Cybersecurity Latest Rundown

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

SOX: 12 HIPAA: 5 General Enterprise: 3 FISMA: 1 PCI DSS: 1

Industry Watch

U.S. Federal Agencies (FISMA) QUIET

Below average activity (0.3x baseline)

EU Critical Infrastructure (NIS2) QUIET

Below average activity (0.2x baseline)

Financial Services (Payment Processing) (PCI DSS) QUIET

Below average activity (0.5x baseline)

Technology Service Providers (SOC 2) QUIET

Below average activity (0.3x baseline)

Healthcare (HIPAA) QUIET

Below average activity (0.3x baseline)

CyberSecurity Latest Rundown

Heroes, we made it. Another holiday season is upon us. Pro tip: 24 hour dry brine your turkey! Don't foget to pat dry beforehand. Enjoy the time with loved ones.

Here's a look at the current cybersecurity landscape for November 26, 2025.

CRITICAL ITEMS

Underground AI Models Fueling Cybercrime
Date & Time: 2025-11-25T22:23:48

Cybercriminals are increasingly purchasing access to custom Large Language Models (LLMs) designed specifically for hacking. These "dark AI" tools assist lower-skilled attackers in writing malware and conducting sophisticated phishing campaigns.

Business impact

The barrier to entry for sophisticated cyberattacks is lowering, likely leading to an increase in the volume and quality of phishing and social engineering attacks targeting employees.

Recommended action

Reinforce security awareness training regarding AI-generated phishing and review email filtering configurations to catch syntactically perfect but malicious emails.

CVE: n/a | Compliance: HIPAA | Source: CyberScoop ↗, Palo Alto Networks ↗
Arista NG Firewall Information Disclosure Vulnerability
Date & Time: 2025-11-25T06:00:00

Arista NG Firewalls contain a vulnerability where a dangerous function is exposed, allowing remote, unauthenticated attackers to access sensitive system information. This requires no user interaction and can be exploited over the network.

Business impact

Exposure of firewall configuration and system data provides attackers with a roadmap of your network defenses, significantly lowering the barrier for a successful secondary attack or breach.

Recommended action

Verify with network engineering that Arista NG Firewalls are not exposing management interfaces to the internet and apply the latest firmware updates immediately.

CVE: CVE-2025-6980 | Compliance: General Enterprise | Source: ZDI ↗

HIGH SEVERITY ITEMS

Dartmouth College Confirms 226GB Data Theft
Date & Time: 2025-11-26T08:09:20

Dartmouth College has confirmed a significant data breach resulting from an Oracle system hack, where cybercriminals leaked over 226 GB of stolen files. This incident highlights the persistent threat to higher education and the critical nature of third-party system security.

Business impact

A breach of this magnitude triggers mandatory regulatory reporting, potential class-action lawsuits, and severe reputational damage, particularly regarding the protection of student and faculty PII.

Recommended action

Ask the CISO to review third-party vendor access controls and ensure Oracle environments are monitored for anomalous data exfiltration activities.

CVE: n/a | Compliance: SOX | Source: SecurityWeek ↗

MEDIUM SEVERITY ITEMS

AI Cybercriminals Target Black Friday
Date & Time: 2025-11-26T07:38:59

Retailers and consumers face heightened risks this holiday season as attackers use AI to scale precision phishing, account takeovers, and payment skimming operations.

CVE: n/a | Compliance: HIPAA | Source: Security Boulevard ↗

🔵 LOW SEVERITY ITEMS

Legacy NTLM Abuse Continues in 2025
Date & Time: 2025-11-26T10:00:02

Despite its age, NTLM (New Technology LAN Manager) remains a prime target for attackers. Exploitation of this legacy protocol persists, allowing for credential theft and lateral movement within Windows environments.

CVE: n/a | Compliance: HIPAA | Source: Kaspersky SecureList ↗

OTHER NOTEWORTHY ITEMS

Unit 42 Updates on Scattered LAPSUS$ Hunters
Date & Time: 2025-11-26T11:00:30

Unit 42 has released updates regarding the cybercrime group "Scattered LAPSUS$ Hunters." The report provides new indicators and tactics to help organizations secure themselves during the holiday season.

Source: Palo Alto Networks Unit 42 ↗

EXECUTIVE INSIGHTS

Microsoft: Future of SOC is Human-AI Collaboration
Date & Time: 2025-11-25T17:00:00

Microsoft argues that the future of Security Operations Centers (SOCs) relies on autonomous AI agents working alongside human analysts to handle unprecedented scale and complexity, moving beyond simple "AI hype."

Source: Microsoft Security Blog ↗

VENDOR SPOTLIGHT

Spotlight Rationale: Palo Alto Networks is highlighted due to their direct intelligence on two key items in today's rundown: the "Underground AI models" report and the "Scattered LAPSUS$ Hunters" update.

Threat Context: Underground AI models

Platform Focus: Palo Alto Networks Cortex XDR & Unit 42 Threat Intelligence

Palo Alto Networks is actively tracking the emergence of "dark" AI models used by cybercriminals to automate attacks. Their Cortex platform leverages this Unit 42 intelligence to identify AI-generated phishing patterns and behavioral anomalies associated with groups like LAPSUS$, offering a defense against the very tools attackers are now purchasing.

Actionable Platform Guidance: Enable "Behavioral Threat Protection" in Cortex XDR profiles. specifically tuning modules to detect "credential dumping" and "evasion" techniques often used by the NetSupport RAT and LAPSUS$ actors mentioned in today's intelligence.

Source: CyberScoop ↗, Palo Alto Networks ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - Palo Alto Networks Cortex XDR

# Recommended Cortex XDR Profile Settings for RAT/LAPSUS$ Detection
# Navigate to: Endpoints > Policy Management > Prevention Profiles

Behavioral Threat Protection:
- Action: Block
- Credential Theft Protection: Enabled
- Child Process Protection: Enabled

Malware Protection:
- Treat Grayware as Malware: Enabled
- Portable Executable Analysis: Enabled

# Specific Exclusion Review:
# Ensure 'client32.exe' (NetSupport) is NOT whitelisted in global exceptions
# unless explicitly authorized for specific admin groups.

