misp-circl-feed/feeds/circl/stix-2.1/593e5a1d-0a18-40ac-9051-4188950d210f.json

{
    "type": "bundle",
    "id": "bundle--593e5a1d-0a18-40ac-9051-4188950d210f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:25.000Z",
            "modified": "2017-06-12T09:13:25.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--593e5a1d-0a18-40ac-9051-4188950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:25.000Z",
            "modified": "2017-06-12T09:13:25.000Z",
            "name": "OSINT - MacRansom: Offered as Ransomware as a Service",
            "published": "2017-06-12T09:13:49Z",
            "object_refs": [
                "observed-data--593e5a28-466c-4c46-a613-42a4950d210f",
                "url--593e5a28-466c-4c46-a613-42a4950d210f",
                "x-misp-attribute--593e5a42-c0cc-4fdc-92b6-4f36950d210f",
                "x-misp-attribute--593e5a75-a6a4-465d-a853-4bdc950d210f",
                "indicator--593e5a90-18f4-4b53-a270-4d29950d210f",
                "indicator--593e5a90-39f8-4eda-a803-4a07950d210f",
                "indicator--593e5aab-0620-49a5-b936-4296950d210f",
                "indicator--593e5aab-7d24-4657-ba18-40d0950d210f",
                "observed-data--593e5adb-ecdc-4c42-be07-4440950d210f",
                "file--593e5adb-ecdc-4c42-be07-4440950d210f",
                "artifact--593e5adb-ecdc-4c42-be07-4440950d210f",
                "indicator--593e5b39-977c-442c-ba46-bbf302de0b81",
                "indicator--593e5b39-6a4c-471c-85da-bbf302de0b81",
                "observed-data--593e5b3a-2020-4e7b-add4-bbf302de0b81",
                "url--593e5b3a-2020-4e7b-add4-bbf302de0b81"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "ms-caro-malware:malware-platform=\"MacOS_X\"",
                "ecsirt:malicious-code=\"ransomware\"",
                "ms-caro-malware:malware-type=\"Ransom\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--593e5a28-466c-4c46-a613-42a4950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:25.000Z",
            "modified": "2017-06-12T09:13:25.000Z",
            "first_observed": "2017-06-12T09:13:25Z",
            "last_observed": "2017-06-12T09:13:25Z",
            "number_observed": 1,
            "object_refs": [
                "url--593e5a28-466c-4c46-a613-42a4950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\"",
                "osint:source-type=\"blog-post\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--593e5a28-466c-4c46-a613-42a4950d210f",
            "value": "https://blog.fortinet.com/2017/06/09/macransom-offered-as-ransomware-as-a-service"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--593e5a42-c0cc-4fdc-92b6-4f36950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:25.000Z",
            "modified": "2017-06-12T09:13:25.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\"",
