[copy]
{
"id": "bundle--90d8c59c-aee0-4191-b11f-e942608ddfe0",
"objects": [
{
"contact_information": "Automated Intelligence System",
"created": "2025-09-29T17:43:21.419766+00:00",
"description": "AI-powered threat intelligence collection and analysis platform",
"id": "identity--f429d1d9-1384-41ae-9c84-e4084defe254",
"identity_class": "system",
"modified": "2025-09-29T17:43:21.419772+00:00",
"name": "MikeGPT Intelligence Platform",
"sectors": [
"technology"
],
"spec_version": "2.1",
"type": "identity"
},
{
"created": "2025-09-29T17:43:21.419945+00:00",
"created_by_ref": "identity--f429d1d9-1384-41ae-9c84-e4084defe254",
"description": "Threat Intelligence Report - 2025-09-29\n\nThis report consolidates actionable cybersecurity intelligence from 90 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• ⚡ Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More (Score: 100)\n• Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security (Score: 100)\n• VU#534320: NPM supply chain compromise exposes challenges to securing the ecosystem from credential (Score: 99.0)\n• What kind of cybersecurity training does work? (Score: 95.3)\n• Microsoft Flags New AI-Driven Phishing Technique Using Obfuscated SVG Files, it seems malicious acto (Score: 95.1)\n\nEXTRACTED ENTITIES:\n• 34 Attack Pattern(s)\n• 7 Domain Name(s)\n• 18 Indicator(s)\n• 2 Location(s)\n• 1 Malware(s)\n• 26 Relationship(s)\n• 4 Threat Actor(s)\n• 2 Tool(s)\n• 11 Url(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n",
"id": "report--4e00e6cb-89ea-4408-a698-f9da122d4383",
"labels": [
"threat-report"
],
"modified": "2025-09-29T17:43:21.419947+00:00",
"name": "Threat Intelligence Report - 2025-09-29",
"object_refs": [
"identity--f429d1d9-1384-41ae-9c84-e4084defe254",
"malware--6f4456e2-119b6ab1-bb3c-4a76-bc3c-84e34e6d16b2",
"location--e8a8e369-c1463b46-59f8-4824-b167-d6e726fe7647",
"location--d28ab131-8bc1e303-8a4d-47ed-b490-1c174e71bc50",
"threat-actor--d31be0f2-2259892f-30b7-4163-bcb5-7cbc01439360",
"threat-actor--ff08fc2e-4f29fb2b-88c6-4dd5-9c1b-554eb2347bde",
"tool--2bd39da2-5c5a0dbe-8913-4574-a4cd-d5e9414eb189",
"tool--9f804692-2830643e-7f0d-4ca7-8c8d-adb20a391139",
"threat-actor--632cf54c-7ca99ff8-8774-4cb8-aa08-68c30a2c5fba",
"organization--01b0e443-3cfc034c-49f4-4e75-8bba-0092178b1882",
"threat-actor--a2bc0cc6-b631dc6f-6e3d-49fe-b77d-4902186c05b9",
"attack-pattern--2da268b5-d0f49247-7969-4aad-bcc1-0f9e4e41c704",
"attack-pattern--baad7d00-da9645a9-bb50-4e3d-9a59-e199468c4629",
"attack-pattern--c627c29c-e2011d51-f058-494b-b3b8-de46c3f8bb05",
"attack-pattern--13fc9cbe-c56873d1-839e-4991-a05a-04d6d0588977",
"attack-pattern--f1669470-33580f55-5521-49b5-9795-8fb1aecefd5d",
"attack-pattern--280ebd89-9f5609b3-7e95-475b-9c4f-67878c97b19a",
"attack-pattern--e5974f70-7c35da43-dabb-463c-8082-42ced14da696",
"attack-pattern--01df90e4-d76e02e4-8644-468b-850e-705f566a03aa",
"attack-pattern--ce39e6f2-e0411029-22a1-4f0e-aad8-c8aec4b53893",
"attack-pattern--d5229cf6-dd33142b-c5de-4a6c-98e5-d42da443e084",
"attack-pattern--2cecb29c-11bea934-756b-4b95-ad76-9b98d54d7b12",
"attack-pattern--cd061a92-1bea4547-e04d-47f7-b755-a0e5ca1604e2",
"attack-pattern--97050bed-2325a313-7b10-450b-9d13-9c165f0b7f04",
"attack-pattern--97050bed-a7654b0a-91d6-4d65-9f46-cd3133828e23",
"attack-pattern--c1ff2266-ccf38bb6-dea2-4fcd-b120-c29e701ad7bf",
"attack-pattern--c1ff2266-deaa520c-b8d8-4876-9060-3ec2a8d3f12a",
"attack-pattern--75cae339-4af0926d-1663-42e5-8d20-f28bb27cc36c",
"attack-pattern--21d89a99-7fa41d3b-2688-4bd9-a4be-277cf49b38e4",
"attack-pattern--80699ba5-e74b731f-0464-442d-b154-8b521b9f6863",
"attack-pattern--58a606c1-bec285ed-9b47-4d15-8b3a-2793377d86d2",
"attack-pattern--7290c559-ba3482b2-ccc0-447b-809b-1a096a685ed0",
"attack-pattern--a1235f69-1cc5c97e-27bb-45ee-a403-586053cee805",
"attack-pattern--181753c8-6fb4137d-18ec-43f8-84d3-39d2c223c02e",
"attack-pattern--a45b8295-e964061e-d1e9-40d1-a172-226e0bfe68f3",
"attack-pattern--9f6c52f6-04c8f87d-6c94-42a4-9f70-52f223231a7e",
"attack-pattern--181753c8-e2897a9f-9b30-4274-8903-de437479221a",
"attack-pattern--26d99677-f4413a70-ae0b-45a6-b88c-db7f5622b2fd",
"attack-pattern--27b36b6d-54b1cae3-e80e-4dfe-a063-12af0c2a2f6d",
"attack-pattern--ed3369e1-7db9d50f-a6df-488d-ac4e-c0abb60393a1",
"attack-pattern--e03eb8e0-76a4c487-4073-4180-af62-a8cce62a555a",
"attack-pattern--d2a77ce3-0f085c7d-070b-4ae3-8886-098a12760ec3",
"attack-pattern--a6ff86fe-40472b70-99d9-45cf-a581-bcaba6c0f052",
"attack-pattern--e8d516a9-49be6955-a424-4801-a7b8-2947c7d3b6b6",
"attack-pattern--4a4b8919-92cd0ea0-f652-4555-a60e-1fb804f7bc60",
"relationship--2b74820f-4143-46c1-8546-9ec607a50827",
"relationship--36f02aae-76bd-4958-9eea-023548faf8fb",
"relationship--309f7122-cb88-4a42-9197-17767031b8c5",
"relationship--92d371eb-8025-4a40-8b30-63df55141bb4",
"relationship--f03e7d26-66da-4226-87be-defba2bbdf46",
"relationship--9aa95593-8fd3-4f64-843b-42f6a3e7bd31",
"relationship--229a2e62-a4ce-4c87-bb63-789438491de3",
"relationship--94697943-da7b-42de-a19d-f019c97f50c4",
"domain-name--cbbbbf0e-2f54-4b58-bbc4-bfc11e939e8e",
"domain-name--2f47654b-b78c-4313-8355-25b31eb32b26",
"domain-name--1f055139-ffbf-4af4-9a5c-9d0f3ac7eb42",
"domain-name--58c2c21d-b0d5-4f7a-ac98-624595c7c483",
"domain-name--85227b82-6fac-4fa2-94a9-fe7e96ccb204",
"domain-name--5823ce29-f465-4798-8685-89c413b437c4",
"domain-name--6bb3fed0-207e-42f2-a8b8-7cda96379150",
"url--e9fc652c-5fd4-4419-8554-d117febf7319",
"url--4a3af1c9-22b7-43d4-8809-137a0fa384db",
"url--ee4ced3e-8c94-401c-bfbf-ed57df7c31a8",
"url--3a717797-e7e1-4210-aa6b-69d1ea63d50a",
"url--1a9aa2c1-fb1f-4b44-ad13-417db1b28eaa",
"url--32db046a-88dc-41e6-b949-4fea76d9ef57",
"url--0d27bca0-931d-4fdc-adbf-ffe953658949",
"url--899b206c-feb2-471e-9aea-0918839d7474",
"url--5dc9083f-27a5-4b25-b35a-bc127db5de81",
"url--8a09147f-5880-467c-8ef8-ddb32ed4ff73",
"url--092f4245-1bb2-4c80-b5ba-65f4f9fd9aca",
"indicator--05a03e23-7281-4e75-b9eb-f15d001bd0a5",
"relationship--632d1e5c-42bf-47a9-9edc-cc466a8ab308",
"indicator--417e2391-32ad-4785-a9a9-ce4ca242a727",
