Cybersecurity Latest Rundown

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

SOX: 14 HIPAA: 5 PCI DSS: 3 SOC 2: 3 General Enterprise: 2 FISMA: 1

Industry Watch

General Enterprise (General Enterprise) QUIET

Below average activity (0.7x baseline)

Public Companies (Financial Reporting) (SOX) QUIET

Below average activity (0.8x baseline)

Financial Services (Payment Processing) (PCI DSS) STEADY

CyberSecurity Latest Rundown

Heroes, late breaking critical news. Here's a detailed look at the current cybersecurity landscape for November 14, 2025.

CRITICAL ITEMS

Critical FortiWeb flaw under attack, allowing complete compromise
Date & Time: 2025-11-14T12:41:05

A critical authentication bypass vulnerability in Fortinet's FortiWeb Web Application Firewall (WAF) is being actively exploited in the wild. Attackers can leverage this flaw to hijack administrative accounts without authentication, leading to a full compromise of the affected device. This gives attackers control over web traffic filtering, potentially allowing them to disable security protections or launch further attacks against backend applications.

Business impact

Successful exploitation could lead to the theft of sensitive data passing through the WAF, defacement of web applications, or the use of the compromised device as a pivot point into the internal network. This poses a severe risk to data integrity, customer trust, and regulatory compliance.

Recommended action

Immediately apply the patch released by Fortinet. If patching is not immediately possible, restrict all access to the FortiWeb management interface to a trusted internal network and monitor for any signs of unauthorized administrative access.

CVE: n/a | Compliance: SOX, SOC 2 | Source: securityaffairs.com ↗
RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk
Date & Time: 2025-11-14T07:16:10

A remote code execution (RCE) vulnerability has been discovered in the ImunifyAV malware scanner, a component used on millions of Linux web servers. The flaw affects the AI-bolit malware scanning component in versions prior to 32.7.4.0. A successful exploit could allow an attacker to compromise the entire hosting environment, impacting all websites on the server.

Business impact

This vulnerability places tens of millions of websites at risk of complete takeover. Attackers could steal data, install backdoors, deface sites, or use the compromised servers to host malware or launch further attacks, leading to significant financial and reputational damage for hosting providers and their customers.

Recommended action

Hosting providers and server administrators using ImunifyAV must immediately update to the patched version. Website owners should contact their hosting providers to confirm the patch has been applied.

CVE: n/a | Compliance: SOX, SOC 2 | Source: lifeboat.com ↗
Amazon Inspector detects over 150,000 malicious packages linked to token farming campaign
Date & Time: 2025-11-14T00:15:12

Amazon Inspector has uncovered a massive supply chain attack involving over 150,000 malicious packages in the npm registry. The campaign is linked to a 'token farming' scheme for tea.xyz. This represents one of the largest package flooding incidents in open-source history, highlighting the growing risk of dependency confusion and typosquatting attacks in software development pipelines.

Business impact

Developers inadvertently using these malicious packages could introduce backdoors into their applications, leading to compromised developer machines, stolen credentials, and vulnerable production environments. This undermines the integrity of the software supply chain and poses a significant risk of data breaches.

Recommended action

Development teams should immediately audit their project dependencies for any of the identified malicious packages. Implement strict package management policies, use lockfiles, and leverage security tools like Amazon Inspector to scan for vulnerable or malicious dependencies in CI/CD pipelines.

CVE: n/a | Compliance: SOX | Source: aws.amazon.com ↗
Feds Fumble Cisco Patches as China-Linked Hackers Strike
Date & Time: 2025-11-13T21:10:01

CISA has issued new guidance after discovering that multiple U.S. federal agencies failed to correctly patch critical vulnerabilities in Cisco firewalls. This patching failure left federal networks exposed to exploitation by a suspected Chinese state-sponsored threat actor, even after the agencies believed they had secured their devices. The incident underscores the complexity of patch verification in large environments.

Business impact

Incomplete patching of critical edge devices like firewalls creates a direct entry point for sophisticated threat actors into sensitive government networks. This can lead to espionage, data exfiltration, and persistent access, posing a national security risk.

Recommended action

Organizations must not only deploy patches but also verify their successful application. Follow the updated CISA guidance for Cisco devices. Implement robust asset management and vulnerability scanning programs to confirm patch status across all critical infrastructure.

CVE: n/a | Compliance: SOX, FISMA | Source: healthcareinfosecurity.com ↗
Hackers Exploited Cisco ISE Zero-Day
Date & Time: 2025-11-13T21:10:01

According to AWS researchers, a zero-day vulnerability in Cisco Identity Services Engine (ISE) was actively exploited before a patch was available. The pre-authentication flaw allowed attackers to achieve remote code execution on affected network access control devices. This highlights the persistent threat of zero-day attacks against critical network infrastructure components.

Business impact

A compromised Cisco ISE device gives attackers significant control over network access policies. They could create unauthorized access rules, bypass security controls, and gain a foothold to move laterally across the network, targeting high-value assets.

Recommended action

Ensure all Cisco ISE instances are patched with the security updates released earlier this year. Review logs for any signs of compromise prior to the patch date, looking for unusual authentication patterns or system behavior.

CVE: n/a | Compliance: General Enterprise | Source: healthcareinfosecurity.com ↗

HIGH SEVERITY ITEMS

Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack
Date & Time: 2025-11-14T12:40:04

The Washington Post has disclosed a data breach affecting nearly 10,000 of its employees, stemming from a hack of a third-party Oracle system. Cybercriminals stole personal information and subsequently attempted to extort the media company. This incident highlights the significant risks associated with third-party vendors and supply chain security.

Business impact

The breach exposes sensitive employee PII, leading to risks of identity theft and phishing. The extortion attempt adds financial and reputational pressure. This event underscores the need for stringent security vetting of all third-party service providers that handle sensitive data.

Recommended action

Review and enforce security clauses in all third-party vendor contracts. Implement identity monitoring services for affected employees. Ensure incident response plans include scenarios involving supply chain partners.

CVE: n/a | Compliance: PCI DSS, SOX | Source: securityweek.com ↗
Checkout.com Discloses Data Breach After Extortion Attempt
Date & Time: 2025-11-14T13:14:24

Payment processing firm Checkout.com has revealed a data breach originating from a legacy cloud file storage system. The company states that its core payment processing platform was not affected. Similar to the Washington Post incident, the disclosure followed an extortion attempt by the attackers.

Business impact

While the core payment platform was not compromised, the breach of any system at a financial services company can damage customer trust. The incident highlights the security risks posed by legacy systems and misconfigured cloud storage, which can become easy targets for attackers.

Recommended action

Decommission or properly secure all legacy systems. Conduct regular audits of cloud storage configurations to prevent unauthorized access. Ensure data retention policies are enforced to minimize the data footprint on non-production systems.

CVE: n/a | Compliance: PCI DSS, SOX | Source: securityweek.com ↗
Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests Payment Data
Date & Time: 2025-11-13T20:27:00

A Russian-speaking threat group has launched a massive phishing campaign, registering over 4,300 fraudulent domain names this year to impersonate hotels and travel agencies. The campaign aims to trick hotel guests into entering their payment card information on these fake sites, often using booking confirmation lures.

Business impact

This large-scale operation poses a direct threat to customers in the hospitality sector, leading to credit card fraud and financial loss. For hotels, this can result in reputational damage and loss of customer confidence, even if their own systems were not breached.

Recommended action

Security teams should block the known malicious domains. Marketing and customer service teams should be prepared to handle customer inquiries about fraudulent communications. Remind customers to only use official booking websites and to be wary of unsolicited emails regarding their reservations.

CVE: n/a | Compliance: PCI DSS, HIPAA | Source: thehackernews.com ↗

EXECUTIVE INSIGHTS

The retail sector needs a cybersecurity talent incubator
Date & Time: 2025-11-14T11:00:00

The retail industry is being targeted by cyberattacks at an alarming rate, with major brands like Louis Vuitton and Dior suffering breaches costing tens of millions. This report argues that the sector's unique challenges and high-profile targets necessitate a dedicated approach to developing cybersecurity talent. As retail giants continue to be prime targets, investing in a specialized talent pipeline is becoming a critical business strategy for long-term resilience and risk management.

Source: cyberscoop.com ↗

VENDOR SPOTLIGHT

Spotlight Rationale: With active exploitation of the FortiWeb WAF vulnerability and a massive phishing campaign targeting hotel guests, a defense-in-depth strategy that does not rely solely on on-premise appliances is critical. Zscaler provides a cloud-native security service edge (SSE) that can mitigate these external threats before they reach the corporate network.

Threat Context: Critical FortiWeb flaw under attack, allowing complete compromise

Platform Focus: Zscaler Internet Access (ZIA)

Zscaler Internet Access (ZIA) acts as a cloud-based secure web gateway, inspecting all user traffic before it reaches the internet or internal applications. This architecture provides a crucial layer of defense against threats like the FortiWeb exploit by allowing for virtual patching and blocking malicious traffic signatures in the cloud. For the Russian phishing campaign, ZIA's Advanced Threat Protection and SSL inspection can identify and block access to the 4,300+ fake travel sites, protecting users even if they click a malicious link.

Actionable Platform Guidance: Implement Zscaler's browser isolation features for traffic destined for high-risk categories like newly registered domains. This can neutralize phishing sites and prevent credential theft. Configure ZIA's Cloud Firewall to restrict access to the management interfaces of critical appliances like FortiWeb to only authorized Zscaler IP addresses, effectively shielding them from direct internet exposure.

Source: zscaler.com ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - Zscaler

# Zscaler Internet Access (ZIA) Configuration Guidance
# Goal: Mitigate exposure to external threats like the FortiWeb vulnerability and phishing campaigns.

# --- Immediate Action 1: Isolate High-Risk Web Categories ---
# This prevents credential theft from phishing sites like the fake travel portals.
1. Navigate to 'Policy' -> 'URL & Cloud App Control'.
2. Select the 'URL Filtering Policy' tab.
3. Add a new rule or edit an existing one for high-risk users.
4. In the 'URL Categories' section, select categories such as 'Newly Registered and Observed Domains'.
5. Set the action for this category to 'Isolate'.
6. Activate the policy change.