2. YARA Rule for NetSupport RAT Loader

rule NetSupport_RAT_Loader_Nov2025 {
meta:
description = "Detects NetSupport RAT repurposed loader artifacts"
author = "Threat Rundown"
date = "2025-11-26"
reference = "https://www.reddit.com/r/Malware/comments/1p70p8n/netsupport_rat_deep_dive_from_loader_to_c2_anyrun/"
severity = "high"
tlp = "white"
strings:
$s1 = "client32.exe" ascii wide
$s2 = "NetSupport Manager" ascii wide
$s3 = "PCICHECK.EXE" ascii wide
$s4 = "HTA" ascii wide
$h1 = { 50 4B 03 04 }  // ZIP header often used in the encrypted loader stage
condition:
(uint16(0) == 0x5A4D and any of ($s*)) or ($h1 and $s1)
}

3. SIEM Query — Siemens SINEC NMS SQL Injection Attempt

index=security sourcetype="web_server_logs"
uri_path="*SINEC*" OR uri_path="*getTotalAndFilterCounts*"
(http_method="POST" OR http_method="GET")
| eval risk_score=case(
match(uri_query, "(?i)(union|select|sleep|benchmark|waitfor)"), 100,
match(post_payload, "(?i)(union|select|sleep|benchmark|waitfor)"), 100,
1==1, 0)
| where risk_score >= 100
| table _time, src_ip, dest_ip, uri_path, http_user_agent, risk_score
| sort -_time

4. PowerShell Script — NetSupport Artifact Check

$computers = "localhost", "WKSTN01", "WKSTN02"
$suspiciousPaths = @(
"$env:APPDATA\NetSupport",
"$env:LOCALAPPDATA\NetSupport",
"C:\ProgramData\NetSupport"
)

foreach ($computer in $computers) {
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Write-Host "Scanning $computer for NetSupport RAT artifacts..."
foreach ($path in $suspiciousPaths) {
if (Test-Path -Path $path) {
Write-Warning "[ALERT] Suspicious NetSupport directory found at: $path on $computer"
}
}
# Check for running process
$process = Get-Process -Name "client32" -ErrorAction SilentlyContinue
if ($process) {
Write-Warning "[CRITICAL] NetSupport Client32 process running on $computer"
}
}
}

