[copy]
{
"type": "bundle",
"id": "bundle--c9b09bce-fc2c-4af6-b691-b2ee15236b98",
"spec_version": "2.1",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--38f3b92b-cc21-4eeb-a923-d25b68b57055",
"created": "2025-09-26T17:50:27.632576+00:00",
"modified": "2025-09-26T17:50:27.632588+00:00",
"name": "MikeGPT Intelligence Platform",
"description": "AI-powered threat intelligence collection and analysis platform",
"identity_class": "system",
"sectors": [
"technology"
],
"contact_information": "Automated Intelligence System"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--c7acf699-71aa-41a0-b88e-6585fa580cd1",
"created": "2025-09-26T17:50:27.632655+00:00",
"modified": "2025-09-26T17:50:27.632658+00:00",
"name": "Threat Intelligence Report - 2025-09-26",
"description": "Threat Intelligence Report - 2025-09-26\n\nThis report consolidates actionable cybersecurity intelligence from 87 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• This Time, I Had Something Special to Offer (Score: 100)\n• How to develop an AWS Security Hub POC (Score: 100)\n• What's New in Varonis: September 2025 (Score: 100)\n• Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as O (Score: 100)\n• Microsoft Reduces Israel’s Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza (Score: 100)\n\nEXTRACTED ENTITIES:\n• 1 Indicator(s)\n• 1 Malware(s)\n• 1 Threat Actor(s)\n• 3 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n",
"published": "2025-09-26T17:50:27.632667+00:00",
"object_refs": [
"identity--38f3b92b-cc21-4eeb-a923-d25b68b57055",
"vulnerability--242949ef-3102-4139-9c17-26a9d8af8d64",
"vulnerability--d2f240be-e22e-4cdc-be7b-718870840b01",
"malware--9b9bb599-1f44-4201-a752-51c6179ef69b",
"indicator--92d593ca-a78c-406c-995b-91316ab330c6",
"vulnerability--406908ff-8b52-4097-9bd5-df571a54432d",
"threat-actor--d954f4ff-14ca-4e27-8e53-b12de538793b"
],
"labels": [
"threat-report"
],
"created_by_ref": "identity--38f3b92b-cc21-4eeb-a923-d25b68b57055"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--242949ef-3102-4139-9c17-26a9d8af8d64",
"created": "2025-09-26T17:49:43.963650+00:00",
"modified": "2025-09-26T17:49:43.963679+00:00",
"name": "CVE-2025-20333",
"description": "Vulnerability CVE-2025-20333 identified in threat intelligence",
"external_references": [
{
"source_name": "NIST NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20333",
"external_id": "CVE-2025-20333"
}
],
"confidence": 76
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--d2f240be-e22e-4cdc-be7b-718870840b01",
"created": "2025-09-26T17:49:43.963699+00:00",
"modified": "2025-09-26T17:49:43.963701+00:00",
"name": "CVE-2025-20362",
"description": "Vulnerability CVE-2025-20362 identified in threat intelligence",
"external_references": [
{
"source_name": "NIST NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20362",
"external_id": "CVE-2025-20362"
}
],
"confidence": 75
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--9b9bb599-1f44-4201-a752-51c6179ef69b",
"created": "2025-09-26T17:49:47.586799+00:00",
"modified": "2025-09-26T17:49:47.586800+00:00",
"name": "VIPER",
"description": "Malware VIPER identified in threat intelligence",
"malware_types": [
"trojan"
],
"is_family": true,
"capabilities": [],
"implementation_languages": [],
"confidence": 51
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--92d593ca-a78c-406c-995b-91316ab330c6",
"created": "2025-09-26T17:49:52.550305+00:00",
"modified": "2025-09-26T17:49:52.550323+00:00",
"name": "SHA-1 hash indicator",
"description": "SHA-1 file hash identified in threat intelligence",
"pattern": "[file:hashes.'SHA-1' = '78b6afd83beb5fe80a07742a89fd6138729999af']",
"pattern_type": "stix",
"valid_from": "2025-09-26T17:49:52.550328+00:00",
"labels": [
"malicious-activity"
],
"external_references": [
{
"source_name": "Threat Intelligence Report",
"url": "https://www.reddit.com/r/cybersecurity/comments/1nqoqim/exploit_allows_for_takeover_of_fleets_of_unitree/"
}
],
"confidence": 76
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--406908ff-8b52-4097-9bd5-df571a54432d",
"created": "2025-09-26T17:50:11.458824+00:00",
"modified": "2025-09-26T17:50:11.458881+00:00",
"name": "CVE-2025-10035",
"description": "Vulnerability CVE-2025-10035 identified in threat intelligence",
"external_references": [
{
"source_name": "NIST NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10035",
"external_id": "CVE-2025-10035"
}
],
"confidence": 63
},
{
"type": "threat-actor",
"spec_version": "2.1",
"id": "threat-actor--d954f4ff-14ca-4e27-8e53-b12de538793b",