                "osint:source-type=\"blog-post\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "Many Mac OS users might assume that their computer is exempt from things like ransomware attacks and think that their system is somehow essentially \u00e2\u20ac\u0153secure.\u00e2\u20ac\u009d It is true that it\u00e2\u20ac\u2122s less likely for a Mac OS user to be attacked or infected by malware than a Windows user, but this has nothing to do with the level of vulnerability in the operating system. It is largely caused by the fact that over 90% of personal computers run on Microsoft Windows and only around 6% on Apple Mac OS.\r\n\r\n\r\n\r\nFigure 1: Market share for desktop OS (reference: NetMarketShare)\r\n\r\nMacRansom Portal\r\nJust recently, we here at FortiGuard Labs discovered a Ransomware-as-a-service (RaaS) that uses a web portal hosted in a TOR network which has become a trend nowadays. However, in this case it was rather interesting to see cybercriminals attack an operating system other than Windows. And this could be the first time to see RaaS that targets Mac OS"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--593e5a75-a6a4-465d-a853-4bdc950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:25.000Z",
            "modified": "2017-06-12T09:13:25.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Antivirus detection\""
            ],
            "x_misp_category": "Antivirus detection",
            "x_misp_type": "text",
            "x_misp_value": "OSX/MacRansom.A!tr"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--593e5a90-18f4-4b53-a270-4d29950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:25.000Z",
            "modified": "2017-06-12T09:13:25.000Z",
            "description": "Zip",
            "pattern": "[file:hashes.SHA256 = 'a729d54da58ca605411d39bf5598a60d2de0657c81df971daab5def90444bcc3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-06-12T09:13:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--593e5a90-39f8-4eda-a803-4a07950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:25.000Z",
            "modified": "2017-06-12T09:13:25.000Z",
            "description": "Mach-O file",
            "pattern": "[file:hashes.SHA256 = '617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-06-12T09:13:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--593e5aab-0620-49a5-b936-4296950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:25.000Z",
            "modified": "2017-06-12T09:13:25.000Z",
            "description": "Dropped files",
            "pattern": "[file:name = '~/LaunchAgent/com.apple.finder.plist']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-06-12T09:13:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"filename\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--593e5aab-7d24-4657-ba18-40d0950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:25.000Z",
            "modified": "2017-06-12T09:13:25.000Z",
            "description": "Dropped files",
            "pattern": "[file:name = '~/Library/.FS_Store']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-06-12T09:13:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Artifacts dropped"
                }
            ],
            "labels": [
                "misp:type=\"filename\"",
                "misp:category=\"Artifacts dropped\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--593e5adb-ecdc-4c42-be07-4440950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:25.000Z",
            "modified": "2017-06-12T09:13:25.000Z",
            "first_observed": "2017-06-12T09:13:25Z",
            "last_observed": "2017-06-12T09:13:25Z",
            "number_observed": 1,
            "object_refs": [