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "type": "bundle", "id": "bundle--38faa5b0-ac4c-4590-81c6-43aa14bec63d", "objects": [ { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "created": "2022-10-01T00:00:00.000Z", "definition_type": "tlp:2.0", "name": "TLP:CLEAR", "definition": { "tlp": "clear" } }, { "type": "identity", "spec_version": "2.1", "id": "identity--cfdf5fe4-b934-44a4-9330-e7076d328b6e", "created": "2025-11-26T13:41:29.579Z", "modified": "2025-11-26T13:41:29.579Z", "name": "MikeGPT Intelligence Platform", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "identity_class": "organization", "sectors": [ "technology", "defense" ], "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "report", "spec_version": "2.1", "id": "report--57da9382-2882-4f2e-a59d-cbda8c1c0d19", "created": "2025-11-26T13:41:29.579Z", "modified": "2025-11-26T13:41:29.579Z", "name": "Threat Intelligence Report - 2025-11-26", "description": "Threat Intelligence Report - 2025-11-26\n\nThis report consolidates actionable cybersecurity intelligence from 91 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• The Week in Vulnerabilities: Cyble Urges Fortinet, Microsoft Fixes (Score: 100)\n• Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025 (Score: 100)\n• Underground AI models promise to be hackers ‘cyber pentesting waifu’ (Score: 100)\n• ZDI-25-1021: Siemens SINEC NMS getTotalAndFilterCounts SQL Injection Privilege Escalation Vulnerabil (Score: 100)\n• ZDI-25-1022: Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vu (Score: 100)\n\nEXTRACTED ENTITIES:\n• 32 Attack Pattern(s)\n• 20 Domain Name(s)\n• 20 Indicator(s)\n• 2 Malware(s)\n• 1 Marking Definition(s)\n• 52 Relationship(s)\n• 6 Tool(s)\n• 4 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "published": "2025-11-26T13:41:29.579Z", "object_refs": [ "identity--cfdf5fe4-b934-44a4-9330-e7076d328b6e", "identity--fd1e3790-7e3a-48a3-8684-16f17330c96f", "tool--d11c3b68-4deb-4cd3-894e-bfba4dd9c451", "identity--947592b5-3d6c-4398-8ca6-4a013fb1e7c5", "tool--cc7845ad-a4d9-4f54-aacf-7e100c2892b1", "tool--ebe130cd-85cb-4578-9002-91914990eb3d", "identity--6841df40-efe3-4f12-aac4-ad6f2e05dc33", "identity--120bd543-dc51-460d-92cf-8063d7d942ab", "identity--fb71fbb9-5f3e-4d55-a8df-34b0b1e4f952", "identity--8fbcee23-b20d-48f8-a8a8-a518b2e9d520", "identity--1634d673-de98-4a8d-95b2-1b934d3d13bd", "identity--161fc746-cd49-4615-ab48-81a93a1b16b4", "tool--83bfa7e8-f4a9-4d1d-9d48-f3498961665e", "identity--4426dba0-b87b-41c1-958b-cc3982c992b4", "identity--c5a4a488-0f6e-4747-a3ca-c02ad0b7e598", "identity--d48d0179-a8bc-4c9e-89ef-4347fcbce1fa", "identity--4374f8b0-7844-4bff-9a66-92d49d3e0b15", "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "vulnerability--dec98ca2-78de-4286-96b6-4f0d7769f756", "identity--e2bc3d13-80db-4c60-9b33-bc1d4ba7b2bf", "identity--383b3fde-7ceb-4c55-ba9d-b89a6dc48e8e", "tool--3e7455ac-6c4a-4981-a44a-babfdbe825d5", "tool--0980934d-b5c3-47ce-92d8-4cdc8fe70fba", "identity--c4dae64f-2aa0-4a93-b21a-b92779cd5401", "identity--0bd6e3aa-74a6-4999-aa8e-39d06c04804d", "vulnerability--977ba091-227f-4ce6-9a21-6e91fd756c0d", "vulnerability--fffde8d0-50f8-4f26-b895-5c560e56c7c4", "vulnerability--d7d53bb3-ad8a-4e3c-89d4-ab53dcf48bc4", "malware--80779270-84e6-4b79-a22b-25dde2730a7c", "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "attack-pattern--88428b3c-f02f-45b8-a38a-0541b2287509", "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "attack-pattern--0ec57ff0-0257-4287-888c-8f20c7e08c6b", "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "attack-pattern--09674268-0992-4612-b535-242c63cbaed9", "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "attack-pattern--fcb3d170-b982-4921-8a85-e3d46829554e", "attack-pattern--92b3199d-f7ae-4a4b-8699-1d01a6761923", "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "relationship--041d29ef-cab5-4bf7-a9ce-a25e75ce969b", "relationship--0797df31-642d-4c93-8c67-d678997bba9e", "relationship--a5bf9db4-101b-4f73-9214-cfef4b469755", "relationship--5f328d6c-9466-4867-883b-59ffafcafcee", "relationship--bf7f6b10-91f8-416c-8dd9-fbb4ac22c6b7", "relationship--03070604-4373-46a5-a816-6dc660b9046b", "relationship--77df4b39-c8f3-415e-a16c-45a9b7f88644", "relationship--1db3103f-b1c6-4b71-b887-4baca4a24a10", "relationship--010d5d9e-3ca8-44c5-abbd-ad9279256733", "relationship--884e9ffe-bd02-4884-ac4f-394cb958598f", "relationship--3add3fac-b20e-41b9-ab0b-c47211e480c1", "relationship--6483c928-f732-41ac-96e4-4b6f27b50b4a", "relationship--343ac1aa-436d-4292-b11e-89f69572b9f1", "relationship--4dd745b0-c0c5-4bf2-b74e-6312816aba5a", "relationship--3e9f319e-6780-4c2c-8944-81b658f6d501", "relationship--f51b1149-541b-47a8-8a14-c6e8a2c99f0f", "relationship--e80989de-557e-41c0-945b-c505fcf7eef2", "relationship--c778372c-171e-47cb-9728-68c5662824e3", "relationship--88de145c-cde1-4161-984d-d6cf59d6def4", "relationship--f1e52119-cc4b-41c0-b043-6323a0fe4806", "relationship--8df30ba2-67bb-4e96-a16b-17149b326e5d", "relationship--a3b128b7-40bd-4f5a-a2cd-8fa480dbc127", "relationship--ae2f2a54-53ac-4b30-9348-5f388b6cd66e", "relationship--4dda27f6-0b88-4993-94a8-6fd0ac392d66", "relationship--baad135e-ab87-4651-803c-c805675c3b72", "relationship--c2bdc4b5-d682-4d9a-b2d5-a522d03ea21a", "relationship--e0a9cc7b-0c1b-486e-8b08-a139ffd52316", "relationship--2f25cc68-3440-4c3f-bfdd-480411c634c9", "relationship--b0cf1dc1-6a59-4d0d-8849-c40651a397de", "relationship--7e183df1-99bb-40e5-9bbd-0035a4b8e6ae", "relationship--da5ef26c-b976-4953-9691-4288f3ebed05", "relationship--2050f88d-7827-41a5-9511-ec74605d75ac", "domain-name--31173d41-c590-42f7-a0d5-5f2046e44ba0", "domain-name--aabb3bc2-105a-49ff-8fee-39650256a35b", "domain-name--2b3a30c5-cc64-470d-889e-1452e179c660", "domain-name--273c93b2-47bf-4aa0-ae19-bd68d4669404", "domain-name--b0870b84-b676-4a89-a10a-66a668371ef5", "domain-name--4f1746b0-6f2a-4d71-baf3-50ad70173f2f", "domain-name--874cd0e4-3798-4f69-917d-f2fa4472b8d7", "domain-name--062de9fd-1086-42af-b67b-2d8531c1971b", "domain-name--baa26c5c-730e-41c0-8933-5d8d2968d311", "domain-name--e363bfc6-bfdc-4c32-833f-6c6a1ee5e4e8", "domain-name--9e312ec8-e602-490a-9645-387043286f5b", "domain-name--5afbb1e1-8a01-4898-bc17-f607d961e92d", "domain-name--c5ac8aa3-f7ed-462c-b439-a0bcf36e4f9b", "domain-name--792858dc-3714-418f-a469-1e3361647d1e", "domain-name--bded3321-289e-4e9e-adf4-c1f8b6b4ed0b", "domain-name--fc76db57-47a4-462d-8bb2-2532d7bf97e7", "domain-name--84412493-88bb-41b2-95fb-a640f7d553e0", "domain-name--3ee33f10-e4a4-4d78-bd56-f205551aba6a", "domain-name--7150977f-8e89-4e06-9674-4e42ec005222", "domain-name--15943237-7819-467c-93e9-596a54d94e6b", "indicator--a7b3a33a-53ae-4dc2-bbc6-a216a54fe134", "relationship--8146a310-d63a-426e-b71a-78dea07e13a1", "indicator--8894d5fc-a1a8-43e7-84c6-01908a091c07", "relationship--179e05ce-51d7-48b1-80da-8bd27d106ce4", "indicator--835e978d-74e4-4a9c-9982-5104797c83a8", "relationship--6b6dd8a0-cf30-4b64-9967-616783970670", "indicator--e8358f0b-3ddf-4d53-913c-e463d5775a88", "relationship--bc3606ae-e1ef-4720-aeca-1ce7a983ae4b", "indicator--d119517d-5a9c-481e-aa0f-779082f9b969", "relationship--8a7b06d4-bb5a-4657-9a9f-11550bf82132", "indicator--6bf1015c-27c7-4500-8775-2ef06383f337", "relationship--15d2d9cd-19c3-4a96-ade5-579f60d29b20", "indicator--708431e7-9c3d-4eb0-936b-767cfb93e70a", "relationship--d49b588f-fa4d-4a4a-be18-891ff5b155c6", "indicator--3e239852-7e8a-4ee9-ab9b-449830c581c6", "relationship--56ce1679-ef53-4046-8fe3-aa8db66d4249", "indicator--38f1745f-9a46-48f3-bf3f-0c872c33ea2d", "relationship--374637d2-58fd-4e4b-9e03-7a23e0ae5583", "indicator--a1557577-671b-4288-9334-328bc7ba3ad5", "relationship--c23955ba-b758-46e5-a044-b7971ac069fd", "indicator--31462c40-8c9b-4ce2-9576-92e7f506dd33", "relationship--1a8974fc-133b-4efb-a9f8-fe33b6984254", "indicator--5483477a-b96d-43c1-bcea-f0641a66357f", "relationship--bf5ed28b-a679-4783-9e47-4466e5d0f362", "indicator--bd223a52-62c5-4988-8e19-f44b0faa1ac5", "relationship--07926d8f-5a02-4ff3-8fab-0b77891836a2", "indicator--eb4193f1-3274-4af7-8db0-dbd9bb32ef87", "relationship--c6158d88-ff06-45c7-b4c8-b4436f562fad", "indicator--af1d4d3a-43b1-4da6-b789-67b03ff6755d", "relationship--5db09d0d-144b-408e-8c54-837f8ac56a80", "indicator--8281f3d3-265a-4e0b-95b7-0a9b7cfa5885", "relationship--7e7360b5-b4d4-40cf-bebb-bf827a333df0", "indicator--babe2e05-716b-4fba-ae91-218145488414", "relationship--c636eedc-9de7-41a9-8bdb-3c024b261d4c", "indicator--6e9125c7-4919-45ab-a7cf-238921854b0a", "relationship--3de7f720-cca6-49fc-8605-26afd42a461e", "indicator--9691a642-1a42-4916-b35d-3cae354891f7", "relationship--bbf25541-3493-470d-8e7f-a8482ab403ff", "indicator--90560f4e-d997-4f7d-8763-d19d02d2679c", "relationship--17ac53fb-8f99-494e-bdf4-12f8fb32a95e" ], "labels": [ "threat-report", "threat-intelligence" ], "created_by_ref": "identity--cfdf5fe4-b934-44a4-9330-e7076d328b6e", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.574Z", "modified": "2025-11-26T13:41:29.574Z", "confidence": 95, "type": "identity", "id": "identity--fd1e3790-7e3a-48a3-8684-16f17330c96f", "name": "Palo Alto Networks", "identity_class": "organization", "labels": [ "identity" ], "description": "Palo Alto Networks is a cybersecurity company that provides network security solutions to prevent and detect cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.574Z", "modified": "2025-11-26T13:41:29.574Z", "confidence": 95, "type": "tool", "id": "tool--d11c3b68-4deb-4cd3-894e-bfba4dd9c451", "name": "Siemens SINEC NMS", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Siemens SINEC NMS is a network management system used for monitoring and controlling industrial automation networks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.574Z", "modified": "2025-11-26T13:41:29.574Z", "confidence": 95, "type": "identity", "id": "identity--947592b5-3d6c-4398-8ca6-4a013fb1e7c5", "name": "Deciso OPNsense", "identity_class": "unknown", "labels": [ "identity" ], "description": "Deciso OPNsense is a free and open-source firewall and network security platform.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "tool", "id": "tool--cc7845ad-a4d9-4f54-aacf-7e100c2892b1", "name": "Message Authentication Code", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Message Authentication Code (MAC) is a cryptographic technique used to verify the authenticity of a message. In the context of the provided vulnerability, a crafted manipulation of ASN.1 structures, particularly in fields such as MAC data, allows signature verification to be bypassed, potentially leading to security breaches.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "tool", "id": "tool--ebe130cd-85cb-4578-9002-91914990eb3d", "name": "Arista NG Firewall", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Arista NG Firewall is a network security and threat prevention solution that provides advanced firewall capabilities and threat detection for secure network infrastructure.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--6841df40-efe3-4f12-aac4-ad6f2e05dc33", "name": "Gainsight", "identity_class": "unknown", "labels": [ "identity" ], "description": "Gainsight is a customer success software company that provides a platform for businesses to manage customer relationships and data. In the context of the given text, Gainsight's systems were breached, leading to a potential spread of the intrusion to other third-party applications.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--120bd543-dc51-460d-92cf-8063d7d942ab", "name": "OnSolve", "identity_class": "unknown", "labels": [ "identity" ], "description": "OnSolve is a company that provides emergency notification systems used by state and local governments, police departments, and fire agencies to disseminate critical information and alerts.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--fb71fbb9-5f3e-4d55-a8df-34b0b1e4f952", "name": "Greynoise", "identity_class": "unknown", "labels": [ "identity" ], "description": "Greynoise is a cybersecurity company that provides threat intelligence and monitoring services to help detect and mitigate botnet activity.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--8fbcee23-b20d-48f8-a8a8-a518b2e9d520", "name": "Chinese Academy of Sciences", "identity_class": "organization", "labels": [ "organization" ], "description": "The Chinese Academy of Sciences is a national academy for the natural sciences of the People's Republic of China. It is the world's largest research organization, comprising many research institutes, and is a major player in the Chinese science and technology system. In the context of cybersecurity, researchers from the Chinese Academy of Sciences may be involved in various projects and studies related to IoT security, threat analysis, and incident response.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--1634d673-de98-4a8d-95b2-1b934d3d13bd", "name": "University of Chinese Academy of Sciences", "identity_class": "organization", "labels": [ "organization" ], "description": "The University of Chinese Academy of Sciences is a public research university in China, known for its strong programs in science, technology, engineering, and mathematics (STEM) fields. In the context of cybersecurity, the university has been associated with research and publications on various topics, including IoT security, as evident from the authorship of Haoqiang Wang and Yiwei Fang in the provided context.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--161fc746-cd49-4615-ab48-81a93a1b16b4", "name": "GitHub", "identity_class": "organization", "labels": [ "identity" ], "description": "GitHub is a web-based platform for version control and collaboration on software development projects, allowing users to store, manage, and share their code with others.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "tool", "id": "tool--83bfa7e8-f4a9-4d1d-9d48-f3498961665e", "name": "CodeBeautify", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "CodeBeautify is an online tool used to format and validate code, but in the context of cybersecurity, it has been found to be used by organizations in sensitive sectors to paste passwords and credentials, potentially exposing them to security risks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--4426dba0-b87b-41c1-958b-cc3982c992b4", "name": "Wibu-Systems", "identity_class": "organization", "labels": [ "identity" ], "description": "Wibu-Systems is a company that specializes in software protection and licensing solutions for intellectual property rights management.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--c5a4a488-0f6e-4747-a3ca-c02ad0b7e598", "name": "Votiro", "identity_class": "unknown", "labels": [ "identity" ], "description": "Votiro is a cybersecurity company specializing in zero-trust file security solutions that protect against zero-day threats and malicious files.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--d48d0179-a8bc-4c9e-89ef-4347fcbce1fa", "name": "Barracuda", "identity_class": "organization", "labels": [ "identity" ], "description": "Barracuda is a cybersecurity company that provides innovative solutions and AI-powered platforms to protect against cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--4374f8b0-7844-4bff-9a66-92d49d3e0b15", "name": "Crisis24", "identity_class": "unknown", "labels": [ "identity" ], "description": "Risk management company Crisis24 provides threat intelligence and risk management services to help organizations mitigate and respond to global threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "malware", "id": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "name": "Hulud malware", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "description": "Hulud malware is a specific malware family that has been associated with a significant supply chain attack, creating a large number of malicious repositories, compromised scripts, and GitHub users attacked. It is a newer iteration of the Shai-Hulud malware that was previously seen in npm repositories.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--dec98ca2-78de-4286-96b6-4f0d7769f756", "name": "CVE-2025-40755", "description": "A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570). CVSS Score: 8.8 (HIGH). EPSS: 0.0% exploitation probability", "x_cvss_score": 8.8, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.00037, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-40755", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40755" }, { "source_name": "nvd", "external_id": "CVE-2025-40755", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40755" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--e2bc3d13-80db-4c60-9b33-bc1d4ba7b2bf", "name": "Cyble Vulnerability Intelligence", "identity_class": "organization", "labels": [ "identity" ], "description": "Cyble Vulnerability Intelligence provides research and tracking of vulnerabilities to help organizations stay informed and prepared for potential security threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.575Z", "modified": "2025-11-26T13:41:29.575Z", "confidence": 95, "type": "identity", "id": "identity--383b3fde-7ceb-4c55-ba9d-b89a6dc48e8e", "name": "Apple", "identity_class": "organization", "labels": [ "identity" ], "description": "Apple is a company.