"created": "2025-09-26T17:50:20.168203+00:00",
"modified": "2025-09-26T17:50:20.168205+00:00",
"name": "UNC5221",
"description": "Threat actor UNC5221 identified in threat intelligence",
"threat_actor_types": [
"hacker"
],
"aliases": [
"UNC5221"
],
"sophistication": "intermediate",
"resource_level": "organization",
"primary_motivation": "organizational-gain",
"secondary_motivations": [],
"confidence": 54
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--13d14268-63c0-42bf-bd4d-81b2c6ab15aa",
"created": "2025-09-26T17:50:29.445424+00:00",
"modified": "2025-09-26T17:50:29.445454+00:00",
"name": "Exploit Public-Facing Application",
"description": "MITRE ATT&CK technique T1190",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1190/",
"external_id": "T1190"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial_access"
}
],
"x_mitre_id": "T1190",
"x_mitre_version": "1.0",
"x_mitre_tactic": "initial_access"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--05a6fa89-c7ad-4c65-8427-e3917842613a",
"created": "2025-09-26T17:50:29.445527+00:00",
"modified": "2025-09-26T17:50:29.445534+00:00",
"name": "Exploitation for Client Execution",
"description": "MITRE ATT&CK technique T1203",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1203/",
"external_id": "T1203"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"x_mitre_id": "T1203",
"x_mitre_version": "1.0",
"x_mitre_tactic": "execution"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7362d3b5-573b-4daa-9ce2-2f6f746216e8",
"created": "2025-09-26T17:50:29.445545+00:00",
"modified": "2025-09-26T17:50:29.445547+00:00",
"name": "Boot or Logon Autostart Execution",
"description": "MITRE ATT&CK technique T1547",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1547/",
"external_id": "T1547"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"x_mitre_id": "T1547",
"x_mitre_version": "1.0",
"x_mitre_tactic": "persistence"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8031009d-7770-4fbd-8708-92296ce8d2a0",
"created": "2025-09-26T17:50:29.445636+00:00",
"modified": "2025-09-26T17:50:29.445652+00:00",
"name": "Scheduled Task/Job",
"description": "MITRE ATT&CK technique T1053",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1053/",
"external_id": "T1053"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"x_mitre_id": "T1053",
"x_mitre_version": "1.0",
"x_mitre_tactic": "execution"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--57b428e3-5b66-4ce2-b4c8-59501c0fe7e4",
"created": "2025-09-26T17:50:29.445677+00:00",
"modified": "2025-09-26T17:50:29.445686+00:00",
"name": "Create or Modify System Process",
"description": "MITRE ATT&CK technique T1543",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1543/",
"external_id": "T1543"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"x_mitre_id": "T1543",
"x_mitre_version": "1.0",
"x_mitre_tactic": "persistence"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--eda00bdd-5398-497e-b903-5abda638d4a4",
"created": "2025-09-26T17:50:29.445722+00:00",
"modified": "2025-09-26T17:50:29.445725+00:00",
"name": "Abuse Elevation Control Mechanism",
"description": "MITRE ATT&CK technique T1548",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1548/",
"external_id": "T1548"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege_escalation"
}
],
"x_mitre_id": "T1548",
"x_mitre_version": "1.0",
"x_mitre_tactic": "privilege_escalation"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0673f20a-3b57-4f36-864b-8e2d3d891855",
"created": "2025-09-26T17:50:29.445734+00:00",
"modified": "2025-09-26T17:50:29.445741+00:00",
"name": "Access Token Manipulation",
"description": "MITRE ATT&CK technique T1134",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1134/",
"external_id": "T1134"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense_evasion"
}
],
"x_mitre_id": "T1134",
"x_mitre_version": "1.0",
"x_mitre_tactic": "defense_evasion"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--73d1170a-d538-4fdc-93be-62c0bcbca5ec",
"created": "2025-09-26T17:50:29.445761+00:00",
"modified": "2025-09-26T17:50:29.445768+00:00",
"name": "Application Layer Protocol",
"description": "MITRE ATT&CK technique T1071",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1071/",
"external_id": "T1071"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command_and_control"
}
],
"x_mitre_id": "T1071",
"x_mitre_version": "1.0",
"x_mitre_tactic": "command_and_control"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4f26e71b-f91a-486d-a5d7-988ff9b4a35f",