# --- Immediate Action 2: Shield Appliance Management Interfaces ---
# This uses Zscaler's firewall to protect vulnerable on-premise devices like FortiWeb.
1. Navigate to 'Policy' -> 'Firewall Control'.
2. Add a new 'Firewall Filtering' rule.
3. Set the 'Source IP Groups' to 'Any'.
4. Set the 'Destination IP Groups' to a group containing the public IP of your FortiWeb management interface.
5. Set the 'Network Services' to the specific management ports (e.g., HTTPS/443).
6. Set the 'Action' to 'Block/Drop'.
7. Create a second rule with a higher precedence that allows access only from a 'Source IP Group' containing your trusted admin IPs.
8. Activate the policy change.

# --- Verification Step 1: Review Isolation Logs ---
1. Navigate to 'Analytics' -> 'Web Insights' -> 'Logs'.
2. Add a filter for 'Threat Category' and select 'Isolated by Browser Isolation'.
3. Monitor these logs to ensure the policy is working and to identify users frequently accessing high-risk sites.

# --- Verification Step 2: Test Firewall Rule ---
1. From an untrusted external IP address, attempt to access the FortiWeb management interface.
2. Confirm the connection is blocked.
3. From a trusted admin IP address (as defined in your allow rule), confirm you can still access the interface.

2. YARA Rule for ImunifyAV Component Exploit

rule Detect_ImunifyAV_Exploit_Attempt_Nov25 {
meta:
description = "Detects potential exploit artifacts related to the ImunifyAV RCE vulnerability affecting the AI-bolit component."
author = "Threat Rundown"
date = "2025-11-14"
reference = "https://lifeboat.com/blog/2025/11/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk"
severity = "high"
tlp = "white"
strings:
$s1 = "AI-bolit scanner exploit payload"
$s2 = "/var/imunify360/aibolit/"
$s3 = "imunify-av --update-force"
$h1 = { 2F 74 6D 70 2F [2-4] 2E 73 68 } // /tmp/*.sh shell script execution attempt
condition:
any of them
}

3. SIEM Query — FortiWeb Auth Bypass Attempt

// Splunk QL Query to detect potential FortiWeb Authentication Bypass
index=firewall sourcetype="fortinet:fortiweb:log"
(eventtype="fortiweb-event-admin-login-success" OR eventtype="fortiweb-event-admin-login-failed")
| stats count(eval(action="failure")) as failed_logins, count(eval(action="success")) as successful_logins by src_ip, user, device_id
| where failed_logins > 5 AND successful_logins > 0
| eval risk_score=case(
(failed_logins > 20), 100,
(failed_logins > 5), 75,
1==1, 50)
| `comment("Looks for multiple failed logins followed by a success from the same source IP, a common pattern for brute-force or bypass exploits.")`
| table _time, src_ip, user, device_id, failed_logins, successful_logins, risk_score
| sort -risk_score

4. PowerShell Script — Cisco ISE IOC Check

# PowerShell script to check for Indicators of Compromise related to the Cisco ISE Zero-Day
# This is a template. Replace IOCs with specific intelligence.

$computers = Get-Content -Path .\serverlist.txt
$iocs = @{
"C:\Windows\Temp\ise_exploit.dll" = "";
"HKLM:\SOFTWARE\Cisco\ISE\ExploitFlag" = "1"
}

Write-Host "Starting IOC scan for Cisco ISE Zero-Day..."

foreach ($computer in $computers) {
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Write-Host "- Checking $computer..."
foreach ($ioc in $iocs.GetEnumerator()) {
if ($ioc.Key.StartsWith("HKLM:")) {
# Check Registry Key
try {
$regValue = Invoke-Command -ComputerName $computer -ScriptBlock { Get-ItemProperty -Path $using:ioc.Key -ErrorAction Stop } | Select-Object -ExpandProperty $ioc.Value
if ($regValue) {
Write-Host "  [!!] FOUND IOC on $computer: Registry key $($ioc.Key) exists." -ForegroundColor Red
}
} catch {}
} else {
# Check File Path
if (Invoke-Command -ComputerName $computer -ScriptBlock { Test-Path -Path $using:ioc.Key }) {
Write-Host "  [!!] FOUND IOC on $computer: File $($ioc.Key) exists." -ForegroundColor Red
# Add hash verification here if needed
}
}
}
} else {
Write-Host "- Could not connect to $computer." -ForegroundColor Yellow
}
}

Write-Host "Scan complete."