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 95, "type": "tool", "id": "tool--3e7455ac-6c4a-4981-a44a-babfdbe825d5", "name": "NetSupport", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "NetSupport is a software company that provides remote support and management solutions for IT professionals to troubleshoot and manage computer systems, but it is also known for its NetSupport Manager product being used as a Remote Access Trojan (RAT) in cyber attacks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 95, "type": "tool", "id": "tool--0980934d-b5c3-47ce-92d8-4cdc8fe70fba", "name": "NetSupport Client", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "NetSupport Client is a remote desktop support software that allows IT administrators to remotely access and control computers for technical support and troubleshooting purposes.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 95, "type": "identity", "id": "identity--c4dae64f-2aa0-4a93-b21a-b92779cd5401", "name": "Acronis", "identity_class": "organization", "labels": [ "identity" ], "description": "Acronis is a cybersecurity company that provides data protection and cybersecurity solutions for individuals and businesses.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 95, "type": "identity", "id": "identity--0bd6e3aa-74a6-4999-aa8e-39d06c04804d", "name": "Huawei", "identity_class": "organization", "labels": [ "identity" ], "description": "Huawei is a multinational technology company that designs, manufactures, and sells telecommunications equipment and consumer electronics.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 65, "type": "vulnerability", "id": "vulnerability--977ba091-227f-4ce6-9a21-6e91fd756c0d", "name": "AiCloud", "description": "AiCloud is a cloud-based service developed by ASUS that allows users to access and manage their router's settings and files remotely. However, in the context of cybersecurity, AiCloud has been associated with security vulnerabilities, including a critical authentication bypass flaw that can be exploited by attackers to gain unauthorized access to affected routers.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--fffde8d0-50f8-4f26-b895-5c560e56c7c4", "name": "CVE-2025-13698", "description": "The following CVEs are assigned: CVE-2025-13698.", "x_cvss_severity": "Unknown", "x_kev_status": false, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-13698", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13698" }, { "source_name": "nvd", "external_id": "CVE-2025-13698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13698" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--d7d53bb3-ad8a-4e3c-89d4-ab53dcf48bc4", "name": "CVE-2025-50165", "description": "Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.. CVSS Score: 9.8 (CRITICAL). EPSS: 2.4% exploitation probability", "x_cvss_score": 9.8, "x_cvss_severity": "CRITICAL", "x_kev_status": false, "x_epss_score": 0.02438, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-50165", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50165" }, { "source_name": "nvd", "external_id": "CVE-2025-50165", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50165" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 95, "type": "malware", "id": "malware--80779270-84e6-4b79-a22b-25dde2730a7c", "name": "Windows Security detected a", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "description": "Windows Security detected a trojan: A type of malicious software that disguises itself as legitimate code, allowing unauthorized access to a computer system, stealing sensitive information, or causing damage.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "name": "Exploit Public-Facing Application", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1190", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "name": "Exploitation for Client Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1203", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/", "external_id": "T1203" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "name": "Abuse Elevation Control Mechanism", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" }, { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1548", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1548/", "external_id": "T1548" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "name": "Access Token Manipulation", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1134", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1134/", "external_id": "T1134" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "name": "Create or Modify System Process", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1543", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1543/", "external_id": "T1543" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "name": "Boot or Logon Autostart Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1547", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1547/", "external_id": "T1547" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "name": "Remote Services", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "lateral-movement" } ], "x_mitre_id": "T1021", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1021/", "external_id": "T1021" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "name": "Application Layer Protocol", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1071", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1071/", "external_id": "T1071" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "name": "Non-Application Layer Protocol", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1095", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1095/", "external_id": "T1095" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "name": "Spearphishing Attachment", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/001/", "external_id": "T1566.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "name": "Spearphishing Link", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/002/", "external_id": "T1566.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "name": "Spearphishing via Service", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/003/", "external_id": "T1566.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "name": "Command and Scripting Interpreter", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/", "external_id": "T1059" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "name": "Supply Chain Compromise", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/", "external_id": "T1195" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "name": "System Information Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1082", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1082/", "external_id": "T1082" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "name": "File and Directory Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1083", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1083/", "external_id": "T1083" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "name": "Process Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1057", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1057/", "external_id": "T1057" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 83, "type": "attack-pattern", "id": "attack-pattern--88428b3c-f02f-45b8-a38a-0541b2287509", "name": "LSA Secrets", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" } ], "x_mitre_id": "T1003.004", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1003/004/", "external_id": "T1003.004" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 83, "type": "attack-pattern", "id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "name": "Vulnerabilities", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/006/", "external_id": "T1588.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 81, "type": "attack-pattern", "id": "attack-pattern--0ec57ff0-0257-4287-888c-8f20c7e08c6b", "name": "Cloud Secrets Management Stores", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" } ], "x_mitre_id": "T1555.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1555/006/", "external_id": "T1555.