"created": "2025-09-26T17:50:29.445783+00:00",
"modified": "2025-09-26T17:50:29.445791+00:00",
"name": "Non-Application Layer Protocol",
"description": "MITRE ATT&CK technique T1095",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1095/",
"external_id": "T1095"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command_and_control"
}
],
"x_mitre_id": "T1095",
"x_mitre_version": "1.0",
"x_mitre_tactic": "command_and_control"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8acbeda3-133a-47a8-bec7-63f508b09308",
"created": "2025-09-26T17:50:29.445813+00:00",
"modified": "2025-09-26T17:50:29.445815+00:00",
"name": "Spearphishing Attachment",
"description": "MITRE ATT&CK technique T1566.001",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/001/",
"external_id": "T1566.001"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial_access"
}
],
"x_mitre_id": "T1566.001",
"x_mitre_version": "1.0",
"x_mitre_tactic": "initial_access"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2c8cc672-6a39-46d9-b9dd-4d56913d3f25",
"created": "2025-09-26T17:50:29.445874+00:00",
"modified": "2025-09-26T17:50:29.445882+00:00",
"name": "Spearphishing Link",
"description": "MITRE ATT&CK technique T1566.002",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/002/",
"external_id": "T1566.002"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial_access"
}
],
"x_mitre_id": "T1566.002",
"x_mitre_version": "1.0",
"x_mitre_tactic": "initial_access"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--84d8bb0a-0cd5-4404-88b3-991de7332a5e",
"created": "2025-09-26T17:50:29.445891+00:00",
"modified": "2025-09-26T17:50:29.445893+00:00",
"name": "Spearphishing via Service",
"description": "MITRE ATT&CK technique T1566.003",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/003/",
"external_id": "T1566.003"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial_access"
}
],
"x_mitre_id": "T1566.003",
"x_mitre_version": "1.0",
"x_mitre_tactic": "initial_access"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--f35201ef-8ae6-468c-b988-0299cc25e48e",
"created": "2025-09-26T17:50:29.445898+00:00",
"modified": "2025-09-26T17:50:29.445899+00:00",
"name": "Remote Services",
"description": "MITRE ATT&CK technique T1021",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1021/",
"external_id": "T1021"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "lateral_movement"
}
],
"x_mitre_id": "T1021",
"x_mitre_version": "1.0",
"x_mitre_tactic": "lateral_movement"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--cc4146d1-03aa-472f-994e-0a391fec684e",
"created": "2025-09-26T17:50:29.445923+00:00",
"modified": "2025-09-26T17:50:29.445927+00:00",
"name": "Ingress Tool Transfer",
"description": "MITRE ATT&CK technique T1105",
"confidence": 90,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1105/",
"external_id": "T1105"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command_and_control"
}
],
"x_mitre_id": "T1105",
"x_mitre_version": "1.0",
"x_mitre_tactic": "command_and_control"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ec7eeed4-529f-4591-bdc0-20fb5cc76cf2",
"created": "2025-09-26T17:50:29.445938+00:00",
"modified": "2025-09-26T17:50:29.445944+00:00",
"name": "Disable or Modify Linux Audit System",
"description": "MITRE ATT&CK technique T1562.012",
"confidence": 85,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1562/012/",
"external_id": "T1562.012"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense_evasion"
}
],
"x_mitre_id": "T1562.012",
"x_mitre_version": "1.0",
"x_mitre_tactic": "defense_evasion"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7dab8b92-949a-4ad0-928b-731e36ffd051",
"created": "2025-09-26T17:50:29.445954+00:00",
"modified": "2025-09-26T17:50:29.445955+00:00",
"name": "Digital Certificates",
"description": "MITRE ATT&CK technique T1588.004",
"confidence": 85,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1588/004/",
"external_id": "T1588.004"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource_development"
}
],
"x_mitre_id": "T1588.004",
"x_mitre_version": "1.0",
"x_mitre_tactic": "resource_development"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--dcb4fdfa-46ab-44de-87d5-a393d43cfdf2",
"created": "2025-09-26T17:50:29.445966+00:00",
"modified": "2025-09-26T17:50:29.445968+00:00",
"name": "Digital Certificates",
"description": "MITRE ATT&CK technique T1587.003",
"confidence": 85,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1587/003/",
