Cybersecurity Latest Rundown

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

SOX: 14 HIPAA: 4 FISMA: 2 PCI DSS: 2 General Enterprise: 2 SOC 2: 1

Industry Watch

U.S. Federal Agencies (FISMA) QUIET

Below average activity (0.1x baseline)

EU Critical Infrastructure (NIS2) QUIET

Below average activity (0.1x baseline)

Financial Services (Payment Processing) (PCI DSS) QUIET

Below average activity (0.3x baseline)

Technology Service Providers (SOC 2) QUIET

Below average activity (0.1x baseline)

Healthcare (HIPAA) QUIET

Below average activity (0.1x baseline)

CyberSecurity Latest Rundown

Heroes, late breaking critical news. Here's a detailed look at the current cybersecurity landscape for November 25, 2025.

CRITICAL ITEMS

Critical Flaw in Oracle Identity Manager Under Exploitation
Date & Time: 2025-11-24T21:39:50

Active exploitation of a critical vulnerability in Oracle Identity Manager has been confirmed, following a breach of Oracle Cloud earlier this year. This flaw is currently being leveraged in an extortion campaign targeting Oracle E-Business Suite customers.

Business impact

Organizations relying on Oracle Identity Manager face immediate risk of unauthorized access, identity theft, and potential extortion, threatening the integrity of enterprise identity governance and compliance posture.

Recommended action

Verify patch status for Oracle Identity Manager immediately and review logs for anomalous access patterns associated with CVE-2025-61757. Isolate affected instances if patching is not immediate.

CVE: CVE-2025-61757 | Compliance: General Enterprise | Source: Dark Reading ↗
Shai-Hulud Worm Returns: 500+ npm Packages Infected
Date & Time: 2025-11-24T22:45:47

A self-replicating worm dubbed "Shai-Hulud" has injected malicious code into nearly 500 npm software packages, exposing over 26,000 GitHub repositories. This supply-chain attack is automated and more potent than previous iterations, targeting the open-source ecosystem.

Business impact

Development teams using affected npm packages may inadvertently introduce backdoors into their applications, leading to data exfiltration or complete system compromise across the software supply chain.

Recommended action

Audit all npm dependencies immediately using software composition analysis (SCA) tools. Block the installation of unverified packages and monitor CI/CD pipelines for unauthorized outbound connections.

CVE: n/a | Compliance: SOX, FISMA | Source: CyberScoop ↗
Update Firefox to Patch Critical Wasm Vulnerability
Date & Time: 2025-11-25T12:45:44

A critical memory flaw in Firefox's WebAssembly (Wasm) implementation has been revealed, putting 180 million users at risk of remote code execution. The vulnerability has existed for six months and allows attackers to execute arbitrary code via crafted web content.

Business impact

Employees using unpatched Firefox browsers are high-risk entry points for attackers, potentially allowing initial access to corporate networks via drive-by downloads or malicious sites.

Recommended action

Enforce an immediate update to the latest version of Firefox across all enterprise endpoints. Consider temporarily disabling Wasm if patching is delayed.

CVE: CVE-2025-13016 | Compliance: SOX | Source: Hackread ↗
Scattered LAPSUS$ Hunters Claim Salesforce Supply-Chain Attack
Date & Time: 2025-11-24T10:51:00

The threat group "Scattered LAPSUS$ Hunters" has claimed responsibility for a supply-chain attack involving Gainsight, a platform integrated with Salesforce. This highlights the persistent risk of third-party integrations serving as vectors for major platform breaches.

Business impact

Compromise of Salesforce-integrated platforms can lead to massive customer data leaks (CRM data), impacting revenue and triggering severe regulatory penalties under GDPR and CCPA.

Recommended action

Review all third-party Salesforce integrations, specifically Gainsight connections. Rotate API keys and enforce strict least-privilege access for connected apps.

CVE: n/a | Compliance: HIPAA, PCI DSS | Source: Check Point Research ↗

HIGH SEVERITY ITEMS

WormGPT 4 and KawaiiGPT: New Dark LLMs Automate Cybercrime
Date & Time: 2025-11-25T13:35:19

Palo Alto Networks has analyzed new malicious Large Language Models (LLMs), WormGPT 4 and KawaiiGPT, designed to assist threat actors in automating phishing, malware development, and reconnaissance. These tools lower the barrier to entry for sophisticated attacks.

Business impact

Security teams should expect an increase in highly convincing phishing campaigns and rapidly iterated malware variants, potentially overwhelming standard detection capabilities.

Recommended action

Enhance email security filters to detect AI-generated phrasing and conduct user awareness training focused on sophisticated social engineering.

CVE: n/a | Compliance: HIPAA, SOX | Source: SecurityWeek ↗
ClickFix Attack Uses Fake Windows Update to Push Malware
Date & Time: 2025-11-25T07:21:51

A new social engineering campaign named "ClickFix" tricks users with a realistic full-screen fake Windows Update animation. The attack convinces users to copy and paste malicious code directly into the Windows Command Prompt.

Business impact

This technique bypasses traditional file-based scanning by relying on user execution of commands, leading to immediate endpoint compromise and potential ransomware deployment.

Recommended action

Alert employees about this specific "fake update" tactic. Restrict the ability to paste scripts into PowerShell/Command Prompt via group policy where feasible.

CVE: n/a | Compliance: General Enterprise | Source: Lifeboat ↗
Is Your Android TV Streaming Box Part of a Botnet?
Date & Time: 2025-11-24T18:44:52

Cheap streaming devices like "Superbox" sold at major retailers are being sold with pre-loaded malware, forming a massive botnet. These devices often reside on home networks that connect to corporate resources via VPN.

Business impact

Compromised devices on employee home networks pose a lateral movement risk to corporate networks, especially for remote workers using split-tunneling or weak VPN configurations.

Recommended action

Advise remote employees against using unverified streaming boxes on work networks. Scan for unauthorized devices on corporate guest networks.

CVE: n/a | Compliance: PCI DSS, SOX | Source: KrebsOnSecurity ↗

🔵 LOW SEVERITY ITEMS

Deanonymizing Device Identities Via Side-Channel Attacks
Date & Time: 2025-11-24T20:00:00

Researchers at NDSS 2025 presented methods to deanonymize IoT device identities using side-channel attacks in exclusive-use environments. This research highlights privacy risks in smart infrastructure.

CVE: n/a | Compliance: SOX, GDPR | Source: Security Boulevard ↗

EXECUTIVE INSIGHTS

Society Bears A Huge Cybercrime Burden: $10.5 Trillion Forecast
Date & Time: 2025-11-25T13:35:45

The annual cost of cybercrime is projected to hit $10.5 trillion in 2025. This staggering figure underscores the strategic necessity of cybersecurity investment not just as insurance, but as a fundamental requirement for economic stability.

Source: Cybersecurity Ventures ↗

VENDOR SPOTLIGHT

Spotlight Rationale: With WormGPT 4 automating attacks and Oracle Identity Manager under active exploitation, the convergence of AI and Identity security is paramount.

Threat Context: WormGPT 4 and KawaiiGPT

Platform Focus: SentinelOne Singularity / Wayfinder

SentinelOne's newly introduced Wayfinder capability addresses the exact intersection of today's critical threats: Identity and AI. As threat actors leverage tools like WormGPT to automate reconnaissance and attacks, Wayfinder correlates signals across endpoint, identity, and cloud to detect these complex, automated TTPs that traditional antivirus misses. It specifically targets the "relentless pressure" of AI-generated signals.

Actionable Platform Guidance: Enable Wayfinder's identity signal correlation to detect anomalous credential usage that may indicate an AI-driven brute force or token theft attempt. Configure alerts for "Identity" and "AI" signal categories in the Singularity console.

Source: SentinelOne ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - SentinelOne Wayfinder

# Conceptual Configuration for SentinelOne Wayfinder / Singularity
# Goal: Enhance detection for Identity and AI-driven anomalies

1. Navigate to "Sentinels" > "Policy" in the Management Console.
2. Under "Threat Protection", ensure "Identity" engine is set to "Protect".
3. In "Deep Visibility" (Star), create a new Star Rule for AI-tool behaviors:
Query: ProcessName In ("python", "powershell") AND CmdLine Contains ("openai", "gpt", "api_key")
4. Enable "Wayfinder" correlation (if available in beta/GA) to link Endpoint and Identity alerts.
5. Verify: Simulate a suspicious identity access attempt and check "Incidents" for correlated alerts.

2. YARA Rule for ClickFix / Fake Update HTML

rule ClickFix_Fake_Update_Page {
meta:
description = "Detects HTML/JS artifacts associated with ClickFix fake Windows Update pages"
author = "Threat Rundown"
date = "2025-11-25"
reference = "https://lifeboat.com/blog/2025/11/clickfix-attack-uses-fake-windows-update-screen-to-push-malware"
severity = "medium"
tlp = "white"
strings:
$s1 = "Windows Update" ascii wide
$s2 = "powershell" ascii wide
$s3 = "ms-action" ascii wide
$s4 = "clipboard.writeText" ascii wide
$h1 = { 3C 21 44 4F 43 54 59 50 45 20 68 74 6D 6C 3E }
condition:
$h1 and ($s1 and $s2 and $s4) or ($s1 and $s3)
}

3. SIEM Query — Oracle Identity Manager Exploitation (CVE-2025-61757)

index=web_logs sourcetype="oracle:access" OR sourcetype="apache:access"
uri_path="*/iam/console/*" OR uri_path="*/identity/*"
status=200 OR status=500
| eval risk_score=case(
match(user_agent, "(?i)(curl|wget|python|scanner)"), 80,
method="POST" AND len(request_body) > 5000, 60,
1==1, 0)
| where risk_score >= 60
| table _time, src_ip, uri_path, method, user_agent, risk_score
| sort -_time

