The Cl0p ransomware group has publicly named nearly 30 major organizations, including Logitech, The Washington Post, and Cox Enterprises, as victims of an attack targeting Oracle E-Business Suite (EBS). This public disclosure is a classic double-extortion tactic designed to pressure victims into paying a ransom by weaponizing reputational damage. The scale of this campaign indicates a potentially widespread and unpatched vulnerability in Oracle EBS is being actively exploited.
Business impact
Named organizations face significant reputational damage, potential regulatory fines for data breaches, and loss of customer trust. The leak of sensitive financial or operational data from EBS systems can lead to severe competitive disadvantage and financial loss. All organizations using Oracle EBS are at immediate risk of similar attacks.
Recommended action
Organizations using Oracle EBS should immediately verify they have applied all recent security patches. It is critical to hunt for signs of compromise within EBS environments and associated networks, paying close attention to unusual data exfiltration patterns. Review and restrict all external access to EBS instances.
Transportation authorities in Denmark and Norway are investigating a significant security vulnerability in Chinese-made Yutong electric buses. This flaw raises concerns about the security of critical public infrastructure and the potential for remote exploitation. The investigation highlights growing geopolitical tensions surrounding technology supply chains and the risk of embedded vulnerabilities in hardware from foreign adversaries.
Business impact
A vulnerability in public transportation systems could lead to severe disruption of services, passenger data compromise, or, in a worst-case scenario, safety risks if vehicle controls can be remotely manipulated. This incident underscores the critical need for thorough security vetting in supply chain and procurement processes for critical infrastructure.
Recommended action
Organizations managing fleets of vehicles or other IoT-enabled critical infrastructure should immediately review their supply chain security policies. Isolate vehicle operational networks from public-facing networks and monitor for any anomalous command and control traffic. Engage with the vendor for immediate patch information and mitigation guidance.
Security researchers at Wiz discovered that numerous companies listed on the Forbes AI 50 are inadvertently leaking sensitive secrets, such as API keys and credentials, in public GitHub repositories. This exposure provides a direct path for attackers to access proprietary AI models, sensitive training data, and cloud infrastructure, undermining the core intellectual property of these leading AI firms.
Business impact
Leaked credentials can lead to catastrophic breaches, including theft of valuable AI models, poisoning of training data, and significant financial loss from fraudulent use of cloud resources. The reputational damage for a leading technology company being compromised through such a basic security failure is immense.
Recommended action
Implement automated secret scanning in all CI/CD pipelines to prevent secrets from ever being committed to code repositories. Conduct a thorough audit of all public and private repositories for historical leaks. Immediately revoke any exposed credentials and rotate keys.
A targeted phishing campaign is underway that preys on iPhone owners who have lost their devices. Attackers send SMS messages claiming the lost phone has been found, directing the victim to a malicious website that mimics an Apple login page to steal their Apple ID credentials. This is a highly effective social engineering tactic that exploits a person's distress to bypass their usual security caution.
Business impact
Compromised Apple IDs can lead to the theft of personal and corporate data stored in iCloud, fraudulent purchases, and loss of access to critical accounts that use Apple for authentication. For organizations with BYOD policies, this can create a direct path into the corporate environment.
Recommended action
Educate users to never click on links in unsolicited text messages, especially those that create a sense of urgency. Instruct them to only manage their devices through official Apple websites and applications. Enable multi-factor authentication on all Apple ID accounts to mitigate the impact of credential theft.
With a global shortage of 4 million cybersecurity professionals, Security Operations Centers (SOCs) are perpetually overwhelmed. This report details the strategic shift towards using 'agentic AI'—autonomous AI systems that can independently investigate, correlate, and even respond to threats. This technology promises to move SOCs from a reactive triage model to a proactive, strategic threat hunting posture, fundamentally changing how security is managed at scale.
Microsoft has released its latest progress report on the Secure Future Initiative (SFI), a company-wide effort to bolster cybersecurity resilience and innovation. The report outlines steady progress across all engineering pillars, signaling a deep, long-term commitment from one of the industry's largest players to prioritize security in product development. For executives, this report provides insight into the future direction of security controls and standards within the Microsoft ecosystem, which impacts strategic planning and vendor risk management.
This analysis provides a forward-looking perspective on key trends expected to shape the technology and cybersecurity landscape in 2026. Derived from a wide range of published works and interviews, it offers a strategic overview for leaders to anticipate future challenges and opportunities. Key themes likely include the industrialization of AI-driven attacks, the security implications of quantum computing, and the increasing convergence of physical and cyber threats.
Spotlight Rationale: Today's intelligence highlights the significant risk of secret leakage from public code repositories, as seen in the "Many Forbes AI 50 Companies Leak Secrets on GitHub" report. This type of breach allows attackers to bypass perimeter defenses and directly access sensitive cloud applications and APIs. Cloudflare's platform is well-positioned to both prevent the exfiltration of secrets and protect applications from being compromised by already-leaked credentials.
Platform Focus: Cloudflare Zero Trust and Cloudflare Application Security
Cloudflare provides a multi-layered defense against the risks of secret leakage. First, its Zero Trust suite, specifically the Data Loss Prevention (DLP) service running through Cloudflare Gateway, can inspect egress traffic to detect and block developers from accidentally pushing code containing API keys or other secrets to sites like GitHub. Second, for secrets that have already been exposed, Cloudflare's Web Application Firewall (WAF) and API Shield can protect the target applications. The WAF can block or rate-limit requests using known-leaked keys, while API Shield can identify anomalous usage patterns that indicate a compromised credential is being abused.
1. Prevent Leakage: Deploy Cloudflare's WARP client and configure Gateway DLP policies to scan HTTP traffic for common secret patterns (e.g., regex for AWS keys, GitHub tokens). Create a rule to block any uploads to `github.com` that contain these patterns.
2. Protect APIs: Onboard your public-facing APIs to Cloudflare. Enable API Shield and upload your API schema (OpenAPI spec). This allows Cloudflare to identify and alert on any requests that deviate from expected behavior, such as an attacker trying to abuse a stolen key to access unauthorized endpoints.
3. Block Malicious Requests: Create custom WAF rules to block or challenge requests that contain specific leaked API keys if you identify them. Additionally, use Rate Limiting and Super Bot Fight Mode to protect login endpoints and API gateways from credential stuffing attacks that might use leaked secrets.
⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.
1. Vendor Platform Configuration - Cloudflare
# Cloudflare Gateway DLP Policy for Blocking GitHub Secret Leaks
# 1. Navigate to Zero Trust Dashboard > Gateway > Policies > HTTP.
# 2. Click "Add a policy".
# 3. Name the policy: "Block API Secret Upload to GitHub".
# 4. Under "Traffic", define the following conditions:
# - Application -> In -> "GitHub"
# - AND
# - DLP Profile -> In -> "API Keys and Credentials" (or a custom profile)
# 5. For "Action", select "Block".
# 6. Save the policy.
# Verification:
# Attempt to commit a file containing a fake API key (e.g., "sk_live_123abc123abc") to a public GitHub repo from a device running the WARP client. The request should be blocked by Cloudflare Gateway.
2. YARA Rule for Cl0p Ransomware Artifacts
rule Detect_Clop_Ransomware_Note
{
meta:
description = "Detects potential Cl0p ransomware notes or related artifacts based on known unique strings."
author = "Threat Rundown"
date = "2025-11-10"
reference = "https://www.securityweek.com/?p=44240"
severity = "high"
tlp = "white"
strings:
$s1 = "!!! ALL YOUR FILES ARE ENCRYPTED !!!"
$s2 = "ClopReadMe.txt"
$s3 = "GET-IN-IT-BRO"
$s4 = "Do not try to recover files yourself, you may damage them."
$s5 = "TA505"
condition:
uint16(0) != 0x5A4D and filesize < 2MB and (2 of ($s*))
}
3. SIEM Query — Detecting Potential Secret Leakage to GitHub
// Query for Splunk, adaptable to other SIEMs
index=proxy sourcetype=weblogs dest_host="*github.com" http_method="POST" OR http_method="PUT"
| rex field=_raw "(?i)(?:Authorization|token|api_key|secret)[\s=:\'"]+(?P[A-Za-z0-9_\-]{20,})"
| search leaked_secret=*
| stats count by src_ip, user, dest_host, uri_path, leaked_secret
| where count > 0
| table src_ip, user, dest_host, uri_path, leaked_secret
| sort -count
4. PowerShell Script — Check for Common Persistence on QNAP-adjacent Systems
<#
.SYNOPSIS
Checks for suspicious scheduled tasks or services on Windows systems that might be used to maintain persistence after a QNAP compromise. IOCs should be added as they become available.
#>
# Placeholder for known malicious task names or commands related to QNAP exploits
$suspiciousTaskNames = @("*QNAP_Update*", "*Backup_Sync*")
$suspiciousCommands = @("powershell.exe -enc", "cscript.exe")
Write-Host "[+] Checking for suspicious Scheduled Tasks..."
Get-ScheduledTask | ForEach-Object {
$taskName = $_.TaskName
$taskAction = ($_.Actions | ForEach-Object { $_.Execute + " " + $_.Arguments }) -join "; "
foreach ($pattern in $suspiciousTaskNames) {
if ($taskName -like $pattern) {
Write-Warning "Suspicious scheduled task found by name: $taskName"
}
}
foreach ($cmd in $suspiciousCommands) {
if ($taskAction -like "*$cmd*") {
Write-Warning "Suspicious command found in task '$taskName': $taskAction"
}
}
}
Write-Host "[+] Checking for suspicious Services..."
# Add logic here to check for suspicious services once IOCs are known.
Write-Host "[+] Script finished."
This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!
Cookie Notice
We use essential cookies to provide our cybersecurity newsletter service and analytics cookies to improve your experience. We respect your privacy and comply with GDPR requirements.
About STIX 2.1: Structured Threat Information eXpression (STIX) is the machine language of cybersecurity. This bundle contains validated threat objects, indicators, and relationships that can be directly imported into your SIEM, TIP, or security orchestration platform.
Usage: Download or copy the JSON below and import it directly into your threat intelligence platform, SIEM, or security orchestration tools for automated threat detection and response.