"external_id": "T1587.003"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource_development"
}
],
"x_mitre_id": "T1587.003",
"x_mitre_version": "1.0",
"x_mitre_tactic": "resource_development"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2b504476-c9ed-4af3-b388-2189d013bfc7",
"created": "2025-09-26T17:50:29.445980+00:00",
"modified": "2025-09-26T17:50:29.445982+00:00",
"name": "Code Signing Certificates",
"description": "MITRE ATT&CK technique T1588.003",
"confidence": 85,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1588/003/",
"external_id": "T1588.003"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource_development"
}
],
"x_mitre_id": "T1588.003",
"x_mitre_version": "1.0",
"x_mitre_tactic": "resource_development"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--22a25694-92f6-4517-b7ff-c19c5a0354f6",
"created": "2025-09-26T17:50:29.445987+00:00",
"modified": "2025-09-26T17:50:29.445989+00:00",
"name": "Cloud Secrets Management Stores",
"description": "MITRE ATT&CK technique T1555.006",
"confidence": 83,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1555/006/",
"external_id": "T1555.006"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "credential_access"
}
],
"x_mitre_id": "T1555.006",
"x_mitre_version": "1.0",
"x_mitre_tactic": "credential_access"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--98d85f8d-bb2b-4427-8a58-7f32a05dd5a9",
"created": "2025-09-26T17:50:29.445993+00:00",
"modified": "2025-09-26T17:50:29.445995+00:00",
"name": "Compromise Hardware Supply Chain",
"description": "MITRE ATT&CK technique T1195.003",
"confidence": 82,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1195/003/",
"external_id": "T1195.003"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial_access"
}
],
"x_mitre_id": "T1195.003",
"x_mitre_version": "1.0",
"x_mitre_tactic": "initial_access"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--98a39dc3-680d-4f4d-bdde-731cfdecc8b6",
"created": "2025-09-26T17:50:29.446030+00:00",
"modified": "2025-09-26T17:50:29.446034+00:00",
"name": "Supply Chain Compromise",
"description": "MITRE ATT&CK technique T1195",
"confidence": 80,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1195/",
"external_id": "T1195"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial_access"
}
],
"x_mitre_id": "T1195",
"x_mitre_version": "1.0",
"x_mitre_tactic": "initial_access"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3ee01493-cd5e-41d6-9322-ee3bf52199fd",
"created": "2025-09-26T17:50:29.446062+00:00",
"modified": "2025-09-26T17:50:29.446064+00:00",
"name": "Remote Desktop Protocol",
"description": "MITRE ATT&CK technique T1021.001",
"confidence": 80,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1021/001/",
"external_id": "T1021.001"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "lateral_movement"
}
],
"x_mitre_id": "T1021.001",
"x_mitre_version": "1.0",
"x_mitre_tactic": "lateral_movement"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--275e2f7a-0cb0-4e26-b489-99f2d754192c",
"created": "2025-09-26T17:50:29.446068+00:00",
"modified": "2025-09-26T17:50:29.446070+00:00",
"name": "Code Signing Certificates",
"description": "MITRE ATT&CK technique T1587.002",
"confidence": 79,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1587/002/",
"external_id": "T1587.002"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource_development"
}
],
"x_mitre_id": "T1587.002",
"x_mitre_version": "1.0",
"x_mitre_tactic": "resource_development"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ddf98ed2-3bf7-48f6-85e9-643f75b4faaf",
"created": "2025-09-26T17:50:29.446074+00:00",
"modified": "2025-09-26T17:50:29.446075+00:00",
"name": "Compromise Software Supply Chain",
"description": "MITRE ATT&CK technique T1195.002",
"confidence": 78,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1195/002/",
"external_id": "T1195.002"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial_access"
}
],
"x_mitre_id": "T1195.002",
"x_mitre_version": "1.0",
"x_mitre_tactic": "initial_access"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e167a565-c371-45b4-a509-fff24cf06451",
"created": "2025-09-26T17:50:29.446083+00:00",
"modified": "2025-09-26T17:50:29.446086+00:00",
"name": "Install Root Certificate",
"description": "MITRE ATT&CK technique T1130",
"confidence": 75,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1130/",
"external_id": "T1130"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense_evasion"
}
],
"x_mitre_id": "T1130",
"x_mitre_version": "1.0",
