Cybersecurity Latest Rundown

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

SOX: 18 HIPAA: 3 FISMA: 2 NYDFS: 1 PCI DSS: 1

Industry Watch

General Enterprise (General Enterprise) QUIET

Below average activity (0.6x baseline)

Key threat: React Server Components RCE (CVE-2025-55182)

Action: Review React/Next.js RCE, Patch Windows CVE-2025-9491, Mitigate AISURU DDoS

EU Critical Infrastructure (NIS2) QUIET

Below average activity (0.5x baseline)

Key threat: Nation-state gambling espionage network

Action: Block known fraudulent gambling domains

U.S. Federal Agencies (FISMA) QUIET

Below average activity (0.6x baseline)

Key threat: Windows Interface Evasion (CVE-2025-9491)

Action: Audit Windows endpoints for hidden command artifacts

Healthcare (HIPAA) QUIET

Below average activity (0.4x baseline)

Key threat: M365 Credential Phishing Campaigns

Action: Enforce phishing-resistant MFA for staff

EU Organizations (GDPR) QUIET

Below average activity (0.5x baseline)

Key threat: Coupang Data Breach (33.7M records)

Action: Review data retention policies and access logs

CyberSecurity Latest Rundown

Heroes, a curated look at the current cybersecurity landscape for December 4, 2025.

CRITICAL ITEMS

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
Date & Time: 2025-12-03T18:19:00

A maximum-severity vulnerability (CVSS 10.0) in React Server Components (RSC) allows unauthenticated attackers to execute arbitrary code remotely. This affects a massive portion of the modern web infrastructure using Next.js and React.

Business impact

If exploited, attackers gain full control over web servers without needing a password—expect total data compromise, immediate service downtime, and significant remediation costs.

Recommended action

Ask your IT team: "Are we running React or Next.js in our environment, and have we applied the patch for CVE-2025-55182 immediately?"

CVE: CVE-2025-55182 | Compliance: SOX | Source: The Hacker News ↗, Ars Technica ↗
Critical flaw in WordPress add-on for Elementor exploited in attacks
Date & Time: 2025-12-03T21:31:20

Attackers are actively exploiting a critical vulnerability in the 'King Addons for Elementor' WordPress plugin to gain administrative privileges during user registration. This allows complete site takeover.

Business impact

If exploited, your corporate website could be defaced, used to host malware, or completely deleted—resulting in severe brand damage and loss of customer trust.

Recommended action

Ask your Web Admin: "Do we use the King Addons for Elementor plugin, and if so, have we updated it to the latest version to block this active attack?"

CVE: CVE-2025-8489 | Compliance: FISMA | Source: BleepingComputer ↗
Microsoft Silently Fixes 8-Year Windows Security Flaw
Date & Time: 2025-12-04T10:16:03

Microsoft has patched a vulnerability present for eight years that allowed attackers to hide malicious commands from the standard Windows interface, making detection by users and some tools difficult.

Business impact

If exploited, malware could persist on employee laptops undetected for years, leading to long-term data theft and espionage without triggering standard alerts.

Recommended action

Ask your IT Security team: "Have we deployed the latest Windows updates to all endpoints to close the 8-year interface vulnerability?"

CVE: CVE-2025-9491 | Compliance: SOX | Source: TechRepublic ↗

HIGH SEVERITY ITEMS

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet
Date & Time: 2025-12-04T06:52:00

Cloudflare mitigated the largest recorded DDoS attack at 29.7 Tbps, launched by the AISURU botnet which controls up to 4 million infected hosts. This represents a significant escalation in volumetric attack capabilities.

Business impact

An attack of this magnitude would instantly overwhelm standard firewalls and ISP connections, causing total digital blackout for customer-facing services.

Recommended action

Ask your Network team: "Is our DDoS mitigation provider capable of handling volumetric attacks exceeding 20 Tbps, and are our failover systems tested?"

CVE: n/a | Compliance: SOX | Source: The Hacker News ↗
GoldFactory Hits Southeast Asia with Modified Banking Apps
Date & Time: 2025-12-04T09:27:00

The GoldFactory cybercrime group is distributing modified banking malware disguised as government service apps in Indonesia, Thailand, and Vietnam. The malware steals credentials and financial data.

Business impact

Employees in affected regions using company devices for personal banking could compromise corporate mobile fleets, leading to financial fraud and potential lateral movement.

Recommended action

Ask your Mobile Security team: "Do we block the installation of unverified apps (sideloading) on all corporate mobile devices?"

CVE: n/a | Compliance: NYDFS | Source: The Hacker News ↗
University of Pennsylvania and University of Phoenix disclose data breaches
Date & Time: 2025-12-03T19:17:49

Two major universities confirmed breaches stemming from a campaign targeting Oracle E-Business Suite. This highlights a specific focus by attackers on Oracle ERP vulnerabilities.

Business impact

Organizations running Oracle E-Business Suite are under active threat; a breach could result in the theft of HR and financial data, leading to regulatory fines and class-action lawsuits.

Recommended action

Ask your ERP Admin: "Have we audited our Oracle E-Business Suite for recent vulnerabilities and unauthorized access logs in the last 24 hours?"

CVE: n/a | Compliance: SOX | Source: Security Affairs ↗
Personal Information of 33.7 Million Stolen From Coupang
Date & Time: 2025-12-03T15:40:03

South Korean e-commerce giant Coupang disclosed a massive breach affecting 33.7 million customers. The attackers had access for five months before detection.

Business impact

The extended dwell time (5 months) indicates a failure in detection capabilities, likely resulting in maximum regulatory penalties and severe reputational degradation.

Recommended action

Ask your SOC Manager: "Do we have long-term log retention and behavioral analysis in place to detect slow-moving data exfiltration?"