{
"type": "bundle",
"id": "bundle--706e6a8e-86ac-48a3-8426-f5bf3b0f1f50",
"objects": [
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487",
"created": "2022-10-01T00:00:00.000Z",
"definition_type": "tlp:2.0",
"name": "TLP:CLEAR",
"definition": {
"tlp": "clear"
}
},
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--378ddbb8-139d-460c-b0b8-6edc16fab22e",
"created": "2025-11-10T18:54:01.084Z",
"modified": "2025-11-10T18:54:01.084Z",
"name": "MikeGPT Intelligence Platform",
"description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds",
"identity_class": "organization",
"sectors": [
"technology",
"defense"
],
"contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--03762b9b-cfaf-4c14-8545-e04824c94819",
"created": "2025-11-10T18:54:01.084Z",
"modified": "2025-11-10T18:54:01.084Z",
"name": "Threat Intelligence Report - 2025-11-10",
"description": "Threat Intelligence Report - 2025-11-10\n\nThis report consolidates actionable cybersecurity intelligence from 90 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• 2025 H1 IRAP report is now available on AWS Artifact for Australian customers (Score: 100)\n• Securing our future: November 2025 progress report on Microsoft’s Secure Future Initiative (Score: 100)\n• Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site (Score: 100)\n• 250th Marine Corps Birthday: A Message From The Commandant Marine Corp And Sergeant Major Of The Mar (Score: 100)\n• Feel Assured: Enhancing PAM with NHIs (Score: 100)\n\nEXTRACTED ENTITIES:\n• 29 Attack Pattern(s)\n• 21 Campaign(s)\n• 4 Course Of Action(s)\n• 1 Domain Name(s)\n• 3 Indicator(s)\n• 1 Intrusion Set(s)\n• 14 Location(s)\n• 65 Malware(s)\n• 1 Marking Definition(s)\n• 35 Relationship(s)\n• 10 Threat Actor(s)\n• 7 Tool(s)\n• 1 Url(s)\n• 14 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n",
"published": "2025-11-10T18:54:01.084Z",
"object_refs": [
"identity--378ddbb8-139d-460c-b0b8-6edc16fab22e",
"vulnerability--8f735ec2-8220-4b83-9a8c-a0835387a0a3",
"vulnerability--792ede9b-8de1-4c9a-91a0-e3f210f0d032",
"vulnerability--5aa023ed-89ff-455f-a14b-06d7a32d06cd",
"vulnerability--960fba5c-f3c4-4800-8756-f284eec96652",
"vulnerability--6010829c-9633-4789-9611-a16db23db2f2",
"vulnerability--79785aec-b79d-4b48-9193-077cbe55287a",
"malware--605c817b-0ca8-4c4f-8961-7dd094ee058b",
"identity--7a97dfb8-5ca7-49d1-aa53-fe9c78a3853d",
"vulnerability--2ce0c1a5-da9a-4507-8424-5cac0a7bdc24",
"threat-actor--26eca839-6996-4355-b556-31d7e4bd0671",
"identity--78652a32-1d49-42fb-a7b1-5c6f8bfb3581",
"vulnerability--ed3de346-93c1-4c44-867e-0a775a7fa8e3",
"vulnerability--1256edd4-a495-44a4-86b1-0740bb38277e",
"malware--6be03c76-ed62-49ad-8d6a-8d6edc139482",
"malware--3e45ebc9-bae3-4704-86a9-44abdb347667",
"malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a",
"threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7",
"threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca",
"threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924",
"threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3",
"identity--2d677b32-42d6-4ae8-a662-4c9bb04de1b8",
"malware--7cc3f9a2-daea-458e-a385-314141c7ae13",
"identity--6e0f3149-d6f1-4ada-9805-3e656b4318ae",
"identity--5fb634f4-4efc-4668-9397-71cf3601ffae",
"intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106",
"identity--15a8eecf-1ec3-47c8-a984-463663f1f6ef",
"malware--46a0b253-36c0-4c14-bdf6-40460c8bb029",
"malware--6975652f-c247-47d4-8b69-5eba0a4b6104",
"identity--de165938-73e8-4c1e-92f2-1b7832514832",
"identity--15d433d8-67cd-4bf6-a69d-b0c73b67f58e",
"malware--622d89f5-39ec-4c12-9e59-72477cefd1ab",
"malware--9c0dd3c2-3017-43bd-9b16-4b60a3d61120",
"threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b",
"malware--fa4c643a-e54a-4f71-aa1c-4bb424bb6db5",
"malware--d1b982de-9a91-4b3f-afe9-f09f8d466881",
"malware--c1213cab-cfa6-47a2-b43b-7af4967ec05a",
"identity--cba0f55e-7bb3-4ae6-b0f8-048dae21e7f3",
"identity--ad194b40-4a7d-4618-9298-c15574c0cf77",
"malware--ffa5aef9-e5ae-485c-b748-1db12e072806",
"identity--6c5b43ba-1151-49f5-aea4-5130de5e46ba",
"identity--ec073fc7-bb30-4c07-8aa0-9d1d51058897",
"identity--6b8db019-ba56-4716-bbd3-bab18737fef4",
"tool--9fb8a1b4-5c61-44e4-90e1-494f8de4d8d6",
"malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"tool--9f804692-3dad-41b3-b550-5a7ca93e97a9",
"malware--4267370b-1057-49a4-942f-fcb4c563aacc",
"tool--c2210051-55ab-4475-801e-0134045250d9",
"identity--37a6c73b-081d-4c71-a467-5ccabd7ab329",
"identity--a57d502c-4e82-41ec-9234-875d491343fa",
"identity--9fa139c1-5ce0-4ccf-9d02-1e0f8c2f38f6",
"malware--8a13dba8-08ba-42eb-b07b-0712d0ad6082",
"malware--9c959f03-a85c-4ccb-b73e-c55b0e32e5c2",
"threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d",
"tool--8296b0e0-ae1f-45b6-8de0-1c1a4a5e05c5",
"malware--6f4456e2-6dc0-4521-ba8e-cabeff00859c",
"threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc",
"malware--2d7ce7de-e032-4043-8963-4c014393a48f",
"malware--5e5e274e-42ad-4cf9-86fc-12db386831e5",
"location--c92adf8f-1739-4c88-895d-06a7f2948f2e",
"attack-pattern--78a1ad04-d1a7-4bf8-8006-34af1fd1d770",
"identity--ce2e69c6-c194-4ca1-8ccd-65c1ce21af1b",
"location--554766a1-5093-4b60-9732-aa6d14becb18",
"tool--91088445-edc4-4d00-864c-785446cbb1af",
"identity--f8278a12-ae20-4c3f-9977-3dd4feafc099",
"identity--01b0e443-1611-4441-beba-d4f250c69101",
"tool--2bd39da2-1744-453b-8891-2872e72c94bb",
"location--79365b11-f080-4c12-97f5-45b7784679a6",
"threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5",
"location--e8a8e369-e014-4c3f-98e2-d780344dbe7a",
"tool--98496f61-df6e-4741-9fdc-b751ce5ac69d",
"location--99e79579-3626-4cbc-b307-9a0ed522e607",
"indicator--032d49c6-e2db-4ca3-ac15-f16c0d458867",
"location--ea96e271-70b7-4ed7-af72-74ba165daca2",
"vulnerability--7680a803-4098-41b0-83ff-f4c1ee650dbd",
"location--2cffd105-432c-46ca-a015-faa047518780",
"identity--a8564e44-9dd4-4fa2-af91-011d076d1c14",
"location--44405860-a9a6-458f-beae-e4e62ebb780f",
"identity--7aa77399-1a75-40ae-a4c3-2fbf8783bcff",
"location--09fb5c3f-e950-4d77-9967-81596ba45e63",
"location--5dbd12b2-f0b0-4c36-847b-62aa529b4595",
"location--24ea8196-d1e3-4fe9-8c4e-06047a334d1e",
"attack-pattern--020ddb29-4b95-4601-a850-894e55402fe2",
"location--4184e662-7eed-444d-94b4-7f31e34d5299",
"attack-pattern--2a1ef775-77d8-455c-bede-0a48e2d7adc4",
"location--d28ab131-d57a-43d0-9c93-51a1e6b190f8",
"identity--1abdf29f-9fe3-478e-b225-610c02d5b71e",
"threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9",
"location--f89078f0-39f7-4a02-a7e4-dbde6a3138cd",
"identity--23f126ae-d9bd-497b-9eb9-63af757eb466",
"vulnerability--5f025007-20c8-4ccf-bfb6-a845e768c5eb",
"identity--bf415032-9753-40fd-aa77-45a09f6f767d",
"attack-pattern--22092a47-7fd2-4602-90b1-61623bb89079",
"vulnerability--75209a3b-2817-47f1-b38d-3b0e59249e1d",
"vulnerability--39cf974d-29cd-453a-92b0-aacee7aa323e",
"vulnerability--42ef99bb-338a-4d7e-907d-09e0a7806721",
"malware--743fd0cd-4279-4ce4-aed2-d58784f3031c",
"attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65",
"attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11",
"attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc",
"attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678",
"attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927",
"attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400",
"attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e",
"attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9",
"attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d",
"attack-pattern--88428b3c-f02f-45b8-a38a-0541b2287509",
"attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716",
"attack-pattern--775a5581-fd79-4cfc-a505-6d409b3bbfba",
"attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29",
"attack-pattern--0ec57ff0-0257-4287-888c-8f20c7e08c6b",
"attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719",
"attack-pattern--39b82972-b1a6-4322-afb9-af162cf1fad0",
"attack-pattern--239957f5-5ae1-4977-a451-144fae4a6361",
"attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770",
"attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3",
"attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2",
"attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea",
"attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18",
"attack-pattern--7aa19707-a8bb-4175-a9ce-0dc6a85cf429",
"malware--fcc9d9b3-239e-4a1a-ae6d-bfab554babb1",
"malware--9e4b8ee9-0ff3-443a-abdb-f6f1922ad7ab",
"malware--9c2108c4-97fb-4c9d-a9f7-39ab348a1b0e",
"malware--a0268d41-a1e9-4e0a-9e2b-ab4e61f026eb",
"malware--d530c1dc-ad5b-4d5f-b7d6-a222a82cf03d",
"malware--bb3d49a5-9b7e-4244-8a32-1e34c9e53b56",
"malware--c8bdb2bb-beeb-4e44-9853-b2a5c25f3bd4",
"malware--77552609-e19b-4517-ba63-61361f0632d5",
"malware--c5ac3c1a-e22f-4660-ba67-e77122679023",
"malware--229d8e66-aebc-4918-aec3-d573f4b4b857",
"malware--0d6a2bde-ab7e-4359-8b15-5430ad62b2a6",
"malware--9f86f1b7-c162-4247-8b45-31717ef8f8db",
"malware--c7861aad-8696-4d3b-aa51-58dbf7e5944c",
"malware--4577ceb2-f721-4aa4-9734-15e789a6a8cd",
"malware--bb933deb-10f4-4cdf-8bdc-6a3eee0fcedd",
"malware--8539a720-ea73-4b82-875b-e5a55b8f9408",
"malware--34e44d2d-1f65-450d-97d3-0573f70448a1",
"malware--97082a1a-63cd-4de2-b384-9b2d41383c9c",
"malware--af084cf3-f054-48f0-9a76-8e641b9234a9",
"malware--c2400543-c6dd-4b38-ad66-24bfada51582",
"malware--9a3e46ba-34f4-4c9a-81c1-35aacf81fc95",
"malware--83401f95-5be4-4c21-a0d1-ce488515519b",
"malware--6e82ae16-7b77-41ae-bfcb-c199d727da71",
"malware--b86e4c0a-5d13-4cb1-a9af-56e7835b0ac6",
"malware--1647fbcf-8f26-4b3c-ac8c-53d073f7a219",
"malware--1f33b8a0-9e4b-4860-b4f1-1be12542109a",
"malware--08568c00-a8de-465c-a568-f62a9c7d5761",
"malware--38b2effc-a5a1-4951-98a5-6396b1dd2e48",
"malware--86d7d62b-2d49-4c65-a184-622dc494b289",
"malware--d16bafd3-7b12-498e-9cee-bf507f395f74",
"malware--7d490520-c572-4a8d-aea6-25f2acf355a8",
"malware--9e8a8f66-6759-4bc6-a50a-237e3a71febe",
"malware--9773e407-1fae-4cd2-8ab5-84c5ce484afd",
"malware--08bcafd9-1006-4235-9e18-8a42eee562d5",
"malware--632c305c-2a94-4935-bfa0-948ba17d7b79",
"malware--b56ee130-4fb5-4b34-8cd2-fc4c7f081bb5",
"malware--3afabf10-244a-4aa4-9435-96b58ae00f40",
"malware--24c54d41-ce91-4b28-aaa4-2b4dfcb81703",
"malware--a3f47b78-ade7-4ae7-844c-f368c98737fa",
"malware--dc5cd221-a8ef-4a17-8974-f8daf4bc2a6c",
"malware--204f1ed3-19bd-4310-804e-07fdc1a5d1da",
"malware--a0384b55-af62-496d-b859-8dff2e12a6bb",
"malware--243e633c-aafc-4920-bf3f-afdbc07fd0b4",
"malware--5e580126-4513-4106-a0a9-29ae39e3f210",
"campaign--5dd07295-cacf-4506-bf1e-68b2e77f3c28",
"campaign--201498d1-18f4-4e00-bc7e-f3ecad95f4b5",
"campaign--71a75389-f28a-42f3-9642-2bd54f936659",
"campaign--8cb85306-4612-455b-ad8d-f6229acb02ba",
"campaign--e294bb47-2e68-473e-984e-f59e2c695797",
"campaign--9cc244c1-d5d9-48b6-abcc-1ca5a55afa74",
"campaign--ad05428e-722d-4b83-a653-892420be1ec9",
"campaign--36af4224-3e7c-4eac-9cc6-1145f4a98f92",
"campaign--b6dc762f-f073-4c31-8f43-edec28ae08ef",
"campaign--140448b2-1a1a-41a9-a3c3-8767ecaa515f",
"campaign--c2134b85-ba21-43e8-a1a1-fb241cc10b6c",
"campaign--4976c9d8-817d-4c01-97e6-9cda7bff8a52",
"campaign--0a754da2-162f-4bcf-a769-22946295291c",
"campaign--bb926d7d-068d-466b-ad9c-5bd00c6402f7",
"campaign--10248586-620b-4904-9862-bc8da146a5e4",
"campaign--efae17a0-0b51-4d94-be3a-71f85435a1f9",
"campaign--4f3bd16d-b390-4e6a-b1b1-5ac90ebaf34d",
"campaign--1fdfbef8-2082-43a4-9164-ffef922309fb",
"campaign--6d41ae82-8e93-4125-a9d4-4ba3519e087d",
"campaign--3fab33d2-335d-4749-9559-ecb55a44921e",
"campaign--209d6dd9-1fc8-4171-9dc8-ca692aa8f4ae",
"course-of-action--5aa19021-5375-45ab-8c02-ece4101b8e79",
"course-of-action--c46c5e93-95b8-4008-a456-9189008de30d",
"course-of-action--5f454664-12a2-4cd3-9f18-5abe36bc4476",
"course-of-action--c3859160-191d-40d3-b2a8-9df3bec10b7e",
"relationship--fa1616c4-0bed-413d-a62c-30856123a9d3",
"relationship--10cf03b1-7ab0-4961-80fe-fdee64efa46b",
"relationship--ed031ed1-d8ce-40cf-bcfa-f2efca9d5255",
"relationship--dacab18e-d39a-462b-a4a9-2e05e6be5e31",
"relationship--66997221-76d0-4ed5-9fa2-92a49a860a46",
"relationship--29571518-82ef-42b6-9abc-4d45fe9675f3",
"relationship--602f8293-693b-4e5a-b2cd-23016a6f811a",
"relationship--c116b2e2-f295-4431-a3d3-7110451630b0",
"relationship--967abef0-6bac-456f-9e0b-cbe7067addb7",
"relationship--475e2b57-3e2d-4711-8ee3-07bfe1dbe5a3",
"relationship--e1300f47-82d1-407f-ac84-4f28e0cd84b6",
"relationship--a4f4507c-17a9-40ff-82d1-ccaf753d5f59",
"relationship--478d873e-b188-4248-8d8c-2a6245f806bc",
"relationship--f19c5fb0-59af-4698-a403-47a66b22f976",
"relationship--16ebf6ed-591d-43cf-9c63-529292b1dde5",
"relationship--6ed31727-58b4-46aa-a2e5-6bc8aee7e1b1",