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 78, "type": "attack-pattern", "id": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "name": "Search Threat Vendor Data", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "reconnaissance" } ], "x_mitre_id": "T1681", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1681/", "external_id": "T1681" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 72, "type": "attack-pattern", "id": "attack-pattern--09674268-0992-4612-b535-242c63cbaed9", "name": "Disable or Modify Network Device Firewall", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1562.013", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1562/013/", "external_id": "T1562.013" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 72, "type": "attack-pattern", "id": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "name": "Artificial Intelligence", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.007", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/007/", "external_id": "T1588.007" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "name": "Scheduled Task", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1053.005", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/005/", "external_id": "T1053.005" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "name": "Socket Filters", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1205.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1205/002/", "external_id": "T1205.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "name": "Malicious Shell Modification", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1156", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1156/", "external_id": "T1156" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "name": "Archive via Utility", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1560.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/", "external_id": "T1560.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "name": "Screen Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1113", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/", "external_id": "T1113" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "name": "Adversary-in-the-Middle", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/", "external_id": "T1557" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 68, "type": "attack-pattern", "id": "attack-pattern--fcb3d170-b982-4921-8a85-e3d46829554e", "name": "Disable or Modify System Firewall", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1562.004", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1562/004/", "external_id": "T1562.004" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 65, "type": "attack-pattern", "id": "attack-pattern--92b3199d-f7ae-4a4b-8699-1d01a6761923", "name": "Office Application Startup", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1137", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1137/", "external_id": "T1137" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-11-26T13:41:29.576Z", "modified": "2025-11-26T13:41:29.576Z", "confidence": 65, "type": "attack-pattern", "id": "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "name": "Threat Intel Vendors", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "reconnaissance" } ], "x_mitre_id": "T1597.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1597/001/", "external_id": "T1597.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--041d29ef-cab5-4bf7-a9ce-a25e75ce969b", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: Hulud malware and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0797df31-642d-4c93-8c67-d678997bba9e", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: Hulud malware and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a5bf9db4-101b-4f73-9214-cfef4b469755", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: Hulud malware and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5f328d6c-9466-4867-883b-59ffafcafcee", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: Hulud malware and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf7f6b10-91f8-416c-8dd9-fbb4ac22c6b7", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 55, "description": "Co-occurrence: Hulud malware and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--03070604-4373-46a5-a816-6dc660b9046b", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 55, "description": "Co-occurrence: Hulud malware and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77df4b39-c8f3-415e-a16c-45a9b7f88644", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "confidence": 55, "description": "Co-occurrence: Hulud malware and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1db3103f-b1c6-4b71-b887-4baca4a24a10", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "confidence": 55, "description": "Co-occurrence: Hulud malware and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--010d5d9e-3ca8-44c5-abbd-ad9279256733", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "confidence": 55, "description": "Co-occurrence: Hulud malware and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--884e9ffe-bd02-4884-ac4f-394cb958598f", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: Hulud malware and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3add3fac-b20e-41b9-ab0b-c47211e480c1", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: Hulud malware and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6483c928-f732-41ac-96e4-4b6f27b50b4a", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: Hulud malware and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--343ac1aa-436d-4292-b11e-89f69572b9f1", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: Hulud malware and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4dd745b0-c0c5-4bf2-b74e-6312816aba5a", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: Hulud malware and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3e9f319e-6780-4c2c-8944-81b658f6d501", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "confidence": 55, "description": "Co-occurrence: Hulud malware and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f51b1149-541b-47a8-8a14-c6e8a2c99f0f", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "confidence": 55, "description": "Co-occurrence: Hulud malware and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e80989de-557e-41c0-945b-c505fcf7eef2", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "confidence": 55, "description": "Co-occurrence: Hulud malware and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c778372c-171e-47cb-9728-68c5662824e3", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--88428b3c-f02f-45b8-a38a-0541b2287509", "confidence": 55, "description": "Co-occurrence: Hulud malware and LSA Secrets (T1003.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--88de145c-cde1-4161-984d-d6cf59d6def4", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: Hulud malware and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f1e52119-cc4b-41c0-b043-6323a0fe4806", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--0ec57ff0-0257-4287-888c-8f20c7e08c6b", "confidence": 55, "description": "Co-occurrence: Hulud malware and Cloud Secrets Management Stores (T1555.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8df30ba2-67bb-4e96-a16b-17149b326e5d", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "confidence": 55, "description": "Co-occurrence: Hulud malware and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a3b128b7-40bd-4f5a-a2cd-8fa480dbc127", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--09674268-0992-4612-b535-242c63cbaed9", "confidence": 55, "description": "Co-occurrence: Hulud malware and Disable or Modify Network Device Firewall (T1562.013) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ae2f2a54-53ac-4b30-9348-5f388b6cd66e", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 55, "description": "Co-occurrence: Hulud malware and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4dda27f6-0b88-4993-94a8-6fd0ac392d66", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: Hulud malware and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--baad135e-ab87-4651-803c-c805675c3b72", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 55, "description": "Co-occurrence: Hulud malware and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c2bdc4b5-d682-4d9a-b2d5-a522d03ea21a", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 55, "description": "Co-occurrence: Hulud malware and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e0a9cc7b-0c1b-486e-8b08-a139ffd52316", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: Hulud malware and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2f25cc68-3440-4c3f-bfdd-480411c634c9", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: Hulud malware and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0cf1dc1-6a59-4d0d-8849-c40651a397de", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: Hulud malware and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7e183df1-99bb-40e5-9bbd-0035a4b8e6ae", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--fcb3d170-b982-4921-8a85-e3d46829554e", "confidence": 55, "description": "Co-occurrence: Hulud malware and Disable or Modify System Firewall (T1562.