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "type": "bundle", "id": "bundle--765e4784-148c-46e6-b176-5e9a29c52ad8", "objects": [ { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "created": "2022-10-01T00:00:00.000Z", "definition_type": "tlp:2.0", "name": "TLP:CLEAR", "definition": { "tlp": "clear" } }, { "type": "identity", "spec_version": "2.1", "id": "identity--83f92327-24e9-47ea-b894-b9bd56e3c68b", "created": "2025-11-14T15:31:35.044Z", "modified": "2025-11-14T15:31:35.044Z", "name": "MikeGPT Intelligence Platform", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "identity_class": "organization", "sectors": [ "technology", "defense" ], "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "report", "spec_version": "2.1", "id": "report--79a39491-74c7-4079-ad64-1f43fde720d2", "created": "2025-11-14T15:31:35.044Z", "modified": "2025-11-14T15:31:35.044Z", "name": "Threat Intelligence Report - 2025-11-14", "description": "Threat Intelligence Report - 2025-11-14\n\nThis report consolidates actionable cybersecurity intelligence from 96 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• Critical FortiWeb flaw under attack, allowing complete compromise (Score: 100)\n• Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack (Score: 100)\n• Checkout.com Discloses Data Breach After Extortion Attempt (Score: 100)\n• The retail sector needs a cybersecurity talent incubator (Score: 100)\n• Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts (Score: 100)\n\nEXTRACTED ENTITIES:\n• 27 Attack Pattern(s)\n• 17 Campaign(s)\n• 3 Course Of Action(s)\n• 2 Domain Name(s)\n• 2 Indicator(s)\n• 1 Intrusion Set(s)\n• 1 Ipv4 Addr(s)\n• 16 Location(s)\n• 57 Malware(s)\n• 1 Marking Definition(s)\n• 37 Relationship(s)\n• 13 Threat Actor(s)\n• 9 Tool(s)\n• 2 Url(s)\n• 17 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "published": "2025-11-14T15:31:35.044Z", "object_refs": [ "identity--83f92327-24e9-47ea-b894-b9bd56e3c68b", "vulnerability--8f735ec2-8220-4b83-9a8c-a0835387a0a3", "vulnerability--792ede9b-8de1-4c9a-91a0-e3f210f0d032", "vulnerability--5aa023ed-89ff-455f-a14b-06d7a32d06cd", "vulnerability--960fba5c-f3c4-4800-8756-f284eec96652", "vulnerability--6010829c-9633-4789-9611-a16db23db2f2", "vulnerability--79785aec-b79d-4b48-9193-077cbe55287a", "vulnerability--a9612828-7f11-4309-be11-9f187e26e457", "vulnerability--42ef99bb-338a-4d7e-907d-09e0a7806721", "vulnerability--39cf974d-29cd-453a-92b0-aacee7aa323e", "vulnerability--5f025007-20c8-4ccf-bfb6-a845e768c5eb", "malware--605c817b-0ca8-4c4f-8961-7dd094ee058b", "identity--7a97dfb8-5ca7-49d1-aa53-fe9c78a3853d", "vulnerability--2ce0c1a5-da9a-4507-8424-5cac0a7bdc24", "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671", "vulnerability--75209a3b-2817-47f1-b38d-3b0e59249e1d", "identity--78652a32-1d49-42fb-a7b1-5c6f8bfb3581", "vulnerability--ed3de346-93c1-4c44-867e-0a775a7fa8e3", "vulnerability--1256edd4-a495-44a4-86b1-0740bb38277e", "malware--2bc1c989-7436-42b1-9012-2cfdf3da1a9d", "malware--44927346-2d9c-445c-8c5e-7dcdc2fbdec2", "malware--6be03c76-ed62-49ad-8d6a-8d6edc139482", "malware--3e45ebc9-bae3-4704-86a9-44abdb347667", "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7", "threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca", "threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924", "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3", "identity--2d677b32-42d6-4ae8-a662-4c9bb04de1b8", "malware--7cc3f9a2-daea-458e-a385-314141c7ae13", "malware--409c6fc4-b4a8-4d72-a6e5-90829bae6112", "identity--6e0f3149-d6f1-4ada-9805-3e656b4318ae", "identity--5fb634f4-4efc-4668-9397-71cf3601ffae", "intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106", "identity--1abdf29f-9fe3-478e-b225-610c02d5b71e", "identity--15a8eecf-1ec3-47c8-a984-463663f1f6ef", "attack-pattern--86775379-7666-49ed-b92b-48c360342708", "malware--9fea6585-318d-4805-b8d1-1cdd2b3881ca", "malware--743fd0cd-4279-4ce4-aed2-d58784f3031c", "threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9", "malware--46a0b253-36c0-4c14-bdf6-40460c8bb029", "malware--6975652f-c247-47d4-8b69-5eba0a4b6104", "tool--ef194854-4842-4fb3-8351-88104dd33103", "identity--de165938-73e8-4c1e-92f2-1b7832514832", "identity--15d433d8-67cd-4bf6-a69d-b0c73b67f58e", "malware--622d89f5-39ec-4c12-9e59-72477cefd1ab", "malware--9c0dd3c2-3017-43bd-9b16-4b60a3d61120", "threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b", "identity--cbb9b9ee-52b7-4d0e-b4a6-25b063a6fac2", "identity--23f126ae-d9bd-497b-9eb9-63af757eb466", "malware--fa4c643a-e54a-4f71-aa1c-4bb424bb6db5", "malware--d1b982de-9a91-4b3f-afe9-f09f8d466881", "malware--c1213cab-cfa6-47a2-b43b-7af4967ec05a", "identity--cba0f55e-7bb3-4ae6-b0f8-048dae21e7f3", "identity--ad194b40-4a7d-4618-9298-c15574c0cf77", "malware--ffa5aef9-e5ae-485c-b748-1db12e072806", "identity--6c5b43ba-1151-49f5-aea4-5130de5e46ba", "identity--ec073fc7-bb30-4c07-8aa0-9d1d51058897", "threat-actor--aed4bc51-33b0-4736-bcb7-17aea7c56aa9", "identity--6b8db019-ba56-4716-bbd3-bab18737fef4", "tool--9fb8a1b4-5c61-44e4-90e1-494f8de4d8d6", "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5", "tool--9f804692-3dad-41b3-b550-5a7ca93e97a9", "threat-actor--59aae272-74d1-4419-b6d7-48ca8d0af280", "malware--4267370b-1057-49a4-942f-fcb4c563aacc", "tool--c2210051-55ab-4475-801e-0134045250d9", "identity--37a6c73b-081d-4c71-a467-5ccabd7ab329", "malware--f0089dea-b7b7-4a84-8fc4-e81a86cbecba", "identity--a57d502c-4e82-41ec-9234-875d491343fa", "identity--9fa139c1-5ce0-4ccf-9d02-1e0f8c2f38f6", "malware--8a13dba8-08ba-42eb-b07b-0712d0ad6082", "malware--9c959f03-a85c-4ccb-b73e-c55b0e32e5c2", "location--5b9801e8-bffe-4bee-b903-e93d9f801e0c", "threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d", "tool--8296b0e0-ae1f-45b6-8de0-1c1a4a5e05c5", "malware--6f4456e2-6dc0-4521-ba8e-cabeff00859c", "malware--d1c0263c-8c2f-4c70-bd70-1ec546470fa2", "identity--bf415032-9753-40fd-aa77-45a09f6f767d", "threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc", "malware--0b67e2fd-eaf0-45b4-ba7e-3a4c1a740bb6", "tool--6f10bc28-3ad5-432c-bcde-e601f2332ffb", "identity--76224fd2-7db9-4dfd-951a-4b084bef03ad", "malware--1cddedd9-b8e1-4176-90a1-a8b5ed7613a4", "attack-pattern--22092a47-7fd2-4602-90b1-61623bb89079", "malware--2d7ce7de-e032-4043-8963-4c014393a48f", "malware--5e5e274e-42ad-4cf9-86fc-12db386831e5", "location--c92adf8f-1739-4c88-895d-06a7f2948f2e", "attack-pattern--78a1ad04-d1a7-4bf8-8006-34af1fd1d770", "identity--ce2e69c6-c194-4ca1-8ccd-65c1ce21af1b", "location--554766a1-5093-4b60-9732-aa6d14becb18", "tool--91088445-edc4-4d00-864c-785446cbb1af", "identity--f8278a12-ae20-4c3f-9977-3dd4feafc099", "identity--01b0e443-1611-4441-beba-d4f250c69101", "tool--2bd39da2-1744-453b-8891-2872e72c94bb", "identity--daec362e-708a-4630-b425-6826593bb788", "identity--0379b4f6-f35b-447e-999f-7564a31b875b", "location--79365b11-f080-4c12-97f5-45b7784679a6", "threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5", "location--e8a8e369-e014-4c3f-98e2-d780344dbe7a", "tool--98496f61-df6e-4741-9fdc-b751ce5ac69d", "location--99e79579-3626-4cbc-b307-9a0ed522e607", "indicator--032d49c6-e2db-4ca3-ac15-f16c0d458867", "location--ea96e271-70b7-4ed7-af72-74ba165daca2", "threat-actor--3a7625ba-dd01-4c6a-aa2a-4e8c916b44bb", "location--c641f4aa-ac4d-4b50-a0eb-cb383b4a3e53", "vulnerability--7680a803-4098-41b0-83ff-f4c1ee650dbd", "location--2cffd105-432c-46ca-a015-faa047518780", "identity--95c8389c-7419-490e-8d5b-8f227478ce1c", "location--f89078f0-39f7-4a02-a7e4-dbde6a3138cd", "identity--a8564e44-9dd4-4fa2-af91-011d076d1c14", "location--44405860-a9a6-458f-beae-e4e62ebb780f", "identity--7aa77399-1a75-40ae-a4c3-2fbf8783bcff", "location--09fb5c3f-e950-4d77-9967-81596ba45e63", "location--5dbd12b2-f0b0-4c36-847b-62aa529b4595", "location--24ea8196-d1e3-4fe9-8c4e-06047a334d1e", "attack-pattern--9ad5784d-77ba-4b52-90f9-49695e3dbde6", "attack-pattern--020ddb29-4b95-4601-a850-894e55402fe2", "location--4184e662-7eed-444d-94b4-7f31e34d5299", "attack-pattern--2a1ef775-77d8-455c-bede-0a48e2d7adc4", "location--d28ab131-d57a-43d0-9c93-51a1e6b190f8", "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "attack-pattern--af705332-242d-4c31-9955-6dca77d560de", "attack-pattern--75f8063e-1388-4007-8255-4523fceba24e", "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "attack-pattern--2c821981-fda2-4cb8-926c-6edd4905d65c", "attack-pattern--c3286059-b33e-4b64-9fda-22075baf9afa", "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "vulnerability--2f7ef566-4326-458e-9b8a-95c512973aea", "vulnerability--36ae9a74-34ed-4152-b416-4212375a9d4d", "malware--b43957f9-6075-424d-9d0e-a796cb4fc554", "malware--c307a9bc-a1cc-4d9c-bdba-17e51bcd17ce", "malware--e07641cc-c094-41c0-9b8f-2a987e56592d", "malware--8b100039-52dc-4222-b417-5c0916fb0752", "malware--d6cde548-2e3c-4208-9ebe-bb1c53d1f692", "malware--5eac6fee-fb12-4346-a0c0-572772e2f790", "malware--849d0594-4731-4ad8-a99b-1002264bb9f0", "malware--f4981434-5841-4fc2-9d54-e67e83e7c4a6", "malware--bf962d9c-1625-4afd-a071-448f060339c3", "malware--a3350bb6-fe37-4d96-b215-91988a1fd939", "malware--c8d11e67-de07-478c-86e5-88d5130f496f", "malware--ebe018b6-cba0-4f1c-9c8e-66ec2afb0378", "malware--73d3b146-9d58-4783-8ea5-d8a8b5314192", "malware--71b7c741-c18d-44f2-82fb-b12ee01b8a0a", "malware--c60fddf5-86ef-47c2-a399-1d8c9f1b4702", "malware--283f2bf0-0680-4db0-9a79-e0f28fc45a0e", "malware--f56776d4-f68e-46f8-893c-2e7bb0858b2c", "malware--b8bcddf6-aae9-4f5f-a356-fef79db4a767", "malware--6d289e7e-3128-44e9-85cd-a91e36ec0ed7", "malware--b84d0631-8d1a-488a-9c88-19b7ec921f77", "malware--9e484d18-2399-42d2-be22-31a4c47bf5db", "malware--08619cfc-fde7-4189-91ac-ed3184470f6f", "malware--b83b8b8a-7323-4155-bdb1-359c3af4e29a", "malware--9e481322-9cc7-4957-b10f-1c920e6fe279", "malware--6b7520d6-bf25-4ac2-a99a-c2ecdd424cfb", "malware--0c0afff9-d78d-44e5-bc5a-6b465e5db88e", "malware--ca7473ba-3eea-4714-bc5e-a79c1f1c5680", "malware--d64d5557-5d22-4674-8f87-c56156d03bb1", "campaign--dd15b108-50de-4c08-b2c9-2c10e5825ffa", "campaign--1158e87d-7850-4d4b-a777-28f9f19d5139", "campaign--f8f6e135-3caf-433e-b10c-bd410cdf08f2", "campaign--a9ed08c9-1dd3-41c0-b0f2-9b3a836f7142", "campaign--a0b423e4-aa60-49ef-8670-8014171b8dbe", "campaign--ba170217-b331-4edc-b079-3faa3509b259", "campaign--271adefc-3878-4c17-b3cc-b2b15daa46f3", "campaign--d73d14e7-341b-4ef9-bd25-bf611f350bda", "campaign--15af817c-fbfb-4b4f-8b5d-d93cc93912d4", "campaign--6e3b7569-e659-4451-9fc1-9f80410b1b05", "campaign--32d44bff-43e9-4423-8ec3-b5b5dde06135", "campaign--04fe836d-0fcd-49da-abd3-90748eeef3a4", "campaign--0f72d34e-62d1-48c4-ac97-0bbc9a0fad4d", "campaign--df6dfe38-a37c-40aa-b6bb-45956d8f35a5", "campaign--ada4fb0b-c841-4d00-97d0-e37e96685a10", "campaign--34721cf8-e00b-4cdc-a495-a6255d822fc7", "campaign--bf57b8e0-272d-4502-8ca2-651eb928f34a", "course-of-action--3c471bc6-176e-49a5-be8b-b1200fff0308", "course-of-action--f4bfab46-15ac-4d47-9b33-13c2ba939d23", "course-of-action--290c2107-e708-4fc8-b4d0-a79cca71d206", "relationship--fcdcef03-df38-4140-983b-8e690aa28fe1", "relationship--e94262c7-9ffd-4590-84bc-f161f413909c", "relationship--2dccab87-581a-40e2-8cd8-b27ca20db977", "relationship--e6bca03d-46bd-47ef-886f-86c93f3d515c", "relationship--3655248e-26c2-40e8-8516-52119cb2a5c2", "relationship--dfc9b8eb-b574-4f46-abe7-895316c1dca9", "relationship--f122c380-e243-41d9-ac0d-c07635e6465d", "relationship--50236f36-1c2a-4cd1-8407-81bea3c3500d", "relationship--0002e05b-f650-4873-a216-dc2b0cff48ab", "relationship--bcbcebe9-a245-44d3-b04b-b42a0aeb33ea", "relationship--1c8b0cb8-ea8b-43bf-ae83-9e67d7904422", "relationship--1ec78bde-5b99-4955-a5f3-59c8a54639c5", "relationship--6368547f-30b0-4505-ab79-ff9ad82cc36e", "relationship--579f4bec-099c-4e55-bd52-9705318ca0a8", "relationship--f706ef24-6cea-4a0b-b0ab-fd28120260ae", "relationship--1e37ef3a-72e7-47bc-b2aa-03f03c5549d7", "relationship--123186e5-cc88-4682-b3c0-15bf63b66b13", "relationship--dea2959d-8789-4f26-a6d9-733007ffcea5", "relationship--ee8e09ae-9056-43e3-be29-548fa3f1b7eb", "relationship--dea15208-c968-4edc-9383-6e15b2fe5486", "relationship--b629de3f-8edb-44e8-99fc-64dc82825ae9", "relationship--f23871ea-519d-4e8e-8632-ce8bf4569715", "relationship--c87aedad-2526-4eb4-a8c7-430f5838539f", "relationship--0d2df0bc-0502-4255-a6b3-a654ec936649", "relationship--c07f739b-6d30-4de2-9bfd-55f3d3d6162e", "relationship--d8bf0365-4f88-480c-b5e9-5decd8757d5a", "relationship--811d9e60-aee2-49e6-862c-48427b7e676f", "relationship--d145ca6f-e7c3-4686-b99c-d08102964b27", "relationship--d14742ac-b862-45a6-9539-de88b95baf41", "relationship--0971c82a-97c8-4d74-9458-03606fa924aa", "ipv4-addr--8ac5f3f0-2b23-4317-8d1b-cbd25d6a807e", "domain-name--f7443ec2-77b1-446b-be22-1da6cb05b32d", "url--b4238ff9-1cd9-4a8d-9cc1-7f44c980adf5", "domain-name--781cd6fa-3bc1-4aa4-a719-c07572ed4cba", "url--a59680f6-71b9-404d-9229-7d832658a340", "indicator--9601624a-c125-4eab-8b62-5d0cac30ab57", "relationship--5aac9728-c9af-4231-8232-ff9df52aa30f", "relationship--8a6a08bc-02ab-425d-a220-f66bb8b2895f", "relationship--c0b509c9-3a3c-4e44-807a-0ee7d753f84e", "relationship--f5d1b277-387f-44b7-9fe8-1ba6984a31da", "relationship--b02410fa-e866-4f65-9084-58bd2edef133", "relationship--8520469b-b147-4c03-bf88-40293ec0366e", "relationship--7f5975e3-029d-46de-8643-c00353d33409" ], "labels": [ "threat-report", "threat-intelligence" ], "created_by_ref": "identity--83f92327-24e9-47ea-b894-b9bd56e3c68b", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.040Z", "modified": "2025-11-14T15:31:35.040Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--8f735ec2-8220-4b83-9a8c-a0835387a0a3", "name": "https://www.cve.org/CVERecord?id=CVE-2025-24085", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.040Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--792ede9b-8de1-4c9a-91a0-e3f210f0d032", "name": "CVE-2025-24085", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-24085", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24085" }, { "source_name": "nvd", "external_id": "CVE-2025-24085", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24085" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--5aa023ed-89ff-455f-a14b-06d7a32d06cd", "name": "CVE-2025-21042", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-21042", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21042" }, { "source_name": "nvd", "external_id": "CVE-2025-21042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21042" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--960fba5c-f3c4-4800-8756-f284eec96652", "name": "CVE-2025-59305", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-59305", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59305" }, { "source_name": "nvd", "external_id": "CVE-2025-59305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59305" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--6010829c-9633-4789-9611-a16db23db2f2", "name": "CVE-2024-40766", "external_references": [ { "source_name": "cve", "external_id": "CVE-2024-40766", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40766" }, { "source_name": "nvd", "external_id": "CVE-2024-40766", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40766" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--79785aec-b79d-4b48-9193-077cbe55287a", "name": "CVE-2025-20362", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-20362", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20362" }, { "source_name": "nvd", "external_id": "CVE-2025-20362", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20362" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--a9612828-7f11-4309-be11-9f187e26e457", "name": "CVE-2025-12480", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-12480", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12480" }, { "source_name": "nvd", "external_id": "CVE-2025-12480", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12480" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--42ef99bb-338a-4d7e-907d-09e0a7806721", "name": "CVE-2025-52881", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-52881", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881" }, { "source_name": "nvd", "external_id": "CVE-2025-52881", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--39cf974d-29cd-453a-92b0-aacee7aa323e", "name": "CVE-2025-52565", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-52565", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565" }, { "source_name": "nvd", "external_id": "CVE-2025-52565", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--5f025007-20c8-4ccf-bfb6-a845e768c5eb", "name": "CVE-2025-34299", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-34299", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-34299" }, { "source_name": "nvd", "external_id": "CVE-2025-34299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34299" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--605c817b-0ca8-4c4f-8961-7dd094ee058b", "name": "Yanluowang ransomware", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--7a97dfb8-5ca7-49d1-aa53-fe9c78a3853d", "name": "U.S. Cybersecurity and Infrastructure Security Agency", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--2ce0c1a5-da9a-4507-8424-5cac0a7bdc24", "name": "CVE-2025-41244", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-41244", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244" }, { "source_name": "nvd", "external_id": "CVE-2025-41244", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41244" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671", "name": "the Lazarus Group", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--75209a3b-2817-47f1-b38d-3b0e59249e1d", "name": "CVE-2025-31133", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-31133", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133" }, { "source_name": "nvd", "external_id": "CVE-2025-31133", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--78652a32-1d49-42fb-a7b1-5c6f8bfb3581", "name": "CISA", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--ed3de346-93c1-4c44-867e-0a775a7fa8e3", "name": "CVE-2025-32463", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-32463", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32463" }, { "source_name": "nvd", "external_id": "CVE-2025-32463", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32463" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--1256edd4-a495-44a4-86b1-0740bb38277e", "name": "CVE-2025-53609", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-53609", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53609" }, { "source_name": "nvd", "external_id": "CVE-2025-53609", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53609" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--2bc1c989-7436-42b1-9012-2cfdf3da1a9d", "name": "The Rhadamanthys infostealer", "is_family": true, "malware_types": [ "stealer" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--44927346-2d9c-445c-8c5e-7dcdc2fbdec2", "name": "GootLoader has resurfaced yet again after a brief spike in activity earlier this March", "is_family": true, "malware_types": [ "dropper" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--6be03c76-ed62-49ad-8d6a-8d6edc139482", "name": "Gootloader", "is_family": true, "malware_types": [ "dropper" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--3e45ebc9-bae3-4704-86a9-44abdb347667", "name": "Mirai", "is_family": true, "malware_types": [ "bot" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "name": "Akira ransomware", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7", "name": "Callisto/Star Blizzard/UNC4057", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca", "name": "LulzSec", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924", "name": "Charming Kitten", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3", "name": "Lazarus", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--2d677b32-42d6-4ae8-a662-4c9bb04de1b8", "name": "Trend Micro", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--7cc3f9a2-daea-458e-a385-314141c7ae13", "name": "XCSSET", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--409c6fc4-b4a8-4d72-a6e5-90829bae6112", "name": "Rhadamanthys is an infostealer", "is_family": true, "malware_types": [ "stealer" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--6e0f3149-d6f1-4ada-9805-3e656b4318ae", "name": "U.S. Cyber Command", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--5fb634f4-4efc-4668-9397-71cf3601ffae", "name": "NSA", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "intrusion-set", "id": "intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106", "name": "Scattered Spider", "labels": [ "intrusion-set" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--1abdf29f-9fe3-478e-b225-610c02d5b71e", "name": "Australian Signals Directorate", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--15a8eecf-1ec3-47c8-a984-463663f1f6ef", "name": "NIST", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "attack-pattern", "id": "attack-pattern--86775379-7666-49ed-b92b-48c360342708", "name": "XSS", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "unknown" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--9fea6585-318d-4805-b8d1-1cdd2b3881ca", "name": "GlassWorm malware", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--743fd0cd-4279-4ce4-aed2-d58784f3031c", "name": "PureRAT", "is_family": true, "malware_types": [ "remote-access-trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9", "name": "Cl0p", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--46a0b253-36c0-4c14-bdf6-40460c8bb029", "name": "LANDFALL", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--6975652f-c247-47d4-8b69-5eba0a4b6104", "name": "Trojan", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "tool", "id": "tool--ef194854-4842-4fb3-8351-88104dd33103", "name": "NMap", "tool_types": [ "network-capture", "vulnerability-scanning" ], "labels": [ "tool" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--de165938-73e8-4c1e-92f2-1b7832514832", "name": "CrowdStrike", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--15d433d8-67cd-4bf6-a69d-b0c73b67f58e", "name": "Mandiant", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--622d89f5-39ec-4c12-9e59-72477cefd1ab", "name": "DCRat", "is_family": true, "malware_types": [ "remote-access-trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--9c0dd3c2-3017-43bd-9b16-4b60a3d61120", "name": "Datzbro", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b", "name": "ShinyHunters", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--cbb9b9ee-52b7-4d0e-b4a6-25b063a6fac2", "name": "KnowBe4", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--23f126ae-d9bd-497b-9eb9-63af757eb466", "name": "Flashpoint", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--fa4c643a-e54a-4f71-aa1c-4bb424bb6db5", "name": "Rhadamanthys", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--d1b982de-9a91-4b3f-afe9-f09f8d466881", "name": "AtomicStealer", "is_family": true, "malware_types": [ "stealer" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--c1213cab-cfa6-47a2-b43b-7af4967ec05a", "name": "XMRig", "is_family": true, "malware_types": [ "crypto-miner" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--cba0f55e-7bb3-4ae6-b0f8-048dae21e7f3", "name": "Proofpoint", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--ad194b40-4a7d-4618-9298-c15574c0cf77", "name": "Nozomi Networks", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--ffa5aef9-e5ae-485c-b748-1db12e072806", "name": "Akira Ransomware’s", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--6c5b43ba-1151-49f5-aea4-5130de5e46ba", "name": "Rapid7", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--ec073fc7-bb30-4c07-8aa0-9d1d51058897", "name": "Microsoft Threat Intelligence", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--aed4bc51-33b0-4736-bcb7-17aea7c56aa9", "name": "Qilin", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--6b8db019-ba56-4716-bbd3-bab18737fef4", "name": "OWASP", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "tool", "id": "tool--9fb8a1b4-5c61-44e4-90e1-494f8de4d8d6", "name": "any.run", "tool_types": [ "unknown" ], "labels": [ "tool" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5", "name": "Ransomware", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "tool", "id": "tool--9f804692-3dad-41b3-b550-5a7ca93e97a9", "name": "Wazuh", "tool_types": [ "unknown" ], "labels": [ "tool" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--59aae272-74d1-4419-b6d7-48ca8d0af280", "name": "Qilin group", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--4267370b-1057-49a4-942f-fcb4c563aacc", "name": "MatrixPDF", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "tool", "id": "tool--c2210051-55ab-4475-801e-0134045250d9", "name": "Defender for Office 365", "tool_types": [ "unknown" ], "labels": [ "tool" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--37a6c73b-081d-4c71-a467-5ccabd7ab329", "name": "ZDI", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--f0089dea-b7b7-4a84-8fc4-e81a86cbecba", "name": "Fantasy Hub", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--a57d502c-4e82-41ec-9234-875d491343fa", "name": "CBO", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "identity", "id": "identity--9fa139c1-5ce0-4ccf-9d02-1e0f8c2f38f6", "name": "SonicWall", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--8a13dba8-08ba-42eb-b07b-0712d0ad6082", "name": "Datzbro that can conduct device takeover", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--9c959f03-a85c-4ccb-b73e-c55b0e32e5c2", "name": "RayInitiator", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "location", "id": "location--5b9801e8-bffe-4bee-b903-e93d9f801e0c", "name": "the United States", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d", "name": "Aleksei Olegovich Volkov", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "tool", "id": "tool--8296b0e0-ae1f-45b6-8de0-1c1a4a5e05c5", "name": "Kali", "tool_types": [ "exploitation", "vulnerability-scanning", "network-capture" ], "labels": [ "tool" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--6f4456e2-6dc0-4521-ba8e-cabeff00859c", "name": "RingReaper", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.041Z", "modified": "2025-11-14T15:31:35.041Z", "confidence": 95, "type": "malware", "id": "malware--d1c0263c-8c2f-4c70-bd70-1ec546470fa2", "name": "Maverick", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "identity", "id": "identity--bf415032-9753-40fd-aa77-45a09f6f767d", "name": "QNAP", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc", "name": "chubaka.kor", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "malware", "id": "malware--0b67e2fd-eaf0-45b4-ba7e-3a4c1a740bb6", "name": "Coyote", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "tool", "id": "tool--6f10bc28-3ad5-432c-bcde-e601f2332ffb", "name": "Google SafetyNet Attestation", "tool_types": [ "unknown" ], "labels": [ "tool" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "identity", "id": "identity--76224fd2-7db9-4dfd-951a-4b084bef03ad", "name": "The US Congressional Budget Office", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "malware", "id": "malware--1cddedd9-b8e1-4176-90a1-a8b5ed7613a4", "name": "GlassWorm", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "attack-pattern", "id": "attack-pattern--22092a47-7fd2-4602-90b1-61623bb89079", "name": "DoS", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "unknown" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "malware", "id": "malware--2d7ce7de-e032-4043-8963-4c014393a48f", "name": "Paragon’s Graphite", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "malware", "id": "malware--5e5e274e-42ad-4cf9-86fc-12db386831e5", "name": "Gootloader Returns", "is_family": true, "malware_types": [ "dropper" ], "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--c92adf8f-1739-4c88-895d-06a7f2948f2e", "name": "U.S.", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "attack-pattern", "id": "attack-pattern--78a1ad04-d1a7-4bf8-8006-34af1fd1d770", "name": "Privilege Escalation", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "unknown" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "identity", "id": "identity--ce2e69c6-c194-4ca1-8ccd-65c1ce21af1b", "name": "Mend.io", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--554766a1-5093-4b60-9732-aa6d14becb18", "name": "South Korea", "country": "KR", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "tool", "id": "tool--91088445-edc4-4d00-864c-785446cbb1af", "name": "Universal Forwarders", "tool_types": [ "unknown" ], "labels": [ "tool" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "identity", "id": "identity--f8278a12-ae20-4c3f-9977-3dd4feafc099", "name": "OneBlood", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "identity", "id": "identity--01b0e443-1611-4441-beba-d4f250c69101", "name": "Security Affairs", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "tool", "id": "tool--2bd39da2-1744-453b-8891-2872e72c94bb", "name": "ELK", "tool_types": [ "unknown" ], "labels": [ "tool" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "identity", "id": "identity--daec362e-708a-4630-b425-6826593bb788", "name": "Schneider Electric", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "identity", "id": "identity--0379b4f6-f35b-447e-999f-7564a31b875b", "name": "GlobalLogic", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--79365b11-f080-4c12-97f5-45b7784679a6", "name": "Oman", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5", "name": "DragonForce", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--e8a8e369-e014-4c3f-98e2-d780344dbe7a", "name": "Moldova", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "tool", "id": "tool--98496f61-df6e-4741-9fdc-b751ce5ac69d", "name": "Cisco Secure Firewall Threat Defense", "tool_types": [ "unknown" ], "labels": [ "tool" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--99e79579-3626-4cbc-b307-9a0ed522e607", "name": "Dublin", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 82, "type": "indicator", "id": "indicator--032d49c6-e2db-4ca3-ac15-f16c0d458867", "name": "141.98.82.26", "pattern": "[ipv4-addr:value = '141.98.82.26']", "pattern_type": "stix", "indicator_types": [ "ipv4-addr" ], "valid_from": "2025-11-14T15:31:35.042495+00:00", "labels": [ "malicious-activity" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--ea96e271-70b7-4ed7-af72-74ba165daca2", "name": "Brussels", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--3a7625ba-dd01-4c6a-aa2a-4e8c916b44bb", "name": "Aleksey Olegovich Volkov", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--c641f4aa-ac4d-4b50-a0eb-cb383b4a3e53", "name": "Norway", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 85, "type": "vulnerability", "id": "vulnerability--7680a803-4098-41b0-83ff-f4c1ee650dbd", "name": "the Gemini Trifecta", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--2cffd105-432c-46ca-a015-faa047518780", "name": "Afghanistan", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "identity", "id": "identity--95c8389c-7419-490e-8d5b-8f227478ce1c", "name": "Logitech", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--f89078f0-39f7-4a02-a7e4-dbde6a3138cd", "name": "Denmark", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "identity", "id": "identity--a8564e44-9dd4-4fa2-af91-011d076d1c14", "name": "Suspected in Breach of Congressional Budget Office The Congressional Budget Office has been the subject of an apparent cyber incident", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--44405860-a9a6-458f-beae-e4e62ebb780f", "name": "the United Arab Emirates", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "identity", "id": "identity--7aa77399-1a75-40ae-a4c3-2fbf8783bcff", "name": "Jaguar Land Rover", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--09fb5c3f-e950-4d77-9967-81596ba45e63", "name": "Israel", "country": "IL", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.042Z", "modified": "2025-11-14T15:31:35.042Z", "confidence": 95, "type": "location", "id": "location--5dbd12b2-f0b0-4c36-847b-62aa529b4595", "name": "Berlin", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 95, "type": "location", "id": "location--24ea8196-d1e3-4fe9-8c4e-06047a334d1e", "name": "Ireland", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 95, "type": "attack-pattern", "id": "attack-pattern--9ad5784d-77ba-4b52-90f9-49695e3dbde6", "name": "to execute code over a network", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "unknown" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 95, "type": "attack-pattern", "id": "attack-pattern--020ddb29-4b95-4601-a850-894e55402fe2", "name": "using maliciously crafted input", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "unknown" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 95, "type": "location", "id": "location--4184e662-7eed-444d-94b4-7f31e34d5299", "name": "Germany", "country": "DE", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 95, "type": "attack-pattern", "id": "attack-pattern--2a1ef775-77d8-455c-bede-0a48e2d7adc4", "name": "a position to observe your network traffic to conclude language model conversation topics", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "unknown" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 92, "type": "location", "id": "location--d28ab131-d57a-43d0-9c93-51a1e6b190f8", "name": "Union County", "region": "unknown", "labels": [ "location" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "name": "Exploit Public-Facing Application", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1190", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "name": "Exploitation for Client Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1203", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/", "external_id": "T1203" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "name": "Abuse Elevation Control Mechanism", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" }, { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1548", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1548/", "external_id": "T1548" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "name": "Access Token Manipulation", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1134", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1134/", "external_id": "T1134" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "name": "Command and Scripting Interpreter", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/", "external_id": "T1059" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "name": "Spearphishing Attachment", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/001/", "external_id": "T1566.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "name": "Spearphishing Link", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/002/", "external_id": "T1566.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "name": "Spearphishing via Service", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/003/", "external_id": "T1566.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--af705332-242d-4c31-9955-6dca77d560de", "name": "Modify Registry", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1112", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1112/", "external_id": "T1112" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--75f8063e-1388-4007-8255-4523fceba24e", "name": "Registry Run Keys / Startup Folder", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1547.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1547/001/", "external_id": "T1547.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "name": "Supply Chain Compromise", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/", "external_id": "T1195" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "name": "Application Layer Protocol", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1071", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1071/", "external_id": "T1071" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "name": "Non-Application Layer Protocol", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1095", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1095/", "external_id": "T1095" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "name": "Remote Services", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "lateral-movement" } ], "x_mitre_id": "T1021", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1021/", "external_id": "T1021" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2c821981-fda2-4cb8-926c-6edd4905d65c", "name": "Lateral Tool Transfer", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "lateral-movement" } ], "x_mitre_id": "T1570", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1570/", "external_id": "T1570" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c3286059-b33e-4b64-9fda-22075baf9afa", "name": "Ingress Tool Transfer", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1105", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1105/", "external_id": "T1105" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "name": "Vulnerabilities", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/006/", "external_id": "T1588.