"relationship--73810bda-987b-436c-bc45-012d14932bfa",
"relationship--faffb755-f2f7-4121-9481-bfca8780735e",
"relationship--677c4ac5-62f5-438e-8064-3edfbeb79de4",
"relationship--6c5e8192-97e4-436c-a904-9757b64efc23",
"relationship--7692c545-452d-4674-9b73-5c00ac538d03",
"relationship--a2be4485-517a-4ab7-a8c6-29950a50e892",
"relationship--d97ee2e4-f63b-4709-94e2-03fc75eda8ab",
"relationship--0d6a1571-d368-4786-8116-79096a087519",
"relationship--00329d7c-3722-481b-89e2-666a47ea5f10",
"domain-name--128af084-b225-4c2a-bd0a-3761d3a7a2b7",
"url--ee4ee920-05d6-4a5b-9036-c86053f9423d",
"indicator--044eab35-01fc-4dfd-9dc1-9921cedafdc5",
"relationship--fb34925c-348c-42e5-bb2b-dec87584f979",
"indicator--01d72388-d0c7-4ec0-95e3-240415632789",
"relationship--9f063aa2-888f-43b0-b232-7943f66c620c",
"relationship--d93ca63f-3b1c-4b54-aefa-fed746aec4f1",
"relationship--85a8b26e-413c-404b-9a58-5aca381f8926",
"relationship--c540392a-2aaa-46d8-a288-5836be4188ee",
"relationship--9afc0d5a-00b0-4e1b-af81-3cd623b468d3",
"relationship--8efd262e-7094-4442-bf38-ff8321f78022",
"relationship--b18563ca-4331-472f-9285-49c689d39d22",
"relationship--d7718e43-c74d-4a7a-89e4-83c69b7b3257",
"relationship--eb8ffb6b-6b69-465a-881e-87762731e9c6"
],
"labels": [
"threat-report",
"threat-intelligence"
],
"created_by_ref": "identity--378ddbb8-139d-460c-b0b8-6edc16fab22e",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--8f735ec2-8220-4b83-9a8c-a0835387a0a3",
"name": "https://www.cve.org/CVERecord?id=CVE-2025-24085",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--792ede9b-8de1-4c9a-91a0-e3f210f0d032",
"name": "CVE-2025-24085",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-24085",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24085"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-24085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24085"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--5aa023ed-89ff-455f-a14b-06d7a32d06cd",
"name": "CVE-2025-21042",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-21042",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21042"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-21042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21042"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--960fba5c-f3c4-4800-8756-f284eec96652",
"name": "CVE-2025-59305",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-59305",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59305"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-59305",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59305"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--6010829c-9633-4789-9611-a16db23db2f2",
"name": "CVE-2024-40766",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2024-40766",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40766"
},
{
"source_name": "nvd",
"external_id": "CVE-2024-40766",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40766"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--79785aec-b79d-4b48-9193-077cbe55287a",
"name": "CVE-2025-20362",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-20362",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20362"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-20362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20362"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--605c817b-0ca8-4c4f-8961-7dd094ee058b",
"name": "Yanluowang ransomware",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--7a97dfb8-5ca7-49d1-aa53-fe9c78a3853d",
"name": "U.S. Cybersecurity and Infrastructure Security Agency",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 94,
"type": "vulnerability",
"id": "vulnerability--2ce0c1a5-da9a-4507-8424-5cac0a7bdc24",
"name": "CVE-2025-41244",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-41244",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-41244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41244"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671",
"name": "the Lazarus Group",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--78652a32-1d49-42fb-a7b1-5c6f8bfb3581",
"name": "CISA",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 92,
"type": "vulnerability",
"id": "vulnerability--ed3de346-93c1-4c44-867e-0a775a7fa8e3",
"name": "CVE-2025-32463",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-32463",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32463"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-32463",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32463"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 92,
"type": "vulnerability",
"id": "vulnerability--1256edd4-a495-44a4-86b1-0740bb38277e",
"name": "CVE-2025-53609",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-53609",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53609"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-53609",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53609"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--6be03c76-ed62-49ad-8d6a-8d6edc139482",
"name": "Gootloader",
"is_family": true,
"malware_types": [
"dropper"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--3e45ebc9-bae3-4704-86a9-44abdb347667",
"name": "Mirai",
"is_family": true,
"malware_types": [
"bot"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a",
"name": "Akira ransomware",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7",
"name": "Callisto/Star Blizzard/UNC4057",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca",
"name": "LulzSec",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924",
"name": "Charming Kitten",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3",
"name": "Lazarus",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--2d677b32-42d6-4ae8-a662-4c9bb04de1b8",
"name": "Trend Micro",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--7cc3f9a2-daea-458e-a385-314141c7ae13",
"name": "XCSSET",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--6e0f3149-d6f1-4ada-9805-3e656b4318ae",
"name": "U.S. Cyber Command",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--5fb634f4-4efc-4668-9397-71cf3601ffae",
"name": "NSA",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "intrusion-set",
"id": "intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106",
"name": "Scattered Spider",
"labels": [
"intrusion-set"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--15a8eecf-1ec3-47c8-a984-463663f1f6ef",
"name": "NIST",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--46a0b253-36c0-4c14-bdf6-40460c8bb029",
"name": "LANDFALL",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--6975652f-c247-47d4-8b69-5eba0a4b6104",
"name": "Trojan",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--de165938-73e8-4c1e-92f2-1b7832514832",
"name": "CrowdStrike",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--15d433d8-67cd-4bf6-a69d-b0c73b67f58e",
"name": "Mandiant",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--622d89f5-39ec-4c12-9e59-72477cefd1ab",
"name": "DCRat",
"is_family": true,
"malware_types": [
"remote-access-trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--9c0dd3c2-3017-43bd-9b16-4b60a3d61120",
"name": "Datzbro",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b",
"name": "ShinyHunters",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--fa4c643a-e54a-4f71-aa1c-4bb424bb6db5",
"name": "Rhadamanthys",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--d1b982de-9a91-4b3f-afe9-f09f8d466881",
"name": "AtomicStealer",
"is_family": true,
"malware_types": [
"stealer"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--c1213cab-cfa6-47a2-b43b-7af4967ec05a",
"name": "XMRig",
"is_family": true,
"malware_types": [
"crypto-miner"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--cba0f55e-7bb3-4ae6-b0f8-048dae21e7f3",
"name": "Proofpoint",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--ad194b40-4a7d-4618-9298-c15574c0cf77",
"name": "Nozomi Networks",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--ffa5aef9-e5ae-485c-b748-1db12e072806",
"name": "Akira Ransomware’s",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--6c5b43ba-1151-49f5-aea4-5130de5e46ba",
"name": "Rapid7",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--ec073fc7-bb30-4c07-8aa0-9d1d51058897",
"name": "Microsoft Threat Intelligence",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--6b8db019-ba56-4716-bbd3-bab18737fef4",
"name": "OWASP",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "tool",
"id": "tool--9fb8a1b4-5c61-44e4-90e1-494f8de4d8d6",
"name": "any.run",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 93,
"type": "malware",
"id": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"name": "Ransomware",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "tool",
"id": "tool--9f804692-3dad-41b3-b550-5a7ca93e97a9",
"name": "Wazuh",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--4267370b-1057-49a4-942f-fcb4c563aacc",
"name": "MatrixPDF",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "tool",
"id": "tool--c2210051-55ab-4475-801e-0134045250d9",
"name": "Defender for Office 365",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--37a6c73b-081d-4c71-a467-5ccabd7ab329",
"name": "ZDI",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--a57d502c-4e82-41ec-9234-875d491343fa",
"name": "CBO",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--9fa139c1-5ce0-4ccf-9d02-1e0f8c2f38f6",
"name": "SonicWall",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--8a13dba8-08ba-42eb-b07b-0712d0ad6082",
"name": "Datzbro that can conduct device takeover",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--9c959f03-a85c-4ccb-b73e-c55b0e32e5c2",
"name": "RayInitiator",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d",
"name": "Aleksei Olegovich Volkov",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "tool",
"id": "tool--8296b0e0-ae1f-45b6-8de0-1c1a4a5e05c5",
"name": "Kali",
"tool_types": [
"exploitation",
"vulnerability-scanning",
"network-capture"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--6f4456e2-6dc0-4521-ba8e-cabeff00859c",
"name": "RingReaper",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc",
"name": "chubaka.kor",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--2d7ce7de-e032-4043-8963-4c014393a48f",
"name": "Paragon’s Graphite",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "malware",
"id": "malware--5e5e274e-42ad-4cf9-86fc-12db386831e5",
"name": "Gootloader Returns",
"is_family": true,
"malware_types": [
"dropper"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "location",
"id": "location--c92adf8f-1739-4c88-895d-06a7f2948f2e",
"name": "U.S.",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "attack-pattern",
"id": "attack-pattern--78a1ad04-d1a7-4bf8-8006-34af1fd1d770",
"name": "Privilege Escalation",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": []
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "identity",
"id": "identity--ce2e69c6-c194-4ca1-8ccd-65c1ce21af1b",
"name": "Mend.io",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.081Z",
"confidence": 95,
"type": "location",
"id": "location--554766a1-5093-4b60-9732-aa6d14becb18",
"name": "South Korea",
"country": "KR",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.081Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "tool",
"id": "tool--91088445-edc4-4d00-864c-785446cbb1af",
"name": "Universal Forwarders",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "identity",
"id": "identity--f8278a12-ae20-4c3f-9977-3dd4feafc099",
"name": "OneBlood",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "identity",
"id": "identity--01b0e443-1611-4441-beba-d4f250c69101",
"name": "Security Affairs",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "tool",
"id": "tool--2bd39da2-1744-453b-8891-2872e72c94bb",
"name": "ELK",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "location",
"id": "location--79365b11-f080-4c12-97f5-45b7784679a6",
"name": "Oman",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 93,
"type": "threat-actor",
"id": "threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5",
"name": "DragonForce",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "location",
"id": "location--e8a8e369-e014-4c3f-98e2-d780344dbe7a",
"name": "Moldova",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "tool",
"id": "tool--98496f61-df6e-4741-9fdc-b751ce5ac69d",
"name": "Cisco Secure Firewall Threat Defense",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "location",
"id": "location--99e79579-3626-4cbc-b307-9a0ed522e607",
"name": "Dublin",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 77,
"type": "indicator",