"relationship--a9d6508d-22bb-4082-b810-9767b8f45ffb",
"indicator--8ec614f8-4b2e-4213-aa49-a64b9bc4ad4c",
"relationship--9a4c493b-2aa9-4dd7-b48c-b97f1b575b9d",
"indicator--66badd7a-5c54-4775-86ed-d2f74d8d43b3",
"relationship--312d35e2-3b37-4d04-8e69-5572bac3598e",
"indicator--155aa1cf-01c7-4b71-9db4-e532defbb88c",
"relationship--856b85f4-945c-4942-8abd-3154459a0faf",
"indicator--ac6e1631-4740-4349-9a5f-022dbd1bda85",
"relationship--b92ada75-a6d7-425d-8fcb-97c240d77d4b",
"indicator--9459cfd7-a804-4ce5-83b1-b5c84e3e94c9",
"relationship--7b6bc58b-3a1e-4473-a1c4-388845ce5540",
"indicator--a857abe7-bdd4-42ff-82e5-0dc7bd9fee57",
"relationship--6e99de94-8ee0-428a-95e2-3c87a3fc7f09",
"indicator--1dda38e9-4128-43cb-8c63-aa71cc50c4fc",
"relationship--ee4d9f0d-58f2-4d7f-a091-8c9a53131524",
"indicator--626ccd7a-0b00-4619-a91a-5da5d96195b5",
"relationship--a63f50c4-7bd0-4530-8bca-7f7575c6da30",
"indicator--01a94b00-e784-4848-b563-7a87a226a281",
"relationship--188c5691-68ad-4982-8098-6f32c8206cfa",
"indicator--7af8632f-5fb0-4291-8cc1-8a3e6a9b1110",
"relationship--0db38e67-3fec-4df8-a8f1-ea93bddd305a",
"indicator--27f8d632-2078-42c0-a7c6-174810ca7a35",
"relationship--3a3a79c5-3228-43e6-9780-94323c041323",
"indicator--1faef71f-0a33-4507-b7a4-46518961c865",
"relationship--1effcd03-96e9-4a30-bad4-9db2c2d3122b",
"indicator--c1ea568d-ad34-40d9-954b-1a39b619ab8c",
"relationship--889a6031-8db0-4f7d-8c29-bfc694268c7f",
"indicator--f7f56848-5647-4a78-85ce-3a2820cc1022",
"relationship--3de42e64-a0b6-47d6-8227-486a52a4fc0b",
"indicator--5d6c144a-bddc-48c4-8926-168fb1a5ef36",
"relationship--085be7e9-b9f5-48b0-86a9-e1e54cf5cc64",
"indicator--93e3597a-3b9e-4ed7-b285-dfe7c569837d",
"relationship--43432520-d2ff-4ab6-8554-0aa79e251813"
],
"published": "2025-09-29T17:43:21.419950+00:00",
"spec_version": "2.1",
"type": "report"
},
{
"confidence": 91,
"created": "2025-09-29T17:43:17.007551+00:00",
"id": "malware--6f4456e2-119b6ab1-bb3c-4a76-bc3c-84e34e6d16b2",
"is_family": true,
"labels": [
"malicious-activity"
],
"malware_types": [
"trojan"
],
"modified": "2025-09-29T17:43:17.007570+00:00",
"name": "RingReaper",
"spec_version": "2.1",
"type": "malware"
},
{
"confidence": 95,
"created": "2025-09-29T17:43:17.008120+00:00",
"id": "location--e8a8e369-c1463b46-59f8-4824-b167-d6e726fe7647",
"labels": [
"location"
],
"modified": "2025-09-29T17:43:17.008132+00:00",
"name": "Moldova",
"spec_version": "2.1",
"type": "location"
},
{
"confidence": 87,
"created": "2025-09-29T17:43:17.010094+00:00",
"id": "location--d28ab131-8bc1e303-8a4d-47ed-b490-1c174e71bc50",
"labels": [
"location"
],
"modified": "2025-09-29T17:43:17.010106+00:00",
"name": "Union County",
"spec_version": "2.1",
"type": "location"
},
{
"confidence": 95,
"created": "2025-09-29T17:43:17.010376+00:00",
"id": "threat-actor--d31be0f2-2259892f-30b7-4163-bcb5-7cbc01439360",
"labels": [
"threat-actor"
],
"modified": "2025-09-29T17:43:17.010392+00:00",
"name": "LulzSec",
"spec_version": "2.1",
"threat_actor_types": [
"hacker"
],
"type": "threat-actor"
},
{
"confidence": 95,
"created": "2025-09-29T17:43:17.011499+00:00",
"id": "threat-actor--ff08fc2e-4f29fb2b-88c6-4dd5-9c1b-554eb2347bde",
"labels": [
"threat-actor"
],
"modified": "2025-09-29T17:43:17.011505+00:00",
"name": "Callisto/Star Blizzard/UNC4057",
"spec_version": "2.1",
"threat_actor_types": [
"hacker"
],
"type": "threat-actor"
},
{
"confidence": 95,
"created": "2025-09-29T17:43:17.011930+00:00",
"id": "tool--2bd39da2-5c5a0dbe-8913-4574-a4cd-d5e9414eb189",
"labels": [
"tool"
],
"modified": "2025-09-29T17:43:17.011934+00:00",
"name": "ELK",
"spec_version": "2.1",
"tool_types": [
"unknown"
],
"type": "tool"
},
{
"confidence": 95,
"created": "2025-09-29T17:43:17.011959+00:00",
"id": "tool--9f804692-2830643e-7f0d-4ca7-8c8d-adb20a391139",
"labels": [
"tool"
],
"modified": "2025-09-29T17:43:17.011961+00:00",
"name": "Wazuh",
"spec_version": "2.1",
"tool_types": [
"unknown"
],
"type": "tool"
},
{
"confidence": 95,
"created": "2025-09-29T17:43:17.012139+00:00",
"id": "threat-actor--632cf54c-7ca99ff8-8774-4cb8-aa08-68c30a2c5fba",
"labels": [
"threat-actor"
],
"modified": "2025-09-29T17:43:17.012148+00:00",
"name": "Charming Kitten",
"spec_version": "2.1",
"threat_actor_types": [
"hacker"
],
"type": "threat-actor"
},
{
"confidence": 95,
"created": "2025-09-29T17:43:17.012202+00:00",
"id": "organization--01b0e443-3cfc034c-49f4-4e75-8bba-0092178b1882",
"identity_class": "organization",
"labels": [
"organization"
],
"modified": "2025-09-29T17:43:17.012216+00:00",
"name": "Security Affairs",
"spec_version": "2.1",
"type": "identity"
},
{
"confidence": 93,
"created": "2025-09-29T17:43:17.012273+00:00",
"id": "threat-actor--a2bc0cc6-b631dc6f-6e3d-49fe-b77d-4902186c05b9",
"labels": [
"threat-actor"
],
"modified": "2025-09-29T17:43:17.012277+00:00",
"name": "DragonForce",
"spec_version": "2.1",
"threat_actor_types": [
"hacker"
],
"type": "threat-actor"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:17.012620+00:00",
"external_references": [
{
"external_id": "T1566.001",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/001/"
}
],
"id": "attack-pattern--2da268b5-d0f49247-7969-4aad-bcc1-0f9e4e41c704",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"modified": "2025-09-29T17:43:17.012624+00:00",
"name": "Spearphishing Attachment",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1566.001"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:21.418770+00:00",
"external_references": [
{
"external_id": "T1566.002",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/002/"
}
],
"id": "attack-pattern--baad7d00-da9645a9-bb50-4e3d-9a59-e199468c4629",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"modified": "2025-09-29T17:43:21.418806+00:00",
"name": "Spearphishing Link",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1566.002"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:21.418867+00:00",
"external_references": [
{
"external_id": "T1566.003",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/003/"
}
],