"x_mitre_tactic": "defense_evasion"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b3d1454c-b396-4222-92b9-8a1895eab396",
"created": "2025-09-26T17:50:29.446101+00:00",
"modified": "2025-09-26T17:50:29.446104+00:00",
"name": "Vulnerabilities",
"description": "MITRE ATT&CK technique T1588.006",
"confidence": 73,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1588/006/",
"external_id": "T1588.006"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource_development"
}
],
"x_mitre_id": "T1588.006",
"x_mitre_version": "1.0",
"x_mitre_tactic": "resource_development"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--aa5b7d4d-1431-4258-b76a-317356e72273",
"created": "2025-09-26T17:50:29.446112+00:00",
"modified": "2025-09-26T17:50:29.446113+00:00",
"name": "Remote Desktop Protocol",
"description": "MITRE ATT&CK technique T1076",
"confidence": 73,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1076/",
"external_id": "T1076"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "lateral_movement"
}
],
"x_mitre_id": "T1076",
"x_mitre_version": "1.0",
"x_mitre_tactic": "lateral_movement"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--697dd550-a7d7-4275-9d39-05acf7af9c2a",
"created": "2025-09-26T17:50:29.446118+00:00",
"modified": "2025-09-26T17:50:29.446123+00:00",
"name": "Local Groups",
"description": "MITRE ATT&CK technique T1069.001",
"confidence": 70,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1069/001/",
"external_id": "T1069.001"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "discovery"
}
],
"x_mitre_id": "T1069.001",
"x_mitre_version": "1.0",
"x_mitre_tactic": "discovery"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--69961d42-4597-4384-bb00-2d3eb6d8a970",
"created": "2025-09-26T17:50:29.446132+00:00",
"modified": "2025-09-26T17:50:29.446133+00:00",
"name": "Scheduled Task",
"description": "MITRE ATT&CK technique T1053.005",
"confidence": 70,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1053/005/",
"external_id": "T1053.005"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"x_mitre_id": "T1053.005",
"x_mitre_version": "1.0",
"x_mitre_tactic": "execution"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6511444c-3a45-4980-a604-a611fc9d9df4",
"created": "2025-09-26T17:50:29.446136+00:00",
"modified": "2025-09-26T17:50:29.446138+00:00",
"name": "Socket Filters",
"description": "MITRE ATT&CK technique T1205.002",
"confidence": 70,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1205/002/",
"external_id": "T1205.002"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense_evasion"
}
],
"x_mitre_id": "T1205.002",
"x_mitre_version": "1.0",
"x_mitre_tactic": "defense_evasion"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--24b1c519-4619-45a6-9b3f-548bafa43c67",
"created": "2025-09-26T17:50:29.446142+00:00",
"modified": "2025-09-26T17:50:29.446147+00:00",
"name": "Malicious Shell Modification",
"description": "MITRE ATT&CK technique T1156",
"confidence": 70,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1156/",
"external_id": "T1156"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"x_mitre_id": "T1156",
"x_mitre_version": "1.0",
"x_mitre_tactic": "persistence"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9c1afdc5-4b3f-420f-8a9c-52fe74d23fd8",
"created": "2025-09-26T17:50:29.446159+00:00",
"modified": "2025-09-26T17:50:29.446162+00:00",
"name": "Archive via Utility",
"description": "MITRE ATT&CK technique T1560.001",
"confidence": 70,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1560/001/",
"external_id": "T1560.001"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1560.001",
"x_mitre_version": "1.0",
"x_mitre_tactic": "collection"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5d79b01f-7a14-4b3f-89c8-12951b1adda6",
"created": "2025-09-26T17:50:29.446173+00:00",
"modified": "2025-09-26T17:50:29.446174+00:00",
"name": "Screen Capture",
"description": "MITRE ATT&CK technique T1113",
"confidence": 70,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1113/",
"external_id": "T1113"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1113",
"x_mitre_version": "1.0",
"x_mitre_tactic": "collection"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7371fee0-2e40-4e89-ad74-71f1197eec8c",
"created": "2025-09-26T17:50:29.446185+00:00",
"modified": "2025-09-26T17:50:29.446187+00:00",
"name": "Adversary-in-the-Middle",
"description": "MITRE ATT&CK technique T1557",
"confidence": 70,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1557/",