"id": "indicator--032d49c6-e2db-4ca3-ac15-f16c0d458867",
"name": "141.98.82.26",
"pattern": "[ipv4-addr:value = '141.98.82.26']",
"pattern_type": "stix",
"indicator_types": [
"ipv4-addr"
],
"valid_from": "2025-11-10T18:54:01.082158+00:00",
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "location",
"id": "location--ea96e271-70b7-4ed7-af72-74ba165daca2",
"name": "Brussels",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 80,
"type": "vulnerability",
"id": "vulnerability--7680a803-4098-41b0-83ff-f4c1ee650dbd",
"name": "the Gemini Trifecta",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "location",
"id": "location--2cffd105-432c-46ca-a015-faa047518780",
"name": "Afghanistan",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "identity",
"id": "identity--a8564e44-9dd4-4fa2-af91-011d076d1c14",
"name": "Suspected in Breach of Congressional Budget Office The Congressional Budget Office has been the subject of an apparent cyber incident",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "location",
"id": "location--44405860-a9a6-458f-beae-e4e62ebb780f",
"name": "the United Arab Emirates",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "identity",
"id": "identity--7aa77399-1a75-40ae-a4c3-2fbf8783bcff",
"name": "Jaguar Land Rover",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "location",
"id": "location--09fb5c3f-e950-4d77-9967-81596ba45e63",
"name": "Israel",
"country": "IL",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "location",
"id": "location--5dbd12b2-f0b0-4c36-847b-62aa529b4595",
"name": "Berlin",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "location",
"id": "location--24ea8196-d1e3-4fe9-8c4e-06047a334d1e",
"name": "Ireland",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 91,
"type": "attack-pattern",
"id": "attack-pattern--020ddb29-4b95-4601-a850-894e55402fe2",
"name": "using maliciously crafted input",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": []
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 91,
"type": "location",
"id": "location--4184e662-7eed-444d-94b4-7f31e34d5299",
"name": "Germany",
"country": "DE",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 91,
"type": "attack-pattern",
"id": "attack-pattern--2a1ef775-77d8-455c-bede-0a48e2d7adc4",
"name": "a position to observe your network traffic to conclude language model conversation topics",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": []
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 87,
"type": "location",
"id": "location--d28ab131-d57a-43d0-9c93-51a1e6b190f8",
"name": "Union County",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "identity",
"id": "identity--1abdf29f-9fe3-478e-b225-610c02d5b71e",
"name": "Australian Signals Directorate",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9",
"name": "Cl0p",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "location",
"id": "location--f89078f0-39f7-4a02-a7e4-dbde6a3138cd",
"name": "Denmark",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "identity",
"id": "identity--23f126ae-d9bd-497b-9eb9-63af757eb466",
"name": "Flashpoint",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 94,
"type": "vulnerability",
"id": "vulnerability--5f025007-20c8-4ccf-bfb6-a845e768c5eb",
"name": "CVE-2025-34299",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-34299",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-34299"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-34299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34299"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "identity",
"id": "identity--bf415032-9753-40fd-aa77-45a09f6f767d",
"name": "QNAP",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "attack-pattern",
"id": "attack-pattern--22092a47-7fd2-4602-90b1-61623bb89079",
"name": "DoS",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": []
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 94,
"type": "vulnerability",
"id": "vulnerability--75209a3b-2817-47f1-b38d-3b0e59249e1d",
"name": "CVE-2025-31133",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-31133",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-31133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 94,
"type": "vulnerability",
"id": "vulnerability--39cf974d-29cd-453a-92b0-aacee7aa323e",
"name": "CVE-2025-52565",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-52565",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 94,
"type": "vulnerability",
"id": "vulnerability--42ef99bb-338a-4d7e-907d-09e0a7806721",
"name": "CVE-2025-52881",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-52881",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 95,
"type": "malware",
"id": "malware--743fd0cd-4279-4ce4-aed2-d58784f3031c",
"name": "PureRAT",
"is_family": true,
"malware_types": [
"remote-access-trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"name": "Spearphishing Attachment",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1566.001",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/001/",
"external_id": "T1566.001"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65",
"name": "Spearphishing Link",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1566.002",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/002/",
"external_id": "T1566.002"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11",
"name": "Spearphishing via Service",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1566.003",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/003/",
"external_id": "T1566.003"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc",
"name": "Exploit Public-Facing Application",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1190",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1190/",
"external_id": "T1190"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678",
"name": "Exploitation for Client Execution",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"x_mitre_id": "T1203",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1203/",
"external_id": "T1203"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"name": "Command and Scripting Interpreter",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"x_mitre_id": "T1059",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1059/",
"external_id": "T1059"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927",
"name": "Create or Modify System Process",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1543",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1543/",
"external_id": "T1543"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400",
"name": "Boot or Logon Autostart Execution",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1547",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1547/",
"external_id": "T1547"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e",
"name": "Application Layer Protocol",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control"
}
],
"x_mitre_id": "T1071",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1071/",
"external_id": "T1071"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9",
"name": "Non-Application Layer Protocol",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control"
}
],
"x_mitre_id": "T1095",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1095/",
"external_id": "T1095"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 85,
"type": "attack-pattern",
"id": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d",
"name": "Search Threat Vendor Data",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "reconnaissance"
}
],
"x_mitre_id": "T1681",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1681/",
"external_id": "T1681"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 83,
"type": "attack-pattern",
"id": "attack-pattern--88428b3c-f02f-45b8-a38a-0541b2287509",
"name": "LSA Secrets",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "credential-access"
}
],
"x_mitre_id": "T1003.004",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1003/004/",
"external_id": "T1003.004"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 83,
"type": "attack-pattern",
"id": "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716",
"name": "Python",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"x_mitre_id": "T1059.006",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1059/006/",
"external_id": "T1059.006"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 81,
"type": "attack-pattern",
"id": "attack-pattern--775a5581-fd79-4cfc-a505-6d409b3bbfba",
"name": "Browser Session Hijacking",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1185",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1185/",
"external_id": "T1185"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 81,
"type": "attack-pattern",
"id": "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29",
"name": "Python Startup Hooks",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1546.018",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1546/018/",
"external_id": "T1546.018"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 81,
"type": "attack-pattern",
"id": "attack-pattern--0ec57ff0-0257-4287-888c-8f20c7e08c6b",
"name": "Cloud Secrets Management Stores",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "credential-access"
}
],
"x_mitre_id": "T1555.006",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1555/006/",
"external_id": "T1555.006"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 78,
"type": "attack-pattern",
"id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719",
"name": "Vulnerabilities",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource-development"
}
],
"x_mitre_id": "T1588.006",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1588/006/",
"external_id": "T1588.006"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 74,
"type": "attack-pattern",
"id": "attack-pattern--39b82972-b1a6-4322-afb9-af162cf1fad0",
"name": "Application or System Exploitation",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "impact"
}
],
"x_mitre_id": "T1499.004",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1499/004/",
"external_id": "T1499.004"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--239957f5-5ae1-4977-a451-144fae4a6361",
"name": "Software Extensions",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"x_mitre_id": "T1176",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1176/",
"external_id": "T1176"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770",
"name": "Threat Intel Vendors",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "reconnaissance"
}
],
"x_mitre_id": "T1597.001",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1597/001/",
"external_id": "T1597.001"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3",
"name": "Archive via Utility",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1560.001",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1560/001/",
"external_id": "T1560.001"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2",
"name": "Screen Capture",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1113",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1113/",
"external_id": "T1113"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea",
"name": "Scheduled Task",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1053.005",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1053/005/",
"external_id": "T1053.005"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18",
"name": "Adversary-in-the-Middle",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "credential-access"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1557",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1557/",
"external_id": "T1557"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"confidence": 66,
"type": "attack-pattern",
"id": "attack-pattern--7aa19707-a8bb-4175-a9ce-0dc6a85cf429",
"name": "DNS",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control"
}
],
"x_mitre_id": "T1071.004",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1071/004/",
"external_id": "T1071.004"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--fcc9d9b3-239e-4a1a-ae6d-bfab554babb1",
"created": "2025-11-10T18:53:28.653Z",
"modified": "2025-11-10T18:53:28.653Z",
"name": "AWS Artifact",
"description": "Malware AWS Artifact identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://aws.amazon.com/",
"description": "2025 H1 IRAP report is now available on AWS Artifact for Australian customers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--9e4b8ee9-0ff3-443a-abdb-f6f1922ad7ab",
"created": "2025-11-10T18:53:28.653Z",