"id": "attack-pattern--c627c29c-e2011d51-f058-494b-b3b8-de46c3f8bb05",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"modified": "2025-09-29T17:43:21.418870+00:00",
"name": "Spearphishing via Service",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1566.003"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:21.418889+00:00",
"external_references": [
{
"external_id": "T1195",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1195/"
}
],
"id": "attack-pattern--13fc9cbe-c56873d1-839e-4991-a05a-04d6d0588977",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"modified": "2025-09-29T17:43:21.418892+00:00",
"name": "Supply Chain Compromise",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1195"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:21.418922+00:00",
"external_references": [
{
"external_id": "T1195.002",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1195/002/"
}
],
"id": "attack-pattern--f1669470-33580f55-5521-49b5-9795-8fb1aecefd5d",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"modified": "2025-09-29T17:43:21.418925+00:00",
"name": "Compromise Software Supply Chain",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1195.002"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:21.418941+00:00",
"external_references": [
{
"external_id": "T1190",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1190/"
}
],
"id": "attack-pattern--280ebd89-9f5609b3-7e95-475b-9c4f-67878c97b19a",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"modified": "2025-09-29T17:43:21.418943+00:00",
"name": "Exploit Public-Facing Application",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1190"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:21.418960+00:00",
"external_references": [
{
"external_id": "T1203",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1203/"
}
],
"id": "attack-pattern--e5974f70-7c35da43-dabb-463c-8082-42ced14da696",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"modified": "2025-09-29T17:43:21.418962+00:00",
"name": "Exploitation for Client Execution",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1203"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:21.418972+00:00",
"external_references": [
{
"external_id": "T1059.001",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1059/001/"
}
],
"id": "attack-pattern--01df90e4-d76e02e4-8644-468b-850e-705f566a03aa",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"modified": "2025-09-29T17:43:21.418973+00:00",
"name": "PowerShell",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1059.001"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:21.418984+00:00",
"external_references": [
{
"external_id": "T1543",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1543/"
}
],
"id": "attack-pattern--ce39e6f2-e0411029-22a1-4f0e-aad8-c8aec4b53893",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"modified": "2025-09-29T17:43:21.418985+00:00",
"name": "Create or Modify System Process",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1543"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:21.419016+00:00",
"external_references": [
{
"external_id": "T1547",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1547/"
}
],
"id": "attack-pattern--d5229cf6-dd33142b-c5de-4a6c-98e5-d42da443e084",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"modified": "2025-09-29T17:43:21.419021+00:00",
"name": "Boot or Logon Autostart Execution",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1547"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:21.419048+00:00",
"external_references": [
{
"external_id": "T1041",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1041/"
}
],
"id": "attack-pattern--2cecb29c-11bea934-756b-4b95-ad76-9b98d54d7b12",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "exfiltration"
}
],
"modified": "2025-09-29T17:43:21.419051+00:00",
"name": "Exfiltration Over C2 Channel",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1041"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:21.419083+00:00",
"external_references": [
{
"external_id": "T1048",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1048/"
}
],
"id": "attack-pattern--cd061a92-1bea4547-e04d-47f7-b755-a0e5ca1604e2",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "exfiltration"
}
],
"modified": "2025-09-29T17:43:21.419086+00:00",
"name": "Exfiltration Over Alternative Protocol",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1048"
},
{
"confidence": 85,
"created": "2025-09-29T17:43:21.419112+00:00",
"external_references": [
{
"external_id": "T1116",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1116/"
}
],
"id": "attack-pattern--97050bed-2325a313-7b10-450b-9d13-9c165f0b7f04",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense-evasion"
}
],
"modified": "2025-09-29T17:43:21.419115+00:00",
"name": "Code Signing",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1116"
},
{
"confidence": 85,
"created": "2025-09-29T17:43:21.419137+00:00",
"external_references": [
{
"external_id": "T1553.002",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1553/002/"
}
],
"id": "attack-pattern--97050bed-a7654b0a-91d6-4d65-9f46-cd3133828e23",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense-evasion"
}
],
"modified": "2025-09-29T17:43:21.419141+00:00",
"name": "Code Signing",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1553.002"
},
{
"confidence": 85,
"created": "2025-09-29T17:43:21.419159+00:00",
"external_references": [
{
"external_id": "T1587.002",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1587/002/"
}
],
"id": "attack-pattern--c1ff2266-ccf38bb6-dea2-4fcd-b120-c29e701ad7bf",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource-development"
}
],
"modified": "2025-09-29T17:43:21.419161+00:00",
"name": "Code Signing Certificates",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1587.002"
},
{
"confidence": 85,
"created": "2025-09-29T17:43:21.419171+00:00",
"external_references": [
{
"external_id": "T1588.003",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1588/003/"