"external_id": "T1557"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "credential_access"
}
],
"x_mitre_id": "T1557",
"x_mitre_version": "1.0",
"x_mitre_tactic": "credential_access"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e47829cf-f9eb-479f-bb35-687200abb7c7",
"created": "2025-09-26T17:50:29.446194+00:00",
"modified": "2025-09-26T17:50:29.446195+00:00",
"name": "LSA Secrets",
"description": "MITRE ATT&CK technique T1003.004",
"confidence": 68,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1003/004/",
"external_id": "T1003.004"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "credential_access"
}
],
"x_mitre_id": "T1003.004",
"x_mitre_version": "1.0",
"x_mitre_tactic": "credential_access"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--29f9890d-3cf6-4b43-80c0-2df9d23affb8",
"created": "2025-09-26T17:50:29.446198+00:00",
"modified": "2025-09-26T17:50:29.446200+00:00",
"name": "Email Hiding Rules",
"description": "MITRE ATT&CK technique T1564.008",
"confidence": 68,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1564/008/",
"external_id": "T1564.008"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense_evasion"
}
],
"x_mitre_id": "T1564.008",
"x_mitre_version": "1.0",
"x_mitre_tactic": "defense_evasion"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--82ae539c-42a9-4008-857d-cab09907430c",
"created": "2025-09-26T17:50:29.446204+00:00",
"modified": "2025-09-26T17:50:29.446205+00:00",
"name": "Browser Extensions",
"description": "MITRE ATT&CK technique T1176.001",
"confidence": 67,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1176/001/",
"external_id": "T1176.001"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"x_mitre_id": "T1176.001",
"x_mitre_version": "1.0",
"x_mitre_tactic": "persistence"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9cc4df39-28bb-4006-893a-511f2f24dfab",
"created": "2025-09-26T17:50:29.446209+00:00",
"modified": "2025-09-26T17:50:29.446210+00:00",
"name": "Artificial Intelligence",
"description": "MITRE ATT&CK technique T1588.007",
"confidence": 66,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1588/007/",
"external_id": "T1588.007"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource_development"
}
],
"x_mitre_id": "T1588.007",
"x_mitre_version": "1.0",
"x_mitre_tactic": "resource_development"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--627c342f-942c-49cf-b2c8-ae584549268a",
"created": "2025-09-26T17:50:29.446214+00:00",
"modified": "2025-09-26T17:50:29.446215+00:00",
"name": "Network Denial of Service",
"description": "MITRE ATT&CK technique T1498",
"confidence": 65,
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1498/",
"external_id": "T1498"
}
],
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "impact"
}
],
"x_mitre_id": "T1498",
"x_mitre_version": "1.0",
"x_mitre_tactic": "impact"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fc479429-c366-41d8-9b0c-b43aeca9a599",
"created": "2025-09-26T17:50:54.127581+00:00",
"modified": "2025-09-26T17:50:54.127624+00:00",
"relationship_type": "targets",
"source_ref": "threat-actor--d954f4ff-14ca-4e27-8e53-b12de538793b",
"target_ref": "identity--38f3b92b-cc21-4eeb-a923-d25b68b57055",
"confidence": 90,
"description": "Relationship extracted from threat intelligence: Phishing Campaign Lobs Malicious SVG Attachments at Ukraine Government Agencies Targeted With Infostealers and Cryptomining Malware A fake police alert is the social engineering cornerstone of an ongoing phishing campaign targeting Ukrainian government agencies"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bcd90c16-b2f2-43f3-9142-c69617e76ad3",
"created": "2025-09-26T17:50:54.190334+00:00",
"modified": "2025-09-26T17:50:54.190346+00:00",
"relationship_type": "uses",
"source_ref": "threat-actor--d954f4ff-14ca-4e27-8e53-b12de538793b",
"target_ref": "malware--9b9bb599-1f44-4201-a752-51c6179ef69b",
"confidence": 90,
"description": "Relationship extracted from threat intelligence: attacks used malware"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7d4d2d2f-f659-49af-a845-29667fd35859",
"created": "2025-09-26T17:50:54.191287+00:00",
"modified": "2025-09-26T17:50:54.191311+00:00",
"relationship_type": "uses",
"source_ref": "threat-actor--d954f4ff-14ca-4e27-8e53-b12de538793b",
"target_ref": "attack-pattern--cc4146d1-03aa-472f-994e-0a391fec684e",
"confidence": 90,
"description": "Threat actor UNC5221 uses technique Ingress Tool Transfer (T1105)"
}
]
}
CRITICAL ITEMS
HIGH SEVERITY ITEMS
EXECUTIVE INSIGHTS
VENDOR SPOTLIGHT
DETECTION & RESPONSE KIT