"modified": "2025-11-10T18:53:28.653Z",
"name": "Australian Signals Directorate",
"description": "Malware Australian Signals Directorate identified in threat intelligence",
"malware_types": [
"trojan"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://aws.amazon.com/",
"description": "2025 H1 IRAP report is now available on AWS Artifact for Australian customers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--9c2108c4-97fb-4c9d-a9f7-39ab348a1b0e",
"created": "2025-11-10T18:53:29.493Z",
"modified": "2025-11-10T18:53:29.493Z",
"name": "the Secure Future Initiative",
"description": "Malware the Secure Future Initiative identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.microsoft.com/en-us/security/blog/?p=143328",
"description": "Securing our future: November 2025 progress report on Microsoft’s Secure Future Initiative "
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--a0268d41-a1e9-4e0a-9e2b-ab4e61f026eb",
"created": "2025-11-10T18:53:29.845Z",
"modified": "2025-11-10T18:53:29.845Z",
"name": "The Washington Post",
"description": "Malware The Washington Post identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44240",
"description": "Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--d530c1dc-ad5b-4d5f-b7d6-a222a82cf03d",
"created": "2025-11-10T18:53:29.845Z",
"modified": "2025-11-10T18:53:29.845Z",
"name": "Site",
"description": "Malware Site identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44240",
"description": "Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--bb3d49a5-9b7e-4244-8a32-1e34c9e53b56",
"created": "2025-11-10T18:53:29.845Z",
"modified": "2025-11-10T18:53:29.845Z",
"name": "LKQ Corporation",
"description": "Malware LKQ Corporation identified in threat intelligence",
"malware_types": [
"trojan"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44240",
"description": "Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--c8bdb2bb-beeb-4e44-9853-b2a5c25f3bd4",
"created": "2025-11-10T18:53:29.845Z",
"modified": "2025-11-10T18:53:29.845Z",
"name": "SecurityWeek",
"description": "Malware SecurityWeek identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44240",
"description": "Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--77552609-e19b-4517-ba63-61361f0632d5",
"created": "2025-11-10T18:53:29.845Z",
"modified": "2025-11-10T18:53:29.845Z",
"name": "Pan American Silver",
"description": "Malware Pan American Silver identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44240",
"description": "Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--c5ac3c1a-e22f-4660-ba67-e77122679023",
"created": "2025-11-10T18:53:32.893Z",
"modified": "2025-11-10T18:53:32.893Z",
"name": "Protector",
"description": "Malware Protector identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184396",
"description": "QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--229d8e66-aebc-4918-aec3-d573f4b4b857",
"created": "2025-11-10T18:53:32.893Z",
"modified": "2025-11-10T18:53:32.893Z",
"name": "QTS",
"description": "Malware QTS identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184396",
"description": "QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--0d6a2bde-ab7e-4359-8b15-5430ad62b2a6",
"created": "2025-11-10T18:53:32.893Z",
"modified": "2025-11-10T18:53:32.893Z",
"name": "Malware Remover",
"description": "Malware Malware Remover identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184396",
"description": "QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--9f86f1b7-c162-4247-8b45-31717ef8f8db",
"created": "2025-11-10T18:53:32.893Z",
"modified": "2025-11-10T18:53:32.893Z",
"name": "Hyper Data Protector",
"description": "Malware Hyper Data Protector identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184396",
"description": "QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--c7861aad-8696-4d3b-aa51-58dbf7e5944c",
"created": "2025-11-10T18:53:32.893Z",
"modified": "2025-11-10T18:53:32.893Z",
"name": "Remover",
"description": "Malware Remover identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184396",
"description": "QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--4577ceb2-f721-4aa4-9734-15e789a6a8cd",
"created": "2025-11-10T18:53:32.893Z",
"modified": "2025-11-10T18:53:32.893Z",
"name": "Malware",
"description": "Malware Malware identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184396",
"description": "QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--bb933deb-10f4-4cdf-8bdc-6a3eee0fcedd",
"created": "2025-11-10T18:53:34.493Z",
"modified": "2025-11-10T18:53:34.493Z",
"name": "ZDI",
"description": "Malware ZDI identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--8539a720-ea73-4b82-875b-e5a55b8f9408",
"created": "2025-11-10T18:53:35.748Z",
"modified": "2025-11-10T18:53:35.748Z",
"name": "ClickFix",
"description": "Malware ClickFix identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/large-scale-clickfix-phishing-attacks.html",
"description": "Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--34e44d2d-1f65-450d-97d3-0573f70448a1",
"created": "2025-11-10T18:53:36.024Z",
"modified": "2025-11-10T18:53:36.024Z",
"name": "EDR",
"description": "Malware EDR identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/new-browser-security-report-reveals.html",
"description": "New Browser Security Report Reveals Emerging Threats for Enterprises"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--97082a1a-63cd-4de2-b384-9b2d41383c9c",
"created": "2025-11-10T18:53:36.024Z",
"modified": "2025-11-10T18:53:36.024Z",
"name": "SSE",
"description": "Malware SSE identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/new-browser-security-report-reveals.html",
"description": "New Browser Security Report Reveals Emerging Threats for Enterprises"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--af084cf3-f054-48f0-9a76-8e641b9234a9",
"created": "2025-11-10T18:53:42.319Z",
"modified": "2025-11-10T18:53:42.319Z",
"name": "GCC",
"description": "Malware GCC identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.ishir.com/?p=307950",
"description": "With Geopolitical Uncertainty Rising, Is It Time to Reimagine Your GCC & Nearshore Strategy?"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--c2400543-c6dd-4b38-ad66-24bfada51582",
"created": "2025-11-10T18:53:42.319Z",
"modified": "2025-11-10T18:53:42.319Z",
"name": "GCC & Nearshore Strategy",
"description": "Malware GCC & Nearshore Strategy identified in threat intelligence",
"malware_types": [
"trojan"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.ishir.com/?p=307950",
"description": "With Geopolitical Uncertainty Rising, Is It Time to Reimagine Your GCC & Nearshore Strategy?"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--9a3e46ba-34f4-4c9a-81c1-35aacf81fc95",
"created": "2025-11-10T18:53:44.728Z",
"modified": "2025-11-10T18:53:44.728Z",
"name": "Security Affairs Malware",
"description": "Malware Security Affairs Malware identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184367",
"description": "SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--83401f95-5be4-4c21-a0d1-ce488515519b",
"created": "2025-11-10T18:53:44.728Z",
"modified": "2025-11-10T18:53:44.728Z",
"name": "OpenAI Assistants API",
"description": "Malware OpenAI Assistants API identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184367",
"description": "SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--6e82ae16-7b77-41ae-bfcb-c199d727da71",
"created": "2025-11-10T18:53:44.728Z",
"modified": "2025-11-10T18:53:44.728Z",
"name": "SesameOp",
"description": "Malware SesameOp identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184367",
"description": "SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--b86e4c0a-5d13-4cb1-a9af-56e7835b0ac6",
"created": "2025-11-10T18:53:44.728Z",
"modified": "2025-11-10T18:53:44.728Z",
"name": "Assistants",
"description": "Malware Assistants identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184367",
"description": "SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--1647fbcf-8f26-4b3c-ac8c-53d073f7a219",
"created": "2025-11-10T18:53:44.728Z",
"modified": "2025-11-10T18:53:44.728Z",
"name": "control  ",
"description": "Malware control   identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184367",
"description": "SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--1f33b8a0-9e4b-4860-b4f1-1be12542109a",
"created": "2025-11-10T18:53:44.728Z",
"modified": "2025-11-10T18:53:44.728Z",
"name": "OpenAI",
"description": "Malware OpenAI identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184367",
"description": "SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--08568c00-a8de-465c-a568-f62a9c7d5761",
"created": "2025-11-10T18:53:44.728Z",
"modified": "2025-11-10T18:53:44.728Z",
"name": "Malware Newsletter SesameOp",
"description": "Malware Malware Newsletter SesameOp identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184367",
"description": "SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--38b2effc-a5a1-4951-98a5-6396b1dd2e48",
"created": "2025-11-10T18:53:44.728Z",
"modified": "2025-11-10T18:53:44.728Z",
"name": "Affairs",
"description": "Malware Affairs identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184367",
"description": "SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--86d7d62b-2d49-4c65-a184-622dc494b289",
"created": "2025-11-10T18:53:44.728Z",
"modified": "2025-11-10T18:53:44.728Z",
"name": "Newsletter",
"description": "Malware Newsletter identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184367",
"description": "SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--d16bafd3-7b12-498e-9cee-bf507f395f74",
"created": "2025-11-10T18:53:44.728Z",
"modified": "2025-11-10T18:53:44.728Z",
"name": "Novel",
"description": "Malware Novel identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184367",
"description": "SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--7d490520-c572-4a8d-aea6-25f2acf355a8",
"created": "2025-11-10T18:53:45.970Z",
"modified": "2025-11-10T18:53:45.970Z",
"name": "Returns",
"description": "Malware Returns identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44241",
"description": "GlassWorm Malware Returns to Open VSX, Emerges on GitHub"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--9e8a8f66-6759-4bc6-a50a-237e3a71febe",
"created": "2025-11-10T18:53:45.970Z",
"modified": "2025-11-10T18:53:45.970Z",
"name": "GitHub",
"description": "Malware GitHub identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44241",
"description": "GlassWorm Malware Returns to Open VSX, Emerges on GitHub"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--9773e407-1fae-4cd2-8ab5-84c5ce484afd",
"created": "2025-11-10T18:53:45.970Z",
"modified": "2025-11-10T18:53:45.970Z",
"name": "GlassWorm",
"description": "Malware GlassWorm identified in threat intelligence",
"malware_types": [
"worm"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44241",
"description": "GlassWorm Malware Returns to Open VSX, Emerges on GitHub"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--08bcafd9-1006-4235-9e18-8a42eee562d5",
"created": "2025-11-10T18:53:45.970Z",
"modified": "2025-11-10T18:53:45.970Z",
"name": "VS Code",
"description": "Malware VS Code identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44241",
"description": "GlassWorm Malware Returns to Open VSX, Emerges on GitHub"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--632c305c-2a94-4935-bfa0-948ba17d7b79",
"created": "2025-11-10T18:53:54.451Z",
"modified": "2025-11-10T18:53:54.451Z",
"name": "Android",
"description": "Malware Android identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1ot804h/a_new_socvel_cyber_quiz_is_out/",
"description": "A New Socvel Cyber Quiz is Out!"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--b56ee130-4fb5-4b34-8cd2-fc4c7f081bb5",
"created": "2025-11-10T18:53:54.451Z",
"modified": "2025-11-10T18:53:54.451Z",
"name": "Click",
"description": "Malware Click identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1ot804h/a_new_socvel_cyber_quiz_is_out/",
"description": "A New Socvel Cyber Quiz is Out!"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--3afabf10-244a-4aa4-9435-96b58ae00f40",
"created": "2025-11-10T18:53:55.800Z",
"modified": "2025-11-10T18:53:55.800Z",
"name": "CDN",
"description": "Malware CDN identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otb7ot/dnsint_dns_reconnaissance_tool/",
"description": "DNSint - DNS Reconnaissance Tool"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--24c54d41-ce91-4b28-aaa4-2b4dfcb81703",
"created": "2025-11-10T18:53:55.800Z",