CVE: n/a | Compliance: SOX | Source: AboutDFIR ↗
Fraudulent gambling network may be a nation-state spying operation
Date & Time: 2025-12-03T17:23:26

A 14-year-old network of fraudulent gambling sites is likely a front for a nation-state espionage group targeting government and private industry in the US and Europe.

Business impact

Employees accessing these sites on corporate devices may unknowingly install spyware, granting nation-state actors access to proprietary business secrets.

Recommended action

Ask your Security team: "Are all gambling-related categories strictly blocked on our web gateway and DNS filters?"

CVE: n/a | Compliance: GDPR | Source: Ars Technica ↗
Multi-Stage Phishing Campaign Evades Security to Steal Microsoft 365 Credentials
Date & Time: 2025-12-04T13:00:02

A sophisticated phishing operation active since November 2025 is using multi-stage tactics to bypass standard email filters and steal Microsoft 365 login tokens.

Business impact

Compromised M365 accounts often lead to Business Email Compromise (BEC) fraud, where attackers redirect invoice payments to their own accounts.

Recommended action

Ask your IT team: "Do we have conditional access policies that block M365 logins from suspicious geolocations or unmanaged devices?"

CVE: n/a | Compliance: HIPAA | Source: KnowBe4 ↗

EXECUTIVE INSIGHTS

Spy vs. spy: How GenAI is powering defenders and attackers
Date & Time: 2025-12-04T11:00:41

Cisco Talos reports that while state-sponsored groups are leveraging Generative AI to accelerate attack development, defenders are simultaneously using it to enhance detection. The "AI arms race" is now a tangible operational reality.

Source: Cisco Talos ↗
5 Threats That Reshaped Web Security This Year 2025
Date & Time: 2025-12-04T11:30:00

A retrospective on 2025 highlights that traditional web security playbooks are obsolete due to AI-powered attacks and supply chain compromises. A fundamental rethink of web defense architecture is required for 2026.

Source: The Hacker News ↗
CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap
Date & Time: 2025-12-04T07:21:39

New data reveals 90% of Non-Executive Directors lack confidence in the business value of cybersecurity investments. CISOs must pivot from reporting technical metrics to demonstrating risk reduction and business enablement.

Source: Security Boulevard ↗

VENDOR SPOTLIGHT

Spotlight Rationale: Selected due to the record-breaking 29.7 Tbps DDoS attack by the AISURU botnet reported today.

Threat Context: Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet

Platform Focus: Cloudflare DDoS Protection & WAF

Cloudflare successfully detected and mitigated the largest DDoS attack in history (29.7 Tbps) originating from the AISURU botnet. Their global anycast network absorbs volumetric attacks at the edge, preventing them from reaching origin servers. This capability is critical as botnets scale to sizes that traditional on-premise hardware cannot handle.

Actionable Platform Guidance: Ensure "Under Attack Mode" is configured for rapid deployment. Review Rate Limiting rules to detect patterns matching the AISURU botnet (high-volume requests from infected IoT subnets). Verify that origin server IP addresses are not exposed directly to the internet to prevent bypass of the Cloudflare shield.

Source: The Hacker News ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - Cloudflare

# Cloudflare API / Terraform Configuration Concept for High Volumetric Attack Mitigation
# Based on AISURU Botnet mitigation guidance

resource "cloudflare_rate_limit" "aisuru_mitigation" {
zone_id = ""
threshold = 1000  # Adjust based on baseline traffic
period = 60
match {
request {
url_pattern = "*"
schemes = ["_ALL_"]
methods = ["_ALL_"]
}
response {
statuses = [200, 201, 202, 301, 404]
origin_traffic = false
}
}
action {
mode = "challenge"  # Prefer Managed Challenge over Block for initial filtering
timeout = 86400     # 24 hour timeout for offending IPs
}
description = "Mitigation rule for high-rate volumetric attacks similar to AISURU"
}

2. YARA Rule for WordPress King Addons Exploitation

rule WordPress_KingAddons_Plugin_Detection {
meta:
description = "Detects presence of King Addons for Elementor plugin files which may be vulnerable to CVE-2025-8489"
author = "Threat Rundown"
date = "2025-12-04"
reference = "https://nvd.nist.gov/vuln/detail/CVE-2025-8489"
severity = "high"
tlp = "white"
strings:
$path = "/wp-content/plugins/king-addons-for-elementor/" ascii wide
$header = "King Addons for Elementor" ascii wide
$vuln_func = "register_user" ascii wide  // Contextual indicator of registration flow
condition:
any of ($path, $header) and $vuln_func
}

3. SIEM Query — M365 Suspicious Login (Phishing Correlation)

index=security sourcetype="o365:management:activity"
Workload=AzureActiveDirectory Operation=UserLoggedIn
| eval risk_score=case(
LogonError=="UserAccountNotFound", 10,
match(UserAgent, "(?i)(curl|wget|python|powershell)"), 80,
isnotnull(RiskLevel) AND RiskLevel!="hidden", 90,
1==1, 0)
| stats count max(risk_score) as max_risk values(UserAgent) as agents values(ClientIP) as ips by UserId, _time
| where max_risk >= 50
| table _time, UserId, ips, agents, max_risk
| sort -_time

4. PowerShell Script — Check Windows Update Status (CVE-2025-9491)

$computers = "localhost", "SERVER01", "WKSTN01"
foreach ($computer in $computers) {
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Write-Host "Checking $computer for recent updates (CVE-2025-9491 mitigation)..."
Invoke-Command -ComputerName $computer -ScriptBlock {
# Check for updates installed in the last 30 days
$recentUpdates = Get-HotFix | Where-Object { $_.InstalledOn -gt (Get-Date).AddDays(-30) }
if ($recentUpdates) {
Write-Host "Recent updates found: $($recentUpdates.HotFixID)" -ForegroundColor Green
} else {
Write-Host "WARNING: No updates installed in the last 30 days. System may be vulnerable." -ForegroundColor Red
}
}
}
}