4. PowerShell Script — Scan for Superbox/Android TV Botnet (Port 5555)

$networkSegment = "192.168.1."
1..254 | ForEach-Object {
$ip = "$networkSegment$_"
$port = 5555 # ADB Port commonly exposed by Android TV boxes
$connection = Test-NetConnection -ComputerName $ip -Port $port -WarningAction SilentlyContinue
if ($connection.TcpTestSucceeded) {
Write-Host "⚠️ SUSPICIOUS: Device at $ip has ADB (Port 5555) open. Investigate for Android TV Botnet." -ForegroundColor Red
}
}

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "type": "bundle", "id": "bundle--1a8cd75c-390b-443b-9e21-40cc097455a7", "objects": [ { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "created": "2022-10-01T00:00:00.000Z", "definition_type": "tlp:2.0", "name": "TLP:CLEAR", "definition": { "tlp": "clear" } }, { "type": "identity", "spec_version": "2.1", "id": "identity--b98c6f70-158a-48c4-a6c5-a45e8f218e91", "created": "2025-11-26T06:49:26.332Z", "modified": "2025-11-26T06:49:26.332Z", "name": "MikeGPT Intelligence Platform", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "identity_class": "organization", "sectors": [ "technology", "defense" ], "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "report", "spec_version": "2.1", "id": "report--35cc8113-80a8-477a-875e-114ec15c0597", "created": "2025-11-26T06:49:26.332Z", "modified": "2025-11-26T06:49:26.332Z", "name": "Threat Intelligence Report - 2025-11-26", "description": "Threat Intelligence Report - 2025-11-26\n\nThis report consolidates actionable cybersecurity intelligence from 92 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• Underground AI models promise to be hackers ‘cyber pentesting waifu’ (Score: 100)\n• ZDI-25-1021: Siemens SINEC NMS getTotalAndFilterCounts SQL Injection Privilege Escalation Vulnerabil (Score: 100)\n• ZDI-25-1022: Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vu (Score: 100)\n• VU#521113: Forge JavaScript library impacted by a vulnerability in signature verification. (Score: 100)\n• Telecommunications Network Security: Defending Against Nation State APTs with Unified AI Defense (Score: 100)\n\nEXTRACTED ENTITIES:\n• 25 Attack Pattern(s)\n• 40 Domain Name(s)\n• 39 Indicator(s)\n• 2 Malware(s)\n• 1 Marking Definition(s)\n• 114 Relationship(s)\n• 6 Tool(s)\n• 3 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "published": "2025-11-26T06:49:26.332Z", "object_refs": [ "identity--b98c6f70-158a-48c4-a6c5-a45e8f218e91", "identity--fd1e3790-7e3a-48a3-8684-16f17330c96f", "tool--d11c3b68-4deb-4cd3-894e-bfba4dd9c451", "identity--947592b5-3d6c-4398-8ca6-4a013fb1e7c5", "tool--cc7845ad-a4d9-4f54-aacf-7e100c2892b1", "tool--ebe130cd-85cb-4578-9002-91914990eb3d", "vulnerability--4b7fff2a-ceec-4598-b5b8-b1bbf685a81b", "identity--6841df40-efe3-4f12-aac4-ad6f2e05dc33", "identity--e97f2242-84cc-44b6-a508-d2395ad65d0b", "identity--fb71fbb9-5f3e-4d55-a8df-34b0b1e4f952", "identity--8fbcee23-b20d-48f8-a8a8-a518b2e9d520", "identity--1634d673-de98-4a8d-95b2-1b934d3d13bd", "identity--161fc746-cd49-4615-ab48-81a93a1b16b4", "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "identity--e39797db-42ac-4ba7-81cc-8a33c4e886ad", "identity--2aed52ee-705e-4ab5-959a-c4ed230ccbbb", "tool--83bfa7e8-f4a9-4d1d-9d48-f3498961665e", "identity--120bd543-dc51-460d-92cf-8063d7d942ab", "identity--4426dba0-b87b-41c1-958b-cc3982c992b4", "identity--c5a4a488-0f6e-4747-a3ca-c02ad0b7e598", "identity--d48d0179-a8bc-4c9e-89ef-4347fcbce1fa", "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "identity--4374f8b0-7844-4bff-9a66-92d49d3e0b15", "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "vulnerability--dec98ca2-78de-4286-96b6-4f0d7769f756", "vulnerability--46f7620b-9df6-48d2-894a-e20129da2323", "tool--0b0c593a-aa6f-41d0-b8c7-7d6dd57f057e", "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "attack-pattern--09674268-0992-4612-b535-242c63cbaed9", "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "attack-pattern--fcb3d170-b982-4921-8a85-e3d46829554e", "attack-pattern--92b3199d-f7ae-4a4b-8699-1d01a6761923", "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "relationship--bdee8e19-9786-44c4-9dee-bc0b1fce2a7f", "relationship--bdee3597-af1f-4a14-b28d-b82c009cefcd", "relationship--ff282f1d-d3d1-4851-a9df-ee16ba3df6fb", "relationship--28733ac2-e6f5-4717-9143-d21dc8d67471", "relationship--54a8c5e9-9837-441a-9ac4-ef575653db79", "relationship--11747b8f-01fc-40ad-8f64-162e923dce1d", "relationship--aa91d78f-2cb0-4da8-906a-f6d17ef39795", "relationship--12aeff96-39c0-4e69-b967-1e746b10ff43", "relationship--0ef1bfc0-c1cd-4c24-a279-ebc115de5fc4", "relationship--cbc8f47b-041d-45c7-90f5-3249ef4aaaa7", "relationship--9938756e-6484-40bc-a5d4-7e7c8c3014fa", "relationship--7daf34fa-3463-45be-b795-fb2c92be83c6", "relationship--bfad0b2e-6f58-4110-8a44-3818869f3209", "relationship--edb2e724-8a51-4585-9595-1fe4ad460044", "relationship--258a4e04-5010-4e21-8f57-e40e0fc17e7f", "relationship--467781f4-757d-4805-a187-4f814d87b128", "relationship--211c77a3-df97-4ad8-ae7d-f5a1d8cd9543", "relationship--530c4fbc-c8dd-4f31-ad3e-bff81d8f6306", "relationship--44ade4c7-828c-41f5-b0c2-f17f065b2d32", "relationship--025f6536-bac9-4e0c-a745-e3bb8521c216", "relationship--16be7ebd-95a5-41dc-9136-b6b56f283846", "relationship--0d4fc947-497c-47a5-9338-03634da123af", "relationship--8c8caf7a-df08-4ce1-8628-a5ddb04af8c6", "relationship--1f3e905e-c5ff-4139-992f-c91a1a7bc258", "relationship--3b6fd12e-ea71-48ad-9b07-8b0f38d2f4c0", "relationship--24d7af05-669f-4491-bc15-c12d49c804c3", "relationship--dcd466d3-4793-4273-be7f-6244e7251075", "relationship--0dcd5531-de32-4036-9870-090f36c9330c", "relationship--f856f4aa-d937-4f12-8324-7ec961a57902", "relationship--1b90dd91-6e3c-4b5a-9589-25fd8d7b3c58", "relationship--bf522b0f-4aa5-4d3f-9cc4-371e222fb35c", "relationship--d5f3ddd0-613d-4bca-9488-85b2c0694a9c", "relationship--6ae8347c-7d3b-44a1-bb99-52380389a096", "relationship--a53a1f0f-c111-40d6-925b-1c06dd0c73f9", "relationship--26bf10ea-86d2-4924-94db-f99c3f5d176c", "relationship--072c8793-1792-4e79-a538-d5f4794be9ec", "relationship--afa71f88-df9e-422c-99c3-8a6ac639bc3a", "relationship--3c0623df-b498-4e86-8b49-fee48160ef22", "relationship--e4837cb6-6203-484f-9b14-b9d812f1edc9", "relationship--842ba805-7c12-4ca4-a1fd-c336767c5858", "relationship--a6b36fa9-3b28-4c9f-876c-46bbc4280f90", "relationship--46dc0ae1-b7a3-4bc1-82eb-00e710ae433e", "relationship--c0bbe249-f4ca-40c9-bad6-90faa7dc76b8", "relationship--eed5d667-694e-4b02-9612-82ce8b8e6cad", "relationship--ddd8d646-1fc9-4792-9f9d-5f97f22b7185", "relationship--434ffa00-a9c8-4706-965b-d5704f05218d", "relationship--23423ed3-a9ee-48e0-9152-d17fe39cde62", "relationship--1fb61a8c-5c75-45a1-b490-17695d223c12", "relationship--76573fa4-592d-4d07-bdf3-9cfa2ef8390d", "relationship--6f7f83da-8541-44bd-abb1-5c7dbbd1d440", "relationship--9f0254d6-2988-45b8-ae2e-c1f4984896d5", "relationship--75ecdcfa-a149-4c4a-a91a-13836c9b9ac3", "relationship--5f3869b2-e7e7-49e1-ae62-6971fee90bc6", "relationship--24142cef-be2d-4a2a-8611-f2cf32aa7c80", "relationship--1d2f23cc-44a0-49a0-9606-b0de12b081f7", "relationship--7f525a72-0d66-4d6d-9ace-efb67e223451", "relationship--66e4c3a7-d9e1-4e2f-8486-b29acc285b96", "relationship--ff472505-a7d5-430e-9ce9-3df76c133ff9", "relationship--b3aac657-c070-4293-b061-f7506301928f", "relationship--12b1c4d5-4989-4116-839d-9ccb6d8759f8", "relationship--6bb2820f-f994-4fb0-a3c3-eb200508429a", "relationship--ef2b4d73-cb13-447e-a144-56d6c72062d9", "relationship--1a02858d-b192-4416-b165-9c8ad17e2e6e", "relationship--3d33c955-3ff7-478e-a902-6175b3377a11", "relationship--38591996-bf4f-4816-9f4e-1c1cf67a439e", "relationship--29185b40-b44c-4230-a6ba-991338d92c5c", "relationship--f1a0515a-a754-4683-9815-06edcb0883f0", "relationship--55949615-fe98-4103-b9cb-d3d1fa0218d6", "relationship--6587661c-c574-434e-843a-84eeb7bd2878", "relationship--ab12246d-c5a5-4d87-b488-4ccdbe027671", "relationship--30c338d8-c915-4c31-9348-4577f091f90f", "relationship--6676f2f3-0f32-4f9d-b1ee-f24ca8da0a73", "relationship--b25a756d-a73a-4187-b641-69e8d110f374", "relationship--d10c6a93-9848-4c15-a7f6-33690349a066", "relationship--aa837e58-adde-4120-b4f8-a49c6c7382d6", "domain-name--d250c5ce-4bca-4a38-9b82-9b01ba53179a", "domain-name--f58bb6f9-c153-4007-baa4-d243b35e78d3", "domain-name--9b2ab937-8bea-4df8-9659-7b3b8365bf09", "domain-name--b6e2fba0-9b97-4df9-8686-5b405ecda0ac", "domain-name--13e7b4e6-07b4-40b1-8aba-5a1ae0390391", "domain-name--8e5a7e88-1ddc-4f43-9bb6-2e86169e6a51", "domain-name--5e6a9298-7846-4ff6-b35d-7d471c073333", "domain-name--16d658f7-7ec1-4f26-ae44-2d033ef82d42", "domain-name--2c4f712c-4349-4b78-aef9-c963bb0f6e7e", "domain-name--63678a7a-ae64-48d2-8655-54c840590f80", "domain-name--fabab52b-1fc0-4379-9abc-f855d4d60fca", "domain-name--fb44906d-4e9d-4af7-8009-97cfa555eec3", "domain-name--49250d7e-396a-4a20-bb77-1277274d8e5c", "domain-name--9d19b2fe-0f65-4662-a0b0-cf353536d0d0", "domain-name--25292b6c-e5eb-41e4-a5e9-81ba5ab2e461", "domain-name--e2051d77-eb6a-4592-a583-1247bf22e34b", "domain-name--2744a79a-9480-441b-9445-a833aa93755b", "domain-name--ab53f1a3-4bff-4d6e-8555-85a44ea1a2c9", "domain-name--ae77cb49-9611-47df-9322-653bb47f3493", "domain-name--8c527ae3-b268-436c-a5fb-561fa6200a52", "domain-name--d2e9dea8-22c1-4e4e-bf48-bd49b0949a9f", "domain-name--218db191-bc5d-4bfc-9d1c-6399e8c73f43", "domain-name--3dbed544-d270-443c-8433-f748076ee181", "domain-name--04c67819-8859-4550-b389-04d29048281d", "domain-name--8825cbeb-9781-4047-a911-b8c856e46afe", "domain-name--079327bd-23d7-4d0f-8612-f537d85d855a", "domain-name--bd177cb9-f9b8-4dbe-958a-cd6f6194db64", "domain-name--0c5c3bc9-b0ae-4123-836a-f7b09c806879", "domain-name--b8200bf6-a833-4d73-bdcb-b1763d4cacb3", "domain-name--34fd5a90-c436-4c63-a099-e6f6cea1f998", "domain-name--beb374da-156d-4190-9507-d3dcc0ed5e5f", "domain-name--2d6486b7-27f0-430c-a891-d398b25c5070", "domain-name--9d6f4ea9-7b50-4498-b838-1b90476da8af", "domain-name--a1cf25b8-fd06-4a94-a86f-ff744b41ad67", "domain-name--2d7adc56-440c-425b-a2c7-7dbbbc74b38d", "domain-name--36cc80aa-a19e-4705-bc4b-d4bd54804359", "domain-name--35781def-518d-4a4f-9b27-fdd70cc2103e", "domain-name--3f3214d3-eb7c-4506-bfcd-0d54925a1e37", "domain-name--f20139a0-7db4-470f-a129-c7e7feaff1f6", "domain-name--72ea3cf7-17cc-4a11-8c71-394b8c0f66e9", "indicator--5048367b-4e83-4da9-8247-d8039f79e3de", "relationship--fbba6ed9-5d2c-4322-8fa5-2813b5fd4bd3", "indicator--d16943ec-bc9e-4e7d-b5b2-89bd13b66ddf", "relationship--1cddb83d-fe9f-4d6e-af8c-8f3356862ad0", "indicator--ed1e5af6-f331-4d35-8432-16cb04b508b5", "relationship--f35ab99c-1ead-46f3-a519-4b3d93a33bd9", "indicator--a12833b1-0ccc-4575-a8d5-9375af533cbc", "relationship--d62f86c6-432c-4cd5-b699-847fb8be5afb", "indicator--22377bc7-8510-4abf-9f9e-81344d537658", "relationship--7c5b6c5f-c030-42ee-9e2b-c4e91afae1ca", "indicator--8ffd907a-3bea-4dfd-9dd5-efe2124a8066", "relationship--171019be-5eaa-4c78-ba08-b93d4841ba7c", "indicator--d59a4946-b7f6-4741-a94c-c595fd0c198e", "relationship--6a2fb8d7-8b31-476f-aa54-3df5f333cb6d", "indicator--8f14b465-70b6-476c-af3f-a19f25a2973b", "relationship--24949283-6c96-4f08-81a6-bc589eb7673d", "indicator--0339f187