"modified": "2025-11-10T18:53:55.800Z",
"name": "• Technology",
"description": "Malware • Technology identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otb7ot/dnsint_dns_reconnaissance_tool/",
"description": "DNSint - DNS Reconnaissance Tool"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--a3f47b78-ade7-4ae7-844c-f368c98737fa",
"created": "2025-11-10T18:53:55.800Z",
"modified": "2025-11-10T18:53:55.800Z",
"name": "TXT",
"description": "Malware TXT identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otb7ot/dnsint_dns_reconnaissance_tool/",
"description": "DNSint - DNS Reconnaissance Tool"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--dc5cd221-a8ef-4a17-8974-f8daf4bc2a6c",
"created": "2025-11-10T18:53:55.800Z",
"modified": "2025-11-10T18:53:55.800Z",
"name": "DNS",
"description": "Malware DNS identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otb7ot/dnsint_dns_reconnaissance_tool/",
"description": "DNSint - DNS Reconnaissance Tool"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--204f1ed3-19bd-4310-804e-07fdc1a5d1da",
"created": "2025-11-10T18:53:55.801Z",
"modified": "2025-11-10T18:53:55.801Z",
"name": "• WHOIS",
"description": "Malware • WHOIS identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otb7ot/dnsint_dns_reconnaissance_tool/",
"description": "DNSint - DNS Reconnaissance Tool"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--a0384b55-af62-496d-b859-8dff2e12a6bb",
"created": "2025-11-10T18:53:55.801Z",
"modified": "2025-11-10T18:53:55.801Z",
"name": "DNSSEC",
"description": "Malware DNSSEC identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otb7ot/dnsint_dns_reconnaissance_tool/",
"description": "DNSint - DNS Reconnaissance Tool"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--243e633c-aafc-4920-bf3f-afdbc07fd0b4",
"created": "2025-11-10T18:53:55.801Z",
"modified": "2025-11-10T18:53:55.801Z",
"name": "DNSint Features:",
"description": "Malware DNSint Features: identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otb7ot/dnsint_dns_reconnaissance_tool/",
"description": "DNSint - DNS Reconnaissance Tool"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--5e580126-4513-4106-a0a9-29ae39e3f210",
"created": "2025-11-10T18:53:56.110Z",
"modified": "2025-11-10T18:53:56.110Z",
"name": "Cloud / AWS",
"description": "Malware Cloud / AWS identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otddnu/ama_im_the_cofounder_at_tryhackme_ask_me_about/",
"description": "AMA: I'm the co-founder at TryHackMe. Ask me about breaking into the industry, cyber security skills and how to make SOC & IR teams more mature!"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--5dd07295-cacf-4506-bf1e-68b2e77f3c28",
"created": "2025-11-10T18:54:01.023Z",
"modified": "2025-11-10T18:54:01.023Z",
"name": " AWS Artifact Campaign",
"description": "Campaign involving using AWS Artifact",
"first_seen": "2025-11-10T17:37:58.000Z",
"last_seen": "2025-11-10T17:37:58.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://aws.amazon.com/",
"description": "2025 H1 IRAP report is now available on AWS Artifact for Australian customers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--201498d1-18f4-4e00-bc7e-f3ecad95f4b5",
"created": "2025-11-10T18:54:01.023Z",
"modified": "2025-11-10T18:54:01.023Z",
"name": " the Secure Future Initiative Campaign",
"description": "Campaign involving using the Secure Future Initiative",
"first_seen": "2025-11-10T17:00:00.000Z",
"last_seen": "2025-11-10T17:00:00.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://www.microsoft.com/en-us/security/blog/?p=143328",
"description": "Securing our future: November 2025 progress report on Microsoft’s Secure Future Initiative "
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--71a75389-f28a-42f3-9642-2bd54f936659",
"created": "2025-11-10T18:54:01.023Z",
"modified": "2025-11-10T18:54:01.023Z",
"name": " The Washington Post Campaign",
"description": "Campaign involving using The Washington Post",
"first_seen": "2025-11-10T11:46:11.000Z",
"last_seen": "2025-11-10T11:46:11.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44240",
"description": "Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--8cb85306-4612-455b-ad8d-f6229acb02ba",
"created": "2025-11-10T18:54:01.025Z",
"modified": "2025-11-10T18:54:01.025Z",
"name": " Protector Campaign",
"description": "Campaign involving using Protector",
"first_seen": "2025-11-10T00:01:33.000Z",
"last_seen": "2025-11-10T00:01:33.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184396",
"description": "QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--e294bb47-2e68-473e-984e-f59e2c695797",
"created": "2025-11-10T18:54:01.029Z",
"modified": "2025-11-10T18:54:01.029Z",
"name": " ZDI Campaign",
"description": "Campaign involving using ZDI",
"first_seen": "2025-11-10T06:00:00.000Z",
"last_seen": "2025-11-10T06:00:00.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--9cc244c1-d5d9-48b6-abcc-1ca5a55afa74",
"created": "2025-11-10T18:54:01.033Z",
"modified": "2025-11-10T18:54:01.033Z",
"name": " Malware Campaign",
"description": "Campaign involving using Malware",
"first_seen": "2025-11-10T12:51:00.000Z",
"last_seen": "2025-11-10T12:51:00.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/weekly-recap-hyper-v-malware-malicious.html",
"description": "⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--ad05428e-722d-4b83-a653-892420be1ec9",
"created": "2025-11-10T18:54:01.034Z",
"modified": "2025-11-10T18:54:01.034Z",
"name": " EDR Campaign",
"description": "Campaign involving using EDR",
"first_seen": "2025-11-10T11:58:06.000Z",
"last_seen": "2025-11-10T11:58:06.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/new-browser-security-report-reveals.html",
"description": "New Browser Security Report Reveals Emerging Threats for Enterprises"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--36af4224-3e7c-4eac-9cc6-1145f4a98f92",
"created": "2025-11-10T18:54:01.038Z",
"modified": "2025-11-10T18:54:01.038Z",
"name": " SecurityWeek Campaign",
"description": "Campaign involving using SecurityWeek",
"first_seen": "2025-11-10T16:12:37.000Z",
"last_seen": "2025-11-10T16:12:37.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44245",
"description": "Many Forbes AI 50 Companies Leak Secrets on GitHub"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--b6dc762f-f073-4c31-8f43-edec28ae08ef",
"created": "2025-11-10T18:54:01.039Z",
"modified": "2025-11-10T18:54:01.039Z",
"name": "CVE-2025-34299 Exploitation Campaign",
"description": "Coordinated exploitation activity targeting CVE-2025-34299",
"first_seen": "2025-11-10T10:53:49.000Z",
"last_seen": "2025-11-10T10:53:49.000Z",
"objective": "Exploitation of CVE-2025-34299 for unauthorized access",
"confidence": 75,
"external_references": [
{
"source_name": "article",
"url": "https://hackread.com/?p=136934",
"description": "Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--140448b2-1a1a-41a9-a3c3-8767ecaa515f",
"created": "2025-11-10T18:54:01.043Z",
"modified": "2025-11-10T18:54:01.043Z",
"name": " SSE Campaign",
"description": "Campaign involving using SSE",
"first_seen": "2025-11-10T00:00:00.000Z",
"last_seen": "2025-11-10T00:00:00.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://www.recordedfuture.com/blog/threat-hunting-vs-threat-intelligence",
"description": "Threat Hunting vs. Threat Intelligence"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--c2134b85-ba21-43e8-a1a1-fb241cc10b6c",
"created": "2025-11-10T18:54:01.043Z",
"modified": "2025-11-10T18:54:01.043Z",
"name": " GlassWorm Campaign",
"description": "Campaign involving using GlassWorm",
"first_seen": "2025-11-10T08:51:00.000Z",
"last_seen": "2025-11-10T08:51:00.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html",
"description": "GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--4976c9d8-817d-4c01-97e6-9cda7bff8a52",
"created": "2025-11-10T18:54:01.044Z",
"modified": "2025-11-10T18:54:01.044Z",
"name": " GitHub Campaign",
"description": "Campaign involving using GitHub",
"first_seen": "2025-11-09T10:27:02.000Z",
"last_seen": "2025-11-09T10:27:02.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1osg1j7/help_find_old_github_websites_for_web_security/",
"description": "Help find old GitHub websites for Web Security Course Project"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--0a754da2-162f-4bcf-a769-22946295291c",
"created": "2025-11-10T18:54:01.047Z",
"modified": "2025-11-10T18:54:01.047Z",
"name": " GCC Campaign",
"description": "Campaign involving using GCC",
"first_seen": "2025-11-10T09:32:16.000Z",
"last_seen": "2025-11-10T09:32:16.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://www.ishir.com/?p=307950",
"description": "With Geopolitical Uncertainty Rising, Is It Time to Reimagine Your GCC & Nearshore Strategy?"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--bb926d7d-068d-466b-ad9c-5bd00c6402f7",
"created": "2025-11-10T18:54:01.048Z",
"modified": "2025-11-10T18:54:01.048Z",
"name": " Affairs Campaign",
"description": "Campaign involving using Affairs",
"first_seen": "2025-11-09T09:46:59.000Z",
"last_seen": "2025-11-09T09:46:59.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184362",
"description": "Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--10248586-620b-4904-9862-bc8da146a5e4",
"created": "2025-11-10T18:54:01.051Z",
"modified": "2025-11-10T18:54:01.051Z",
"name": " Ransomware Campaign",
"description": "Campaign involving using Ransomware",
"first_seen": "2025-11-10T09:28:20.000Z",
"last_seen": "2025-11-10T09:28:20.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://securityboulevard.com/?p=2075594",
"description": "The Professionalised World of Cybercrime and the New Arms Race"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--efae17a0-0b51-4d94-be3a-71f85435a1f9",
"created": "2025-11-10T18:54:01.059Z",
"modified": "2025-11-10T18:54:01.059Z",
"name": "CVE-2025-52881 Exploitation Campaign",
"description": "Coordinated exploitation activity targeting CVE-2025-52881",
"first_seen": "2025-11-10T14:29:39.000Z",
"last_seen": "2025-11-10T14:29:39.000Z",
"objective": "Exploitation of CVE-2025-52881 for unauthorized access",
"confidence": 75,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44244",
"description": "Runc Vulnerabilities Can Be Exploited to Escape Containers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--4f3bd16d-b390-4e6a-b1b1-5ac90ebaf34d",
"created": "2025-11-10T18:54:01.059Z",
"modified": "2025-11-10T18:54:01.059Z",
"name": "CVE-2025-31133 Exploitation Campaign",
"description": "Coordinated exploitation activity targeting CVE-2025-31133",
"first_seen": "2025-11-10T14:29:39.000Z",
"last_seen": "2025-11-10T14:29:39.000Z",
"objective": "Exploitation of CVE-2025-31133 for unauthorized access",
"confidence": 75,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44244",
"description": "Runc Vulnerabilities Can Be Exploited to Escape Containers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--1fdfbef8-2082-43a4-9164-ffef922309fb",
"created": "2025-11-10T18:54:01.059Z",
"modified": "2025-11-10T18:54:01.059Z",
"name": "CVE-2025-52565 Exploitation Campaign",
"description": "Coordinated exploitation activity targeting CVE-2025-52565",
"first_seen": "2025-11-10T14:29:39.000Z",
"last_seen": "2025-11-10T14:29:39.000Z",
"objective": "Exploitation of CVE-2025-52565 for unauthorized access",
"confidence": 75,
"external_references": [
{
"source_name": "article",
"url": "https://www.securityweek.com/?p=44244",
"description": "Runc Vulnerabilities Can Be Exploited to Escape Containers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--6d41ae82-8e93-4125-a9d4-4ba3519e087d",
"created": "2025-11-10T18:54:01.066Z",
"modified": "2025-11-10T18:54:01.066Z",
"name": " Site Campaign",
"description": "Campaign involving using Site",
"first_seen": "2025-11-10T16:08:13.000Z",
"last_seen": "2025-11-10T16:08:13.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otht5j/security_email_gateway_seg_evasion_techniques/",
"description": "Security Email Gateway (SEG) Evasion Techniques"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--3fab33d2-335d-4749-9559-ecb55a44921e",
"created": "2025-11-10T18:54:01.069Z",
"modified": "2025-11-10T18:54:01.069Z",
"name": " Cloud / AWS Campaign",
"description": "Campaign involving using Cloud / AWS",
"first_seen": "2025-11-10T13:12:38.000Z",
"last_seen": "2025-11-10T13:12:38.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otddnu/ama_im_the_cofounder_at_tryhackme_ask_me_about/",