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "type": "bundle", "id": "bundle--473b5b76-b3e1-4e35-bf0f-b3de31178f73", "objects": [ { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "created": "2022-10-01T00:00:00.000Z", "definition_type": "tlp:2.0", "name": "TLP:CLEAR", "definition": { "tlp": "clear" } }, { "type": "identity", "spec_version": "2.1", "id": "identity--28276218-53fb-4cfb-a4e8-5041f51f5123", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "name": "MikeGPT Intelligence Platform", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "identity_class": "organization", "sectors": [ "technology", "defense" ], "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "report", "spec_version": "2.1", "id": "report--7832ddbc-6800-4c65-abce-c6abccfd9b22", "created": "2025-12-04T13:59:33.647Z", "modified": "2025-12-04T13:59:33.647Z", "name": "Threat Intelligence Report - 2025-12-04", "description": "Threat Intelligence Report - 2025-12-04\n\nThis report consolidates actionable cybersecurity intelligence from 78 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• Microsoft Silently Fixes 8-Year Windows Security Flaw (Score: 100)\n• Critical flaw in WordPress add-on for Elementor exploited in attacks (Score: 100)\n• Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution (Score: 100)\n• WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts (Score: 100)\n• Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation (Score: 100)\n\nEXTRACTED ENTITIES:\n• 27 Attack Pattern(s)\n• 7 File:Hashes.Md5(s)\n• 6 File:Hashes.Sha 1(s)\n• 7 File:Hashes.Sha 256(s)\n• 1 Location(s)\n• 2 Malware(s)\n• 1 Marking Definition(s)\n• 56 Relationship(s)\n• 1 Threat Actor(s)\n• 4 Tool(s)\n• 4 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "published": "2025-12-04T13:59:33.647Z", "object_refs": [ "identity--28276218-53fb-4cfb-a4e8-5041f51f5123", "tool--fd368e1e-5ddb-4355-8645-02012f1fb7d1", "identity--58e712bb-1d06-44ac-9240-0adca25c19c3", "identity--ae4d5f46-29c5-40ae-842b-378abf057c12", "tool--95bd9e19-9c60-4704-8b8d-38e554044644", "identity--37dc1158-1022-431f-8013-9b80ea54da43", "identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396", "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "identity--a46e663a-8e9f-4dbd-b12b-8e7de5526190", "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "identity--9cdea25f-1e87-4a1e-a12b-7eb87bb37d6a", "vulnerability--d120674b-28d8-498b-a0cf-08259e5dbf3f", "vulnerability--a73d9996-7a68-4cfd-a033-db70e8d19202", "vulnerability--09cfd756-732a-426d-8c11-8d9ddb3e9e05", "identity--816347fa-b500-49e8-9ef5-236fdf9cc060", "location--076c4663-ca05-4ec8-ba0e-0275d3f1409e", "identity--5ccdf7bc-6dc4-4348-ac05-2f7e1ccfb271", "tool--85cfeddc-39b1-4015-9326-f570b64256c8", "identity--d9d05144-eca9-4087-96b7-9191f59f0456", "identity--bd559890-8096-4618-a4e3-d7248ef49afe", "identity--0186ae1b-86aa-44d7-b12e-8dd8db99009b", "identity--8f8c32bf-34c4-4414-9d1d-5390cc4eb2a3", "vulnerability--e92782a1-cd35-4f55-adc0-656bf84de141", "tool--5e779283-eac8-4df9-8dda-1f9611d5f244", "malware--b85d92c4-da25-4fe1-81c3-526639af3a43", "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "attack-pattern--f1669470-d352-4943-bd4a-70c7740b6d39", "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "attack-pattern--624fa034-c944-4489-a990-1f1111e2e237", "attack-pattern--21d89a99-5a37-4e50-86cf-7a292fac5a60", "attack-pattern--80699ba5-409d-4de2-be13-f6bb5ce88584", "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "attack-pattern--775a5581-fd79-4cfc-a505-6d409b3bbfba", "attack-pattern--172f3845-7870-4c1c-80bd-251e10ce9f1e", "attack-pattern--d0394986-33f8-44f3-8050-da1e0be05638", "attack-pattern--bb8e93cc-5495-417b-9b6c-2c104b2930e9", "attack-pattern--239957f5-5ae1-4977-a451-144fae4a6361", "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "relationship--5f63713e-e588-49d1-bd18-71972573f3f7", "relationship--d68473c7-7709-4e8a-a800-534bc1fd59db", "relationship--6393b2e4-57da-44c5-90cf-1ae4bec9a7da", "relationship--bf9e9b88-b71c-471e-ac2f-f8ed5db8eead", "relationship--4d7f7a66-8a3d-4a97-9bd7-c7994a5fad9a", "relationship--a26085b3-a346-4b64-be78-247b4169b6a3", "relationship--72d38dbc-7be5-4a48-bb45-ed724414cfcb", "relationship--4e60f818-8690-4174-a36f-54694029e6af", "relationship--48f717c7-b50e-435b-bb5a-bfa632f182f4", "relationship--f3eecb19-4e10-480d-8595-9171f455d8e4", "relationship--096e2ce9-e72f-47da-807e-437127a20c4c", "relationship--87c870db-320d-4f1f-9d1b-50398cfae4b4", "relationship--cc4a238c-abf4-41bf-acb2-1b037dc861a3", "relationship--be59b89e-d80a-4455-974f-c70b68296984", "relationship--be923154-4288-480d-a095-6161b4beb230", "relationship--718870fb-2436-4367-b5e1-7f1ca1e16514", "relationship--ef843c78-14de-42f1-bd8d-b1964121b31f", "relationship--2bba20ed-c824-451e-8dc5-e5ea7fafc9ab", "relationship--26abeea7-2949-4819-8041-10c7f26bfb19", "relationship--d1c65dba-c9f8-4fb9-baaf-fda0b2f64845", "relationship--62c0ec0f-8770-4f1a-b357-ef43d9823afa", "relationship--9ed0f111-7095-4327-8702-fee7fccae821", "relationship--49a4b89f-21de-4ebe-85c3-628b2122cfdf", "relationship--3c895ea0-037d-4b78-9dd3-ba53c52f35e0", "relationship--916ec2d1-e199-4861-8a64-8c96ed28894e", "relationship--30bc0eeb-8d73-4286-bbe7-c51105fa935c", "relationship--660db4bc-682d-4962-9af2-1b5b78adb8b4", "relationship--bdfadd71-571e-4e10-9e7a-99a487be0bb4", "relationship--363c6285-804c-4607-82e6-f5950aa0dd6d", "relationship--87039028-ed8a-448a-bab8-d9c477bb490f", "relationship--161645c4-46c8-4cdb-9f4a-5e54ee52c557", "relationship--abd9b5b7-8e09-46e4-ba27-6a099fd94452", "relationship--928cf822-cf3e-408e-af09-9ca095eb4b6d", "relationship--343aa2fc-bf91-4daf-862d-c8e6c0106ddf", "relationship--a7de1ca0-b002-42b8-bdc4-c00d0cfdd421", "relationship--d6e57f1c-d4d0-45f6-bdcb-44e30d033ea6", "relationship--a4089d44-478b-49a2-bac6-23843f091f8e", "relationship--18a8df2d-dbbe-4d69-9947-94952a2f385c", "relationship--dd384347-62d1-491e-8bd0-330d1f1ed66b", "relationship--e9273d0e-91b6-4a1e-b88d-98abe92e543c", "relationship--4a6bf9f4-0e42-4103-9c6b-3ff0755a0bc1", "relationship--6accac75-8671-4f36-9da7-398cb42024a1", "relationship--c350d565-cc7c-4bab-b76d-f0a410bee8fb", "relationship--438bd1e0-e49a-49a2-9e63-badf59eed842", "relationship--4db81325-7a0e-4449-a904-0559f16fa08b", "relationship--bba6d1aa-9bbc-4c66-acc5-5d46f3d4f309", "relationship--e4efeb58-40d4-4a99-956d-88b662916762", "relationship--6447e98d-dcec-46d2-a38c-9bd7cd39ed2e", "relationship--25106d5d-ce8c-420a-9c99-1ddc1ad1d9ed", "relationship--611a4575-33fe-4d01-bc39-81e7c1fe4422", "relationship--ff712f7e-db10-4b56-82f1-097034cea34f", "relationship--9b08a4b2-1f1f-41f5-a441-5ad171c6ff26", "relationship--8f372567-c3d0-40c9-ad89-8bd3666f2d40", "relationship--31331d9c-79f0-4042-ac17-43c867f24207", "relationship--286cbf07-01a8-4bf7-b389-895bb2528fbd", "relationship--b32442f5-6a6b-48f2-b323-f280dd7b2c02", "file:hashes.SHA-256--d8f66096-3986-4259-93a9-7a5cddc651d6", "file:hashes.SHA-256--f5b052f9-7be2-4874-8290-9b513ad5b220", "file:hashes.SHA-256--ef6d1307-9f64-4686-adf0-b1ac0bc3b8ac", "file:hashes.SHA-256--9a68e8bc-518f-493e-be58-f409d7787a36", "file:hashes.SHA-256--37ec4454-5085-4a73-9381-9e6ae2bb87de", "file:hashes.SHA-256--10ef1eab-557f-4fc3-b5f0-b50420f72c3b", "file:hashes.SHA-256--a1d853e3-3eaf-418f-9ed2-034dcf34386b", "file:hashes.MD5--015a4d97-1df3-4327-9d04-6ffcb686ca9b", "file:hashes.MD5--6c44f32b-e909-476d-b63b-3da79810a212", "file:hashes.MD5--47168df2-c9d1-407d-8bfd-2ab7f675add4", "file:hashes.MD5--b75a367b-7134-4cb4-bc9d-2e544dd4b735", "file:hashes.MD5--95176ddb-7063-4ffe-81e9-d7b4c2868edc", "file:hashes.MD5--0d670d7e-f6ff-459a-8871-2261c0ab7ad2", "file:hashes.MD5--9ad2e4b7-2e56-4fce-84db-aa96203f2944", "file:hashes.SHA-1--96747c61-b265-47e8-832e-055644ec765e", "file:hashes.SHA-1--2c94ad07-4566-45ba-ac74-14a30a78cd6e", "file:hashes.SHA-1--9bcc718c-48a0-44f6-9b11-835cd6501253", "file:hashes.SHA-1--2164fa0f-8937-46e7-b8e7-1a9cd03ac87c", "file:hashes.SHA-1--93f1c17f-4252-4e74-8ef9-52aefc0f43d3", "file:hashes.SHA-1--d8172c1e-1b32-4982-9a51-be4ac8913d6a" ], "labels": [ "threat-report", "threat-intelligence" ], "created_by_ref": "identity--28276218-53fb-4cfb-a4e8-5041f51f5123", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.643Z", "modified": "2025-12-04T13:59:33.643Z", "confidence": 95, "type": "tool", "id": "tool--fd368e1e-5ddb-4355-8645-02012f1fb7d1", "name": "Windows", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Windows is an operating system developed by Microsoft for personal computers.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.643Z", "modified": "2025-12-04T13:59:33.643Z", "confidence": 95, "type": "identity", "id": "identity--58e712bb-1d06-44ac-9240-0adca25c19c3", "name": "TechRepublic", "identity_class": "organization", "labels": [ "organization" ], "description": "TechRepublic is a technology news and information website that provides articles, blogs, and other resources on various technology topics, including cybersecurity and data breaches.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.643Z", "modified": "2025-12-04T13:59:33.643Z", "confidence": 95, "type": "identity", "id": "identity--ae4d5f46-29c5-40ae-842b-378abf057c12", "name": "Microsoft", "identity_class": "organization", "labels": [ "identity" ], "description": "Microsoft is a multinational technology company that develops, manufactures, licenses, and supports a wide range of software products, services, and devices.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.643Z", "modified": "2025-12-04T13:59:33.643Z", "confidence": 95, "type": "tool", "id": "tool--95bd9e19-9c60-4704-8b8d-38e554044644", "name": "Oracle E-Business Suite", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Oracle E-Business Suite is a comprehensive enterprise resource planning (ERP) software suite that manages business functions such as financials, human resources, and supply chain management for large organizations.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.643Z", "modified": "2025-12-04T13:59:33.643Z", "confidence": 95, "type": "identity", "id": "identity--37dc1158-1022-431f-8013-9b80ea54da43", "name": "Coupang", "identity_class": "unknown", "labels": [ "identity" ], "description": "Coupang is a South Korean e-commerce company, founded in 2010. It operates the largest e-commerce platform in South Korea and offers services such as online shopping, logistics, and payments. In the context provided, it was reported that 33.7 million personal records were stolen from Coupang.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.643Z", "modified": "2025-12-04T13:59:33.643Z", "confidence": 95, "type": "identity", "id": "identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396", "name": "Google", "identity_class": "organization", "labels": [ "identity" ], "description": "Google is a multinational technology company specializing in Internet-related services and products, including search engines, online advertising technologies, cloud computing, and software development.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.643Z", "modified": "2025-12-04T13:59:33.643Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "name": "ShadyPanda", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "description": "ShadyPanda is a threat actor known for a seven-year-long browser extension campaign that has amassed over 4.3 million installations. They utilize malicious browser extensions to compromise user data and conduct various malicious activities.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "identity", "id": "identity--a46e663a-8e9f-4dbd-b12b-8e7de5526190", "name": "Entra ID", "identity_class": "unknown", "labels": [ "identity" ], "description": "Entra ID is a cloud-based identity and access management (IAM) solution that provides secure authentication, authorization, and governance for users and applications across multiple environments.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "malware", "id": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "name": "ClickFix", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "description": "ClickFix is a new type of malware that disguises itself as a critical Windows security update, leading users to fake adult websites to deceive them into running malicious commands. The name suggests it may be related to the helpdesk software ClickFix, but it's unclear if there's a direct connection.