-e1de-4e4b-867d-2ffd12eb37f0", "relationship--4669b48c-cd16-449c-9cbe-e09a1d125774", "indicator--ed658ee6-54aa-4d2e-88f2-ec6d430668fc", "relationship--03e4e8ea-36e3-49ed-91f4-9754398779a9", "indicator--3a2ec93f-fda0-4fe1-adc1-2700fe4372f6", "relationship--888e5c5f-cac0-469c-a780-f035f5e624bb", "indicator--44795976-5cb3-49b7-8d44-51401b9eeb9a", "relationship--9f23083b-b1e0-4741-b2f3-fdc0e65dc777", "indicator--6edc8742-8bc9-4e28-9465-525aebabc9a3", "relationship--9741393a-9e86-4301-8576-d6bcc2f00d36", "indicator--96ebc16f-1fa8-46e9-bb12-34d56cce8a04", "relationship--c8952afd-1566-4979-8b82-ef17073257da", "indicator--51bbebf4-62f5-422c-a47a-fc6af8ed520f", "relationship--9561dfd2-44f7-434c-9452-8cede2e37418", "indicator--c255cb0f-cda3-48a8-8965-470b83163079", "relationship--374d3687-cdd5-4966-9a08-60d9c473bf4e", "indicator--33723601-d428-4377-aaf9-4b58064af95e", "relationship--789ae9f6-adfb-4924-9a0b-b8f1680a221f", "indicator--5fdca7e1-611d-401b-9aa7-970b8dfdc841", "relationship--4819636b-c004-411c-99b0-fecfbbc39dc7", "indicator--8e06d96d-0a07-48bc-96ff-d2a8423ef1ef", "relationship--a161685b-43a4-4bbb-a5b1-fce631a4ff8d", "indicator--e3163034-3d48-4148-add1-b72fef348d29", "relationship--b72b7a02-c204-499e-9860-cbf5005c8391", "indicator--a87b03c2-5206-4c6b-a560-bfa7212792c5", "relationship--dba0faea-0d94-423b-a558-dc1af5935fd2", "indicator--260646b2-a638-4a73-a6a6-c01be486b36b", "relationship--ae87b3c8-e86d-433c-b044-fbb05dcb73f9", "indicator--18a2436d-1cda-497e-8fe1-ed3d2f16a83b", "relationship--b35abff1-9c56-442d-9983-133a3e1d7e5f", "indicator--e92688c4-b3b6-4c01-88d9-2fa20d196626", "relationship--718fb67f-ab91-4fff-83db-92c422b96fd8", "indicator--3f83e6ca-4855-47f7-a7fe-0a293c64d72f", "relationship--6435c038-e53e-4be4-9f70-09172548ee51", "indicator--ec1ffbcb-898c-4ac9-95b6-0c6d44ca0d27", "relationship--6c40d0f7-af3e-47eb-a970-10791f701538", "indicator--fae6abc4-f5f6-4e5e-87d2-65666b1836b1", "relationship--e4812718-7314-4433-bc40-38c53799a341", "indicator--be3b3d23-83b0-44bf-b646-c62c613a53da", "relationship--6911cd5a-c5d4-456c-ac3c-558c21e3ada1", "indicator--b605602a-ecf6-4091-b243-b61c97be3300", "relationship--4a23c8a2-3da5-4516-be18-f463ba8d4a3c", "indicator--fa55ac19-f949-4c55-8a40-ef53333e1f4e", "relationship--d0ab59fa-7dc2-4c1e-bac5-656155becdb4", "indicator--0da77d9c-3daa-4e0e-8d66-2546e6b87f90", "relationship--92c872e4-d65e-4a03-9f36-c76e5f1ff473", "indicator--03427632-8b71-4940-84fa-da0d1abdc813", "relationship--bcf6f227-eca6-4e40-8847-c65e476c7303", "indicator--e38a54bd-e447-4015-8aa8-b71bff409106", "relationship--88b583cb-6c00-463a-9bdd-200c2ce0eb9c", "indicator--84ab9d52-3898-4ea0-8f24-bdd26680c058", "relationship--6eeed0be-83dc-4814-9b57-76f8182e4515", "indicator--aefae2ce-33a2-41e9-be63-574802ff198b", "relationship--45bf1d19-bee0-44d5-b6f1-9ec139f1e14c", "indicator--b318de66-a103-4dda-86a1-bcf984d3ab99", "relationship--bdd66df7-c8f4-44ba-a775-820c6176e95a", "indicator--9bc07b5d-1960-4264-94a5-16a50176b898", "relationship--f9cbda7f-24bd-447e-bdcf-c31014e8280d", "indicator--0e847d2e-930e-4787-9d68-d1b55ba1f627", "relationship--4a75c33d-8845-4cf9-b0e4-876149c28512", "indicator--eecd95f1-0d8e-4b0d-8587-a9f2625eb2b1", "relationship--7e94061d-b2cd-4f63-a795-4a300f31bc0b" ], "labels": [ "threat-report", "threat-intelligence" ], "created_by_ref": "identity--b98c6f70-158a-48c4-a6c5-a45e8f218e91", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--fd1e3790-7e3a-48a3-8684-16f17330c96f", "name": "Palo Alto Networks", "identity_class": "organization", "labels": [ "identity" ], "description": "Palo Alto Networks is a cybersecurity company that provides network security solutions to prevent and detect cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "tool", "id": "tool--d11c3b68-4deb-4cd3-894e-bfba4dd9c451", "name": "Siemens SINEC NMS", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Siemens SINEC NMS is a network management system used for monitoring and controlling industrial automation networks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--947592b5-3d6c-4398-8ca6-4a013fb1e7c5", "name": "Deciso OPNsense", "identity_class": "unknown", "labels": [ "identity" ], "description": "Deciso OPNsense is a free and open-source firewall and network security platform.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "tool", "id": "tool--cc7845ad-a4d9-4f54-aacf-7e100c2892b1", "name": "Message Authentication Code", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Message Authentication Code (MAC) is a cryptographic technique used to verify the authenticity of a message. In the context of the provided vulnerability, a crafted manipulation of ASN.1 structures, particularly in fields such as MAC data, allows signature verification to be bypassed, potentially leading to security breaches.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "tool", "id": "tool--ebe130cd-85cb-4578-9002-91914990eb3d", "name": "Arista NG Firewall", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Arista NG Firewall is a network security and threat prevention solution that provides advanced firewall capabilities and threat detection for secure network infrastructure.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--4b7fff2a-ceec-4598-b5b8-b1bbf685a81b", "name": "CVE-2025-13016", "description": "Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.. CVSS Score: 7.5 (HIGH). EPSS: 0.1% exploitation probability", "x_cvss_score": 7.5, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.00054, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-13016", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016" }, { "source_name": "nvd", "external_id": "CVE-2025-13016", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13016" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--6841df40-efe3-4f12-aac4-ad6f2e05dc33", "name": "Gainsight", "identity_class": "unknown", "labels": [ "identity" ], "description": "Gainsight is a customer success software company that provides a platform for businesses to manage customer relationships and data. In the context of the given text, Gainsight's systems were breached, leading to a potential spread of the intrusion to other third-party applications.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--e97f2242-84cc-44b6-a508-d2395ad65d0b", "name": "American Enterprise Institute", "identity_class": "organization", "labels": [ "organization" ], "description": "The American Enterprise Institute (AEI) is a public policy think tank based in Washington, D.C. that focuses on research and analysis of various policy areas, including national security and cybersecurity.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--fb71fbb9-5f3e-4d55-a8df-34b0b1e4f952", "name": "Greynoise", "identity_class": "unknown", "labels": [ "identity" ], "description": "Greynoise is a cybersecurity company that provides threat intelligence and monitoring services to help detect and mitigate botnet activity.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--8fbcee23-b20d-48f8-a8a8-a518b2e9d520", "name": "Chinese Academy of Sciences", "identity_class": "organization", "labels": [ "organization" ], "description": "The Chinese Academy of Sciences is a national academy for the natural sciences of the People's Republic of China. It is the world's largest research organization, comprising many research institutes, and is a major player in the Chinese science and technology system. In the context of cybersecurity, researchers from the Chinese Academy of Sciences may be involved in various projects and studies related to IoT security, threat analysis, and incident response.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--1634d673-de98-4a8d-95b2-1b934d3d13bd", "name": "University of Chinese Academy of Sciences", "identity_class": "organization", "labels": [ "organization" ], "description": "The University of Chinese Academy of Sciences is a public research university in China, known for its strong programs in science, technology, engineering, and mathematics (STEM) fields. In the context of cybersecurity, the university has been associated with research and publications on various topics, including IoT security, as evident from the authorship of Haoqiang Wang and Yiwei Fang in the provided context.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--161fc746-cd49-4615-ab48-81a93a1b16b4", "name": "GitHub", "identity_class": "organization", "labels": [ "identity" ], "description": "GitHub is a web-based platform for version control and collaboration on software development projects, allowing users to store, manage, and share their code with others.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 90, "type": "tool", "id": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "name": "Blender", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Blender is a 3D computer graphics software used for creating animated films, visual effects, 3D modeling, video games, and architectural visualizations. In cybersecurity context, it has been reported that Russian threat actors are spreading StealC V2 infostealer via weaponized Blender files uploaded to 3D model marketplaces. This use of Blender for malicious purposes is significant as it exploits the software's ability to run hidden Python scripts.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--e39797db-42ac-4ba7-81cc-8a33c4e886ad", "name": "CGTrader", "identity_class": "unknown", "labels": [ "identity" ], "description": "CGTrader is a 3D model marketplace where users can buy, sell, and share 3D models, textures, and other digital assets. It is a legitimate online platform that has been targeted by malicious actors to spread malware, such as the StealC V2 malware that abuses Blender's ability to run hidden Python scripts.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--2aed52ee-705e-4ab5-959a-c4ed230ccbbb", "name": "Morphisec", "identity_class": "unknown", "labels": [ "identity" ], "description": "Morphisec is a cybersecurity firm specializing in endpoint protection and threat prevention solutions.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "tool", "id": "tool--83bfa7e8-f4a9-4d1d-9d48-f3498961665e", "name": "CodeBeautify", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "CodeBeautify is an online tool used to format and validate code, but in the context of cybersecurity, it has been found to be used by organizations in sensitive sectors to paste passwords and credentials, potentially exposing them to security risks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--120bd543-dc51-460d-92cf-8063d7d942ab", "name": "OnSolve", "identity_class": "unknown", "labels": [ "identity" ], "description": "OnSolve is a company that provides emergency notification systems used by state and local governments, police departments, and fire agencies to disseminate critical information and alerts.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--4426dba0-b87b-41c1-958b-cc3982c992b4", "name": "Wibu-Systems", "identity_class": "organization", "labels": [ "identity" ], "description": "Wibu-Systems is a company that specializes in software protection and licensing solutions for intellectual property rights management.