z", "modified": "2026-06-24T19:57:07.099699Z", "name": "Mac-ing Sense of the 3CX Supply Chain Attack: Analysis of the macOS Payloads", "published": "2023-08-10T00:00:00Z", "object_refs": [ "identity--3c419327-e652-4e91-8f18-a6f9d12ba756", "domain-name--7bbf57a7-7525-420f-8f76-6cfcab5c1304", "domain-name--0e4151c7-e343-4b9e-be74-b0b7253bd2de", "domain-name--c84f9e68-157d-4676-9d6c-c99bbd66b160", "domain-name--76b49f68-671a-479e-a126-9cf5564ac27f", "domain-name--c904bcfc-85fb-45fd-966a-e602dc0097b4", "domain-name--e7b77417-ff9b-4aac-8305-63f492fb5ab8", "url--9740950d-39e8-46e8-9079-5e598b60f584", "domain-name--b53aaf51-0e38-45b6-8f16-b7539699ac8e", "file--234b9659-70dd-4efd-82fb-f45e35ab70bb", "url--bef6403b-2f24-446b-80d5-0cd73a8613fe", "url--a1838218-86db-43c5-821e-f8d8e90e582f", "url--3cf3fb1e-e872-4574-ab4d-c3aeef69810f", "url--417f6d82-fe2d-4a80-8f4f-e613c2567d29", "file--800701c6-b0f4-4992-b091-901a3899f916", "file--49fea009-69bb-4ec9-bb06-ac90e0512135", "indicator--6c8c279c-2fad-40eb-bfae-0699ab64d593", "domain-name--12bd5549-1399-4965-9a5a-a5185ae33f6f" ], "external_references": [ { "source_name": "source", "url": "https://speakerdeck.com/patrickwardle/mac-ing-sense-of-the-3cx-supply-chain-attack-analysis-of-the-macos-payloads" } ] } ] }