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 71, "type": "attack-pattern", "id": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "name": "Artificial Intelligence", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.007", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/007/", "external_id": "T1588.007" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "name": "Archive via Utility", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1560.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/", "external_id": "T1560.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "name": "Screen Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1113", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/", "external_id": "T1113" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "name": "Adversary-in-the-Middle", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/", "external_id": "T1557" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--2f7ef566-4326-458e-9b8a-95c512973aea", "created": "2025-11-14T15:31:04.745Z", "modified": "2025-11-14T15:31:04.745Z", "name": "CVE-2025-20333", "description": "Vulnerability CVE-2025-20333 | Affects: Cisco ASA and FTD firewalls | Status: actively exploited", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-20333", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20333" }, { "source_name": "article", "url": "https://www.reddit.com/r/cybersecurity/comments/1ow73ik/cisco_asa_zerodays_under_active_exploitation_cisa/", "description": "Cisco ASA Zero-Days Under Active Exploitation — CISA Issues Emergency Directive (Over 50k device exposed)" } ], "x_exploited": true, "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--36ae9a74-34ed-4152-b416-4212375a9d4d", "created": "2025-11-14T15:31:32.558Z", "modified": "2025-11-14T15:31:32.558Z", "name": "CVE-2025-64513", "description": "Vulnerability CVE-2025-64513", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-64513", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64513" }, { "source_name": "article", "url": "https://www.reddit.com/r/netsec/comments/1owmope/milvus_proxy_authentication_bypass/", "description": "Milvus Proxy Authentication Bypass Vulnerability(CVE-2025-64513)" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--b43957f9-6075-424d-9d0e-a796cb4fc554", "created": "2025-11-14T15:31:01.173Z", "modified": "2025-11-14T15:31:01.173Z", "name": "Linux", "description": "Malware Linux identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://lifeboat.com/blog/2025/11/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk", "description": "RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--c307a9bc-a1cc-4d9c-bdba-17e51bcd17ce", "created": "2025-11-14T15:31:01.173Z", "modified": "2025-11-14T15:31:01.173Z", "name": "ImunifyAV", "description": "Malware ImunifyAV identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://lifeboat.com/blog/2025/11/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk", "description": "RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--e07641cc-c094-41c0-9b8f-2a987e56592d", "created": "2025-11-14T15:31:03.568Z", "modified": "2025-11-14T15:31:03.568Z", "name": "Worm-Powered Campaign", "description": "Malware Worm-Powered Campaign identified in threat intelligence", "malware_types": [ "worm" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.securityweek.com/?p=44299", "description": "Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--8b100039-52dc-4222-b417-5c0916fb0752", "created": "2025-11-14T15:31:03.569Z", "modified": "2025-11-14T15:31:03.569Z", "name": "NPM Packages", "description": "Malware NPM Packages identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.securityweek.com/?p=44299", "description": "Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--d6cde548-2e3c-4208-9ebe-bb1c53d1f692", "created": "2025-11-14T15:31:06.203Z", "modified": "2025-11-14T15:31:06.203Z", "name": "British Health System Investigates", "description": "Malware British Health System Investigates identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.healthcareinfosecurity.com/uk-nhs-named-in-clop-gangs-exploits-oracle-zero-days-a-30030", "description": "UK NHS Named in Clop Gang's Exploits of Oracle Zero-Days" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--5eac6fee-fb12-4346-a0c0-572772e2f790", "created": "2025-11-14T15:31:06.203Z", "modified": "2025-11-14T15:31:06.203Z", "name": "Clop", "description": "Malware Clop identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.healthcareinfosecurity.com/uk-nhs-named-in-clop-gangs-exploits-oracle-zero-days-a-30030", "description": "UK NHS Named in Clop Gang's Exploits of Oracle Zero-Days" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--849d0594-4731-4ad8-a99b-1002264bb9f0", "created": "2025-11-14T15:31:06.203Z", "modified": "2025-11-14T15:31:06.203Z", "name": "National Health Service", "description": "Malware National Health Service identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.healthcareinfosecurity.com/uk-nhs-named-in-clop-gangs-exploits-oracle-zero-days-a-30030", "description": "UK NHS Named in Clop Gang's Exploits of Oracle Zero-Days" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--f4981434-5841-4fc2-9d54-e67e83e7c4a6", "created": "2025-11-14T15:31:06.203Z", "modified": "2025-11-14T15:31:06.203Z", "name": "Thefts", "description": "Malware Thefts identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.healthcareinfosecurity.com/uk-nhs-named-in-clop-gangs-exploits-oracle-zero-days-a-30030", "description": "UK NHS Named in Clop Gang's Exploits of Oracle Zero-Days" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--bf962d9c-1625-4afd-a071-448f060339c3", "created": "2025-11-14T15:31:07.725Z", "modified": "2025-11-14T15:31:07.725Z", "name": "Non-Human Identities", "description": "Malware Non-Human Identities identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://entro.security/?p=18727", "description": "Stay Reassured with Consistent NHI Security Updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--a3350bb6-fe37-4d96-b215-91988a1fd939", "created": "2025-11-14T15:31:08.417Z", "modified": "2025-11-14T15:31:08.418Z", "name": "Akira", "description": "Malware Akira identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.tenable.com/210522", "description": "Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--c8d11e67-de07-478c-86e5-88d5130f496f", "created": "2025-11-14T15:31:12.178Z", "modified": "2025-11-14T15:31:12.178Z", "name": "quantum computing", "description": "Malware quantum computing identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://securityboulevard.com/?p=2075811", "description": "Navigating Fraud in Customer Verification and Real-Time Payments" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--ebe018b6-cba0-4f1c-9c8e-66ec2afb0378", "created": "2025-11-14T15:31:12.662Z", "modified": "2025-11-14T15:31:12.662Z", "name": "The New HPE Networking: Integration Complete At", "description": "Malware The New HPE Networking: Integration Complete At identified in threat intelligence", "malware_types": [ "trojan" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://securityboulevard.com/?p=2075786", "description": "HPE’s Post-Juniper Vision: AI-Driven Security at Enterprise Scale" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--73d3b146-9d58-4783-8ea5-d8a8b5314192", "created": "2025-11-14T15:31:12.662Z", "modified": "2025-11-14T15:31:12.662Z", "name": "Hewlett Packard Enterprise", "description": "Malware Hewlett Packard Enterprise identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://securityboulevard.com/?p=2075786", "description": "HPE’s Post-Juniper Vision: AI-Driven Security at Enterprise Scale" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--71b7c741-c18d-44f2-82fb-b12ee01b8a0a", "created": "2025-11-14T15:31:16.324Z", "modified": "2025-11-14T15:31:16.324Z", "name": "Nutanix AHV", "description": "Malware Nutanix AHV identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://lifeboat.com/blog/2025/11/cisa-warns-of-akira-ransomware-linux-encryptor-targeting-nutanix-vms", "description": "CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--c60fddf5-86ef-47c2-a399-1d8c9f1b4702", "created": "2025-11-14T15:31:17.432Z", "modified": "2025-11-14T15:31:17.432Z", "name": "Claude Code", "description": "Malware Claude Code identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.securityweek.com/?p=44293", "description": "Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--283f2bf0-0680-4db0-9a79-e0f28fc45a0e", "created": "2025-11-14T15:31:17.718Z", "modified": "2025-11-14T15:31:17.718Z", "name": "TechRepublic", "description": "Malware TechRepublic identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.techrepublic.com/?p=4336044", "description": "Anthropic: China-Based Hackers Used Claude to Automate Global Cyberattack" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--f56776d4-f68e-46f8-893c-2e7bb0858b2c", "created": "2025-11-14T15:31:19.592Z", "modified": "2025-11-14T15:31:19.592Z", "name": "Ransom Proceeds", "description": "Malware Ransom Proceeds identified in threat intelligence", "malware_types": [ "ransomware" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.securityweek.com/?p=44300", "description": "Akira Ransomware Group Made $244 Million in Ransom Proceeds" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--b8bcddf6-aae9-4f5f-a356-fef79db4a767", "created": "2025-11-14T15:31:19.592Z", "modified": "2025-11-14T15:31:19.592Z", "name": "Akira Ransomware Group", "description": "Malware Akira Ransomware Group identified in threat intelligence", "malware_types": [ "ransomware" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.securityweek.com/?p=44300", "description": "Akira Ransomware Group Made $244 Million in Ransom Proceeds" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--6d289e7e-3128-44e9-85cd-a91e36ec0ed7", "created": "2025-11-14T15:31:20.198Z", "modified": "2025-11-14T15:31:20.198Z", "name": "Security Boulevard", "description": "Malware Security Boulevard identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://easydmarc.com/blog/?p=55464", "description": "EasyDMARC Integrates with Splunk" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--b84d0631-8d1a-488a-9c88-19b7ec921f77", "created": "2025-11-14T15:31:20.199Z", "modified": "2025-11-14T15:31:20.199Z", "name": "EasyDMARC", "description": "Malware EasyDMARC identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://easydmarc.com/blog/?p=55464", "description": "EasyDMARC Integrates with Splunk" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--9e484d18-2399-42d2-be22-31a4c47bf5db", "created": "2025-11-14T15:31:24.483Z", "modified": "2025-11-14T15:31:24.483Z", "name": "Ingram", "description": "Malware Ingram identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://votiro.com/?p=4414", "description": "Inside the Ingram Micro Ransomware Attack: Lessons in Zero Trust" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--08619cfc-fde7-4189-91ac-ed3184470f6f", "created": "2025-11-14T15:31:24.483Z", "modified": "2025-11-14T15:31:24.483Z", "name": "Micro", "description": "Malware Micro identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://votiro.com/?p=4414", "description": "Inside the Ingram Micro Ransomware Attack: Lessons in Zero Trust" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--b83b8b8a-7323-4155-bdb1-359c3af4e29a", "created": "2025-11-14T15:31:24.483Z", "modified": "2025-11-14T15:31:24.483Z", "name": "Lessons", "description": "Malware