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.618Z", "modified": "2025-11-26T06:49:25.618Z", "confidence": 95, "type": "identity", "id": "identity--c5a4a488-0f6e-4747-a3ca-c02ad0b7e598", "name": "Votiro", "identity_class": "unknown", "labels": [ "identity" ], "description": "Votiro is a cybersecurity company specializing in zero-trust file security solutions that protect against zero-day threats and malicious files.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.619Z", "modified": "2025-11-26T06:49:25.619Z", "confidence": 95, "type": "identity", "id": "identity--d48d0179-a8bc-4c9e-89ef-4347fcbce1fa", "name": "Barracuda", "identity_class": "organization", "labels": [ "identity" ], "description": "Barracuda is a cybersecurity company that provides innovative solutions and AI-powered platforms to protect against cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.619Z", "modified": "2025-11-26T06:49:25.619Z", "confidence": 90, "type": "malware", "id": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "name": "HashJack", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "description": "HashJack is a newly discovered exploit that can infect devices and steal data, targeting AI browser users. It is a significant threat due to its ability to compromise user data and potentially lead to further malicious activities.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.619Z", "modified": "2025-11-26T06:49:25.619Z", "confidence": 95, "type": "identity", "id": "identity--4374f8b0-7844-4bff-9a66-92d49d3e0b15", "name": "Crisis24", "identity_class": "unknown", "labels": [ "identity" ], "description": "Risk management company Crisis24 provides threat intelligence and risk management services to help organizations mitigate and respond to global threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.619Z", "modified": "2025-11-26T06:49:25.619Z", "confidence": 95, "type": "malware", "id": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "name": "Hulud malware", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "description": "Hulud malware is a specific malware family that has been associated with a significant supply chain attack, creating a large number of malicious repositories, compromised scripts, and GitHub users attacked. It is a newer iteration of the Shai-Hulud malware that was previously seen in npm repositories.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.619Z", "modified": "2025-11-26T06:49:25.619Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--dec98ca2-78de-4286-96b6-4f0d7769f756", "name": "CVE-2025-40755", "description": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570). CVSS Score: 8.8 (HIGH). EPSS: 0.0% exploitation probability", "x_cvss_score": 8.8, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.00037, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-40755", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40755" }, { "source_name": "nvd", "external_id": "CVE-2025-40755", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40755" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.619Z", "modified": "2025-11-26T06:49:25.619Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--46f7620b-9df6-48d2-894a-e20129da2323", "name": "CVE-2025-6980", "description": "Captive Portal can expose sensitive information. CVSS Score: 7.5 (HIGH). EPSS: 0.0% exploitation probability", "x_cvss_score": 7.5, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.00044, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-6980", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6980" }, { "source_name": "nvd", "external_id": "CVE-2025-6980", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6980" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.619Z", "modified": "2025-11-26T06:49:25.619Z", "confidence": 95, "type": "tool", "id": "tool--0b0c593a-aa6f-41d0-b8c7-7d6dd57f057e", "name": "AWS Key Management Service", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "AWS Key Management Service is a cloud service that securely generates, controls, and maintains encryption keys for data protection.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:25.619Z", "modified": "2025-11-26T06:49:25.619Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "name": "Abuse Elevation Control Mechanism", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" }, { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1548", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1548/", "external_id": "T1548" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "name": "Access Token Manipulation", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1134", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1134/", "external_id": "T1134" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "name": "Exploit Public-Facing Application", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1190", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "name": "Exploitation for Client Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1203", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/", "external_id": "T1203" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "name": "Spearphishing Attachment", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/001/", "external_id": "T1566.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "name": "Spearphishing Link", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/002/", "external_id": "T1566.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "name": "Spearphishing via Service", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/003/", "external_id": "T1566.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "name": "Command and Scripting Interpreter", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/", "external_id": "T1059" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "name": "System Information Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1082", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1082/", "external_id": "T1082" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "name": "File and Directory Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1083", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1083/", "external_id": "T1083" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "name": "Process Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1057", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1057/", "external_id": "T1057" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "name": "Supply Chain Compromise", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/", "external_id": "T1195" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 83, "type": "attack-pattern", "id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "name": "Vulnerabilities", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/006/", "external_id": "T1588.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 78, "type": "attack-pattern", "id": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "name": "Search Threat Vendor Data", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "reconnaissance" } ], "x_mitre_id": "T1681", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1681/", "external_id": "T1681" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 72, "type": "attack-pattern", "id": "attack-pattern--09674268-0992-4612-b535-242c63cbaed9", "name": "Disable or Modify Network Device Firewall", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1562.013", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1562/013/", "external_id": "T1562.013" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 72, "type": "attack-pattern", "id": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "name": "Artificial Intelligence", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.007", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/007/", "external_id": "T1588.007" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "name": "Scheduled Task", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1053.005", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/005/", "external_id": "T1053.005" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "name": "Socket Filters", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1205.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1205/002/", "external_id": "T1205.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "name": "Malicious Shell Modification", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1156", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1156/", "external_id": "T1156" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "name": "Archive via Utility", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1560.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/", "external_id": "T1560.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "name": "Screen Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1113", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/", "external_id": "T1113" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "name": "Adversary-in-the-Middle", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/", "external_id": "T1557" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 68, "type": "attack-pattern", "id": "attack-pattern--fcb3d170-b982-4921-8a85-e3d46829554e", "name": "Disable or Modify System Firewall", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1562.004", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1562/004/", "external_id": "T1562.004" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 65, "type": "attack-pattern", "id": "attack-pattern--92b3199d-f7ae-4a4b-8699-1d01a6761923", "name": "Office Application Startup", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1137", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1137/", "external_id": "T1137" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "confidence": 65, "type": "attack-pattern", "id": "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "name": "Threat Intel Vendors", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "reconnaissance" } ], "x_mitre_id": "T1597.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1597/001/", "external_id": "T1597.