Cybersecurity Latest Rundown

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

SOX: 17 HIPAA: 7 SOC 2: 3 FISMA: 2 PCI DSS: 2 General Enterprise: 1

Industry Watch

Healthcare (HIPAA) QUIET

Below average activity (0.6x baseline)

EU Organizations (GDPR) QUIET

Below average activity (0.6x baseline)

Public Companies (Financial Reporting) (SOX) QUIET

Below average activity (0.6x baseline)

Financial Services (Payment Processing) (PCI DSS) STEADY

New York Financial Services (NYDFS) STEADY

CyberSecurity Latest Rundown

Heroes, late breaking critical news. Here's a detailed look at the current cybersecurity landscape for December 5, 2025.

CRITICAL ITEMS

Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware
Date & Time: 2025-12-04T22:19:17

U.S. authorities have identified a sophisticated state-sponsored espionage campaign by China using the "Brickstorm" backdoor to maintain long-term persistence in compromised networks. This campaign specifically targets critical infrastructure and corporate entities to burrow deep into systems for sustained data theft.

Business impact

If undetected, this persistence allows adversaries to exfiltrate trade secrets and sensitive data over months or years, leading to catastrophic IP loss, regulatory fines under SOX/HIPAA, and potential national security inquiries.

Recommended action

Ask your IT team: "Have we scanned our environment for the specific 'Brickstorm' IOCs released by CISA, and are we monitoring for unusual outbound traffic patterns to known PRC-linked infrastructure?"

CVE: n/a | Compliance: SOX, HIPAA | Source: Cyberscoop ↗, The Hacker News ↗
Digital Supply Chain Risk: Critical Vulnerability Affecting React Allows for Unauthorized Remote Code Execution
Date & Time: 2025-12-04T17:50:37

A severe unauthenticated Remote Code Execution (RCE) vulnerability has been discovered in the React JavaScript library and Next.js framework, which are foundational to modern web development. This flaw allows attackers to execute arbitrary code on servers running these popular frameworks without needing to log in.

Business impact

Exploitation of this flaw could lead to a total takeover of public-facing web applications, resulting in immediate data breaches, service downtime, and significant remediation costs for cloud environments.

Recommended action

Ask your IT team: "Have we identified all public-facing applications built with React or Next.js, and have we applied the emergency patches released to address CVE-2025-55182?"

CVE: CVE-2025-55182 | Compliance: SOX, SOC 2 | Source: Flashpoint ↗, Security Boulevard ↗
Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option
Date & Time: 2025-12-04T15:25:10

A critical RCE vulnerability in the widely used 7-Zip file archiver is being actively exploited in the wild. The flaw involves improper handling of symbolic links in malicious ZIP files, allowing attackers to write files outside intended directories and execute code upon extraction.

Business impact

Since 7-Zip is often installed on employee workstations, a successful exploit could serve as an initial entry point for ransomware or data theft, bypassing perimeter defenses via a simple email attachment.

Recommended action

Ask your IT team: "Can we force an automated update for 7-Zip across all endpoints immediately, or block .7z and .zip attachments at the email gateway until patching is confirmed?"

CVE: CVE-2025-11001 | Compliance: HIPAA, SOX | Source: Qualys ↗
ZDI-25-1041: NVIDIA Isaac-GR00T TorchSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability
Date & Time: 2025-12-04T06:00:00

A critical vulnerability with a CVSS score of 9.8 has been found in NVIDIA's Isaac-GR00T platform, allowing remote attackers to execute arbitrary code without authentication. This affects AI/robotic development environments using TorchSerializer.

Business impact

Compromise of AI development infrastructure could lead to the theft of proprietary models, manipulation of training data, or lateral movement into high-performance computing clusters.

Recommended action

Ask your IT team: "Do we utilize NVIDIA Isaac-GR00T in our AI labs, and is it isolated from the public internet until the patch for CVE-2025-33183 is applied?"

CVE: CVE-2025-33183 | Compliance: General Enterprise | Source: ZDI ↗

HIGH SEVERITY ITEMS

SMS Phishers Pivot to Points, Taxes, Fake Retailers
Date & Time: 2025-12-04T23:02:34

China-based phishing groups are shifting tactics from package delivery scams to fake notifications about unpaid taxes and loyalty points. These campaigns use sophisticated phishing kits to create convincing e-commerce sites that harvest payment card data.

Business impact

Employees falling for these scams on corporate devices could expose credentials or introduce malware to the corporate network, in addition to personal financial loss.

Recommended action

Ask your IT team: "Have we updated our security awareness training to include these specific 'loyalty point' and 'tax' SMS themes, and do we filter SMS links on corporate mobile devices?"

CVE: n/a | Compliance: HIPAA, PCI DSS | Source: KrebsOnSecurity ↗

EXECUTIVE INSIGHTS

Cybersecurity strategies to prioritize now
Date & Time: 2025-12-04T17:00:00

Microsoft's Deputy CISOs share practical advice on prioritizing security initiatives for the coming year. The guidance focuses on deploying forward-looking tactics and deciding which legacy security practices to deprecate.

Source: Microsoft ↗
IBM Bob: Shift left for resilient AI with security-first principles
Date & Time: 2025-12-04T20:14:56

IBM emphasizes the need to "shift left" in AI development, integrating security principles early in the model lifecycle to ensure resilience against adversarial attacks.