                "file--593e5adb-ecdc-4c42-be07-4440950d210f",
                "artifact--593e5adb-ecdc-4c42-be07-4440950d210f"
            ],
            "labels": [
                "misp:type=\"attachment\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--593e5adb-ecdc-4c42-be07-4440950d210f",
            "name": "mac17.png",
            "content_ref": "artifact--593e5adb-ecdc-4c42-be07-4440950d210f"
        },
        {
            "type": "artifact",
            "spec_version": "2.1",
            "id": "artifact--593e5adb-ecdc-4c42-be07-4440950d210f",
            "payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAwgAAAMECAYAAAAbxwJsAAAEDWlDQ1BJQ0MgUHJvZmlsZQAAOI2NVV1oHFUUPrtzZyMkzlNsNIV0qD8NJQ2TVjShtLp/3d02bpZJNtoi6GT27s6Yyc44M7v9oU9FUHwx6psUxL+3gCAo9Q/bPrQvlQol2tQgKD60+INQ6Ium65k7M5lpurHeZe58853vnnvuuWfvBei5qliWkRQBFpquLRcy4nOHj4g9K5CEh6AXBqFXUR0rXalMAjZPC3e1W99Dwntf2dXd/p+tt0YdFSBxH2Kz5qgLiI8B8KdVy3YBevqRHz/qWh72Yui3MUDEL3q44WPXw3M+fo1pZuQs4tOIBVVTaoiXEI/MxfhGDPsxsNZfoE1q66ro5aJim3XdoLFw72H+n23BaIXzbcOnz5mfPoTvYVz7KzUl5+FRxEuqkp9G/Ajia219thzg25abkRE/BpDc3pqvphHvRFys2weqvp+krbWKIX7nhDbzLOItiM8358pTwdirqpPFnMF2xLc1WvLyOwTAibpbmvHHcvttU57y5+XqNZrLe3lE/Pq8eUj2fXKfOe3pfOjzhJYtB/yll5SDFcSDiH+hRkH25+L+sdxKEAMZahrlSX8ukqMOWy/jXW2m6M9LDBc31B9LFuv6gVKg/0Szi3KAr1kGq1GMjU/aLbnq6/lRxc4XfJ98hTargX++DbMJBSiYMIe9Ck1YAxFkKEAG3xbYaKmDDgYyFK0UGYpfoWYXG+fAPPI6tJnNwb7ClP7IyF+D+bjOtCpkhz6CFrIa/I6sFtNl8auFXGMTP34sNwI/JhkgEtmDz14ySfaRcTIBInmKPE32kxyyE2Tv+thKbEVePDfW/byMM1Kmm0XdObS7oGD/MypMXFPXrCwOtoYjyyn7BV29/MZfsVzpLDdRtuIZnbpXzvlf+ev8MvYr/Gqk4H/kV/G3csdazLuyTMPsbFhzd1UabQbjFvDRmcWJxR3zcfHkVw9GfpbJmeev9F08WW8uDkaslwX6avlWGU6NRKz0g/SHtCy9J30o/ca9zX3Kfc19zn3BXQKRO8ud477hLnAfc1/G9mrzGlrfexZ5GLdn6ZZrrEohI2wVHhZywjbhUWEy8icMCGNCUdiBlq3r+xafL549HQ5jH+an+1y+LlYBifuxAvRN/lVVVOlwlCkdVm9NOL5BE4wkQ2SMlDZU97hX86EilU/lUmkQUztTE6mx1EEPh7OmdqBtAvv8HdWpbrJS6tJj3n0CWdM6busNzRV3S9KTYhqvNiqWmuroiKgYhshMjmhTh9ptWhsF7970j/SbMrsPE1suR5z7DMC+P/Hs+y7ijrQAlhyAgccjbhjPygfeBTjzhNqy28EdkUh8C+DU9+z2v/oyeH791OncxHOs5y2AtTc7nb/f73TWPkD/qwBnjX8BoJ98VVBg/m8AAAAJcEhZcwAAFxIAABcSAWef0lIAAEAASURBVHgB7F0HYBRF236upjdCSQIh9F4TWuhFBBWsiIUPUVEUKYpdEFGKvaCIigiCiB0pKqCAIFV6SUJII6EmIaRc2iVX/2f27pJLCBgh+ivOaLi73Z2Zd56Z3X37qHJzc+2QRSIgEZAISAQkAhIBiYBEQCIgEfjPI2AymZqp//MoSAAkAhIBiYBEQCIgEZAISAQkAhKBMgSkgFAGhfwiEZAISAQkAhIBiYBEQCIgEZAISAFBrgGJgERAIiARkAhIBCQCEgGJgESgDAEpIJRBIb9IBCQCEgGJgERAIiARkAhIBCQCUkCQa0AiIBGQCEgEJAISAYmAREAiIBEoQ0AKCGVQyC8SAYmAREAiIBGQCEgEJAISAYmAFBDkGpAISAQkAhIBiYBEQCIgEZAISATKEJACQhkU8otEQCIgEZAISAQkAhIBiYBEQCKgvSwIbIDGyxteeg1UzgZs1lIUF5pgryRy2FVqeHt7Q6t2XckKdiuKi4phrbxFm00Fna83PDXORlR2WEuNKDZa2Z8PvPXO43YbzDxuNNvK+r+scdRgJZXGAz7e+jJ6zKVFKDERqL+zqFRQqbTQaewwmy1wwauyq6D28IKXh3O+iKvFWIRis72M3r+TzIv2JeiHGlqdBlZTKVyzq+JxqHXw9vGA2jkoG/Etqja+rM//9VyzHq61xTVUUlQEQiCLRODyEFDuNzU8uK507s89O59bpmIUV3t9Xl73F6ul4jNXrffk81JT8RLSZSFdxv8nuioSI39JBCQCEgGJwD8ZAffXWjXpVEPvp8KW10ahR6sWaNGCf83bY+hdnyA70BMVXkkaT/jnHcbYYd0d14lr+dem7whsPG4rZ/iVnjXwCsrFkjHXo0NzZ7stu+PO2VugD7Tgx2euR0dn/RZR12LKtynw96rQWzXpr/nL1GorTvwyC71cdJPOhxfGwWT7m+hTGBWy1mot8mNW4Z3la5GUT2baeVylM2Lj6/egV2sHrq069ca9C2Pg53kZ01/z8JF5F4IN/9RqFCVtxteLXsX+8z7Qu8alNSFx07u4pq2D/pbtonDjG9vgoXUTOi9Gl9IGoC05jtdHX4vWyhpqic69h2DxYR08/iEQXIx8efyfiYBYr3ZbKTKT1uOx/s7nlfP51DqqD+5+b1f11meNDU/cQ47GSvPPYe3sWyo8c8VzV9D1v3m7oKc0U407p