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bdee8e19-9786-44c4-9dee-bc0b1fce2a7f", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: Blender and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bdee3597-af1f-4a14-b28d-b82c009cefcd", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: Blender and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ff282f1d-d3d1-4851-a9df-ee16ba3df6fb", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: Blender and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--28733ac2-e6f5-4717-9143-d21dc8d67471", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: Blender and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--54a8c5e9-9837-441a-9ac4-ef575653db79", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: Blender and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--11747b8f-01fc-40ad-8f64-162e923dce1d", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: Blender and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aa91d78f-2cb0-4da8-906a-f6d17ef39795", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: Blender and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--12aeff96-39c0-4e69-b967-1e746b10ff43", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: Blender and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0ef1bfc0-c1cd-4c24-a279-ebc115de5fc4", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "confidence": 55, "description": "Co-occurrence: Blender and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cbc8f47b-041d-45c7-90f5-3249ef4aaaa7", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "confidence": 55, "description": "Co-occurrence: Blender and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9938756e-6484-40bc-a5d4-7e7c8c3014fa", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "confidence": 55, "description": "Co-occurrence: Blender and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7daf34fa-3463-45be-b795-fb2c92be83c6", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: Blender and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bfad0b2e-6f58-4110-8a44-3818869f3209", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: Blender and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--edb2e724-8a51-4585-9595-1fe4ad460044", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "confidence": 55, "description": "Co-occurrence: Blender and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--258a4e04-5010-4e21-8f57-e40e0fc17e7f", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--09674268-0992-4612-b535-242c63cbaed9", "confidence": 55, "description": "Co-occurrence: Blender and Disable or Modify Network Device Firewall (T1562.013) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--467781f4-757d-4805-a187-4f814d87b128", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 55, "description": "Co-occurrence: Blender and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--211c77a3-df97-4ad8-ae7d-f5a1d8cd9543", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: Blender and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--530c4fbc-c8dd-4f31-ad3e-bff81d8f6306", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 55, "description": "Co-occurrence: Blender and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--44ade4c7-828c-41f5-b0c2-f17f065b2d32", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 55, "description": "Co-occurrence: Blender and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--025f6536-bac9-4e0c-a745-e3bb8521c216", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: Blender and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--16be7ebd-95a5-41dc-9136-b6b56f283846", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: Blender and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0d4fc947-497c-47a5-9338-03634da123af", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: Blender and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c8caf7a-df08-4ce1-8628-a5ddb04af8c6", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--fcb3d170-b982-4921-8a85-e3d46829554e", "confidence": 55, "description": "Co-occurrence: Blender and Disable or Modify System Firewall (T1562.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1f3e905e-c5ff-4139-992f-c91a1a7bc258", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--92b3199d-f7ae-4a4b-8699-1d01a6761923", "confidence": 55, "description": "Co-occurrence: Blender and Office Application Startup (T1137) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3b6fd12e-ea71-48ad-9b07-8b0f38d2f4c0", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "tool--b5b93cca-3a73-4d75-8bf0-b90de0bbff54", "target_ref": "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "confidence": 55, "description": "Co-occurrence: Blender and Threat Intel Vendors (T1597.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24d7af05-669f-4491-bc15-c12d49c804c3", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: HashJack and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dcd466d3-4793-4273-be7f-6244e7251075", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: HashJack and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0dcd5531-de32-4036-9870-090f36c9330c", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: HashJack and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f856f4aa-d937-4f12-8324-7ec961a57902", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: HashJack and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b90dd91-6e3c-4b5a-9589-25fd8d7b3c58", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: HashJack and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf522b0f-4aa5-4d3f-9cc4-371e222fb35c", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: HashJack and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d5f3ddd0-613d-4bca-9488-85b2c0694a9c", "created": "2025-11-26T06:49:26.330Z", "modified": "2025-11-26T06:49:26.330Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: HashJack and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6ae8347c-7d3b-44a1-bb99-52380389a096", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: HashJack and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a53a1f0f-c111-40d6-925b-1c06dd0c73f9", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "confidence": 55, "description": "Co-occurrence: HashJack and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--26bf10ea-86d2-4924-94db-f99c3f5d176c", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "confidence": 55, "description": "Co-occurrence: HashJack and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--072c8793-1792-4e79-a538-d5f4794be9ec", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "confidence": 55, "description": "Co-occurrence: HashJack and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--afa71f88-df9e-422c-99c3-8a6ac639bc3a", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: HashJack and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3c0623df-b498-4e86-8b49-fee48160ef22", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: HashJack and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4837cb6-6203-484f-9b14-b9d812f1edc9", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "confidence": 55, "description": "Co-occurrence: HashJack and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--842ba805-7c12-4ca4-a1fd-c336767c5858", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--09674268-0992-4612-b535-242c63cbaed9", "confidence": 55, "description": "Co-occurrence: HashJack and Disable or Modify Network Device Firewall (T1562.013) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a6b36fa9-3b28-4c9f-876c-46bbc4280f90", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 55, "description": "Co-occurrence: HashJack and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--46dc0ae1-b7a3-4bc1-82eb-00e710ae433e", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: HashJack and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c0bbe249-f4ca-40c9-bad6-90faa7dc76b8", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 55, "description": "Co-occurrence: HashJack and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eed5d667-694e-4b02-9612-82ce8b8e6cad", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 55, "description": "Co-occurrence: HashJack and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ddd8d646-1fc9-4792-9f9d-5f97f22b7185", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: HashJack and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--434ffa00-a9c8-4706-965b-d5704f05218d", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: HashJack and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--23423ed3-a9ee-48e0-9152-d17fe39cde62", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: HashJack and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1fb61a8c-5c75-45a1-b490-17695d223c12", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--fcb3d170-b982-4921-8a85-e3d46829554e", "confidence": 55, "description": "Co-occurrence: HashJack and Disable or Modify System Firewall (T1562.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--76573fa4-592d-4d07-bdf3-9cfa2ef8390d", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--92b3199d-f7ae-4a4b-8699-1d01a6761923", "confidence": 55, "description": "Co-occurrence: HashJack and Office Application Startup (T1137) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6f7f83da-8541-44bd-abb1-5c7dbbd1d440", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--34f95095-555b-4523-a0ca-16d1e1a7e37d", "target_ref": "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "confidence": 55, "description": "Co-occurrence: HashJack and Threat Intel Vendors (T1597.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9f0254d6-2988-45b8-ae2e-c1f4984896d5", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: Hulud malware and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--75ecdcfa-a149-4c4a-a91a-13836c9b9ac3", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: Hulud malware and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5f3869b2-e7e7-49e1-ae62-6971fee90bc6", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: Hulud malware and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24142cef-be2d-4a2a-8611-f2cf32aa7c80", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: Hulud malware and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1d2f23cc-44a0-49a0-9606-b0de12b081f7", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: Hulud malware and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f525a72-0d66-4d6d-9ace-efb67e223451", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: Hulud malware and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--66e4c3a7-d9e1-4e2f-8486-b29acc285b96", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: Hulud malware and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ff472505-a7d5-430e-9ce9-3df76c133ff9", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: Hulud malware and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b3aac657-c070-4293-b061-f7506301928f", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "confidence": 55, "description": "Co-occurrence: Hulud malware and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--12b1c4d5-4989-4116-839d-9ccb6d8759f8", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "confidence": 55, "description": "Co-occurrence: Hulud malware and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6bb2820f-f994-4fb0-a3c3-eb200508429a", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "confidence": 55, "description": "Co-occurrence: Hulud malware and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ef2b4d73-cb13-447e-a144-56d6c72062d9", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: Hulud malware