Lessons identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://votiro.com/?p=4414", "description": "Inside the Ingram Micro Ransomware Attack: Lessons in Zero Trust" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--9e481322-9cc7-4957-b10f-1c920e6fe279", "created": "2025-11-14T15:31:26.167Z", "modified": "2025-11-14T15:31:26.167Z", "name": "Modular Python", "description": "Malware Modular Python identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.reddit.com/r/cybersecurity/comments/1owrndn/looking_for_feedback_on_my_opensource_security/", "description": "Looking for Feedback on My Open-Source Security Toolkit (Hatiyar)" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--6b7520d6-bf25-4ac2-a99a-c2ecdd424cfb", "created": "2025-11-14T15:31:26.167Z", "modified": "2025-11-14T15:31:26.167Z", "name": "CLI", "description": "Malware CLI identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.reddit.com/r/cybersecurity/comments/1owrndn/looking_for_feedback_on_my_opensource_security/", "description": "Looking for Feedback on My Open-Source Security Toolkit (Hatiyar)" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--0c0afff9-d78d-44e5-bc5a-6b465e5db88e", "created": "2025-11-14T15:31:26.167Z", "modified": "2025-11-14T15:31:26.167Z", "name": "Cloud/Kubernetes &", "description": "Malware Cloud/Kubernetes & identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.reddit.com/r/cybersecurity/comments/1owrndn/looking_for_feedback_on_my_opensource_security/", "description": "Looking for Feedback on My Open-Source Security Toolkit (Hatiyar)" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--ca7473ba-3eea-4714-bc5e-a79c1f1c5680", "created": "2025-11-14T15:31:26.729Z", "modified": "2025-11-14T15:31:26.729Z", "name": "Stealer", "description": "Malware Stealer identified in threat intelligence", "malware_types": [ "spyware" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.reddit.com/r/cybersecurity/comments/1owpoo4/quiz_29_is_out_socvel/", "description": "Quiz 29 is out (SocVel)" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--d64d5557-5d22-4674-8f87-c56156d03bb1", "created": "2025-11-14T15:31:26.729Z", "modified": "2025-11-14T15:31:26.729Z", "name": "Phishing Phun 🤿 Employees", "description": "Malware Phishing Phun 🤿 Employees identified in threat intelligence", "malware_types": [ "unknown" ], "is_family": true, "external_references": [ { "source_name": "article", "url": "https://www.reddit.com/r/cybersecurity/comments/1owpoo4/quiz_29_is_out_socvel/", "description": "Quiz 29 is out (SocVel)" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "malicious-activity" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--dd15b108-50de-4c08-b2c9-2c10e5825ffa", "created": "2025-11-14T15:31:34.975Z", "modified": "2025-11-14T15:31:34.975Z", "name": " Micro Campaign", "description": "Campaign involving using Micro", "first_seen": "2025-11-14T02:33:13.000Z", "last_seen": "2025-11-14T02:33:13.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://nsfocusglobal.com/?p=32759", "description": "Microsoft’s November Security Update of High-Risk Vulnerability Notice for Multiple Products" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--1158e87d-7850-4d4b-a777-28f9f19d5139", "created": "2025-11-14T15:31:34.976Z", "modified": "2025-11-14T15:31:34.976Z", "name": " Linux Campaign", "description": "Campaign involving using Linux", "first_seen": "2025-11-14T07:16:10.000Z", "last_seen": "2025-11-14T07:16:10.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://lifeboat.com/blog/2025/11/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk", "description": "RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--f8f6e135-3caf-433e-b10c-bd410cdf08f2", "created": "2025-11-14T15:31:34.980Z", "modified": "2025-11-14T15:31:34.980Z", "name": " Worm-Powered Campaign Campaign", "description": "Campaign involving using Worm-Powered Campaign", "first_seen": "2025-11-14T10:40:05.000Z", "last_seen": "2025-11-14T10:40:05.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://www.securityweek.com/?p=44299", "description": "Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--a9ed08c9-1dd3-41c0-b0f2-9b3a836f7142", "created": "2025-11-14T15:31:34.982Z", "modified": "2025-11-14T15:31:34.982Z", "name": "CVE-2025-20333 Exploitation Campaign", "description": "Coordinated exploitation activity targeting CVE-2025-20333", "first_seen": "2025-11-13T17:24:39.000Z", "last_seen": "2025-11-13T17:24:39.000Z", "objective": "Exploitation of CVE-2025-20333 for unauthorized access", "confidence": 75, "external_references": [ { "source_name": "article", "url": "https://www.reddit.com/r/cybersecurity/comments/1ow73ik/cisco_asa_zerodays_under_active_exploitation_cisa/", "description": "Cisco ASA Zero-Days Under Active Exploitation — CISA Issues Emergency Directive (Over 50k device exposed)" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--a0b423e4-aa60-49ef-8670-8014171b8dbe", "created": "2025-11-14T15:31:34.982Z", "modified": "2025-11-14T15:31:34.982Z", "name": "CVE-2025-20362 Exploitation Campaign", "description": "Coordinated exploitation activity targeting CVE-2025-20362", "first_seen": "2025-11-13T17:24:39.000Z", "last_seen": "2025-11-13T17:24:39.000Z", "objective": "Exploitation of CVE-2025-20362 for unauthorized access", "confidence": 75, "external_references": [ { "source_name": "article", "url": "https://www.reddit.com/r/cybersecurity/comments/1ow73ik/cisco_asa_zerodays_under_active_exploitation_cisa/", "description": "Cisco ASA Zero-Days Under Active Exploitation — CISA Issues Emergency Directive (Over 50k device exposed)" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--ba170217-b331-4edc-b079-3faa3509b259", "created": "2025-11-14T15:31:34.983Z", "modified": "2025-11-14T15:31:34.983Z", "name": " British Health System Investigates Campaign", "description": "Campaign involving using British Health System Investigates", "first_seen": "2025-11-13T20:08:56.000Z", "last_seen": "2025-11-13T20:08:56.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://www.healthcareinfosecurity.com/uk-nhs-named-in-clop-gangs-exploits-oracle-zero-days-a-30030", "description": "UK NHS Named in Clop Gang's Exploits of Oracle Zero-Days" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--271adefc-3878-4c17-b3cc-b2b15daa46f3", "created": "2025-11-14T15:31:34.987Z", "modified": "2025-11-14T15:31:34.987Z", "name": " Non-Human Identities Campaign", "description": "Campaign involving using Non-Human Identities", "first_seen": "2025-11-13T22:00:00.000Z", "last_seen": "2025-11-13T22:00:00.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://entro.security/?p=18727", "description": "Stay Reassured with Consistent NHI Security Updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--d73d14e7-341b-4ef9-bd25-bf611f350bda", "created": "2025-11-14T15:31:34.988Z", "modified": "2025-11-14T15:31:34.988Z", "name": " Ransomware Campaign", "description": "Campaign involving using Ransomware", "first_seen": "2025-11-14T14:00:00.000Z", "last_seen": "2025-11-14T14:00:00.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://www.tenable.com/210522", "description": "Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--15af817c-fbfb-4b4f-8b5d-d93cc93912d4", "created": "2025-11-14T15:31:34.996Z", "modified": "2025-11-14T15:31:34.996Z", "name": " quantum computing Campaign", "description": "Campaign involving using quantum computing", "first_seen": "2025-11-13T17:14:36.000Z", "last_seen": "2025-11-13T17:14:36.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://securityboulevard.com/?p=2075811", "description": "Navigating Fraud in Customer Verification and Real-Time Payments" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--6e3b7569-e659-4451-9fc1-9f80410b1b05", "created": "2025-11-14T15:31:34.997Z", "modified": "2025-11-14T15:31:34.997Z", "name": " The New HPE Networking: Integration Complete At Campaign", "description": "Campaign involving using The New HPE Networking: Integration Complete At", "first_seen": "2025-11-13T18:09:27.000Z", "last_seen": "2025-11-13T18:09:27.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://securityboulevard.com/?p=2075786", "description": "HPE’s Post-Juniper Vision: AI-Driven Security at Enterprise Scale" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--32d44bff-43e9-4423-8ec3-b5b5dde06135", "created": "2025-11-14T15:31:34.997Z", "modified": "2025-11-14T15:31:34.997Z", "name": " Security Boulevard Campaign", "description": "Campaign involving using Security Boulevard", "first_seen": "2025-11-14T01:10:50.000Z", "last_seen": "2025-11-14T01:10:50.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://ssojet.com/blog/defining-self-sovereign-identity-in-authentication-systems", "description": "Defining Self-Sovereign Identity in Authentication Systems" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--04fe836d-0fcd-49da-abd3-90748eeef3a4", "created": "2025-11-14T15:31:35.003Z", "modified": "2025-11-14T15:31:35.003Z", "name": " ImunifyAV Campaign", "description": "Campaign involving using ImunifyAV", "first_seen": "2025-11-14T09:35:44.000Z", "last_seen": "2025-11-14T09:35:44.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://www.securityweek.com/?p=44296", "description": "Imunify360 Vulnerability Could Expose Millions of Sites to Hacking" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--0f72d34e-62d1-48c4-ac97-0bbc9a0fad4d", "created": "2025-11-14T15:31:35.003Z", "modified": "2025-11-14T15:31:35.003Z", "name": " Claude Code Campaign", "description": "Campaign involving using Claude Code", "first_seen": "2025-11-14T08:22:53.000Z", "last_seen": "2025-11-14T08:22:53.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://www.securityweek.com/?p=44293", "description": "Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--df6dfe38-a37c-40aa-b6bb-45956d8f35a5", "created": "2025-11-14T15:31:35.003Z", "modified": "2025-11-14T15:31:35.003Z", "name": " TechRepublic Campaign", "description": "Campaign involving using TechRepublic", "first_seen": "2025-11-14T14:16:36.000Z", "last_seen": "2025-11-14T14:16:36.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://www.techrepublic.com/?p=4336044", "description": "Anthropic: China-Based Hackers Used Claude to Automate Global Cyberattack" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--ada4fb0b-c841-4d00-97d0-e37e96685a10", "created": "2025-11-14T15:31:35.015Z", "modified": "2025-11-14T15:31:35.015Z", "name": " Modular Python Campaign", "description": "Campaign involving using Modular Python", "first_seen": "2025-11-14T09:07:06.000Z", "last_seen": "2025-11-14T09:07:06.