}
],
"id": "attack-pattern--c1ff2266-deaa520c-b8d8-4876-9060-3ec2a8d3f12a",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource-development"
}
],
"modified": "2025-09-29T17:43:21.419172+00:00",
"name": "Code Signing Certificates",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1588.003"
},
{
"confidence": 85,
"created": "2025-09-29T17:43:21.419180+00:00",
"external_references": [
{
"external_id": "T1657",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1657/"
}
],
"id": "attack-pattern--75cae339-4af0926d-1663-42e5-8d20-f28bb27cc36c",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"modified": "2025-09-29T17:43:21.419181+00:00",
"name": "Financial Theft",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1657"
},
{
"confidence": 85,
"created": "2025-09-29T17:43:21.419189+00:00",
"external_references": [
{
"external_id": "T1557.004",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1557/004/"
}
],
"id": "attack-pattern--21d89a99-7fa41d3b-2688-4bd9-a4be-277cf49b38e4",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"modified": "2025-09-29T17:43:21.419197+00:00",
"name": "Evil Twin",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1557.004"
},
{
"confidence": 85,
"created": "2025-09-29T17:43:21.419212+00:00",
"external_references": [
{
"external_id": "T1016.002",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1016/002/"
}
],
"id": "attack-pattern--80699ba5-e74b731f-0464-442d-b154-8b521b9f6863",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"modified": "2025-09-29T17:43:21.419213+00:00",
"name": "Wi-Fi Discovery",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1016.002"
},
{
"confidence": 85,
"created": "2025-09-29T17:43:21.419221+00:00",
"external_references": [
{
"external_id": "T1669",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1669/"
}
],
"id": "attack-pattern--58a606c1-bec285ed-9b47-4d15-8b3a-2793377d86d2",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"modified": "2025-09-29T17:43:21.419222+00:00",
"name": "Wi-Fi Networks",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1669"
},
{
"confidence": 82,
"created": "2025-09-29T17:43:21.419230+00:00",
"external_references": [
{
"external_id": "T1052.001",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1052/001/"
}
],
"id": "attack-pattern--7290c559-ba3482b2-ccc0-447b-809b-1a096a685ed0",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"modified": "2025-09-29T17:43:21.419231+00:00",
"name": "Exfiltration over USB",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1052.001"
},
{
"confidence": 81,
"created": "2025-09-29T17:43:21.419243+00:00",
"external_references": [
{
"external_id": "T1480",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1480/"
}
],
"id": "attack-pattern--a1235f69-1cc5c97e-27bb-45ee-a403-586053cee805",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"modified": "2025-09-29T17:43:21.419246+00:00",
"name": "Execution Guardrails",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1480"
},
{
"confidence": 74,
"created": "2025-09-29T17:43:21.419261+00:00",
"external_references": [
{
"external_id": "T1215",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1215/"
}
],
"id": "attack-pattern--181753c8-6fb4137d-18ec-43f8-84d3-39d2c223c02e",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"modified": "2025-09-29T17:43:21.419262+00:00",
"name": "Kernel Modules and Extensions",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1215"
},
{
"confidence": 74,
"created": "2025-09-29T17:43:21.419270+00:00",
"external_references": [
{
"external_id": "T1556.006",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1556/006/"
}
],
"id": "attack-pattern--a45b8295-e964061e-d1e9-40d1-a172-226e0bfe68f3",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"modified": "2025-09-29T17:43:21.419271+00:00",
"name": "Multi-Factor Authentication",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1556.006"
},
{
"confidence": 73,
"created": "2025-09-29T17:43:21.419318+00:00",
"external_references": [
{
"external_id": "T1195.003",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1195/003/"
}
],
"id": "attack-pattern--9f6c52f6-04c8f87d-6c94-42a4-9f70-52f223231a7e",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"modified": "2025-09-29T17:43:21.419320+00:00",
"name": "Compromise Hardware Supply Chain",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1195.003"
},
{
"confidence": 72,
"created": "2025-09-29T17:43:21.419331+00:00",
"external_references": [
{
"external_id": "T1547.006",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1547/006/"
}
],
"id": "attack-pattern--181753c8-e2897a9f-9b30-4274-8903-de437479221a",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"modified": "2025-09-29T17:43:21.419332+00:00",
"name": "Kernel Modules and Extensions",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1547.006"
},
{
"confidence": 70,
"created": "2025-09-29T17:43:21.419340+00:00",
"external_references": [
{
"external_id": "T1137.004",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1137/004/"
}
],
"id": "attack-pattern--26d99677-f4413a70-ae0b-45a6-b88c-db7f5622b2fd",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"modified": "2025-09-29T17:43:21.419341+00:00",
"name": "Outlook Home Page",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1137.004"
},
{
"confidence": 70,
"created": "2025-09-29T17:43:21.419351+00:00",
"external_references": [
{
"external_id": "T1053.005",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1053/005/"
}
],
"id": "attack-pattern--27b36b6d-54b1cae3-e80e-4dfe-a063-12af0c2a2f6d",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"modified": "2025-09-29T17:43:21.419358+00:00",
"name": "Scheduled Task",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1053.005"
},
{
"confidence": 70,
"created": "2025-09-29T17:43:21.419389+00:00",
"external_references": [
{
"external_id": "T1205.002",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1205/002/"
}
],