and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1a02858d-b192-4416-b165-9c8ad17e2e6e", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: Hulud malware and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3d33c955-3ff7-478e-a902-6175b3377a11", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "confidence": 55, "description": "Co-occurrence: Hulud malware and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--38591996-bf4f-4816-9f4e-1c1cf67a439e", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--09674268-0992-4612-b535-242c63cbaed9", "confidence": 55, "description": "Co-occurrence: Hulud malware and Disable or Modify Network Device Firewall (T1562.013) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--29185b40-b44c-4230-a6ba-991338d92c5c", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 55, "description": "Co-occurrence: Hulud malware and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f1a0515a-a754-4683-9815-06edcb0883f0", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: Hulud malware and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--55949615-fe98-4103-b9cb-d3d1fa0218d6", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 55, "description": "Co-occurrence: Hulud malware and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6587661c-c574-434e-843a-84eeb7bd2878", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 55, "description": "Co-occurrence: Hulud malware and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ab12246d-c5a5-4d87-b488-4ccdbe027671", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: Hulud malware and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--30c338d8-c915-4c31-9348-4577f091f90f", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: Hulud malware and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6676f2f3-0f32-4f9d-b1ee-f24ca8da0a73", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: Hulud malware and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b25a756d-a73a-4187-b641-69e8d110f374", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--fcb3d170-b982-4921-8a85-e3d46829554e", "confidence": 55, "description": "Co-occurrence: Hulud malware and Disable or Modify System Firewall (T1562.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d10c6a93-9848-4c15-a7f6-33690349a066", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--92b3199d-f7ae-4a4b-8699-1d01a6761923", "confidence": 55, "description": "Co-occurrence: Hulud malware and Office Application Startup (T1137) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aa837e58-adde-4120-b4f8-a49c6c7382d6", "created": "2025-11-26T06:49:26.331Z", "modified": "2025-11-26T06:49:26.331Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "confidence": 55, "description": "Co-occurrence: Hulud malware and Threat Intel Vendors (T1597.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "domain-name", "value": "0paypal.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--d250c5ce-4bca-4a38-9b82-9b01ba53179a" }, { "type": "domain-name", "value": "account-page-recovery-process.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--f58bb6f9-c153-4007-baa4-d243b35e78d3" }, { "type": "domain-name", "value": "accountingsure.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--9b2ab937-8bea-4df8-9659-7b3b8365bf09" }, { "type": "domain-name", "value": "alamatpaypal.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--b6e2fba0-9b97-4df9-8686-5b405ecda0ac" }, { "type": "domain-name", "value": "amazon-update.xyz", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--13e7b4e6-07b4-40b1-8aba-5a1ae0390391" }, { "type": "domain-name", "value": "appleid-fmi.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--8e5a7e88-1ddc-4f43-9bb6-2e86169e6a51" }, { "type": "domain-name", "value": "appleid-manageids.info", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--5e6a9298-7846-4ff6-b35d-7d471c073333" }, { "type": "domain-name", "value": "applessecure.site", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--16d658f7-7ec1-4f26-ae44-2d033ef82d42" }, { "type": "domain-name", "value": "auth-03chase.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--2c4f712c-4349-4b78-aef9-c963bb0f6e7e" }, { "type": "domain-name", "value": "banking-commbank.support", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--63678a7a-ae64-48d2-8655-54c840590f80" }, { "type": "domain-name", "value": "citi-securelogin.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--fabab52b-1fc0-4379-9abc-f855d4d60fca" }, { "type": "domain-name", "value": "claireapplewhite.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--fb44906d-4e9d-4af7-8009-97cfa555eec3" }, { "type": "domain-name", "value": "cvwwwe9851.xyz", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--49250d7e-396a-4a20-bb77-1277274d8e5c" }, { "type": "domain-name", "value": "docsaccount.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--9d19b2fe-0f65-4662-a0b0-cf353536d0d0" }, { "type": "domain-name", "value": "ebankingcode.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--25292b6c-e5eb-41e4-a5e9-81ba5ab2e461" }, { "type": "domain-name", "value": "hbsc-payment.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--e2051d77-eb6a-4592-a583-1247bf22e34b" }, { "type": "domain-name", "value": "hotelesanticrisis.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--2744a79a-9480-441b-9445-a833aa93755b" }, { "type": "domain-name", "value": "https8xmao.xyz", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--ab53f1a3-4bff-4d6e-8555-85a44ea1a2c9" }, { "type": "domain-name", "value": "icloudfindsimap.com", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--ae77cb49-9611-47df-9322-653bb47f3493" }, { "type": "domain-name", "value": "imap-support.info", "source": "OTX", "malware_family": "Blender", "pulse_name": "Phishing & scam domain names", "id": "domain-name--8c527ae3-b268-436c-a5fb-561fa6200a52" }, { "type": "domain-name", "value": "0-co.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--d2e9dea8-22c1-4e4e-bf48-bd49b0949a9f" }, { "type": "domain-name", "value": "00008356.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--218db191-bc5d-4bfc-9d1c-6399e8c73f43" }, { "type": "domain-name", "value": "000q88.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--3dbed544-d270-443c-8433-f748076ee181" }, { "type": "domain-name", "value": "0011718.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--04c67819-8859-4550-b389-04d29048281d" }, { "type": "domain-name", "value": "0013zr.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--8825cbeb-9781-4047-a911-b8c856e46afe" }, { "type": "domain-name", "value": "00164791.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--079327bd-23d7-4d0f-8612-f537d85d855a" }, { "type": "domain-name", "value": "001stage.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--bd177cb9-f9b8-4dbe-958a-cd6f6194db64" }, { "type": "domain-name", "value": "002284.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--0c5c3bc9-b0ae-4123-836a-f7b09c806879" }, { "type": "domain-name", "value": "002slov.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--b8200bf6-a833-4d73-bdcb-b1763d4cacb3" }, { "type": "domain-name", "value": "003608.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--34fd5a90-c436-4c63-a099-e6f6cea1f998" }, { "type": "domain-name", "value": "003890.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--beb374da-156d-4190-9507-d3dcc0ed5e5f" }, { "type": "domain-name", "value": "003d.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--2d6486b7-27f0-430c-a891-d398b25c5070" }, { "type": "domain-name", "value": "00451173.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--9d6f4ea9-7b50-4498-b838-1b90476da8af" }, { "type": "domain-name", "value": "0051hg.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--a1cf25b8-fd06-4a94-a86f-ff744b41ad67" }, { "type": "domain-name", "value": "0053hg.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--2d7adc56-440c-425b-a2c7-7dbbbc74b38d" }, { "type": "domain-name", "value": "0055533.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--36cc80aa-a19e-4705-bc4b-d4bd54804359" }, { "type": "domain-name", "value": "0055544.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--35781def-518d-4a4f-9b27-fdd70cc2103e" }, { "type": "domain-name", "value": "00624510.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--3f3214d3-eb7c-4506-bfcd-0d54925a1e37" }, { "type": "domain-name", "value": "0062hg.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--f20139a0-7db4-470f-a129-c7e7feaff1f6" }, { "type": "domain-name", "value": "0067hg.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--72ea3cf7-17cc-4a11-8c71-394b8c0f66e9" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5048367b-4e83-4da9-8247-d8039f79e3de", "created": "2025-11-26T06:49:00.333Z", "modified": "2025-11-26T06:49:00.334Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0paypal.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.334Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fbba6ed9-5d2c-4322-8fa5-2813b5fd4bd3", "created": "2025-11-26T06:49:00.334Z", "modified": "2025-11-26T06:49:00.334Z", "relationship_type": "based-on", "source_ref": "indicator--5048367b-4e83-4da9-8247-d8039f79e3de", "target_ref": "domain-name--d250c5ce-4bca-4a38-9b82-9b01ba53179a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d16943ec-bc9e-4e7d-b5b2-89bd13b66ddf", "created": "2025-11-26T06:49:00.344Z", "modified": "2025-11-26T06:49:00.344Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'account-page-recovery-process.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.344Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1cddb83d-fe9f-4d6e-af8c-8f3356862ad0", "created": "2025-11-26T06:49:00.344Z", "modified": "2025-11-26T06:49:00.344Z", "relationship_type": "based-on", "source_ref": "indicator--d16943ec-bc9e-4e7d-b5b2-89bd13b66ddf", "target_ref": "domain-name--f58bb6f9-c153-4007-baa4-d243b35e78d3" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed1e5af6-f331-4d35-8432-16cb04b508b5", "created": "2025-11-26T06:49:00.354Z", "modified": "2025-11-26T06:49:00.354Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'accountingsure.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.354Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f35ab99c-1ead-46f3-a519-4b3d93a33bd9", "created": "2025-11-26T06:49:00.354Z", "modified": "2025-11-26T06:49:00.354Z", "relationship_type": "based-on", "source_ref": "indicator--ed1e5af6-f331-4d35-8432-16cb04b508b5", "target_ref": "domain-name--9b2ab937-8bea-4df8-9659-7b3b8365bf09" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a12833b1-0ccc-4575-a8d5-9375af533cbc", "created": "2025-11-26T06:49:00.363Z", "modified": "2025-11-26T06:49:00.363Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'alamatpaypal.