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://www.reddit.com/r/cybersecurity/comments/1owrndn/looking_for_feedback_on_my_opensource_security/", "description": "Looking for Feedback on My Open-Source Security Toolkit (Hatiyar)" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--34721cf8-e00b-4cdc-a495-a6255d822fc7", "created": "2025-11-14T15:31:35.019Z", "modified": "2025-11-14T15:31:35.019Z", "name": " Stealer Campaign", "description": "Campaign involving using Stealer", "first_seen": "2025-11-14T07:00:02.000Z", "last_seen": "2025-11-14T07:00:02.000Z", "objective": "Malicious cyber operations", "confidence": 70, "external_references": [ { "source_name": "article", "url": "https://www.reddit.com/r/cybersecurity/comments/1owpoo4/quiz_29_is_out_socvel/", "description": "Quiz 29 is out (SocVel)" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--bf57b8e0-272d-4502-8ca2-651eb928f34a", "created": "2025-11-14T15:31:35.032Z", "modified": "2025-11-14T15:31:35.032Z", "name": "CVE-2025-64513 Exploitation Campaign", "description": "Coordinated exploitation activity targeting CVE-2025-64513", "first_seen": "2025-11-14T04:13:32.000Z", "last_seen": "2025-11-14T04:13:32.000Z", "objective": "Exploitation of CVE-2025-64513 for unauthorized access", "confidence": 75, "external_references": [ { "source_name": "article", "url": "https://www.reddit.com/r/netsec/comments/1owmope/milvus_proxy_authentication_bypass/", "description": "Milvus Proxy Authentication Bypass Vulnerability(CVE-2025-64513)" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "course-of-action", "spec_version": "2.1", "id": "course-of-action--3c471bc6-176e-49a5-be8b-b1200fff0308", "created": "2025-11-14T15:31:35.033Z", "modified": "2025-11-14T15:31:35.033Z", "name": "Mitigate CVE-2025-20333", "description": "Apply security updates and patches to address CVE-2025-20333", "action_type": "remediate", "external_references": [ { "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20333", "description": "NVD entry with patch information" }, { "source_name": "article", "url": "https://securityaffairs.com/?p=184615", "description": "Critical FortiWeb flaw under attack, allowing complete compromise" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "course-of-action", "spec_version": "2.1", "id": "course-of-action--f4bfab46-15ac-4d47-9b33-13c2ba939d23", "created": "2025-11-14T15:31:35.033Z", "modified": "2025-11-14T15:31:35.033Z", "name": "Mitigate CVE-2025-20362", "description": "Apply security updates and patches to address CVE-2025-20362", "action_type": "remediate", "external_references": [ { "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20362", "description": "NVD entry with patch information" }, { "source_name": "article", "url": "https://securityaffairs.com/?p=184615", "description": "Critical FortiWeb flaw under attack, allowing complete compromise" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "course-of-action", "spec_version": "2.1", "id": "course-of-action--290c2107-e708-4fc8-b4d0-a79cca71d206", "created": "2025-11-14T15:31:35.034Z", "modified": "2025-11-14T15:31:35.034Z", "name": "Mitigate CVE-2025-64513", "description": "Apply security updates and patches to address CVE-2025-64513", "action_type": "remediate", "external_references": [ { "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64513", "description": "NVD entry with patch information" }, { "source_name": "article", "url": "https://nsfocusglobal.com/?p=32759", "description": "Microsoft’s November Security Update of High-Risk Vulnerability Notice for Multiple Products" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fcdcef03-df38-4140-983b-8e690aa28fe1", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: the lazarus group uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e94262c7-9ffd-4590-84bc-f161f413909c", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: the lazarus group uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2dccab87-581a-40e2-8cd8-b27ca20db977", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 85, "description": "MITRE ATT&CK mapping: the lazarus group uses supply chain compromise (T1195)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e6bca03d-46bd-47ef-886f-86c93f3d515c", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: callisto/star blizzard/unc4057 uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3655248e-26c2-40e8-8516-52119cb2a5c2", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: callisto/star blizzard/unc4057 uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dfc9b8eb-b574-4f46-abe7-895316c1dca9", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: lulzsec uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f122c380-e243-41d9-ac0d-c07635e6465d", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: lulzsec uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--50236f36-1c2a-4cd1-8407-81bea3c3500d", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: charming kitten uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0002e05b-f650-4873-a216-dc2b0cff48ab", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: charming kitten uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bcbcebe9-a245-44d3-b04b-b42a0aeb33ea", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: lazarus uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1c8b0cb8-ea8b-43bf-ae83-9e67d7904422", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: lazarus uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1ec78bde-5b99-4955-a5f3-59c8a54639c5", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 85, "description": "MITRE ATT&CK mapping: lazarus uses supply chain compromise (T1195)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6368547f-30b0-4505-ab79-ff9ad82cc36e", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: scattered spider uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--579f4bec-099c-4e55-bd52-9705318ca0a8", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: scattered spider uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f706ef24-6cea-4a0b-b0ab-fd28120260ae", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: cl0p uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1e37ef3a-72e7-47bc-b2aa-03f03c5549d7", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: cl0p uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--123186e5-cc88-4682-b3c0-15bf63b66b13", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: shinyhunters uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dea2959d-8789-4f26-a6d9-733007ffcea5", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: shinyhunters uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ee8e09ae-9056-43e3-be29-548fa3f1b7eb", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--aed4bc51-33b0-4736-bcb7-17aea7c56aa9", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: qilin uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dea15208-c968-4edc-9383-6e15b2fe5486", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--aed4bc51-33b0-4736-bcb7-17aea7c56aa9", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: qilin uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b629de3f-8edb-44e8-99fc-64dc82825ae9", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--59aae272-74d1-4419-b6d7-48ca8d0af280", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: qilin group uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f23871ea-519d-4e8e-8632-ce8bf4569715", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--59aae272-74d1-4419-b6d7-48ca8d0af280", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: qilin group uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c87aedad-2526-4eb4-a8c7-430f5838539f", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: aleksei olegovich volkov uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0d2df0bc-0502-4255-a6b3-a654ec936649", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: aleksei olegovich volkov uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c07f739b-6d30-4de2-9bfd-55f3d3d6162e", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: chubaka.kor uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d8bf0365-4f88-480c-b5e9-5decd8757d5a", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: chubaka.kor uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--811d9e60-aee2-49e6-862c-48427b7e676f", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: dragonforce uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d145ca6f-e7c3-4686-b99c-d08102964b27", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: dragonforce uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d14742ac-b862-45a6-9539-de88b95baf41", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--3a7625ba-dd01-4c6a-aa2a-4e8c916b44bb", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 75, "description": "MITRE ATT&CK mapping: aleksey olegovich volkov uses command and scripting interpreter (T1059)", "x_validation_method": "mitre-mapper" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0971c82a-97c8-4d74-9458-03606fa924aa", "created": "2025-11-14T15:31:35.043Z", "modified": "2025-11-14T15:31:35.043Z", "relationship_type": "uses", "source_ref": "threat-actor--3a7625ba-dd01-4c6a-aa2a-4e8c916b44bb", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 75, "description": "MITRE ATT&CK mapping: aleksey olegovich volkov uses spearphishing attachment (T1566.001)", "x_validation_method": "mitre-mapper" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--8ac5f3f0-2b23-4317-8d1b-cbd25d6a807e", "value": "32.7.4.0" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--f7443ec2-77b1-446b-be22-1da6cb05b32d", "value": "forms.offic..." }, { "type": "url", "spec_version": "2.1", "id": "url--b4238ff9-1cd9-4a8d-9cc1-7f44c980adf5", "value": "https://forms.offic..." }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--781cd6fa-3bc1-4aa4-a719-c07572ed4cba", "value": "aliasrobotics.com" }, { "type": "url", "spec_version": "2.1", "id": "url--a59680f6-71b9-404d-9229-7d832658a340", "value": "https://aliasrobotics.com/research-security..." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9601624a-c125-4eab-8b62-5d0cac30ab57", "created": "2025-11-14T15:30:56.804Z", "modified": "2025-11-14T15:30:56.804Z", "name": "Malicious ipv4-addr indicator", "description": "Malicious ipv4-addr identified in threat intelligence", "pattern": "[ipv4-addr:value = '32.7.4.0']", "pattern_type": "stix", "valid_from": "2025-11-14T15:30:56.804Z", "labels": [ "malicious-activity" ], "confidence": 95 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5aac9728-c9af-4231-8232-ff9df52aa30f", "created": "2025-11-14T15:30:56.804Z", "modified": "2025-11-14T15:30:56.804Z", "relationship_type": "based-on", "source_ref": "indicator--9601624a-c125-4eab-8b62-5d0cac30ab57", "target_ref": "ipv4-addr--8ac5f3f0-2b23-4317-8d1b-cbd25d6a807e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a6a08bc-02ab-425d-a220-f66bb8b2895f", "created": "2025-11-14T15:31:35.044Z", "modified": "2025-11-14T15:31:35.044Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--79785aec-b79d-4b48-9193-077cbe55287a", "target_ref": "course-of-action--f4bfab46-15ac-4d47-9b33-13c2ba939d23", "description": "CVE-2025-20362 is mitigated by Mitigate CVE-2025-20362" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c0b509c9-3a3c-4e44-807a-0ee7d753f84e", "created": "2025-11-14T15:31:35.044Z", "modified": "2025-11-14T15:31:35.044Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--2f7ef566-4326-458e-9b8a-95c512973aea", "target_ref": "course-of-action--3c471bc6-176e-49a5-be8b-b1200fff0308", "description": "CVE-2025-20333 is mitigated by Mitigate CVE-2025-20333" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f5d1b277-387f-44b7-9fe8-1ba6984a31da", "created": "2025-11-14T15:31:35.044Z", "modified": "2025-11-14T15:31:35.044Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--36ae9a74-34ed-4152-b416-4212375a9d4d", "target_ref": "course-of-action--290c2107-e708-4fc8-b4d0-a79cca71d206", "description": "CVE-2025-64513 is mitigated by Mitigate CVE-2025-64513" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b02410fa-e866-4f65-9084-58bd2edef133", "created": "2025-11-14T15:31:35.044Z", "modified": "2025-11-14T15:31:35.044Z", "relationship_type": "targets", "source_ref": "campaign--a9ed08c9-1dd3-41c0-b0f2-9b3a836f7142", "target_ref": "vulnerability--2f7ef566-4326-458e-9b8a-95c512973aea", "description": "CVE-2025-20333 Exploitation Campaign targets CVE-2025-20333" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8520469b-b147-4c03-bf88-40293ec0366e", "created": "2025-11-14T15:31:35.044Z", "modified": "2025-11-14T15:31:35.044Z", "relationship_type": "targets", "source_ref": "campaign--a0b423e4-aa60-49ef-8670-8014171b8dbe", "target_ref": "vulnerability--79785aec-b79d-4b48-9193-077cbe55287a", "description": "CVE-2025-20362 Exploitation Campaign targets CVE-2025-20362" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f5975e3-029d-46de-8643-c00353d33409", "created": "2025-11-14T15:31:35.044Z", "modified": "2025-11-14T15:31:35.044Z", "relationship_type": "targets", "source_ref": "campaign--bf57b8e0-272d-4502-8ca2-651eb928f34a", "target_ref": "vulnerability--36ae9a74-34ed-4152-b416-4212375a9d4d", "description": "CVE-2025-64513 Exploitation Campaign targets CVE-2025-64513" } ] }

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

Industry Watch

CyberSecurity Latest Rundown

CRITICAL ITEMS

HIGH SEVERITY ITEMS

EXECUTIVE INSIGHTS

VENDOR SPOTLIGHT

DETECTION & RESPONSE KIT

Cookie Notice

STIX 2.1 Threat Intelligence Bundle

If you like MikeGPT CyberSecurity Newsletter, spread the word.