"id": "attack-pattern--ed3369e1-7db9d50f-a6df-488d-ac4e-c0abb60393a1",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense-evasion"
}
],
"modified": "2025-09-29T17:43:21.419397+00:00",
"name": "Socket Filters",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1205.002"
},
{
"confidence": 70,
"created": "2025-09-29T17:43:21.419413+00:00",
"external_references": [
{
"external_id": "T1156",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1156/"
}
],
"id": "attack-pattern--e03eb8e0-76a4c487-4073-4180-af62-a8cce62a555a",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"modified": "2025-09-29T17:43:21.419414+00:00",
"name": "Malicious Shell Modification",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1156"
},
{
"confidence": 70,
"created": "2025-09-29T17:43:21.419422+00:00",
"external_references": [
{
"external_id": "T1560.001",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1560/001/"
}
],
"id": "attack-pattern--d2a77ce3-0f085c7d-070b-4ae3-8886-098a12760ec3",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"modified": "2025-09-29T17:43:21.419423+00:00",
"name": "Archive via Utility",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1560.001"
},
{
"confidence": 70,
"created": "2025-09-29T17:43:21.419471+00:00",
"external_references": [
{
"external_id": "T1113",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1113/"
}
],
"id": "attack-pattern--a6ff86fe-40472b70-99d9-45cf-a581-bcaba6c0f052",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"modified": "2025-09-29T17:43:21.419474+00:00",
"name": "Screen Capture",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1113"
},
{
"confidence": 70,
"created": "2025-09-29T17:43:21.419487+00:00",
"external_references": [
{
"external_id": "T1557",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1557/"
}
],
"id": "attack-pattern--e8d516a9-49be6955-a424-4801-a7b8-2947c7d3b6b6",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"modified": "2025-09-29T17:43:21.419488+00:00",
"name": "Adversary-in-the-Middle",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1557"
},
{
"confidence": 65,
"created": "2025-09-29T17:43:21.419507+00:00",
"external_references": [
{
"external_id": "T1204.001",
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1204/001/"
}
],
"id": "attack-pattern--4a4b8919-92cd0ea0-f652-4555-a60e-1fb804f7bc60",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"modified": "2025-09-29T17:43:21.419509+00:00",
"name": "Malicious Link",
"spec_version": "2.1",
"type": "attack-pattern",
"x_mitre_id": "T1204.001"
},
{
"confidence": 75,
"created": "2025-09-29T17:43:21.419555+00:00",
"description": "MITRE ATT&CK mapping: lulzsec uses spearphishing attachment (T1566.001)",
"id": "relationship--2b74820f-4143-46c1-8546-9ec607a50827",
"modified": "2025-09-29T17:43:21.419558+00:00",
"relationship_type": "uses",
"source_ref": "threat-actor--d31be0f2-2259892f-30b7-4163-bcb5-7cbc01439360",
"spec_version": "2.1",
"target_ref": "attack-pattern--2da268b5-d0f49247-7969-4aad-bcc1-0f9e4e41c704",
"type": "relationship",
"x_validation_method": "mitre-mapper"
},
{
"confidence": 75,
"created": "2025-09-29T17:43:21.419564+00:00",
"description": "MITRE ATT&CK mapping: lulzsec uses powershell (T1059.001)",
"id": "relationship--36f02aae-76bd-4958-9eea-023548faf8fb",
"modified": "2025-09-29T17:43:21.419566+00:00",
"relationship_type": "uses",
"source_ref": "threat-actor--d31be0f2-2259892f-30b7-4163-bcb5-7cbc01439360",
"spec_version": "2.1",
"target_ref": "attack-pattern--01df90e4-d76e02e4-8644-468b-850e-705f566a03aa",
"type": "relationship",
"x_validation_method": "mitre-mapper"
},
{
"confidence": 75,
"created": "2025-09-29T17:43:21.419571+00:00",
"description": "MITRE ATT&CK mapping: callisto/star blizzard/unc4057 uses spearphishing attachment (T1566.001)",
"id": "relationship--309f7122-cb88-4a42-9197-17767031b8c5",
"modified": "2025-09-29T17:43:21.419572+00:00",
"relationship_type": "uses",
"source_ref": "threat-actor--ff08fc2e-4f29fb2b-88c6-4dd5-9c1b-554eb2347bde",
"spec_version": "2.1",
"target_ref": "attack-pattern--2da268b5-d0f49247-7969-4aad-bcc1-0f9e4e41c704",
"type": "relationship",
"x_validation_method": "mitre-mapper"
},
{
"confidence": 75,
"created": "2025-09-29T17:43:21.419584+00:00",
"description": "MITRE ATT&CK mapping: callisto/star blizzard/unc4057 uses powershell (T1059.001)",
"id": "relationship--92d371eb-8025-4a40-8b30-63df55141bb4",
"modified": "2025-09-29T17:43:21.419586+00:00",
"relationship_type": "uses",
"source_ref": "threat-actor--ff08fc2e-4f29fb2b-88c6-4dd5-9c1b-554eb2347bde",
"spec_version": "2.1",
"target_ref": "attack-pattern--01df90e4-d76e02e4-8644-468b-850e-705f566a03aa",
"type": "relationship",
"x_validation_method": "mitre-mapper"
},
{
"confidence": 75,
"created": "2025-09-29T17:43:21.419591+00:00",
"description": "MITRE ATT&CK mapping: charming kitten uses spearphishing attachment (T1566.001)",
"id": "relationship--f03e7d26-66da-4226-87be-defba2bbdf46",
"modified": "2025-09-29T17:43:21.419592+00:00",
"relationship_type": "uses",
"source_ref": "threat-actor--632cf54c-7ca99ff8-8774-4cb8-aa08-68c30a2c5fba",
"spec_version": "2.1",
"target_ref": "attack-pattern--2da268b5-d0f49247-7969-4aad-bcc1-0f9e4e41c704",
"type": "relationship",
"x_validation_method": "mitre-mapper"
},
{
"confidence": 75,
"created": "2025-09-29T17:43:21.419609+00:00",
"description": "MITRE ATT&CK mapping: charming kitten uses powershell (T1059.001)",
"id": "relationship--9aa95593-8fd3-4f64-843b-42f6a3e7bd31",
"modified": "2025-09-29T17:43:21.419612+00:00",
"relationship_type": "uses",
"source_ref": "threat-actor--632cf54c-7ca99ff8-8774-4cb8-aa08-68c30a2c5fba",
"spec_version": "2.1",
"target_ref": "attack-pattern--01df90e4-d76e02e4-8644-468b-850e-705f566a03aa",
"type": "relationship",
"x_validation_method": "mitre-mapper"
},
{
"confidence": 75,
"created": "2025-09-29T17:43:21.419625+00:00",
"description": "MITRE ATT&CK mapping: dragonforce uses spearphishing attachment (T1566.001)",
"id": "relationship--229a2e62-a4ce-4c87-bb63-789438491de3",
"modified": "2025-09-29T17:43:21.419627+00:00",