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--da5ef26c-b976-4953-9691-4288f3ebed05", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--92b3199d-f7ae-4a4b-8699-1d01a6761923", "confidence": 55, "description": "Co-occurrence: Hulud malware and Office Application Startup (T1137) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2050f88d-7827-41a5-9511-ec74605d75ac", "created": "2025-11-26T13:41:29.577Z", "modified": "2025-11-26T13:41:29.577Z", "relationship_type": "uses", "source_ref": "malware--ebde7b19-811a-4afb-ae2f-14e25fd84a5a", "target_ref": "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "confidence": 55, "description": "Co-occurrence: Hulud malware and Threat Intel Vendors (T1597.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "domain-name", "value": "0-co.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--31173d41-c590-42f7-a0d5-5f2046e44ba0" }, { "type": "domain-name", "value": "00008356.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--aabb3bc2-105a-49ff-8fee-39650256a35b" }, { "type": "domain-name", "value": "000q88.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--2b3a30c5-cc64-470d-889e-1452e179c660" }, { "type": "domain-name", "value": "0011718.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--273c93b2-47bf-4aa0-ae19-bd68d4669404" }, { "type": "domain-name", "value": "0013zr.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--b0870b84-b676-4a89-a10a-66a668371ef5" }, { "type": "domain-name", "value": "00164791.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--4f1746b0-6f2a-4d71-baf3-50ad70173f2f" }, { "type": "domain-name", "value": "001stage.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--874cd0e4-3798-4f69-917d-f2fa4472b8d7" }, { "type": "domain-name", "value": "002284.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--062de9fd-1086-42af-b67b-2d8531c1971b" }, { "type": "domain-name", "value": "002slov.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--baa26c5c-730e-41c0-8933-5d8d2968d311" }, { "type": "domain-name", "value": "003608.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--e363bfc6-bfdc-4c32-833f-6c6a1ee5e4e8" }, { "type": "domain-name", "value": "003890.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--9e312ec8-e602-490a-9645-387043286f5b" }, { "type": "domain-name", "value": "003d.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--5afbb1e1-8a01-4898-bc17-f607d961e92d" }, { "type": "domain-name", "value": "00451173.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--c5ac8aa3-f7ed-462c-b439-a0bcf36e4f9b" }, { "type": "domain-name", "value": "0051hg.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--792858dc-3714-418f-a469-1e3361647d1e" }, { "type": "domain-name", "value": "0053hg.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--bded3321-289e-4e9e-adf4-c1f8b6b4ed0b" }, { "type": "domain-name", "value": "0055533.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--fc76db57-47a4-462d-8bb2-2532d7bf97e7" }, { "type": "domain-name", "value": "0055544.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--84412493-88bb-41b2-95fb-a640f7d553e0" }, { "type": "domain-name", "value": "00624510.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--3ee33f10-e4a4-4d78-bd56-f205551aba6a" }, { "type": "domain-name", "value": "0062hg.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--7150977f-8e89-4e06-9674-4e42ec005222" }, { "type": "domain-name", "value": "0067hg.com", "source": "OTX", "malware_family": "Hulud malware", "pulse_name": "new .COM domains for 2024-09-12", "id": "domain-name--15943237-7819-467c-93e9-596a54d94e6b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a7b3a33a-53ae-4dc2-bbc6-a216a54fe134", "created": "2025-11-26T13:41:00.529Z", "modified": "2025-11-26T13:41:00.529Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0-co.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.529Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8146a310-d63a-426e-b71a-78dea07e13a1", "created": "2025-11-26T13:41:00.529Z", "modified": "2025-11-26T13:41:00.529Z", "relationship_type": "based-on", "source_ref": "indicator--a7b3a33a-53ae-4dc2-bbc6-a216a54fe134", "target_ref": "domain-name--31173d41-c590-42f7-a0d5-5f2046e44ba0" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8894d5fc-a1a8-43e7-84c6-01908a091c07", "created": "2025-11-26T13:41:00.537Z", "modified": "2025-11-26T13:41:00.537Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '00008356.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.537Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--179e05ce-51d7-48b1-80da-8bd27d106ce4", "created": "2025-11-26T13:41:00.537Z", "modified": "2025-11-26T13:41:00.537Z", "relationship_type": "based-on", "source_ref": "indicator--8894d5fc-a1a8-43e7-84c6-01908a091c07", "target_ref": "domain-name--aabb3bc2-105a-49ff-8fee-39650256a35b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--835e978d-74e4-4a9c-9982-5104797c83a8", "created": "2025-11-26T13:41:00.546Z", "modified": "2025-11-26T13:41:00.546Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '000q88.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.546Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6b6dd8a0-cf30-4b64-9967-616783970670", "created": "2025-11-26T13:41:00.546Z", "modified": "2025-11-26T13:41:00.546Z", "relationship_type": "based-on", "source_ref": "indicator--835e978d-74e4-4a9c-9982-5104797c83a8", "target_ref": "domain-name--2b3a30c5-cc64-470d-889e-1452e179c660" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e8358f0b-3ddf-4d53-913c-e463d5775a88", "created": "2025-11-26T13:41:00.554Z", "modified": "2025-11-26T13:41:00.554Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0011718.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.554Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bc3606ae-e1ef-4720-aeca-1ce7a983ae4b", "created": "2025-11-26T13:41:00.554Z", "modified": "2025-11-26T13:41:00.554Z", "relationship_type": "based-on", "source_ref": "indicator--e8358f0b-3ddf-4d53-913c-e463d5775a88", "target_ref": "domain-name--273c93b2-47bf-4aa0-ae19-bd68d4669404" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d119517d-5a9c-481e-aa0f-779082f9b969", "created": "2025-11-26T13:41:00.562Z", "modified": "2025-11-26T13:41:00.563Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0013zr.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.563Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a7b06d4-bb5a-4657-9a9f-11550bf82132", "created": "2025-11-26T13:41:00.563Z", "modified": "2025-11-26T13:41:00.563Z", "relationship_type": "based-on", "source_ref": "indicator--d119517d-5a9c-481e-aa0f-779082f9b969", "target_ref": "domain-name--b0870b84-b676-4a89-a10a-66a668371ef5" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6bf1015c-27c7-4500-8775-2ef06383f337", "created": "2025-11-26T13:41:00.571Z", "modified": "2025-11-26T13:41:00.571Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '00164791.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.571Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--15d2d9cd-19c3-4a96-ade5-579f60d29b20", "created": "2025-11-26T13:41:00.571Z", "modified": "2025-11-26T13:41:00.571Z", "relationship_type": "based-on", "source_ref": "indicator--6bf1015c-27c7-4500-8775-2ef06383f337", "target_ref": "domain-name--4f1746b0-6f2a-4d71-baf3-50ad70173f2f" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--708431e7-9c3d-4eb0-936b-767cfb93e70a", "created": "2025-11-26T13:41:00.579Z", "modified": "2025-11-26T13:41:00.579Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '001stage.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.579Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d49b588f-fa4d-4a4a-be18-891ff5b155c6", "created": "2025-11-26T13:41:00.579Z", "modified": "2025-11-26T13:41:00.579Z", "relationship_type": "based-on", "source_ref": "indicator--708431e7-9c3d-4eb0-936b-767cfb93e70a", "target_ref": "domain-name--874cd0e4-3798-4f69-917d-f2fa4472b8d7" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e239852-7e8a-4ee9-ab9b-449830c581c6", "created": "2025-11-26T13:41:00.588Z", "modified": "2025-11-26T13:41:00.588Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '002284.