"description": "AMA: I'm the co-founder at TryHackMe. Ask me about breaking into the industry, cyber security skills and how to make SOC & IR teams more mature!"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--209d6dd9-1fc8-4171-9dc8-ca692aa8f4ae",
"created": "2025-11-10T18:54:01.075Z",
"modified": "2025-11-10T18:54:01.075Z",
"name": " Android Campaign",
"description": "Campaign involving using Android",
"first_seen": "2025-11-10T13:16:49.000Z",
"last_seen": "2025-11-10T13:16:49.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://news.ycombinator.com/item?id=45875670",
"description": "Android security bulletin: November 2025 patch fixes zero-click RCE"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "course-of-action",
"spec_version": "2.1",
"id": "course-of-action--5aa19021-5375-45ab-8c02-ece4101b8e79",
"created": "2025-11-10T18:54:01.078Z",
"modified": "2025-11-10T18:54:01.078Z",
"name": "Mitigate CVE-2025-34299",
"description": "Apply security updates and patches to address CVE-2025-34299",
"action_type": "remediate",
"external_references": [
{
"source_name": "nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34299",
"description": "NVD entry with patch information"
},
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184396",
"description": "QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "course-of-action",
"spec_version": "2.1",
"id": "course-of-action--c46c5e93-95b8-4008-a456-9189008de30d",
"created": "2025-11-10T18:54:01.078Z",
"modified": "2025-11-10T18:54:01.078Z",
"name": "Mitigate CVE-2025-52881",
"description": "Apply security updates and patches to address CVE-2025-52881",
"action_type": "remediate",
"external_references": [
{
"source_name": "nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"description": "NVD entry with patch information"
},
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184396",
"description": "QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "course-of-action",
"spec_version": "2.1",
"id": "course-of-action--5f454664-12a2-4cd3-9f18-5abe36bc4476",
"created": "2025-11-10T18:54:01.078Z",
"modified": "2025-11-10T18:54:01.078Z",
"name": "Mitigate CVE-2025-31133",
"description": "Apply security updates and patches to address CVE-2025-31133",
"action_type": "remediate",
"external_references": [
{
"source_name": "nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133",
"description": "NVD entry with patch information"
},
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184396",
"description": "QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "course-of-action",
"spec_version": "2.1",
"id": "course-of-action--c3859160-191d-40d3-b2a8-9df3bec10b7e",
"created": "2025-11-10T18:54:01.078Z",
"modified": "2025-11-10T18:54:01.078Z",
"name": "Mitigate CVE-2025-52565",
"description": "Apply security updates and patches to address CVE-2025-52565",
"action_type": "remediate",
"external_references": [
{
"source_name": "nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"description": "NVD entry with patch information"
},
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184396",
"description": "QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fa1616c4-0bed-413d-a62c-30856123a9d3",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"relationship_type": "targets",
"source_ref": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"target_ref": "location--c92adf8f-1739-4c88-895d-06a7f2948f2e",
"confidence": 72,
"description": "sts major organizations such as Logitech, The Washington Post, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland. The post Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site appeared first on SecurityWeek . Video By Chief Warrant Officer Joshua Chacon , Sgt.James Stanfield ) And John Martinez Permalink The post 250th Marine Corps Birthday: A Message From The Commandant Marine Corp And Sergeant Major Of The Marine Corps appeared first on Security Boulevard . How Can Non-Human Identities Revolutionize Privileged Access Management? Where technology rapidly evolves, organizations grapple with securing privileged access to critical systems. How can they ensure that access management remains robust? Non-Human Identities (NHIs) offer a compelling solution to ... The Swiss National Cyber Security Centre (NCSC) is warning iPhone owners about a phishing scam that claims to have found your lost or stolen iPhone but is actually trying to steal your Apple ID credentials. [...] Microsoft uncovered Whisper Leak, a side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy. Microsoft revealed a new side-channel attack called Whisper Leak , which lets attackers who can monitor network traffic infer what users discuss with remo... QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at Pwn2Own Ireland 2025 . The flaws affected QTS, QuTS hero, Hyper Data Protector, Malware Remover, and... Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about this before: Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes from an inter... Cyble Research and Intelligence Labs (CRIL) have uncovered a widespread phishing campaign targeting multiple brands to steal credentials. Attackers distribute HTML attachments through email, successfully bypassing conventional security checks by not using suspicious URLs or hosting on external serve... Denmark and Norway probe a security flaw in Chinese-made Yutong buses, deepening European fears over reliance on Chinese tech and potential cyber risks. Bus operators in Denmark and Norway are urgently probing a security vulnerability in Chinese-made Yutong electric buses, raising concerns about Wes... Please see attached a list of predictions for where technology and cybersecurity may transcend in 2026. Thanks for reading and sharing! Chuck Brooks. Note AI enabled but derived entirely from a wide variety of my own published writings interviews, podcasts, and my book “Inside Cyber” #2026prediction... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.... Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. The attackers are wielding a powerful new tool that’s completely changing the game... With a 4M cybersecurity worker shortage, agentic AI helps SOCs move beyond triage, enabling proactive security once thought impossible. With a deficit of 4 million cybersecurity workers worldwide, it’s no surprise that most SOCs are still stuck in triage mode. That’s why agentic AI is stepping in to... Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just the surface. From sleeper logic bombs to a fresh alliance betw... Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT. \"The attacker's modus operandi involved using a compromised email accou... According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low. What’s emerging isn’t just a blindspot. ... My readers will know by now that I am addicted to PACER - the Public Access to Court Electronic Records. When I see headlines like this one, I am compelled to dive in and read every publicly released document related to the case. USAO Central California The headline last month was that Shengsheng He... Danna Freedman is seeking the early adopters. She is the faculty director of the nascent MIT Quantum Initiative, or QMIT. In this new role, Freedman is giving shape to an ambitious, Institute-wide effort to apply quantum breakthroughs to the most consequential challenges in science, technology, indu... For years, HYPR and Yubico have stood shoulder to shoulder in the mission to eliminate passwords and improve identity security. Yubico’s early and sustained push for FIDO-certified hardware authenticators and HYPR’s leadership as part of the FIDO Alliance mission to reduce the world’s reliance on pa... Choosing between SSO and other authentication methods? This guide helps CTOs/VPs understand the security, UX, and management implications to make the right choice. The post Should I create a Single Sign-On account or another authentication method? appeared first on Security Boulevard . How Do Non-Human Identities Revolutionize Cloud Security? Where technology powers every facet of our lives, how do organizations ensure that their digital ecosystems remain secure? Enter Non-Human Identities (NHIs), an emerging frontier in cybersecurity that ensures robust protection and oversight i... Article URL: https://www.lemonde.fr/en/politics/article/2025/11/06/the-american-retirees-who-benefit-from-free-french-social-security_6747192_5.html Comments URL: https://news.ycombinator.com/item?id=45875138 Points: 2 # Comments: 1 Wiz found the secrets and warned that they can expose training data, organizational structures, and private models. The post Many Forbes AI 50 Companies Leak Secrets on GitHub appeared first on SecurityWeek . Blogs Blog Sharpen Your OSINT Queries: How to Use AI to Eliminate Intelligence Gaps In this post, Flashpoint demonstrates how security teams leverage Generative AI to find mission-critical keywords, slang, and other nuances they might otherwise miss. SHARE THIS: Flashpoint Intel Team November 10, 20... Cyble vulnerability intelligence researchers tracked 905 vulnerabilities in the last week, and more than 30 already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood that those vulnerabilities ma... Monsta FTP users must update now! A critical pre-authentication flaw (CVE-2025-34299) allows hackers to fully take over web servers. Patch to version 2.11.3 immediately. Article URL: https://www.theguardian.com/uk-news/2025/nov/10/uk-transport-cyber-security-chiefs-investigate-chinese-made-buses Comments URL: https://news.ycombinator.com/item?id=45876664 Points: 2 # Comments: 1 What Are Non-Human Identities (NHIs) and Why Should They Matter to Your Organization? Imagine where machines, not just humans, hold the keys to your digital kingdom. This isn’t a futuristic scenario, but the reality of technological. Non-Human Identities (NHIs) are vital components in modern cyberse... This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 10, 2025 – Listen to the podcast For the past five years—ever since a chance encounter at a dinner party— Byron Tau , an investigative reporter for The Associated Press and former reporter for The Wall Street... Multiple vulnerabilities across QNAP’s portfolio could lead to remote code execution, information disclosure, and denial-of-service (DoS) conditions. The post QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland appeared first on SecurityWeek . Key Takeaways Threat intelligence and threat hunting are two distinct yet complementary disciplines. Both are essential to a comprehensive cybersecurity strategy. Threat intelligence guides proactive defense, providing context on who might attack, what their motives and attacks are, and which indica... Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem. The extensions in question, which are still available for download, are listed b... Hello, can someone help suggesting an old GitHub project that I can use to test OWASP checkpoints? We received the following requirements: Choose a web application that is: – Small web application – Pick old/abandoned/amateur project, e.g. https://github.com/search?q=web , https://sourceforge.net/ o... As GenAI transforms cyberattacks and defenses, organizations must strengthen the human layer. Learn how AI multiplies both risk and resilience in 2025. The post Generative AI: The Double-Edged Sword of Cybersecurity appeared first on Security Boulevard . The future of home robotics is here — and it’s a little awkward. Meet the NEO 1X humanoid robot, designed to help with chores but raising huge cybersecurity and privacy questions. We discuss what it can actually do, the risks of having an always-connected humanoid in your home, and why it’s definite... Think of your global capability center (GCC) strategy as a high-wire act. For years, it’s been about balance, cost savings on one side, operational efficiency... Read More The post With Geopolitical Uncertainty Rising, Is It Time to Reimagine Your GCC & Nearshore Strategy? appeared first on ISHIR | ... A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. China-linked hackers target U.S. non-profit in lo... Thanks and stat safe! Chuck Brooks. #cybersecurity #predictions2026 #AI #quantum #business #security As we look toward 2026, the cybersecurity landscape is entering a pivotal phase of n",
"x_validation_method": "three-llm-consensus"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--10cf03b1-7ab0-4961-80fe-fdee64efa46b",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"relationship_type": "targets",
"source_ref": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"target_ref": "location--24ea8196-d1e3-4fe9-8c4e-06047a334d1e",
"confidence": 68,