"relationship_type": "uses",
"source_ref": "threat-actor--a2bc0cc6-b631dc6f-6e3d-49fe-b77d-4902186c05b9",
"spec_version": "2.1",
"target_ref": "attack-pattern--2da268b5-d0f49247-7969-4aad-bcc1-0f9e4e41c704",
"type": "relationship",
"x_validation_method": "mitre-mapper"
},
{
"confidence": 75,
"created": "2025-09-29T17:43:21.419634+00:00",
"description": "MITRE ATT&CK mapping: dragonforce uses powershell (T1059.001)",
"id": "relationship--94697943-da7b-42de-a19d-f019c97f50c4",
"modified": "2025-09-29T17:43:21.419635+00:00",
"relationship_type": "uses",
"source_ref": "threat-actor--a2bc0cc6-b631dc6f-6e3d-49fe-b77d-4902186c05b9",
"spec_version": "2.1",
"target_ref": "attack-pattern--01df90e4-d76e02e4-8644-468b-850e-705f566a03aa",
"type": "relationship",
"x_validation_method": "mitre-mapper"
},
{
"id": "domain-name--cbbbbf0e-2f54-4b58-bbc4-bfc11e939e8e",
"spec_version": "2.1",
"type": "domain-name",
"value": "www.securityweek.com"
},
{
"id": "domain-name--2f47654b-b78c-4313-8355-25b31eb32b26",
"spec_version": "2.1",
"type": "domain-name",
"value": "today.ucsd.edu"
},
{
"id": "domain-name--1f055139-ffbf-4af4-9a5c-9d0f3ac7eb42",
"spec_version": "2.1",
"type": "domain-name",
"value": "dr.pepper"
},
{
"id": "domain-name--58c2c21d-b0d5-4f7a-ac98-624595c7c483",
"spec_version": "2.1",
"type": "domain-name",
"value": "novahunting.ai"
},
{
"id": "domain-name--85227b82-6fac-4fa2-94a9-fe7e96ccb204",
"spec_version": "2.1",
"type": "domain-name",
"value": "news.ycombinator.com"
},
{
"id": "domain-name--5823ce29-f465-4798-8685-89c413b437c4",
"spec_version": "2.1",
"type": "domain-name",
"value": "medium.com"
},
{
"id": "domain-name--6bb3fed0-207e-42f2-a8b8-7cda96379150",
"spec_version": "2.1",
"type": "domain-name",
"value": "news.sky.com"
},
{
"id": "url--e9fc652c-5fd4-4419-8554-d117febf7319",
"spec_version": "2.1",
"type": "url",
"value": "https://medium.com/@Vulnetic-CEO/offensive-security-after-the-price-collapse-e0ea00ba009b"
},
{
"id": "url--4a3af1c9-22b7-43d4-8809-137a0fa384db",
"spec_version": "2.1",
"type": "url",
"value": "https://news.ycombinator.com/item?id=45415635"
},
{
"id": "url--ee4ced3e-8c94-401c-bfbf-ed57df7c31a8",
"spec_version": "2.1",
"type": "url",
"value": "https://news.ycombinator.com/item?id=45416025"
},
{
"id": "url--3a717797-e7e1-4210-aa6b-69d1ea63d50a",
"spec_version": "2.1",
"type": "url",
"value": "https://medium.com/@josesaiz/practical-online-privacy-and-security-guide-apps-you-cant-live-without-2b8c05bf730e"
},
{
"id": "url--1a9aa2c1-fb1f-4b44-ad13-417db1b28eaa",
"spec_version": "2.1",
"type": "url",
"value": "https://news.ycombinator.com/item?id=45412724"
},
{
"id": "url--32db046a-88dc-41e6-b949-4fea76d9ef57",
"spec_version": "2.1",
"type": "url",
"value": "https://today.ucsd.edu/story/cybersecurity-training-programs-dont-prevent-employees-from-falling-for-phishing-scams"
},
{
"id": "url--0d27bca0-931d-4fdc-adbf-ffe953658949",
"spec_version": "2.1",
"type": "url",
"value": "https://www..."
},
{
"id": "url--899b206c-feb2-471e-9aea-0918839d7474",
"spec_version": "2.1",
"type": "url",
"value": "https://www.securityweek.com/google-says-android-pkvm-earns-highest-level-of-security-assurance/"
},
{
"id": "url--5dc9083f-27a5-4b25-b35a-bc127db5de81",
"spec_version": "2.1",
"type": "url",
"value": "https://novahunting.ai/"
},
{
"id": "url--8a09147f-5880-467c-8ef8-ddb32ed4ff73",
"spec_version": "2.1",
"type": "url",
"value": "https://news.ycombinator.com/item?id=45404762"
},
{
"id": "url--092f4245-1bb2-4c80-b5ba-65f4f9fd9aca",
"spec_version": "2.1",
"type": "url",
"value": "https://news.sky.com/story/denmark-bans-civilian-drones-as-it-ramps-up-security-ahead-of-eu-summit-as-sweden-and-france-contribute-equipment-13440812"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.976188+00:00",
"description": "Malicious domain-name identified in threat intelligence",
"id": "indicator--05a03e23-7281-4e75-b9eb-f15d001bd0a5",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.976231+00:00",
"name": "Malicious domain-name indicator",
"pattern": "[domain-name:value = 'www.securityweek.com']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.976235+00:00"
},
{
"created": "2025-09-29T17:43:16.976254+00:00",
"id": "relationship--632d1e5c-42bf-47a9-9edc-cc466a8ab308",
"modified": "2025-09-29T17:43:16.976255+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--05a03e23-7281-4e75-b9eb-f15d001bd0a5",
"spec_version": "2.1",
"target_ref": "domain-name--cbbbbf0e-2f54-4b58-bbc4-bfc11e939e8e",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.977952+00:00",
"description": "Malicious domain-name identified in threat intelligence",
"id": "indicator--417e2391-32ad-4785-a9a9-ce4ca242a727",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.977960+00:00",
"name": "Malicious domain-name indicator",
"pattern": "[domain-name:value = 'today.ucsd.edu']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.977962+00:00"
},
{
"created": "2025-09-29T17:43:16.977969+00:00",
"id": "relationship--a9d6508d-22bb-4082-b810-9767b8f45ffb",
"modified": "2025-09-29T17:43:16.977970+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--417e2391-32ad-4785-a9a9-ce4ca242a727",
"spec_version": "2.1",
"target_ref": "domain-name--2f47654b-b78c-4313-8355-25b31eb32b26",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.979307+00:00",
"description": "Malicious domain-name identified in threat intelligence",
"id": "indicator--8ec614f8-4b2e-4213-aa49-a64b9bc4ad4c",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.979309+00:00",
"name": "Malicious domain-name indicator",
"pattern": "[domain-name:value = 'dr.pepper']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.979310+00:00"
},
{
"created": "2025-09-29T17:43:16.979416+00:00",
"id": "relationship--9a4c493b-2aa9-4dd7-b48c-b97f1b575b9d",
"modified": "2025-09-29T17:43:16.979419+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--8ec614f8-4b2e-4213-aa49-a64b9bc4ad4c",
"spec_version": "2.1",
"target_ref": "domain-name--1f055139-ffbf-4af4-9a5c-9d0f3ac7eb42",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.981160+00:00",