8Yokw1JBCQCEgGJwL8PgcuwINhgsfiibZMAZGUfx8lcx6Cz7V8hPnkSGtQvoWbacUzn4YGTCXuwd+8BHHdep5xJM2LL4RQM6tgOKmqKFSUumVtdXiZ2x8XhaGq6cpkqIAx9G7eDt7oU2adSkXr8OIrFGT8rTmUZoaGmDLAq1/5//kNWASU5J5CYehx5TkLqny2iBvxvoE8wwATQUpKG377/AC9M/Q5et72I62+ggACTAx2VDYaME0hNOo4s0qf2KUbdzCInfn+zlaPyRDnpt5ZkYP/WT/Hsgx8ht91AfHqjjgyPkdYmVuAASwwZSE0+jlMW/tT5wCM9n/QLNkdZPZVbrfSbGlWbEWeOJyPp+GnRIDwKzEgvEEIVf/4/Q1CJWPnzn44A153NXIjUb6fj+ue/Q25OAe+08uITDAxt1Bo2W3XWZnm9y/4m7iE+C61F2fh96dOY9O7PyMgrQHFJ5f5TkZx8B7YtaothE+fgvQe6wmTmw7ryZZdNiKwoEZAISAQkAlcLApchIJCfstjQuHMnhPkF4VRurvJ+MRrzcSrjHHThXsRGcFwqaFU5OJWaiPzCSnDZinA8MRXZ1s6ojVIHE6vRwp6RhWSjIgIo9f29Q9E5qjHbPwmVRkOGkIf5MlOp+d3dZalS83/3T+Go41WnKdq1ao1sp2quZUM/Muh/NecphAMbSnNS8PFjIzH9h1R64ngiiq5aCu/sBoTQzmt0PGDmOWoQ1f8I/AT9wt0pA99NvQMTlxyBlYJihJWMeyUVp1q4TQj6KSDQf+JPzr8NNrUPIlq1QbsiP1gJjndwOMID6AryV0+R2xzIr1cDAuLeonuaNQXffPYzDIpwoILG0xf1QkMR5EWrad0oRLfz+nvWlhAO+J+9xIBty5/H+DnfIl08b3m/aAND0bR+IIVjO2xWC/IykpCZb6DVYze+mjMZPr7zMf2OjtDRVVPKCFfD2pRjkAhIBCQCNYfAZQkIDAyAqX1vXFPXF4dpQqCeF6bCYpzJOg+brhFQSq6LLyhdUQYSD8fgvNOiUE52PmJjYnHm9G0IqU0bAI0AWvrNnz6ZjNy8IudlevjUvhZ9Opth+f83EpSTXsU3G12JIgZPxW83z1RsBuISU3E+fZD/YsLJRFM+QEnaKiz7WWjG/2VFEfjI3KSvxeJVqQrvX0kuuPIBUQARApzFsxGeWPwTntc5lrzdboGxoJBuYFfehWzhP4QAF6gQam2FqUg5bXKsWUreYS174e3PV2JEO0/ekyYUFxT/LfEtyi1Eu+qJ3V/gg3nfK8KBSqNHSMsBuOuh5zBrcj94c3pK87Owbu69ePaDLUjILEZRdhK+mPs+erZ5E0Pb+FOnI0WE/9AqlkOVCEgEJAJ/iMDlCQjUjJtLm6P/kCZ
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--593e5b39-977c-442c-ba46-bbf302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:29.000Z",
            "modified": "2017-06-12T09:13:29.000Z",
            "description": "Mach-O file - Xchecked via VT: 617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98",
            "pattern": "[file:hashes.SHA1 = 'cf0743ed381ade69bba3d1dd3d357a8300bcd4ae']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-06-12T09:13:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--593e5b39-6a4c-471c-85da-bbf302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:29.000Z",
            "modified": "2017-06-12T09:13:29.000Z",
            "description": "Mach-O file - Xchecked via VT: 617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98",
            "pattern": "[file:hashes.MD5 = '8fe94843a3e655209c57af587849ac3a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-06-12T09:13:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--593e5b3a-2020-4e7b-add4-bbf302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-12T09:13:30.000Z",
            "modified": "2017-06-12T09:13:30.000Z",
            "first_observed": "2017-06-12T09:13:30Z",
            "last_observed": "2017-06-12T09:13:30Z",
            "number_observed": 1,
            "object_refs": [
                "url--593e5b3a-2020-4e7b-add4-bbf302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--593e5b3a-2020-4e7b-add4-bbf302de0b81",
            "value": "https://www.virustotal.com/file/617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98/analysis/1497256956/"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}
chg: [misp-stix] STIX 2.1 export added 2023-04-21 14:44:17 +00:00			`{`
			`"type": "bundle",`
			`"id": "bundle--593e5a1d-0a18-40ac-9051-4188950d210f",`
			`"objects": [`
			`{`
			`"type": "identity",`
			`"spec_version": "2.1",`