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.363Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d62f86c6-432c-4cd5-b699-847fb8be5afb", "created": "2025-11-26T06:49:00.363Z", "modified": "2025-11-26T06:49:00.363Z", "relationship_type": "based-on", "source_ref": "indicator--a12833b1-0ccc-4575-a8d5-9375af533cbc", "target_ref": "domain-name--b6e2fba0-9b97-4df9-8686-5b405ecda0ac" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--22377bc7-8510-4abf-9f9e-81344d537658", "created": "2025-11-26T06:49:00.373Z", "modified": "2025-11-26T06:49:00.373Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'amazon-update.xyz']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.373Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7c5b6c5f-c030-42ee-9e2b-c4e91afae1ca", "created": "2025-11-26T06:49:00.373Z", "modified": "2025-11-26T06:49:00.373Z", "relationship_type": "based-on", "source_ref": "indicator--22377bc7-8510-4abf-9f9e-81344d537658", "target_ref": "domain-name--13e7b4e6-07b4-40b1-8aba-5a1ae0390391" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ffd907a-3bea-4dfd-9dd5-efe2124a8066", "created": "2025-11-26T06:49:00.381Z", "modified": "2025-11-26T06:49:00.381Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'appleid-fmi.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.381Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--171019be-5eaa-4c78-ba08-b93d4841ba7c", "created": "2025-11-26T06:49:00.381Z", "modified": "2025-11-26T06:49:00.381Z", "relationship_type": "based-on", "source_ref": "indicator--8ffd907a-3bea-4dfd-9dd5-efe2124a8066", "target_ref": "domain-name--8e5a7e88-1ddc-4f43-9bb6-2e86169e6a51" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d59a4946-b7f6-4741-a94c-c595fd0c198e", "created": "2025-11-26T06:49:00.395Z", "modified": "2025-11-26T06:49:00.395Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'appleid-manageids.info']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.395Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6a2fb8d7-8b31-476f-aa54-3df5f333cb6d", "created": "2025-11-26T06:49:00.395Z", "modified": "2025-11-26T06:49:00.395Z", "relationship_type": "based-on", "source_ref": "indicator--d59a4946-b7f6-4741-a94c-c595fd0c198e", "target_ref": "domain-name--5e6a9298-7846-4ff6-b35d-7d471c073333" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f14b465-70b6-476c-af3f-a19f25a2973b", "created": "2025-11-26T06:49:00.403Z", "modified": "2025-11-26T06:49:00.403Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'applessecure.site']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.403Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24949283-6c96-4f08-81a6-bc589eb7673d", "created": "2025-11-26T06:49:00.403Z", "modified": "2025-11-26T06:49:00.403Z", "relationship_type": "based-on", "source_ref": "indicator--8f14b465-70b6-476c-af3f-a19f25a2973b", "target_ref": "domain-name--16d658f7-7ec1-4f26-ae44-2d033ef82d42" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0339f187-e1de-4e4b-867d-2ffd12eb37f0", "created": "2025-11-26T06:49:00.412Z", "modified": "2025-11-26T06:49:00.412Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'auth-03chase.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.412Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4669b48c-cd16-449c-9cbe-e09a1d125774", "created": "2025-11-26T06:49:00.412Z", "modified": "2025-11-26T06:49:00.412Z", "relationship_type": "based-on", "source_ref": "indicator--0339f187-e1de-4e4b-867d-2ffd12eb37f0", "target_ref": "domain-name--2c4f712c-4349-4b78-aef9-c963bb0f6e7e" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed658ee6-54aa-4d2e-88f2-ec6d430668fc", "created": "2025-11-26T06:49:00.421Z", "modified": "2025-11-26T06:49:00.421Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'banking-commbank.support']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.421Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--03e4e8ea-36e3-49ed-91f4-9754398779a9", "created": "2025-11-26T06:49:00.421Z", "modified": "2025-11-26T06:49:00.421Z", "relationship_type": "based-on", "source_ref": "indicator--ed658ee6-54aa-4d2e-88f2-ec6d430668fc", "target_ref": "domain-name--63678a7a-ae64-48d2-8655-54c840590f80" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3a2ec93f-fda0-4fe1-adc1-2700fe4372f6", "created": "2025-11-26T06:49:00.430Z", "modified": "2025-11-26T06:49:00.430Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'citi-securelogin.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.430Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--888e5c5f-cac0-469c-a780-f035f5e624bb", "created": "2025-11-26T06:49:00.430Z", "modified": "2025-11-26T06:49:00.430Z", "relationship_type": "based-on", "source_ref": "indicator--3a2ec93f-fda0-4fe1-adc1-2700fe4372f6", "target_ref": "domain-name--fabab52b-1fc0-4379-9abc-f855d4d60fca" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44795976-5cb3-49b7-8d44-51401b9eeb9a", "created": "2025-11-26T06:49:00.439Z", "modified": "2025-11-26T06:49:00.439Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'claireapplewhite.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.439Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9f23083b-b1e0-4741-b2f3-fdc0e65dc777", "created": "2025-11-26T06:49:00.439Z", "modified": "2025-11-26T06:49:00.439Z", "relationship_type": "based-on", "source_ref": "indicator--44795976-5cb3-49b7-8d44-51401b9eeb9a", "target_ref": "domain-name--fb44906d-4e9d-4af7-8009-97cfa555eec3" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6edc8742-8bc9-4e28-9465-525aebabc9a3", "created": "2025-11-26T06:49:00.447Z", "modified": "2025-11-26T06:49:00.447Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'cvwwwe9851.xyz']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.447Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9741393a-9e86-4301-8576-d6bcc2f00d36", "created": "2025-11-26T06:49:00.447Z", "modified": "2025-11-26T06:49:00.447Z", "relationship_type": "based-on", "source_ref": "indicator--6edc8742-8bc9-4e28-9465-525aebabc9a3", "target_ref": "domain-name--49250d7e-396a-4a20-bb77-1277274d8e5c" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96ebc16f-1fa8-46e9-bb12-34d56cce8a04", "created": "2025-11-26T06:49:00.455Z", "modified": "2025-11-26T06:49:00.455Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'docsaccount.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.455Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c8952afd-1566-4979-8b82-ef17073257da", "created": "2025-11-26T06:49:00.455Z", "modified": "2025-11-26T06:49:00.455Z", "relationship_type": "based-on", "source_ref": "indicator--96ebc16f-1fa8-46e9-bb12-34d56cce8a04", "target_ref": "domain-name--9d19b2fe-0f65-4662-a0b0-cf353536d0d0" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--51bbebf4-62f5-422c-a47a-fc6af8ed520f", "created": "2025-11-26T06:49:00.464Z", "modified": "2025-11-26T06:49:00.464Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'ebankingcode.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.464Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9561dfd2-44f7-434c-9452-8cede2e37418", "created": "2025-11-26T06:49:00.464Z", "modified": "2025-11-26T06:49:00.464Z", "relationship_type": "based-on", "source_ref": "indicator--51bbebf4-62f5-422c-a47a-fc6af8ed520f", "target_ref": "domain-name--25292b6c-e5eb-41e4-a5e9-81ba5ab2e461" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c255cb0f-cda3-48a8-8965-470b83163079", "created": "2025-11-26T06:49:00.474Z", "modified": "2025-11-26T06:49:00.474Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'hbsc-payment.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.474Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--374d3687-cdd5-4966-9a08-60d9c473bf4e", "created": "2025-11-26T06:49:00.474Z", "modified": "2025-11-26T06:49:00.474Z", "relationship_type": "based-on", "source_ref": "indicator--c255cb0f-cda3-48a8-8965-470b83163079", "target_ref": "domain-name--e2051d77-eb6a-4592-a583-1247bf22e34b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33723601-d428-4377-aaf9-4b58064af95e", "created": "2025-11-26T06:49:00.482Z", "modified": "2025-11-26T06:49:00.482Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'hotelesanticrisis.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.482Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--789ae9f6-adfb-4924-9a0b-b8f1680a221f", "created": "2025-11-26T06:49:00.482Z", "modified": "2025-11-26T06:49:00.482Z", "relationship_type": "based-on", "source_ref": "indicator--33723601-d428-4377-aaf9-4b58064af95e", "target_ref": "domain-name--2744a79a-9480-441b-9445-a833aa93755b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5fdca7e1-611d-401b-9aa7-970b8dfdc841", "created": "2025-11-26T06:49:00.499Z", "modified": "2025-11-26T06:49:00.499Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'icloudfindsimap.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.499Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4819636b-c004-411c-99b0-fecfbbc39dc7", "created": "2025-11-26T06:49:00.499Z", "modified": "2025-11-26T06:49:00.499Z", "relationship_type": "based-on", "source_ref": "indicator--5fdca7e1-611d-401b-9aa7-970b8dfdc841", "target_ref": "domain-name--ae77cb49-9611-47df-9322-653bb47f3493" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8e06d96d-0a07-48bc-96ff-d2a8423ef1ef", "created": "2025-11-26T06:49:00.508Z", "modified": "2025-11-26T06:49:00.508Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'imap-support.info']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.508Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a161685b-43a4-4bbb-a5b1-fce631a4ff8d", "created": "2025-11-26T06:49:00.508Z", "modified": "2025-11-26T06:49:00.508Z", "relationship_type": "based-on", "source_ref": "indicator--8e06d96d-0a07-48bc-96ff-d2a8423ef1ef", "target_ref": "domain-name--8c527ae3-b268-436c-a5fb-561fa6200a52" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e3163034-3d48-4148-add1-b72fef348d29", "created": "2025-11-26T06:49:00.517Z", "modified": "2025-11-26T06:49:00.517Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0-co.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.517Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b72b7a02-c204-499e-9860-cbf5005c8391", "created": "2025-11-26T06:49:00.517Z", "modified": "2025-11-26T06:49:00.517Z", "relationship_type": "based-on", "source_ref": "indicator--e3163034-3d48-4148-add1-b72fef348d29", "target_ref": "domain-name--d2e9dea8-22c1-4e4e-bf48-bd49b0949a9f" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a87b03c2-5206-4c6b-a560-bfa7212792c5", "created": "2025-11-26T06:49:00.525Z", "modified": "2025-11-26T06:49:00.525Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '00008356.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.525Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dba0faea-0d94-423b-a558-dc1af5935fd2", "created": "2025-11-26T06:49:00.525Z", "modified": "2025-11-26T06:49:00.525Z", "relationship_type": "based-on", "source_ref": "indicator--a87b03c2-5206-4c6b-a560-bfa7212792c5", "target_ref": "domain-name--218db191-bc5d-4bfc-9d1c-6399e8c73f43" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--260646b2-a638-4a73-a6a6-c01be486b36b", "created": "2025-11-26T06:49:00.532Z", "modified": "2025-11-26T06:49:00.532Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '000q88.