"description": "Malicious domain-name identified in threat intelligence",
"id": "indicator--66badd7a-5c54-4775-86ed-d2f74d8d43b3",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.981165+00:00",
"name": "Malicious domain-name indicator",
"pattern": "[domain-name:value = 'novahunting.ai']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.981166+00:00"
},
{
"created": "2025-09-29T17:43:16.981174+00:00",
"id": "relationship--312d35e2-3b37-4d04-8e69-5572bac3598e",
"modified": "2025-09-29T17:43:16.981175+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--66badd7a-5c54-4775-86ed-d2f74d8d43b3",
"spec_version": "2.1",
"target_ref": "domain-name--58c2c21d-b0d5-4f7a-ac98-624595c7c483",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.982939+00:00",
"description": "Malicious domain-name identified in threat intelligence",
"id": "indicator--155aa1cf-01c7-4b71-9db4-e532defbb88c",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.982946+00:00",
"name": "Malicious domain-name indicator",
"pattern": "[domain-name:value = 'news.ycombinator.com']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.982948+00:00"
},
{
"created": "2025-09-29T17:43:16.983116+00:00",
"id": "relationship--856b85f4-945c-4942-8abd-3154459a0faf",
"modified": "2025-09-29T17:43:16.983118+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--155aa1cf-01c7-4b71-9db4-e532defbb88c",
"spec_version": "2.1",
"target_ref": "domain-name--85227b82-6fac-4fa2-94a9-fe7e96ccb204",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.984645+00:00",
"description": "Malicious domain-name identified in threat intelligence",
"id": "indicator--ac6e1631-4740-4349-9a5f-022dbd1bda85",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.984650+00:00",
"name": "Malicious domain-name indicator",
"pattern": "[domain-name:value = 'medium.com']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.984652+00:00"
},
{
"created": "2025-09-29T17:43:16.984657+00:00",
"id": "relationship--b92ada75-a6d7-425d-8fcb-97c240d77d4b",
"modified": "2025-09-29T17:43:16.984658+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--ac6e1631-4740-4349-9a5f-022dbd1bda85",
"spec_version": "2.1",
"target_ref": "domain-name--5823ce29-f465-4798-8685-89c413b437c4",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.986079+00:00",
"description": "Malicious domain-name identified in threat intelligence",
"id": "indicator--9459cfd7-a804-4ce5-83b1-b5c84e3e94c9",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.986081+00:00",
"name": "Malicious domain-name indicator",
"pattern": "[domain-name:value = 'news.sky.com']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.986082+00:00"
},
{
"created": "2025-09-29T17:43:16.986086+00:00",
"id": "relationship--7b6bc58b-3a1e-4473-a1c4-388845ce5540",
"modified": "2025-09-29T17:43:16.986087+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--9459cfd7-a804-4ce5-83b1-b5c84e3e94c9",
"spec_version": "2.1",
"target_ref": "domain-name--6bb3fed0-207e-42f2-a8b8-7cda96379150",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.987523+00:00",
"description": "Malicious url identified in threat intelligence",
"id": "indicator--a857abe7-bdd4-42ff-82e5-0dc7bd9fee57",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.987526+00:00",
"name": "Malicious url indicator",
"pattern": "[url:value = 'https://medium.com/@Vulnetic-CEO/offensive-security-after-the-price-collapse-e0ea00ba009b']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.987527+00:00"
},
{
"created": "2025-09-29T17:43:16.987531+00:00",
"id": "relationship--6e99de94-8ee0-428a-95e2-3c87a3fc7f09",
"modified": "2025-09-29T17:43:16.987532+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--a857abe7-bdd4-42ff-82e5-0dc7bd9fee57",
"spec_version": "2.1",
"target_ref": "url--e9fc652c-5fd4-4419-8554-d117febf7319",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.988938+00:00",
"description": "Malicious url identified in threat intelligence",
"id": "indicator--1dda38e9-4128-43cb-8c63-aa71cc50c4fc",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.988940+00:00",
"name": "Malicious url indicator",
"pattern": "[url:value = 'https://news.ycombinator.com/item?id=45415635']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.988941+00:00"
},
{
"created": "2025-09-29T17:43:16.988973+00:00",
"id": "relationship--ee4d9f0d-58f2-4d7f-a091-8c9a53131524",
"modified": "2025-09-29T17:43:16.988976+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--1dda38e9-4128-43cb-8c63-aa71cc50c4fc",
"spec_version": "2.1",
"target_ref": "url--4a3af1c9-22b7-43d4-8809-137a0fa384db",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.990363+00:00",
"description": "Malicious url identified in threat intelligence",
"id": "indicator--626ccd7a-0b00-4619-a91a-5da5d96195b5",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.990368+00:00",
"name": "Malicious url indicator",
"pattern": "[url:value = 'https://news.ycombinator.com/item?id=45416025']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.990369+00:00"
},
{
"created": "2025-09-29T17:43:16.990376+00:00",
"id": "relationship--a63f50c4-7bd0-4530-8bca-7f7575c6da30",
"modified": "2025-09-29T17:43:16.990377+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--626ccd7a-0b00-4619-a91a-5da5d96195b5",
"spec_version": "2.1",
"target_ref": "url--ee4ced3e-8c94-401c-bfbf-ed57df7c31a8",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.991780+00:00",
"description": "Malicious url identified in threat intelligence",
"id": "indicator--01a94b00-e784-4848-b563-7a87a226a281",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.991791+00:00",
"name": "Malicious url indicator",
"pattern": "[url:value = 'https://medium.com/@josesaiz/practical-online-privacy-and-security-guide-apps-you-cant-live-without-2b8c05bf730e']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.991793+00:00"
},
{
"created": "2025-09-29T17:43:16.991799+00:00",
"id": "relationship--188c5691-68ad-4982-8098-6f32c8206cfa",