			`"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:25.000Z",`
			`"modified": "2017-06-12T09:13:25.000Z",`
			`"name": "CIRCL",`
			`"identity_class": "organization"`
			`},`
			`{`
			`"type": "report",`
			`"spec_version": "2.1",`
			`"id": "report--593e5a1d-0a18-40ac-9051-4188950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:25.000Z",`
			`"modified": "2017-06-12T09:13:25.000Z",`
			`"name": "OSINT - MacRansom: Offered as Ransomware as a Service",`
			`"published": "2017-06-12T09:13:49Z",`
			`"object_refs": [`
			`"observed-data--593e5a28-466c-4c46-a613-42a4950d210f",`
			`"url--593e5a28-466c-4c46-a613-42a4950d210f",`
			`"x-misp-attribute--593e5a42-c0cc-4fdc-92b6-4f36950d210f",`
			`"x-misp-attribute--593e5a75-a6a4-465d-a853-4bdc950d210f",`
			`"indicator--593e5a90-18f4-4b53-a270-4d29950d210f",`
			`"indicator--593e5a90-39f8-4eda-a803-4a07950d210f",`
			`"indicator--593e5aab-0620-49a5-b936-4296950d210f",`
			`"indicator--593e5aab-7d24-4657-ba18-40d0950d210f",`
			`"observed-data--593e5adb-ecdc-4c42-be07-4440950d210f",`
			`"file--593e5adb-ecdc-4c42-be07-4440950d210f",`
			`"artifact--593e5adb-ecdc-4c42-be07-4440950d210f",`
			`"indicator--593e5b39-977c-442c-ba46-bbf302de0b81",`
			`"indicator--593e5b39-6a4c-471c-85da-bbf302de0b81",`
			`"observed-data--593e5b3a-2020-4e7b-add4-bbf302de0b81",`
			`"url--593e5b3a-2020-4e7b-add4-bbf302de0b81"`
			`],`
			`"labels": [`
			`"Threat-Report",`
			`"misp:tool=\"MISP-STIX-Converter\"",`
			`"ms-caro-malware:malware-platform=\"MacOS_X\"",`
			`"ecsirt:malicious-code=\"ransomware\"",`
			`"ms-caro-malware:malware-type=\"Ransom\""`
			`],`
			`"object_marking_refs": [`
			`"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--593e5a28-466c-4c46-a613-42a4950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:25.000Z",`
			`"modified": "2017-06-12T09:13:25.000Z",`
			`"first_observed": "2017-06-12T09:13:25Z",`
			`"last_observed": "2017-06-12T09:13:25Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--593e5a28-466c-4c46-a613-42a4950d210f"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\"",`
			`"osint:source-type=\"blog-post\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--593e5a28-466c-4c46-a613-42a4950d210f",`
			`"value": "https://blog.fortinet.com/2017/06/09/macransom-offered-as-ransomware-as-a-service"`
			`},`
			`{`
			`"type": "x-misp-attribute",`
			`"spec_version": "2.1",`
			`"id": "x-misp-attribute--593e5a42-c0cc-4fdc-92b6-4f36950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:25.000Z",`
			`"modified": "2017-06-12T09:13:25.000Z",`
			`"labels": [`
			`"misp:type=\"text\"",`
			`"misp:category=\"External analysis\"",`
			`"osint:source-type=\"blog-post\""`
			`],`
			`"x_misp_category": "External analysis",`
			`"x_misp_type": "text",`