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.588Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--56ce1679-ef53-4046-8fe3-aa8db66d4249", "created": "2025-11-26T13:41:00.588Z", "modified": "2025-11-26T13:41:00.588Z", "relationship_type": "based-on", "source_ref": "indicator--3e239852-7e8a-4ee9-ab9b-449830c581c6", "target_ref": "domain-name--062de9fd-1086-42af-b67b-2d8531c1971b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--38f1745f-9a46-48f3-bf3f-0c872c33ea2d", "created": "2025-11-26T13:41:00.596Z", "modified": "2025-11-26T13:41:00.596Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '002slov.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.596Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--374637d2-58fd-4e4b-9e03-7a23e0ae5583", "created": "2025-11-26T13:41:00.596Z", "modified": "2025-11-26T13:41:00.596Z", "relationship_type": "based-on", "source_ref": "indicator--38f1745f-9a46-48f3-bf3f-0c872c33ea2d", "target_ref": "domain-name--baa26c5c-730e-41c0-8933-5d8d2968d311" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1557577-671b-4288-9334-328bc7ba3ad5", "created": "2025-11-26T13:41:00.606Z", "modified": "2025-11-26T13:41:00.606Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '003608.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.606Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c23955ba-b758-46e5-a044-b7971ac069fd", "created": "2025-11-26T13:41:00.606Z", "modified": "2025-11-26T13:41:00.606Z", "relationship_type": "based-on", "source_ref": "indicator--a1557577-671b-4288-9334-328bc7ba3ad5", "target_ref": "domain-name--e363bfc6-bfdc-4c32-833f-6c6a1ee5e4e8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--31462c40-8c9b-4ce2-9576-92e7f506dd33", "created": "2025-11-26T13:41:00.616Z", "modified": "2025-11-26T13:41:00.616Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '003890.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.616Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1a8974fc-133b-4efb-a9f8-fe33b6984254", "created": "2025-11-26T13:41:00.616Z", "modified": "2025-11-26T13:41:00.616Z", "relationship_type": "based-on", "source_ref": "indicator--31462c40-8c9b-4ce2-9576-92e7f506dd33", "target_ref": "domain-name--9e312ec8-e602-490a-9645-387043286f5b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5483477a-b96d-43c1-bcea-f0641a66357f", "created": "2025-11-26T13:41:00.626Z", "modified": "2025-11-26T13:41:00.626Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '003d.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.626Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf5ed28b-a679-4783-9e47-4466e5d0f362", "created": "2025-11-26T13:41:00.626Z", "modified": "2025-11-26T13:41:00.626Z", "relationship_type": "based-on", "source_ref": "indicator--5483477a-b96d-43c1-bcea-f0641a66357f", "target_ref": "domain-name--5afbb1e1-8a01-4898-bc17-f607d961e92d" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bd223a52-62c5-4988-8e19-f44b0faa1ac5", "created": "2025-11-26T13:41:00.637Z", "modified": "2025-11-26T13:41:00.637Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '00451173.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.637Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--07926d8f-5a02-4ff3-8fab-0b77891836a2", "created": "2025-11-26T13:41:00.637Z", "modified": "2025-11-26T13:41:00.637Z", "relationship_type": "based-on", "source_ref": "indicator--bd223a52-62c5-4988-8e19-f44b0faa1ac5", "target_ref": "domain-name--c5ac8aa3-f7ed-462c-b439-a0bcf36e4f9b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb4193f1-3274-4af7-8db0-dbd9bb32ef87", "created": "2025-11-26T13:41:00.647Z", "modified": "2025-11-26T13:41:00.647Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0051hg.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.647Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c6158d88-ff06-45c7-b4c8-b4436f562fad", "created": "2025-11-26T13:41:00.647Z", "modified": "2025-11-26T13:41:00.647Z", "relationship_type": "based-on", "source_ref": "indicator--eb4193f1-3274-4af7-8db0-dbd9bb32ef87", "target_ref": "domain-name--792858dc-3714-418f-a469-1e3361647d1e" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af1d4d3a-43b1-4da6-b789-67b03ff6755d", "created": "2025-11-26T13:41:00.660Z", "modified": "2025-11-26T13:41:00.660Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0053hg.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.660Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5db09d0d-144b-408e-8c54-837f8ac56a80", "created": "2025-11-26T13:41:00.660Z", "modified": "2025-11-26T13:41:00.660Z", "relationship_type": "based-on", "source_ref": "indicator--af1d4d3a-43b1-4da6-b789-67b03ff6755d", "target_ref": "domain-name--bded3321-289e-4e9e-adf4-c1f8b6b4ed0b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8281f3d3-265a-4e0b-95b7-0a9b7cfa5885", "created": "2025-11-26T13:41:00.672Z", "modified": "2025-11-26T13:41:00.672Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0055533.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.672Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7e7360b5-b4d4-40cf-bebb-bf827a333df0", "created": "2025-11-26T13:41:00.672Z", "modified": "2025-11-26T13:41:00.672Z", "relationship_type": "based-on", "source_ref": "indicator--8281f3d3-265a-4e0b-95b7-0a9b7cfa5885", "target_ref": "domain-name--fc76db57-47a4-462d-8bb2-2532d7bf97e7" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--babe2e05-716b-4fba-ae91-218145488414", "created": "2025-11-26T13:41:00.682Z", "modified": "2025-11-26T13:41:00.682Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0055544.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.682Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c636eedc-9de7-41a9-8bdb-3c024b261d4c", "created": "2025-11-26T13:41:00.682Z", "modified": "2025-11-26T13:41:00.682Z", "relationship_type": "based-on", "source_ref": "indicator--babe2e05-716b-4fba-ae91-218145488414", "target_ref": "domain-name--84412493-88bb-41b2-95fb-a640f7d553e0" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e9125c7-4919-45ab-a7cf-238921854b0a", "created": "2025-11-26T13:41:00.690Z", "modified": "2025-11-26T13:41:00.690Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '00624510.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.690Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3de7f720-cca6-49fc-8605-26afd42a461e", "created": "2025-11-26T13:41:00.690Z", "modified": "2025-11-26T13:41:00.690Z", "relationship_type": "based-on", "source_ref": "indicator--6e9125c7-4919-45ab-a7cf-238921854b0a", "target_ref": "domain-name--3ee33f10-e4a4-4d78-bd56-f205551aba6a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9691a642-1a42-4916-b35d-3cae354891f7", "created": "2025-11-26T13:41:00.699Z", "modified": "2025-11-26T13:41:00.699Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0062hg.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.699Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bbf25541-3493-470d-8e7f-a8482ab403ff", "created": "2025-11-26T13:41:00.699Z", "modified": "2025-11-26T13:41:00.699Z", "relationship_type": "based-on", "source_ref": "indicator--9691a642-1a42-4916-b35d-3cae354891f7", "target_ref": "domain-name--7150977f-8e89-4e06-9674-4e42ec005222" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90560f4e-d997-4f7d-8763-d19d02d2679c", "created": "2025-11-26T13:41:00.709Z", "modified": "2025-11-26T13:41:00.709Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0067hg.com']", "pattern_type": "stix", "valid_from": "2025-11-26T13:41:00.709Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--17ac53fb-8f99-494e-bdf4-12f8fb32a95e", "created": "2025-11-26T13:41:00.709Z", "modified": "2025-11-26T13:41:00.709Z", "relationship_type": "based-on", "source_ref": "indicator--90560f4e-d997-4f7d-8763-d19d02d2679c", "target_ref": "domain-name--15943237-7819-467c-93e9-596a54d94e6b" } ] }

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

Industry Watch

CyberSecurity Latest Rundown

CRITICAL ITEMS

HIGH SEVERITY ITEMS

MEDIUM SEVERITY ITEMS

🔵 LOW SEVERITY ITEMS

OTHER NOTEWORTHY ITEMS

EXECUTIVE INSIGHTS

VENDOR SPOTLIGHT

DETECTION & RESPONSE KIT

Cookie Notice

STIX 2.1 Threat Intelligence Bundle

If you like MikeGPT CyberSecurity Newsletter, spread the word.