"modified": "2025-09-29T17:43:16.991800+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--01a94b00-e784-4848-b563-7a87a226a281",
"spec_version": "2.1",
"target_ref": "url--3a717797-e7e1-4210-aa6b-69d1ea63d50a",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.993144+00:00",
"description": "Malicious url identified in threat intelligence",
"id": "indicator--7af8632f-5fb0-4291-8cc1-8a3e6a9b1110",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.993147+00:00",
"name": "Malicious url indicator",
"pattern": "[url:value = 'https://news.ycombinator.com/item?id=45412724']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.993148+00:00"
},
{
"created": "2025-09-29T17:43:16.993153+00:00",
"id": "relationship--0db38e67-3fec-4df8-a8f1-ea93bddd305a",
"modified": "2025-09-29T17:43:16.993154+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--7af8632f-5fb0-4291-8cc1-8a3e6a9b1110",
"spec_version": "2.1",
"target_ref": "url--1a9aa2c1-fb1f-4b44-ad13-417db1b28eaa",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.994472+00:00",
"description": "Malicious url identified in threat intelligence",
"id": "indicator--27f8d632-2078-42c0-a7c6-174810ca7a35",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.994474+00:00",
"name": "Malicious url indicator",
"pattern": "[url:value = 'https://today.ucsd.edu/story/cybersecurity-training-programs-dont-prevent-employees-from-falling-for-phishing-scams']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.994475+00:00"
},
{
"created": "2025-09-29T17:43:16.994478+00:00",
"id": "relationship--3a3a79c5-3228-43e6-9780-94323c041323",
"modified": "2025-09-29T17:43:16.994479+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--27f8d632-2078-42c0-a7c6-174810ca7a35",
"spec_version": "2.1",
"target_ref": "url--32db046a-88dc-41e6-b949-4fea76d9ef57",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.995780+00:00",
"description": "Malicious url identified in threat intelligence",
"id": "indicator--1faef71f-0a33-4507-b7a4-46518961c865",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.995781+00:00",
"name": "Malicious url indicator",
"pattern": "[url:value = 'https://www...']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.995782+00:00"
},
{
"created": "2025-09-29T17:43:16.995785+00:00",
"id": "relationship--1effcd03-96e9-4a30-bad4-9db2c2d3122b",
"modified": "2025-09-29T17:43:16.995786+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--1faef71f-0a33-4507-b7a4-46518961c865",
"spec_version": "2.1",
"target_ref": "url--0d27bca0-931d-4fdc-adbf-ffe953658949",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.997348+00:00",
"description": "Malicious url identified in threat intelligence",
"id": "indicator--c1ea568d-ad34-40d9-954b-1a39b619ab8c",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.997352+00:00",
"name": "Malicious url indicator",
"pattern": "[url:value = 'https://www.securityweek.com/google-says-android-pkvm-earns-highest-level-of-security-assurance/']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.997353+00:00"
},
{
"created": "2025-09-29T17:43:16.997357+00:00",
"id": "relationship--889a6031-8db0-4f7d-8c29-bfc694268c7f",
"modified": "2025-09-29T17:43:16.997358+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--c1ea568d-ad34-40d9-954b-1a39b619ab8c",
"spec_version": "2.1",
"target_ref": "url--899b206c-feb2-471e-9aea-0918839d7474",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:16.998896+00:00",
"description": "Malicious url identified in threat intelligence",
"id": "indicator--f7f56848-5647-4a78-85ce-3a2820cc1022",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:16.998905+00:00",
"name": "Malicious url indicator",
"pattern": "[url:value = 'https://novahunting.ai/']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:16.998907+00:00"
},
{
"created": "2025-09-29T17:43:16.999118+00:00",
"id": "relationship--3de42e64-a0b6-47d6-8227-486a52a4fc0b",
"modified": "2025-09-29T17:43:16.999178+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--f7f56848-5647-4a78-85ce-3a2820cc1022",
"spec_version": "2.1",
"target_ref": "url--5dc9083f-27a5-4b25-b35a-bc127db5de81",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:17.000643+00:00",
"description": "Malicious url identified in threat intelligence",
"id": "indicator--5d6c144a-bddc-48c4-8926-168fb1a5ef36",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:17.000651+00:00",
"name": "Malicious url indicator",
"pattern": "[url:value = 'https://news.ycombinator.com/item?id=45404762']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:17.000652+00:00"
},
{
"created": "2025-09-29T17:43:17.000678+00:00",
"id": "relationship--085be7e9-b9f5-48b0-86a9-e1e54cf5cc64",
"modified": "2025-09-29T17:43:17.000680+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--5d6c144a-bddc-48c4-8926-168fb1a5ef36",
"spec_version": "2.1",
"target_ref": "url--8a09147f-5880-467c-8ef8-ddb32ed4ff73",
"type": "relationship"
},
{
"confidence": 90,
"created": "2025-09-29T17:43:17.002082+00:00",
"description": "Malicious url identified in threat intelligence",
"id": "indicator--93e3597a-3b9e-4ed7-b285-dfe7c569837d",
"labels": [
"malicious-activity"
],
"modified": "2025-09-29T17:43:17.002089+00:00",
"name": "Malicious url indicator",
"pattern": "[url:value = 'https://news.sky.com/story/denmark-bans-civilian-drones-as-it-ramps-up-security-ahead-of-eu-summit-as-sweden-and-france-contribute-equipment-13440812']",
"pattern_type": "stix",
"spec_version": "2.1",
"type": "indicator",
"valid_from": "2025-09-29T17:43:17.002105+00:00"
},
{
"created": "2025-09-29T17:43:17.002156+00:00",
"id": "relationship--43432520-d2ff-4ab6-8554-0aa79e251813",
"modified": "2025-09-29T17:43:17.002159+00:00",
"relationship_type": "based-on",
"source_ref": "indicator--93e3597a-3b9e-4ed7-b285-dfe7c569837d",
"spec_version": "2.1",
"target_ref": "url--092f4245-1bb2-4c80-b5ba-65f4f9fd9aca",
"type": "relationship"
}
],
"spec_version": "2.1",
"type": "bundle"
}
CRITICAL ITEMS
HIGH SEVERITY ITEMS
MEDIUM SEVERITY ITEMS
EXECUTIVE INSIGHTS
DETECTION & RESPONSE KIT