			"x_misp_value": "Many Mac OS users might assume that their computer is exempt from things like ransomware attacks and think that their system is somehow essentially \u00e2\u20ac\u0153secure.\u00e2\u20ac\u009d It is true that it\u00e2\u20ac\u2122s less likely for a Mac OS user to be attacked or infected by malware than a Windows user, but this has nothing to do with the level of vulnerability in the operating system. It is largely caused by the fact that over 90% of personal computers run on Microsoft Windows and only around 6% on Apple Mac OS.\r\n\r\n\r\n\r\nFigure 1: Market share for desktop OS (reference: NetMarketShare)\r\n\r\nMacRansom Portal\r\nJust recently, we here at FortiGuard Labs discovered a Ransomware-as-a-service (RaaS) that uses a web portal hosted in a TOR network which has become a trend nowadays. However, in this case it was rather interesting to see cybercriminals attack an operating system other than Windows. And this could be the first time to see RaaS that targets Mac OS"
			`},`
			`{`
			`"type": "x-misp-attribute",`
			`"spec_version": "2.1",`
			`"id": "x-misp-attribute--593e5a75-a6a4-465d-a853-4bdc950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:25.000Z",`
			`"modified": "2017-06-12T09:13:25.000Z",`
			`"labels": [`
			`"misp:type=\"text\"",`
			`"misp:category=\"Antivirus detection\""`
			`],`
			`"x_misp_category": "Antivirus detection",`
			`"x_misp_type": "text",`
			`"x_misp_value": "OSX/MacRansom.A!tr"`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--593e5a90-18f4-4b53-a270-4d29950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:25.000Z",`
			`"modified": "2017-06-12T09:13:25.000Z",`
			`"description": "Zip",`
			`"pattern": "[file:hashes.SHA256 = 'a729d54da58ca605411d39bf5598a60d2de0657c81df971daab5def90444bcc3']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-06-12T09:13:25Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha256\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--593e5a90-39f8-4eda-a803-4a07950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:25.000Z",`
			`"modified": "2017-06-12T09:13:25.000Z",`
			`"description": "Mach-O file",`
			`"pattern": "[file:hashes.SHA256 = '617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-06-12T09:13:25Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha256\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--593e5aab-0620-49a5-b936-4296950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:25.000Z",`
			`"modified": "2017-06-12T09:13:25.000Z",`
			`"description": "Dropped files",`
			`"pattern": "[file:name = '~/LaunchAgent/com.apple.finder.plist']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-06-12T09:13:25Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Artifacts dropped"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"filename\"",`
			`"misp:category=\"Artifacts dropped\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--593e5aab-7d24-4657-ba18-40d0950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:25.000Z",`
			`"modified": "2017-06-12T09:13:25.000Z",`
			`"description": "Dropped files",`
			`"pattern": "[file:name = '~/Library/.FS_Store']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-06-12T09:13:25Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Artifacts dropped"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"filename\"",`
			`"misp:category=\"Artifacts dropped\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--593e5adb-ecdc-4c42-be07-4440950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:25.000Z",`
			`"modified": "2017-06-12T09:13:25.000Z",`
			`"first_observed": "2017-06-12T09:13:25Z",`
			`"last_observed": "2017-06-12T09:13:25Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"file--593e5adb-ecdc-4c42-be07-4440950d210f",`