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "identity", "id": "identity--9cdea25f-1e87-4a1e-a12b-7eb87bb37d6a", "name": "knowbe4", "identity_class": "organization", "labels": [ "identity" ], "description": "Knowbe4 is a cybersecurity awareness training and simulated phishing platform that helps organizations educate employees on cybersecurity best practices and prevent phishing attacks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--d120674b-28d8-498b-a0cf-08259e5dbf3f", "name": "CVE-2025-9491", "description": "Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspec. CVSS Score: 7.8 (HIGH). EPSS: 0.2% exploitation probability", "x_cvss_score": 7.8, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.00228, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-9491", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9491" }, { "source_name": "nvd", "external_id": "CVE-2025-9491", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9491" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--a73d9996-7a68-4cfd-a033-db70e8d19202", "name": "CVE-2025-8489", "description": "The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.. CVSS Score: 9.8 (CRITICAL). EPSS: 0.1% exploitation probability", "x_cvss_score": 9.8, "x_cvss_severity": "CRITICAL", "x_kev_status": false, "x_epss_score": 0.00133, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-8489", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8489" }, { "source_name": "nvd", "external_id": "CVE-2025-8489", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8489" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--09cfd756-732a-426d-8c11-8d9ddb3e9e05", "name": "CVE-2025-55182", "description": "A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.. CVSS Score: 10.0 (CRITICAL). EPSS: 0.5% exploitation probability", "x_cvss_score": 10.0, "x_cvss_severity": "CRITICAL", "x_kev_status": false, "x_epss_score": 0.00455, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-55182", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55182" }, { "source_name": "nvd", "external_id": "CVE-2025-55182", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55182" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "identity", "id": "identity--816347fa-b500-49e8-9ef5-236fdf9cc060", "name": "KnowBe4 Threat Labs", "identity_class": "organization", "labels": [ "identity" ], "description": "KnowBe4 Threat Labs is a division that monitors and analyzes cyber threats to provide insights and protect organizations from phishing operations and other types of cyber attacks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "location", "id": "location--076c4663-ca05-4ec8-ba0e-0275d3f1409e", "name": "Thailand", "country": "TH", "labels": [ "location" ], "description": "Thailand is a country in Southeast Asia, and in the given context, it is mentioned as a target of cyber attacks by the GoldFactory group, impersonating government services.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "identity", "id": "identity--5ccdf7bc-6dc4-4348-ac05-2f7e1ccfb271", "name": "Cloudflare", "identity_class": "organization", "labels": [ "identity" ], "description": "Cloudflare is a cybersecurity company that provides protection and performance services for websites and applications, including DDoS mitigation, content delivery, and security features.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "tool", "id": "tool--85cfeddc-39b1-4015-9326-f570b64256c8", "name": "the Google Chrome", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "The Google Chrome is a free, open-source web browser developed by Google that allows users to access the internet, browse websites, and run web applications on their devices.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "identity", "id": "identity--d9d05144-eca9-4087-96b7-9191f59f0456", "name": "Darktrace", "identity_class": "organization", "labels": [ "identity" ], "description": "Darktrace is an AI-driven cybersecurity company that provides cross-domain detection, label-free data loss prevention, and seamless integrations with Microsoft-native systems to enhance email security.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "identity", "id": "identity--bd559890-8096-4618-a4e3-d7248ef49afe", "name": "TCM Security", "identity_class": "organization", "labels": [ "identity" ], "description": "TCM Security is a company that specializes in providing security and threat intelligence services to help organizations protect themselves against cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "identity", "id": "identity--0186ae1b-86aa-44d7-b12e-8dd8db99009b", "name": "SonicWall", "identity_class": "organization", "labels": [ "identity" ], "description": "SonicWall is a company that provides network security, firewalls, and threat detection solutions for organizations to protect against cyber threats and malware.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "identity", "id": "identity--8f8c32bf-34c4-4414-9d1d-5390cc4eb2a3", "name": "Chrome, Edge", "identity_class": "organization", "labels": [ "identity" ], "description": "Chrome, Edge is a company", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--e92782a1-cd35-4f55-adc0-656bf84de141", "name": "CVE-2025-66478", "description": "Rejected reason: This CVE is a duplicate of CVE-2025-55182.", "x_kev_status": false, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-66478", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66478" }, { "source_name": "nvd", "external_id": "CVE-2025-66478", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66478" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "tool", "id": "tool--5e779283-eac8-4df9-8dda-1f9611d5f244", "name": "Hit SonicWall Device", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Hit SonicWall Device is a network security appliance that provides firewall protection, intrusion prevention, and other security features to prevent cyber threats and unauthorized access to networks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 95, "type": "malware", "id": "malware--b85d92c4-da25-4fe1-81c3-526639af3a43", "name": "million Chrome and Edge users with RCE", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "description": "4.3 million Chrome and Edge users were infected with Remote Code Execution (RCE) malware and spyware after legitimate extensions were weaponized with malicious updates.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "name": "Abuse Elevation Control Mechanism", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" }, { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1548", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1548/", "external_id": "T1548" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "name": "Access Token Manipulation", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1134", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1134/", "external_id": "T1134" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.644Z", "modified": "2025-12-04T13:59:33.644Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "name": "Exploit Public-Facing Application", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1190", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "name": "Exploitation for Client Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1203", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/", "external_id": "T1203" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "name": "Command and Scripting Interpreter", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/", "external_id": "T1059" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "name": "Spearphishing Attachment", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/001/", "external_id": "T1566.