{
  "type": "bundle",
  "id": "bundle--9e3aa968-d648-4a74-9672-46db39b4bc3a",
  "objects": [
    {
      "type": "report",
      "spec_version": "2.1",
      "id": "report--5e87efc7-defc-404a-af08-32eeb191de69",
      "created": "2026-04-20T09:05:57.000Z",
      "modified": "2026-04-20T09:05:57.000Z",
      "name": "Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit",
      "description": "We then retrieved the complete exploit kit when it was later used in broad-scale campaigns by UNC6691, a financially motivated threat actor operating from China. Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities.",
      "published": "2026-03-03T14:00:00.000Z",
      "report_types": [
        "threat-report"
      ],
      "object_refs": [
        "vulnerability--a37ab68c-b38d-4339-9f13-de4c1a4e94db",
        "vulnerability--dab4bd6f-8345-444b-9c69-13e4878f9a1e",
        "vulnerability--7108bcc5-0963-42bf-a6e0-12fba876b3af",
        "attack-pattern--dcf41c83-558f-44b6-890b-3a465d0d14d8",
        "attack-pattern--9192c7b5-8cd3-4bc6-854f-40f665bbeaeb",
        "attack-pattern--e41de23e-fa93-4380-aa05-93c73b743980",
        "attack-pattern--ef44cfb8-1499-4c3a-ac51-100567daf932"
      ],
      "external_references": [
        {
          "source_name": "Mandiant Blog",
          "url": "https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit",
          "description": "Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit"
        }
      ],
      "labels": [
        "Finance",
        "Technology",
        "Retail",
        "Manufacturing"
      ]
    },
    {
      "type": "vulnerability",
      "spec_version": "2.1",
      "id": "vulnerability--a37ab68c-b38d-4339-9f13-de4c1a4e94db",
      "created": "2026-04-20T09:05:57.000Z",
      "modified": "2026-04-20T09:05:57.000Z",
      "name": "CVE-2024-23222",
      "external_references": [
        {
          "source_name": "cve",
          "external_id": "CVE-2024-23222",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23222"
        }
      ]
    },
    {
      "type": "vulnerability",
      "spec_version": "2.1",
      "id": "vulnerability--dab4bd6f-8345-444b-9c69-13e4878f9a1e",
      "created": "2026-04-20T09:05:57.000Z",
      "modified": "2026-04-20T09:05:57.000Z",
      "name": "CVE-2022-48503",
      "external_references": [
        {
          "source_name": "cve",
          "external_id": "CVE-2022-48503",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48503"
        }
      ]
    },
    {
      "type": "vulnerability",
      "spec_version": "2.1",
      "id": "vulnerability--7108bcc5-0963-42bf-a6e0-12fba876b3af",
      "created": "2026-04-20T09:05:57.000Z",
      "modified": "2026-04-20T09:05:57.000Z",
      "name": "CVE-2023-43000",
      "external_references": [
        {
          "source_name": "cve",
          "external_id": "CVE-2023-43000",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43000"
        }
      ]
    },
    {
      "type": "attack-pattern",
      "spec_version": "2.1",
      "id": "attack-pattern--dcf41c83-558f-44b6-890b-3a465d0d14d8",
      "created": "2026-04-20T09:05:57.000Z",
      "modified": "2026-04-20T09:05:57.000Z",
      "name": "Command and Scripting Interpreter",
      "external_references": [
        {
          "source_name": "mitre-attack",
          "external_id": "T1059",
          "url": "https://attack.mitre.org/techniques/T1059/"
        }
      ],
      "kill_chain_phases": [
        {
          "kill_chain_name": "mitre-attack",
          "phase_name": "execution"
        }
      ]
    },
    {
      "type": "attack-pattern",
      "spec_version": "2.1",
      "id": "attack-pattern--9192c7b5-8cd3-4bc6-854f-40f665bbeaeb",
      "created": "2026-04-20T09:05:57.000Z",
      "modified": "2026-04-20T09:05:57.000Z",
      "name": "Drive-by Compromise",
      "external_references": [
        {
          "source_name": "mitre-attack",
          "external_id": "T1189",
          "url": "https://attack.mitre.org/techniques/T1189/"
        }
      ],
      "kill_chain_phases": [
        {
          "kill_chain_name": "mitre-attack",
          "phase_name": "initial-access"
        }
      ]
    },
    {
      "type": "attack-pattern",
      "spec_version": "2.1",
      "id": "attack-pattern--e41de23e-fa93-4380-aa05-93c73b743980",
      "created": "2026-04-20T09:05:57.000Z",
      "modified": "2026-04-20T09:05:57.000Z",
      "name": "Obfuscated Files or Information",
      "external_references": [
        {
          "source_name": "mitre-attack",
          "external_id": "T1027",
          "url": "https://attack.mitre.org/techniques/T1027/"
        }
      ],
      "kill_chain_phases": [
        {
          "kill_chain_name": "mitre-attack",
          "phase_name": "defense-evasion"
        }
      ]
    },
    {
      "type": "attack-pattern",
      "spec_version": "2.1",
      "id": "attack-pattern--ef44cfb8-1499-4c3a-ac51-100567daf932",
      "created": "2026-04-20T09:05:57.000Z",
      "modified": "2026-04-20T09:05:57.000Z",
      "name": "Exploit Public-Facing Application",
      "external_references": [
        {
          "source_name": "mitre-attack",
          "external_id": "T1190",
          "url": "https://attack.mitre.org/techniques/T1190/"
        }
      ],
      "kill_chain_phases": [
        {
          "kill_chain_name": "mitre-attack",
          "phase_name": "initial-access"
        }
      ]
    }
  ]
}