"description": "sts major organizations such as Logitech, The Washington Post, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland. The post Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site appeared first on SecurityWeek . Video By Chief Warrant Officer Joshua Chacon , Sgt.James Stanfield ) And John Martinez Permalink The post 250th Marine Corps Birthday: A Message From The Commandant Marine Corp And Sergeant Major Of The Marine Corps appeared first on Security Boulevard . How Can Non-Human Identities Revolutionize Privileged Access Management? Where technology rapidly evolves, organizations grapple with securing privileged access to critical systems. How can they ensure that access management remains robust? Non-Human Identities (NHIs) offer a compelling solution to ... The Swiss National Cyber Security Centre (NCSC) is warning iPhone owners about a phishing scam that claims to have found your lost or stolen iPhone but is actually trying to steal your Apple ID credentials. [...] Microsoft uncovered Whisper Leak, a side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy. Microsoft revealed a new side-channel attack called Whisper Leak , which lets attackers who can monitor network traffic infer what users discuss with remo... QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at Pwn2Own Ireland 2025 . The flaws affected QTS, QuTS hero, Hyper Data Protector, Malware Remover, and... Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure",
"x_validation_method": "three-llm-consensus"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ed031ed1-d8ce-40cf-bcfa-f2efca9d5255",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"relationship_type": "targets",
"source_ref": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"target_ref": "identity--bf415032-9753-40fd-aa77-45a09f6f767d",
"confidence": 80,
"description": "sts major organizations such as Logitech, The Washington Post, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland. The post Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site appeared first on SecurityWeek . Video By Chief Warrant Officer Joshua Chacon , Sgt.James Stanfield ) And John Martinez Permalink The post 250th Marine Corps Birthday: A Message From The Commandant Marine Corp And Sergeant Major Of The Marine Corps appeared first on Security Boulevard . How Can Non-Human Identities Revolutionize Privileged Access Management? Where technology rapidly evolves, organizations grapple with securing privileged access to critical systems. How can they ensure that access management remains robust? Non-Human Identities (NHIs) offer a compelling solution to ... The Swiss National Cyber Security Centre (NCSC) is warning iPhone owners about a phishing scam that claims to have found your lost or stolen iPhone but is actually trying to steal your Apple ID credentials. [...] Microsoft uncovered Whisper Leak, a side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy. Microsoft revealed a new side-channel attack called Whisper Leak , which lets attackers who can monitor network traffic infer what users discuss with remo... QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at Pwn2Own Ir",
"x_validation_method": "three-llm-consensus"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--dacab18e-d39a-462b-a4a9-2e05e6be5e31",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"relationship_type": "uses",
"source_ref": "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: the lazarus group uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--66997221-76d0-4ed5-9fa2-92a49a860a46",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"relationship_type": "uses",
"source_ref": "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: the lazarus group uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--29571518-82ef-42b6-9abc-4d45fe9675f3",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: callisto/star blizzard/unc4057 uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--602f8293-693b-4e5a-b2cd-23016a6f811a",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: callisto/star blizzard/unc4057 uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c116b2e2-f295-4431-a3d3-7110451630b0",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"relationship_type": "uses",
"source_ref": "threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: lulzsec uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--967abef0-6bac-456f-9e0b-cbe7067addb7",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"relationship_type": "uses",
"source_ref": "threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: lulzsec uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--475e2b57-3e2d-4711-8ee3-07bfe1dbe5a3",
"created": "2025-11-10T18:54:01.082Z",
"modified": "2025-11-10T18:54:01.082Z",
"relationship_type": "uses",
"source_ref": "threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: charming kitten uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e1300f47-82d1-407f-ac84-4f28e0cd84b6",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: charming kitten uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a4f4507c-17a9-40ff-82d1-ccaf753d5f59",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: lazarus uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--478d873e-b188-4248-8d8c-2a6245f806bc",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: lazarus uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f19c5fb0-59af-4698-a403-47a66b22f976",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: scattered spider uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--16ebf6ed-591d-43cf-9c63-529292b1dde5",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: scattered spider uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6ed31727-58b4-46aa-a2e5-6bc8aee7e1b1",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: shinyhunters uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--73810bda-987b-436c-bc45-012d14932bfa",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: shinyhunters uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--faffb755-f2f7-4121-9481-bfca8780735e",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: aleksei olegovich volkov uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--677c4ac5-62f5-438e-8064-3edfbeb79de4",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: aleksei olegovich volkov uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6c5e8192-97e4-436c-a904-9757b64efc23",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: chubaka.kor uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7692c545-452d-4674-9b73-5c00ac538d03",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: chubaka.kor uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a2be4485-517a-4ab7-a8c6-29950a50e892",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: dragonforce uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d97ee2e4-f63b-4709-94e2-03fc75eda8ab",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: dragonforce uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0d6a1571-d368-4786-8116-79096a087519",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: cl0p uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--00329d7c-3722-481b-89e2-666a47ea5f10",
"created": "2025-11-10T18:54:01.083Z",
"modified": "2025-11-10T18:54:01.083Z",
"relationship_type": "uses",
"source_ref": "threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: cl0p uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--128af084-b225-4c2a-bd0a-3761d3a7a2b7",
"value": "sourceforge.net"
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--ee4ee920-05d6-4a5b-9036-c86053f9423d",
"value": "https://sourceforge.net/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--044eab35-01fc-4dfd-9dc1-9921cedafdc5",
"created": "2025-11-10T18:53:27.970Z",
"modified": "2025-11-10T18:53:27.970Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = 'sourceforge.net']",
"pattern_type": "stix",
"valid_from": "2025-11-10T18:53:27.970Z",
"labels": [
"malicious-activity"
],
"confidence": 90
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fb34925c-348c-42e5-bb2b-dec87584f979",
"created": "2025-11-10T18:53:27.970Z",
"modified": "2025-11-10T18:53:27.970Z",
"relationship_type": "based-on",
"source_ref": "indicator--044eab35-01fc-4dfd-9dc1-9921cedafdc5",
"target_ref": "domain-name--128af084-b225-4c2a-bd0a-3761d3a7a2b7"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--01d72388-d0c7-4ec0-95e3-240415632789",
"created": "2025-11-10T18:53:27.972Z",
"modified": "2025-11-10T18:53:27.972Z",
"name": "Malicious url indicator",
"description": "Malicious url identified in threat intelligence",
"pattern": "[url:value = 'https://sourceforge.net/']",
"pattern_type": "stix",
"valid_from": "2025-11-10T18:53:27.972Z",
"labels": [
"malicious-activity"
],
"confidence": 90
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9f063aa2-888f-43b0-b232-7943f66c620c",
"created": "2025-11-10T18:53:27.972Z",
"modified": "2025-11-10T18:53:27.972Z",
"relationship_type": "based-on",
"source_ref": "indicator--01d72388-d0c7-4ec0-95e3-240415632789",
"target_ref": "url--ee4ee920-05d6-4a5b-9036-c86053f9423d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d93ca63f-3b1c-4b54-aefa-fed746aec4f1",
"created": "2025-11-10T18:54:01.084Z",
"modified": "2025-11-10T18:54:01.084Z",
"relationship_type": "mitigated-by",
"source_ref": "vulnerability--5f025007-20c8-4ccf-bfb6-a845e768c5eb",
"target_ref": "course-of-action--5aa19021-5375-45ab-8c02-ece4101b8e79",
"description": "CVE-2025-34299 is mitigated by Mitigate CVE-2025-34299"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--85a8b26e-413c-404b-9a58-5aca381f8926",
"created": "2025-11-10T18:54:01.084Z",
"modified": "2025-11-10T18:54:01.084Z",
"relationship_type": "mitigated-by",
"source_ref": "vulnerability--75209a3b-2817-47f1-b38d-3b0e59249e1d",
"target_ref": "course-of-action--5f454664-12a2-4cd3-9f18-5abe36bc4476",
"description": "CVE-2025-31133 is mitigated by Mitigate CVE-2025-31133"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c540392a-2aaa-46d8-a288-5836be4188ee",
"created": "2025-11-10T18:54:01.084Z",
"modified": "2025-11-10T18:54:01.084Z",
"relationship_type": "mitigated-by",
"source_ref": "vulnerability--39cf974d-29cd-453a-92b0-aacee7aa323e",
"target_ref": "course-of-action--c3859160-191d-40d3-b2a8-9df3bec10b7e",
"description": "CVE-2025-52565 is mitigated by Mitigate CVE-2025-52565"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9afc0d5a-00b0-4e1b-af81-3cd623b468d3",
"created": "2025-11-10T18:54:01.084Z",
"modified": "2025-11-10T18:54:01.084Z",
"relationship_type": "mitigated-by",
"source_ref": "vulnerability--42ef99bb-338a-4d7e-907d-09e0a7806721",
"target_ref": "course-of-action--c46c5e93-95b8-4008-a456-9189008de30d",
"description": "CVE-2025-52881 is mitigated by Mitigate CVE-2025-52881"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8efd262e-7094-4442-bf38-ff8321f78022",
"created": "2025-11-10T18:54:01.084Z",
"modified": "2025-11-10T18:54:01.084Z",
"relationship_type": "targets",
"source_ref": "campaign--b6dc762f-f073-4c31-8f43-edec28ae08ef",
"target_ref": "vulnerability--5f025007-20c8-4ccf-bfb6-a845e768c5eb",
"description": "CVE-2025-34299 Exploitation Campaign targets CVE-2025-34299"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b18563ca-4331-472f-9285-49c689d39d22",
"created": "2025-11-10T18:54:01.084Z",
"modified": "2025-11-10T18:54:01.084Z",
"relationship_type": "targets",
"source_ref": "campaign--efae17a0-0b51-4d94-be3a-71f85435a1f9",
"target_ref": "vulnerability--42ef99bb-338a-4d7e-907d-09e0a7806721",
"description": "CVE-2025-52881 Exploitation Campaign targets CVE-2025-52881"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d7718e43-c74d-4a7a-89e4-83c69b7b3257",
"created": "2025-11-10T18:54:01.084Z",
"modified": "2025-11-10T18:54:01.084Z",
"relationship_type": "targets",
"source_ref": "campaign--4f3bd16d-b390-4e6a-b1b1-5ac90ebaf34d",
"target_ref": "vulnerability--75209a3b-2817-47f1-b38d-3b0e59249e1d",
"description": "CVE-2025-31133 Exploitation Campaign targets CVE-2025-31133"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--eb8ffb6b-6b69-465a-881e-87762731e9c6",
"created": "2025-11-10T18:54:01.084Z",
"modified": "2025-11-10T18:54:01.084Z",
"relationship_type": "targets",
"source_ref": "campaign--1fdfbef8-2082-43a4-9164-ffef922309fb",
"target_ref": "vulnerability--39cf974d-29cd-453a-92b0-aacee7aa323e",
"description": "CVE-2025-52565 Exploitation Campaign targets CVE-2025-52565"
}
]
}
CRITICAL ITEMS
HIGH SEVERITY ITEMS
EXECUTIVE INSIGHTS
VENDOR SPOTLIGHT
DETECTION & RESPONSE KIT