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "name": "Spearphishing Link", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/002/", "external_id": "T1566.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "name": "Spearphishing via Service", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/003/", "external_id": "T1566.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "name": "Supply Chain Compromise", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/", "external_id": "T1195" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f1669470-d352-4943-bd4a-70c7740b6d39", "name": "Compromise Software Supply Chain", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/002/", "external_id": "T1195.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "name": "System Information Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1082", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1082/", "external_id": "T1082" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "name": "File and Directory Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1083", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1083/", "external_id": "T1083" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "name": "Process Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1057", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1057/", "external_id": "T1057" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "name": "Vulnerabilities", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/006/", "external_id": "T1588.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--624fa034-c944-4489-a990-1f1111e2e237", "name": "Botnet", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1584.005", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1584/005/", "external_id": "T1584.005" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--21d89a99-5a37-4e50-86cf-7a292fac5a60", "name": "Evil Twin", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557.004", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/004/", "external_id": "T1557.004" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--80699ba5-409d-4de2-be13-f6bb5ce88584", "name": "Wi-Fi Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1016.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1016/002/", "external_id": "T1016.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "name": "Search Threat Vendor Data", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "reconnaissance" } ], "x_mitre_id": "T1681", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1681/", "external_id": "T1681" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--775a5581-fd79-4cfc-a505-6d409b3bbfba", "name": "Browser Session Hijacking", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1185", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1185/", "external_id": "T1185" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 81, "type": "attack-pattern", "id": "attack-pattern--172f3845-7870-4c1c-80bd-251e10ce9f1e", "name": "Browser Extensions", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1176.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1176/001/", "external_id": "T1176.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 79, "type": "attack-pattern", "id": "attack-pattern--d0394986-33f8-44f3-8050-da1e0be05638", "name": "Hybrid Identity", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1556.007", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1556/007/", "external_id": "T1556.007" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--bb8e93cc-5495-417b-9b6c-2c104b2930e9", "name": "Endpoint Denial of Service", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "impact" } ], "x_mitre_id": "T1499", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1499/", "external_id": "T1499" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--239957f5-5ae1-4977-a451-144fae4a6361", "name": "Software Extensions", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1176", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1176/", "external_id": "T1176" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "name": "Threat Intel Vendors", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "reconnaissance" } ], "x_mitre_id": "T1597.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1597/001/", "external_id": "T1597.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "name": "Archive via Utility", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1560.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/", "external_id": "T1560.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "name": "Screen Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1113", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/", "external_id": "T1113" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "name": "Adversary-in-the-Middle", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/", "external_id": "T1557" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5f63713e-e588-49d1-bd18-71972573f3f7", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d68473c7-7709-4e8a-a800-534bc1fd59db", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6393b2e4-57da-44c5-90cf-1ae4bec9a7da", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf9e9b88-b71c-471e-ac2f-f8ed5db8eead", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4d7f7a66-8a3d-4a97-9bd7-c7994a5fad9a", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a26085b3-a346-4b64-be78-247b4169b6a3", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--72d38dbc-7be5-4a48-bb45-ed724414cfcb", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4e60f818-8690-4174-a36f-54694029e6af", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--48f717c7-b50e-435b-bb5a-bfa632f182f4", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f3eecb19-4e10-480d-8595-9171f455d8e4", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--f1669470-d352-4943-bd4a-70c7740b6d39", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Compromise Software Supply Chain (T1195.