			`"artifact--593e5adb-ecdc-4c42-be07-4440950d210f"`
			`],`
			`"labels": [`
			`"misp:type=\"attachment\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "file",`
			`"spec_version": "2.1",`
			`"id": "file--593e5adb-ecdc-4c42-be07-4440950d210f",`
			`"name": "mac17.png",`
			`"content_ref": "artifact--593e5adb-ecdc-4c42-be07-4440950d210f"`
			`},`
			`{`
			`"type": "artifact",`
			`"spec_version": "2.1",`
			`"id": "artifact--593e5adb-ecdc-4c42-be07-4440950d210f",`
			"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAwgAAAMECAYAAAAbxwJsAAAEDWlDQ1BJQ0MgUHJvZmlsZQAAOI2NVV1oHFUUPrtzZyMkzlNsNIV0qD8NJQ2TVjShtLp/3d02bpZJNtoi6GT27s6Yyc44M7v9oU9FUHwx6psUxL+3gCAo9Q/bPrQvlQol2tQgKD60+INQ6Ium65k7M5lpurHeZe58853vnnvuuWfvBei5qliWkRQBFpquLRcy4nOHj4g9K5CEh6AXBqFXUR0rXalMAjZPC3e1W99Dwntf2dXd/p+tt0YdFSBxH2Kz5qgLiI8B8KdVy3YBevqRHz/qWh72Yui3MUDEL3q44WPXw3M+fo1pZuQs4tOIBVVTaoiXEI/MxfhGDPsxsNZfoE1q66ro5aJim3XdoLFw72H+n23BaIXzbcOnz5mfPoTvYVz7KzUl5+FRxEuqkp9G/Ajia219thzg25abkRE/BpDc3pqvphHvRFys2weqvp+krbWKIX7nhDbzLOItiM8358pTwdirqpPFnMF2xLc1WvLyOwTAibpbmvHHcvttU57y5+XqNZrLe3lE/Pq8eUj2fXKfOe3pfOjzhJYtB/yll5SDFcSDiH+hRkH25+L+sdxKEAMZahrlSX8ukqMOWy/jXW2m6M9LDBc31B9LFuv6gVKg/0Szi3KAr1kGq1GMjU/aLbnq6/lRxc4XfJ98hTargX++DbMJBSiYMIe9Ck1YAxFkKEAG3xbYaKmDDgYyFK0UGYpfoWYXG+fAPPI6tJnNwb7ClP7IyF+D+bjOtCpkhz6CFrIa/I6sFtNl8auFXGMTP34sNwI/JhkgEtmDz14ySfaRcTIBInmKPE32kxyyE2Tv+thKbEVePDfW/byMM1Kmm0XdObS7oGD/MypMXFPXrCwOtoYjyyn7BV29/MZfsVzpLDdRtuIZnbpXzvlf+ev8MvYr/Gqk4H/kV/G3csdazLuyTMPsbFhzd1UabQbjFvDRmcWJxR3zcfHkVw9GfpbJmeev9F08WW8uDkaslwX6avlWGU6NRKz0g/SHtCy9J30o/ca9zX3Kfc19zn3BXQKRO8ud477hLnAfc1/G9mrzGlrfexZ5GLdn6ZZrrEohI2wVHhZywjbhUWEy8icMCGNCUdiBlq3r+xafL549HQ5jH+an+1y+LlYBifuxAvRN/lVVVOlwlCkdVm9NOL5BE4wkQ2SMlDZU97hX86EilU/lUmkQUztTE6mx1EEPh7OmdqBtAvv8HdWpbrJS6tJj3n0CWdM6busNzRV3S9KTYhqvNiqWmuroiKgYhshMjmhTh9ptWhsF7970j/SbMrsPE1suR5z7DMC+P/Hs+y7ijrQAlhyAgccjbhjPygfeBTjzhNqy28EdkUh8C+DU9+z2v/oyeH791OncxHOs5y2AtTc7nb/f73TWPkD/qwBnjX8BoJ98VVBg/m8AAAAJcEhZcwAAFxIAABcSAWef0lIAAEAASURBVHgB7F0HYBRF236upjdCSQIh9F4TWuhFBBWsiIUPUVEUKYpdEFGKvaCIigiCiB0pKqCAIFV6SUJII6EmIaRc2iVX/2f27pJLCBgh+ivOaLi73Z2Zd56Z3X37qHJzc+2QRSIgEZAISAQkAhIBiYBEQCIgEfjPI2AymZqp//MoSAAkAhIBiYBEQCIgEZAISAQkAhKBMgSkgFAGhfwiEZAISAQkAhIBiYBEQCIgEZAISAFBrgGJgERAIiARkAhIBCQCEgGJgESgDAEpIJRBIb9IBCQCEgGJgERAIiARkAhIBCQCUkCQa0AiIBGQCEgEJAISAYmAREAiIBEoQ0AKCGVQyC8SAYmAREAiIBGQCEgEJAISAYmAFBDkGpAISAQkAhIBiYBEQCIgEZAISATKEJACQhkU8otEQCIgEZAISAQkAhIBiYBEQCKgvSwIbIDGyxteeg1UzgZs1lIUF5pgryRy2FVqeHt7Q6t2XckKdiuKi4phrbxFm00Fna83PDXORlR2WEuNKDZa2Z8PvPXO43YbzDxuNNvK+r+scdRgJZXGAz7e+jJ6zKVFKDERqL+zqFRQqbTQaewwmy1wwauyq6D28IKXh3O+iKvFWIRis72M3r+TzIv2JeiHGlqdBlZTKVyzq+JxqHXw9vGA2jkoG/Etqja+rM//9VyzHq61xTVUUlQEQiCLRODyEFDuNzU8uK507s89O59bpmIUV3t9Xl73F6ul4jNXrffk81JT8RLSZSFdxv8nuioSI39JBCQCEgGJwD8ZAffXWjXpVEPvp8KW10ahR6sWaNGCf83bY+hdnyA70BMVXkkaT/jnHcbYYd0d14lr+dem7whsPG4rZ/iVnjXwCsrFkjHXo0NzZ7stu+PO2VugD7Tgx2euR0dn/RZR12LKtynw96rQWzXpr/nL1GorTvwyC71cdJPOhxfGwWT7m+hTGBWy1mot8mNW4Z3la5GUT2baeVylM2Lj6/egV2sHrq069ca9C2Pg53kZ01/z8JF5F4IN/9RqFCVtxteLXsX+8z7Qu8alNSFx07u4pq2D/pbtonDjG9vgoXUTOi9Gl9IGoC05jtdHX4vWyhpqic69h2DxYR08/iEQXIx8efyfiYBYr3ZbKTKT1uOx/s7nlfP51DqqD+5+b1f11meNDU/cQ47GSvPPYe3sWyo8c8VzV9D1v3m7oKc0U407p8Yokw1JBCQCEgGJwL8PgcuwINhgsfiibZMAZGUfx8lcx6Cz7V8hPnkSGtQvoWbacUzn4YGTCXuwd+8BHHdep5xJM2LL4RQM6tgOKmqKFSUumVtdXiZ2x8XhaGq6cpkqIAx9G7eDt7oU2adSkXr8OIrFGT8rTmUZoaGmDLAq1/5//kNWASU5J5CYehx5TkLqny2iBvxvoE8wwATQUpKG377/AC9M/Q5et72I62+ggACTAx2VDYaME0hNOo4s0qf2KUbdzCInfn+zlaPyRDnpt5ZkYP/WT/Hsgx8ht91AfHqjjgyPkdYmVuAASwwZSE0+jlMW/tT5wCM9n/QLNkdZPZVbrfSbGlWbEWeOJyPp+GnRIDwKzEgvEEIVf/4/Q1CJWPnzn44A153NXIjUb6fj+ue/Q25OAe+08uITDAxt1Bo2W3XWZnm9y/4m7iE+C61F2fh96dOY9O7PyMgrQHFJ5f5TkZx8B7YtaothE+fgvQe6wmTmw7ryZZdNiKwoEZAISAQkAlcLApchIJCfstjQuHMnhPkF4VRurvJ+MRrzcSrjHHThXsRGcFwqaFU5OJWaiPzCSnDZinA8MRXZ1s6ojVIHE6vRwp6RhWSjIgIo9f29Q9E5qjHbPwmVRkOGkIf5MlOp+d3dZalS83/3T+Go41WnKdq1ao1sp2quZUM/Muh/NecphAMbSnNS8PFjIzH9h1R64ngiiq5aCu/sBoTQzmt0PGDmOWoQ1f8I/AT9wt0pA99NvQMTlxyBlYJihJWMeyUVp1q4TQj6KSDQf+JPzr8NNrUPIlq1QbsiP1gJjndwOMID6AryV0+R2xzIr1cDAuLeonuaNQXffPYzDIpwoILG0xf1QkMR5EWrad0oRLfz+nvWlhAO+J+9xIBty5/H+DnfIl08b3m/aAND0bR+IIVjO2xWC/IykpCZb6DVYze+mjMZPr7zMf2OjtDRVVPKCFfD2pRjkAhIBCQCNYfAZQkIDAyAqX1vXFPXF4dpQqCeF6bCYpzJOg+brhFQSq6LLyhdUQYSD8fgvNOiUE52PmJjYnHm9G0IqU0bAI0AWvrNnz6ZjNy8IudlevjUvhZ9Opth+f83EpSTXsU3G12JIgZPxW83z1RsBuISU3E+fZD/YsLJRFM+QEnaKiz7WWjG/2VFEfjI3KSvxeJVqQrvX0kuuPIBUQARApzFsxGeWPwTntc5lrzdboGxoJBuYFfehWzhP4QAF6gQam2FqUg5bXKsWUreYS174e3PV2JEO0/ekyYUFxT/LfEtyi1Eu+qJ3V/gg3nfK8KBSqNHSMsBuOuh5zBrcj94c3pK87Owbu69ePaDLUjILEZRdhK+mPs+erZ5E0Pb+FOnI0WE/9AqlkOVCEgEJAJ/iMDlCQjUjJtLm6P/kCZ
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--593e5b39-977c-442c-ba46-bbf302de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:29.000Z",`
			`"modified": "2017-06-12T09:13:29.000Z",`
			`"description": "Mach-O file - Xchecked via VT: 617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98",`
			`"pattern": "[file:hashes.SHA1 = 'cf0743ed381ade69bba3d1dd3d357a8300bcd4ae']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-06-12T09:13:29Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha1\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--593e5b39-6a4c-471c-85da-bbf302de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:29.000Z",`
			`"modified": "2017-06-12T09:13:29.000Z",`
			`"description": "Mach-O file - Xchecked via VT: 617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98",`
			`"pattern": "[file:hashes.MD5 = '8fe94843a3e655209c57af587849ac3a']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-06-12T09:13:29Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"md5\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--593e5b3a-2020-4e7b-add4-bbf302de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-12T09:13:30.000Z",`
			`"modified": "2017-06-12T09:13:30.000Z",`
			`"first_observed": "2017-06-12T09:13:30Z",`
			`"last_observed": "2017-06-12T09:13:30Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--593e5b3a-2020-4e7b-add4-bbf302de0b81"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--593e5b3a-2020-4e7b-add4-bbf302de0b81",`
			`"value": "https://www.virustotal.com/file/617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98/analysis/1497256956/"`
			`},`
			`{`
			`"type": "marking-definition",`
			`"spec_version": "2.1",`
			`"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",`
			`"created": "2017-01-20T00:00:00.000Z",`
			`"definition_type": "tlp",`
			`"name": "TLP:WHITE",`
			`"definition": {`
			`"tlp": "white"`
			`}`
			`}`
			`]`
			`}`