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.532Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ae87b3c8-e86d-433c-b044-fbb05dcb73f9", "created": "2025-11-26T06:49:00.532Z", "modified": "2025-11-26T06:49:00.532Z", "relationship_type": "based-on", "source_ref": "indicator--260646b2-a638-4a73-a6a6-c01be486b36b", "target_ref": "domain-name--3dbed544-d270-443c-8433-f748076ee181" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18a2436d-1cda-497e-8fe1-ed3d2f16a83b", "created": "2025-11-26T06:49:00.540Z", "modified": "2025-11-26T06:49:00.540Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0011718.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.540Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b35abff1-9c56-442d-9983-133a3e1d7e5f", "created": "2025-11-26T06:49:00.540Z", "modified": "2025-11-26T06:49:00.540Z", "relationship_type": "based-on", "source_ref": "indicator--18a2436d-1cda-497e-8fe1-ed3d2f16a83b", "target_ref": "domain-name--04c67819-8859-4550-b389-04d29048281d" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e92688c4-b3b6-4c01-88d9-2fa20d196626", "created": "2025-11-26T06:49:00.549Z", "modified": "2025-11-26T06:49:00.549Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0013zr.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.549Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--718fb67f-ab91-4fff-83db-92c422b96fd8", "created": "2025-11-26T06:49:00.549Z", "modified": "2025-11-26T06:49:00.549Z", "relationship_type": "based-on", "source_ref": "indicator--e92688c4-b3b6-4c01-88d9-2fa20d196626", "target_ref": "domain-name--8825cbeb-9781-4047-a911-b8c856e46afe" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f83e6ca-4855-47f7-a7fe-0a293c64d72f", "created": "2025-11-26T06:49:00.557Z", "modified": "2025-11-26T06:49:00.557Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '00164791.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.557Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6435c038-e53e-4be4-9f70-09172548ee51", "created": "2025-11-26T06:49:00.557Z", "modified": "2025-11-26T06:49:00.557Z", "relationship_type": "based-on", "source_ref": "indicator--3f83e6ca-4855-47f7-a7fe-0a293c64d72f", "target_ref": "domain-name--079327bd-23d7-4d0f-8612-f537d85d855a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec1ffbcb-898c-4ac9-95b6-0c6d44ca0d27", "created": "2025-11-26T06:49:00.566Z", "modified": "2025-11-26T06:49:00.566Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '001stage.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.566Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6c40d0f7-af3e-47eb-a970-10791f701538", "created": "2025-11-26T06:49:00.566Z", "modified": "2025-11-26T06:49:00.566Z", "relationship_type": "based-on", "source_ref": "indicator--ec1ffbcb-898c-4ac9-95b6-0c6d44ca0d27", "target_ref": "domain-name--bd177cb9-f9b8-4dbe-958a-cd6f6194db64" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fae6abc4-f5f6-4e5e-87d2-65666b1836b1", "created": "2025-11-26T06:49:00.575Z", "modified": "2025-11-26T06:49:00.575Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '002284.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.575Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4812718-7314-4433-bc40-38c53799a341", "created": "2025-11-26T06:49:00.575Z", "modified": "2025-11-26T06:49:00.575Z", "relationship_type": "based-on", "source_ref": "indicator--fae6abc4-f5f6-4e5e-87d2-65666b1836b1", "target_ref": "domain-name--0c5c3bc9-b0ae-4123-836a-f7b09c806879" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--be3b3d23-83b0-44bf-b646-c62c613a53da", "created": "2025-11-26T06:49:00.582Z", "modified": "2025-11-26T06:49:00.582Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '002slov.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.582Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6911cd5a-c5d4-456c-ac3c-558c21e3ada1", "created": "2025-11-26T06:49:00.582Z", "modified": "2025-11-26T06:49:00.582Z", "relationship_type": "based-on", "source_ref": "indicator--be3b3d23-83b0-44bf-b646-c62c613a53da", "target_ref": "domain-name--b8200bf6-a833-4d73-bdcb-b1763d4cacb3" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b605602a-ecf6-4091-b243-b61c97be3300", "created": "2025-11-26T06:49:00.590Z", "modified": "2025-11-26T06:49:00.590Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '003608.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.590Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4a23c8a2-3da5-4516-be18-f463ba8d4a3c", "created": "2025-11-26T06:49:00.590Z", "modified": "2025-11-26T06:49:00.590Z", "relationship_type": "based-on", "source_ref": "indicator--b605602a-ecf6-4091-b243-b61c97be3300", "target_ref": "domain-name--34fd5a90-c436-4c63-a099-e6f6cea1f998" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa55ac19-f949-4c55-8a40-ef53333e1f4e", "created": "2025-11-26T06:49:00.598Z", "modified": "2025-11-26T06:49:00.598Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '003890.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.598Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0ab59fa-7dc2-4c1e-bac5-656155becdb4", "created": "2025-11-26T06:49:00.598Z", "modified": "2025-11-26T06:49:00.598Z", "relationship_type": "based-on", "source_ref": "indicator--fa55ac19-f949-4c55-8a40-ef53333e1f4e", "target_ref": "domain-name--beb374da-156d-4190-9507-d3dcc0ed5e5f" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0da77d9c-3daa-4e0e-8d66-2546e6b87f90", "created": "2025-11-26T06:49:00.605Z", "modified": "2025-11-26T06:49:00.605Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '003d.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.605Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--92c872e4-d65e-4a03-9f36-c76e5f1ff473", "created": "2025-11-26T06:49:00.605Z", "modified": "2025-11-26T06:49:00.605Z", "relationship_type": "based-on", "source_ref": "indicator--0da77d9c-3daa-4e0e-8d66-2546e6b87f90", "target_ref": "domain-name--2d6486b7-27f0-430c-a891-d398b25c5070" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03427632-8b71-4940-84fa-da0d1abdc813", "created": "2025-11-26T06:49:00.613Z", "modified": "2025-11-26T06:49:00.613Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '00451173.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.613Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bcf6f227-eca6-4e40-8847-c65e476c7303", "created": "2025-11-26T06:49:00.613Z", "modified": "2025-11-26T06:49:00.613Z", "relationship_type": "based-on", "source_ref": "indicator--03427632-8b71-4940-84fa-da0d1abdc813", "target_ref": "domain-name--9d6f4ea9-7b50-4498-b838-1b90476da8af" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e38a54bd-e447-4015-8aa8-b71bff409106", "created": "2025-11-26T06:49:00.620Z", "modified": "2025-11-26T06:49:00.620Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0051hg.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.620Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--88b583cb-6c00-463a-9bdd-200c2ce0eb9c", "created": "2025-11-26T06:49:00.620Z", "modified": "2025-11-26T06:49:00.620Z", "relationship_type": "based-on", "source_ref": "indicator--e38a54bd-e447-4015-8aa8-b71bff409106", "target_ref": "domain-name--a1cf25b8-fd06-4a94-a86f-ff744b41ad67" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--84ab9d52-3898-4ea0-8f24-bdd26680c058", "created": "2025-11-26T06:49:00.628Z", "modified": "2025-11-26T06:49:00.628Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0053hg.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.628Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6eeed0be-83dc-4814-9b57-76f8182e4515", "created": "2025-11-26T06:49:00.628Z", "modified": "2025-11-26T06:49:00.628Z", "relationship_type": "based-on", "source_ref": "indicator--84ab9d52-3898-4ea0-8f24-bdd26680c058", "target_ref": "domain-name--2d7adc56-440c-425b-a2c7-7dbbbc74b38d" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aefae2ce-33a2-41e9-be63-574802ff198b", "created": "2025-11-26T06:49:00.635Z", "modified": "2025-11-26T06:49:00.635Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0055533.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.635Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--45bf1d19-bee0-44d5-b6f1-9ec139f1e14c", "created": "2025-11-26T06:49:00.635Z", "modified": "2025-11-26T06:49:00.635Z", "relationship_type": "based-on", "source_ref": "indicator--aefae2ce-33a2-41e9-be63-574802ff198b", "target_ref": "domain-name--36cc80aa-a19e-4705-bc4b-d4bd54804359" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b318de66-a103-4dda-86a1-bcf984d3ab99", "created": "2025-11-26T06:49:00.642Z", "modified": "2025-11-26T06:49:00.642Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0055544.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.642Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bdd66df7-c8f4-44ba-a775-820c6176e95a", "created": "2025-11-26T06:49:00.642Z", "modified": "2025-11-26T06:49:00.642Z", "relationship_type": "based-on", "source_ref": "indicator--b318de66-a103-4dda-86a1-bcf984d3ab99", "target_ref": "domain-name--35781def-518d-4a4f-9b27-fdd70cc2103e" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bc07b5d-1960-4264-94a5-16a50176b898", "created": "2025-11-26T06:49:00.650Z", "modified": "2025-11-26T06:49:00.650Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '00624510.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.650Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f9cbda7f-24bd-447e-bdcf-c31014e8280d", "created": "2025-11-26T06:49:00.650Z", "modified": "2025-11-26T06:49:00.650Z", "relationship_type": "based-on", "source_ref": "indicator--9bc07b5d-1960-4264-94a5-16a50176b898", "target_ref": "domain-name--3f3214d3-eb7c-4506-bfcd-0d54925a1e37" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e847d2e-930e-4787-9d68-d1b55ba1f627", "created": "2025-11-26T06:49:00.657Z", "modified": "2025-11-26T06:49:00.657Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0062hg.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.657Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4a75c33d-8845-4cf9-b0e4-876149c28512", "created": "2025-11-26T06:49:00.657Z", "modified": "2025-11-26T06:49:00.657Z", "relationship_type": "based-on", "source_ref": "indicator--0e847d2e-930e-4787-9d68-d1b55ba1f627", "target_ref": "domain-name--f20139a0-7db4-470f-a129-c7e7feaff1f6" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eecd95f1-0d8e-4b0d-8587-a9f2625eb2b1", "created": "2025-11-26T06:49:00.665Z", "modified": "2025-11-26T06:49:00.665Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0067hg.com']", "pattern_type": "stix", "valid_from": "2025-11-26T06:49:00.665Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7e94061d-b2cd-4f63-a795-4a300f31bc0b", "created": "2025-11-26T06:49:00.665Z", "modified": "2025-11-26T06:49:00.665Z", "relationship_type": "based-on", "source_ref": "indicator--eecd95f1-0d8e-4b0d-8587-a9f2625eb2b1", "target_ref": "domain-name--72ea3cf7-17cc-4a11-8c71-394b8c0f66e9" } ] }

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

Industry Watch

CyberSecurity Latest Rundown

CRITICAL ITEMS

HIGH SEVERITY ITEMS

🔵 LOW SEVERITY ITEMS

EXECUTIVE INSIGHTS

VENDOR SPOTLIGHT

DETECTION & RESPONSE KIT

Cookie Notice

STIX 2.1 Threat Intelligence Bundle

If you like MikeGPT CyberSecurity Newsletter, spread the word.