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--096e2ce9-e72f-47da-807e-437127a20c4c", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "confidence": 60, "description": "Co-occurrence: ShadyPanda and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--87c870db-320d-4f1f-9d1b-50398cfae4b4", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "confidence": 60, "description": "Co-occurrence: ShadyPanda and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cc4a238c-abf4-41bf-acb2-1b037dc861a3", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--be59b89e-d80a-4455-974f-c70b68296984", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--be923154-4288-480d-a095-6161b4beb230", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--624fa034-c944-4489-a990-1f1111e2e237", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Botnet (T1584.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--718870fb-2436-4367-b5e1-7f1ca1e16514", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--21d89a99-5a37-4e50-86cf-7a292fac5a60", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Evil Twin (T1557.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ef843c78-14de-42f1-bd8d-b1964121b31f", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--80699ba5-409d-4de2-be13-f6bb5ce88584", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Wi-Fi Discovery (T1016.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2bba20ed-c824-451e-8dc5-e5ea7fafc9ab", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--26abeea7-2949-4819-8041-10c7f26bfb19", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--775a5581-fd79-4cfc-a505-6d409b3bbfba", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Browser Session Hijacking (T1185) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d1c65dba-c9f8-4fb9-baaf-fda0b2f64845", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--172f3845-7870-4c1c-80bd-251e10ce9f1e", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Browser Extensions (T1176.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--62c0ec0f-8770-4f1a-b357-ef43d9823afa", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--624fa034-c944-4489-a990-1f1111e2e237", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Botnet (T1583.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9ed0f111-7095-4327-8702-fee7fccae821", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--d0394986-33f8-44f3-8050-da1e0be05638", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Hybrid Identity (T1556.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--49a4b89f-21de-4ebe-85c3-628b2122cfdf", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--bb8e93cc-5495-417b-9b6c-2c104b2930e9", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Endpoint Denial of Service (T1499) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3c895ea0-037d-4b78-9dd3-ba53c52f35e0", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--239957f5-5ae1-4977-a451-144fae4a6361", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Software Extensions (T1176) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--916ec2d1-e199-4861-8a64-8c96ed28894e", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Threat Intel Vendors (T1597.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--30bc0eeb-8d73-4286-bbe7-c51105fa935c", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--660db4bc-682d-4962-9af2-1b5b78adb8b4", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bdfadd71-571e-4e10-9e7a-99a487be0bb4", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--363c6285-804c-4607-82e6-f5950aa0dd6d", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: ClickFix and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--87039028-ed8a-448a-bab8-d9c477bb490f", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: ClickFix and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--161645c4-46c8-4cdb-9f4a-5e54ee52c557", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: ClickFix and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--abd9b5b7-8e09-46e4-ba27-6a099fd94452", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: ClickFix and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--928cf822-cf3e-408e-af09-9ca095eb4b6d", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: ClickFix and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--343aa2fc-bf91-4daf-862d-c8e6c0106ddf", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: ClickFix and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a7de1ca0-b002-42b8-bdc4-c00d0cfdd421", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: ClickFix and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d6e57f1c-d4d0-45f6-bdcb-44e30d033ea6", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: ClickFix and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a4089d44-478b-49a2-bac6-23843f091f8e", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: ClickFix and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--18a8df2d-dbbe-4d69-9947-94952a2f385c", "created": "2025-12-04T13:59:33.645Z", "modified": "2025-12-04T13:59:33.645Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--f1669470-d352-4943-bd4a-70c7740b6d39", "confidence": 55, "description": "Co-occurrence: ClickFix and Compromise Software Supply Chain (T1195.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dd384347-62d1-491e-8bd0-330d1f1ed66b", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "confidence": 55, "description": "Co-occurrence: ClickFix and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9273d0e-91b6-4a1e-b88d-98abe92e543c", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "confidence": 55, "description": "Co-occurrence: ClickFix and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4a6bf9f4-0e42-4103-9c6b-3ff0755a0bc1", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "confidence": 55, "description": "Co-occurrence: ClickFix and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6accac75-8671-4f36-9da7-398cb42024a1", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: ClickFix and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c350d565-cc7c-4bab-b76d-f0a410bee8fb", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--624fa034-c944-4489-a990-1f1111e2e237", "confidence": 55, "description": "Co-occurrence: ClickFix and Botnet (T1584.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--438bd1e0-e49a-49a2-9e63-badf59eed842", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--21d89a99-5a37-4e50-86cf-7a292fac5a60", "confidence": 55, "description": "Co-occurrence: ClickFix and Evil Twin (T1557.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4db81325-7a0e-4449-a904-0559f16fa08b", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--80699ba5-409d-4de2-be13-f6bb5ce88584", "confidence": 55, "description": "Co-occurrence: ClickFix and Wi-Fi Discovery (T1016.