{
    "type": "bundle",
    "id": "bundle--8279cb7a-b195-417b-a225-c1d15e70750d",
    "spec_version": "2.0",
    "objects": [
        {
            "labels": [
                "malware"
            ],
            "x_mitre_platforms": [
                "Windows"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_aliases": [
                "Orz",
                "AIRBREAK"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "type": "malware",
            "id": "malware--06d735e7-1db1-4dbe-ab4b-acbe419f902b",
            "created": "2018-04-18T17:59:24.739Z",
            "x_mitre_version": "2.2",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "external_id": "S0229",
                    "url": "https://attack.mitre.org/software/S0229"
                },
                {
                    "source_name": "AIRBREAK",
                    "description": "(Citation: FireEye Periscope March 2018)"
                },
                {
                    "source_name": "Orz",
                    "description": "(Citation: Proofpoint Leviathan Oct 2017)"
                },
                {
                    "source_name": "Proofpoint Leviathan Oct 2017",
                    "url": "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets",
                    "description": "Axel F, Pierre T. (2017, October 16). Leviathan: Espionage actor spearphishes maritime and defense targets. Retrieved February 15, 2018."
                },
                {
                    "source_name": "FireEye Periscope March 2018",
                    "url": "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html",
                    "description": "FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018."
                }
            ],
            "x_mitre_deprecated": false,
            "revoked": false,
            "description": "[Orz](https://attack.mitre.org/software/S0229) is a custom JavaScript backdoor used by [Leviathan](https://attack.mitre.org/groups/G0065). It was observed being used in 2014 as well as in August 2017 when it was dropped by Microsoft Publisher files. (Citation: Proofpoint Leviathan Oct 2017) (Citation: FireEye Periscope March 2018)",
            "modified": "2022-04-19T01:33:33.267Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Orz",
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}