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bba6d1aa-9bbc-4c66-acc5-5d46f3d4f309", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "confidence": 55, "description": "Co-occurrence: ClickFix and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4efeb58-40d4-4a99-956d-88b662916762", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--775a5581-fd79-4cfc-a505-6d409b3bbfba", "confidence": 55, "description": "Co-occurrence: ClickFix and Browser Session Hijacking (T1185) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6447e98d-dcec-46d2-a38c-9bd7cd39ed2e", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--172f3845-7870-4c1c-80bd-251e10ce9f1e", "confidence": 55, "description": "Co-occurrence: ClickFix and Browser Extensions (T1176.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--25106d5d-ce8c-420a-9c99-1ddc1ad1d9ed", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--624fa034-c944-4489-a990-1f1111e2e237", "confidence": 55, "description": "Co-occurrence: ClickFix and Botnet (T1583.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--611a4575-33fe-4d01-bc39-81e7c1fe4422", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--d0394986-33f8-44f3-8050-da1e0be05638", "confidence": 55, "description": "Co-occurrence: ClickFix and Hybrid Identity (T1556.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ff712f7e-db10-4b56-82f1-097034cea34f", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--bb8e93cc-5495-417b-9b6c-2c104b2930e9", "confidence": 55, "description": "Co-occurrence: ClickFix and Endpoint Denial of Service (T1499) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b08a4b2-1f1f-41f5-a441-5ad171c6ff26", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--239957f5-5ae1-4977-a451-144fae4a6361", "confidence": 55, "description": "Co-occurrence: ClickFix and Software Extensions (T1176) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8f372567-c3d0-40c9-ad89-8bd3666f2d40", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--4582ced2-31d9-4fbd-8078-d53174238770", "confidence": 55, "description": "Co-occurrence: ClickFix and Threat Intel Vendors (T1597.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--31331d9c-79f0-4042-ac17-43c867f24207", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: ClickFix and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--286cbf07-01a8-4bf7-b389-895bb2528fbd", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: ClickFix and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b32442f5-6a6b-48f2-b323-f280dd7b2c02", "created": "2025-12-04T13:59:33.646Z", "modified": "2025-12-04T13:59:33.646Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: ClickFix and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "file:hashes.SHA-256", "value": "5c204217d48f2565990dfdf2269c26113bd14c204484d8f466fb873312da80cf", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--d8f66096-3986-4259-93a9-7a5cddc651d6" }, { "type": "file:hashes.SHA-256", "value": "e9ad648589aa3e15ce61c6a3be4fc98429581be738792ed17a713b4980c9a4a2", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--f5b052f9-7be2-4874-8290-9b513ad5b220" }, { "type": "file:hashes.SHA-256", "value": "8c382d51459b91b7f74b23fbad7dd2e8c818961561603c8f6614edc9bb1637d1", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--ef6d1307-9f64-4686-adf0-b1ac0bc3b8ac" }, { "type": "file:hashes.SHA-256", "value": "7d8a4aa184eb350f4be8706afb0d7527fca40c4667ab0491217b9e1e9d0f9c81", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--9a68e8bc-518f-493e-be58-f409d7787a36" }, { "type": "file:hashes.SHA-256", "value": "07594ba29d456e140a171cba12d8d9a2db8405755b81da063a425b1a8b50d073", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--37ec4454-5085-4a73-9381-9e6ae2bb87de" }, { "type": "file:hashes.SHA-256", "value": "6608aeae3695b739311a47c63358d0f9dbe5710bd0073042629f8d9c1df905a8", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--10ef1eab-557f-4fc3-b5f0-b50420f72c3b" }, { "type": "file:hashes.SHA-256", "value": "e60d911f2ef120ed782449f1136c23ddf0c1c81f7479c5ce31ed6dcea6f6adf9", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--a1d853e3-3eaf-418f-9ed2-034dcf34386b" }, { "type": "file:hashes.MD5", "value": "35205de239cdef9ef9d0e324a21d8d0e", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--015a4d97-1df3-4327-9d04-6ffcb686ca9b" }, { "type": "file:hashes.MD5", "value": "62a705c41fd982f241d348e11b65fca9", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--6c44f32b-e909-476d-b63b-3da79810a212" }, { "type": "file:hashes.MD5", "value": "74652854a125d4395122e1afddf3615a", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--47168df2-c9d1-407d-8bfd-2ab7f675add4" }, { "type": "file:hashes.MD5", "value": "895531f9d849155e054903e7cc466888", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--b75a367b-7134-4cb4-bc9d-2e544dd4b735" }, { "type": "file:hashes.MD5", "value": "a77becccca5571c00ebc9e516fd96ce8", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--95176ddb-7063-4ffe-81e9-d7b4c2868edc" }, { "type": "file:hashes.MD5", "value": "eb69150e0f3bfc15abea38fdf4df95cf", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--0d670d7e-f6ff-459a-8871-2261c0ab7ad2" }, { "type": "file:hashes.MD5", "value": "f2e4351aa516a1f2e59ade5d9e7aa1d6", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--9ad2e4b7-2e56-4fce-84db-aa96203f2944" }, { "type": "file:hashes.SHA-1", "value": "1b751a2ee3af91c4cdf020914de19169fceb51ac", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--96747c61-b265-47e8-832e-055644ec765e" }, { "type": "file:hashes.SHA-1", "value": "238e3da6ee00ef8162bb866ef42ee818d42c99dd", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--2c94ad07-4566-45ba-ac74-14a30a78cd6e" }, { "type": "file:hashes.SHA-1", "value": "4271c3690af27765533a3f1eb30a40d5aebf90bc", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--9bcc718c-48a0-44f6-9b11-835cd6501253" }, { "type": "file:hashes.SHA-1", "value": "838581a9ce8e41432b1581363aa8c2b55a5ea733", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--2164fa0f-8937-46e7-b8e7-1a9cd03ac87c" }, { "type": "file:hashes.SHA-1", "value": "c8eae0a24785d7e7cceaa4eb4c5b25114b5f91c9", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--93f1c17f-4252-4e74-8ef9-52aefc0f43d3" }, { "type": "file:hashes.SHA-1", "value": "d060e074371eedfc3f7c2c1f7a782b6f4979c8f4", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--d8172c1e-1b32-4982-9a51-be4ac8913d6a" } ] }

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

Industry Watch

CyberSecurity Latest Rundown

CRITICAL ITEMS

HIGH SEVERITY ITEMS

EXECUTIVE INSIGHTS

VENDOR SPOTLIGHT

DETECTION & RESPONSE KIT

Cookie Notice

STIX 2.1 Threat Intelligence Bundle

If you like MikeGPT CyberSecurity Newsletter, spread the word.