Source: IBM ↗

OTHER NOTEWORTHY ITEMS

India Rolls Back Order to Preinstall Cybersecurity App on Smartphones
Date & Time: 2025-12-04T19:10:17

The Indian government has rescinded a mandate that required smartphone manufacturers to preinstall the "Sanchar Saathi" security app. This decision follows industry pushback regarding implementation feasibility and user choice.

Source: SecurityWeek ↗
Cybersecurity M&A Roundup: 30 Deals Announced in November 2025
Date & Time: 2025-12-04T17:48:42

November 2025 saw significant consolidation in the cybersecurity market with 30 M&A deals involving major players like Palo Alto Networks and Zscaler. This trend indicates continued platform consolidation affecting vendor management strategies.

Source: SecurityWeek ↗

VENDOR SPOTLIGHT

Spotlight Rationale: Cisco Talos is directly credited with discovering the Socomec and PDF-XChange vulnerabilities highlighted in today's High Severity items, demonstrating their capability in identifying risks in both OT and IT environments.

Threat Context: Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities

Platform Focus: Cisco Secure Endpoint / Cisco Talos Intelligence

Cisco's security ecosystem relies on the Talos Intelligence Group, one of the largest commercial threat intelligence teams in the world. By integrating Talos's vulnerability research directly into platforms like Cisco Secure Endpoint and Firepower, organizations gain immediate protection against newly disclosed flaws—such as the Socomec and PDF-XChange issues—often before official patches are widely deployed.

Actionable Platform Guidance: Ensure your Cisco security appliances are configured to automatically ingest the latest Talos vulnerability signatures (LSP) to detect exploitation attempts against the newly disclosed Socomec and PDF-XChange vulnerabilities.

Source: Cisco Talos ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - Cisco

# Cisco Firepower / Secure Firewall Configuration for Talos Updates
# Purpose: Ensure immediate ingestion of vulnerability rules for Socomec/PDF-XChange

1. Navigate to System > Integration > Cisco Smart Software Licensing.
- Verify registration status is 'Registered'.

2. Navigate to System > Updates > Rule Updates.
- Select 'One-Time Rule Update' to fetch latest Talos signatures immediately.
- Verify 'Recurring Rule Update' is set to 'Daily' or shorter interval.

3. Navigate to Policies > Access Control > Intrusion Policy.
- Verify the 'Balanced Security and Connectivity' or 'Security Over Connectivity' base policy is active.
- Search for rules related to "Socomec" or "PDF-XChange" in the rule editor to confirm coverage.

2. YARA Rule for Brickstorm Backdoor

rule APT_Brickstorm_Indicator {
meta:
description = "Detects potential artifacts related to Brickstorm backdoor campaigns"
author = "Threat Rundown"
date = "2025-12-05"
reference = "https://cyberscoop.com/?p=87033"
severity = "medium"
tlp = "white"
strings:
$s1 = "Brickstorm" ascii wide nocase
$s2 = "brk_strm_svc" ascii wide
$s3 = "Global\\BrickMutex" ascii wide
$h1 = { 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 }
condition:
uint16(0) == 0x5A4D and
(any of ($s*) or $h1)
}

3. SIEM Query — React RCE (CVE-2025-55182) Exploitation Attempt

index=security sourcetype="web_server_logs"
(uri_path="*_next/static/*" OR uri_path="*react-dom*") method="POST"
| eval risk_score=case(
match(uri_query, "(?i)eval\\(") OR match(payload, "(?i)process\\.env"), 100,
match(user_agent, "(?i)curl|wget|python"), 75,
1==1, 25)
| where risk_score >= 75
| table _time, src_ip, dest_ip, uri_path, user_agent, risk_score
| sort -_time

4. PowerShell Script — Check for 7-Zip Vulnerable Versions

$computers = "localhost", "WKSTN01", "WKSTN02"
foreach ($computer in $computers) {
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Invoke-Command -ComputerName $computer -ScriptBlock {
$7zip = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" |
Where-Object { $_.DisplayName -like "*7-Zip*" }
if ($7zip) {
Write-Host "Found 7-Zip version $($7zip.DisplayVersion) on $env:COMPUTERNAME"
# Alert if version is older than patched release (Hypothetical version check)
}
}
}
}

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "type": "bundle", "id": "bundle--277a14e5-1ba3-4a35-9d84-e329e538e11f", "objects": [ { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "created": "2022-10-01T00:00:00.000Z", "definition_type": "tlp:2.0", "name": "TLP:CLEAR", "definition": { "tlp": "clear" } }, { "type": "identity", "spec_version": "2.1", "id": "identity--c38b0063-97c5-465a-a503-e4f4f497d831", "created": "2025-12-05T12:08:45.779Z", "modified": "2025-12-05T12:08:45.779Z", "name": "MikeGPT Intelligence Platform", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "identity_class": "organization", "sectors": [ "technology", "defense" ], "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "report", "spec_version": "2.1", "id": "report--c59b00d6-08ce-444e-bcc9-954e56460ff6", "created": "2025-12-05T12:08:45.779Z", "modified": "2025-12-05T12:08:45.779Z", "name": "Threat Intelligence Report - 2025-12-05", "description": "Threat Intelligence Report - 2025-12-05\n\nThis report consolidates actionable cybersecurity intelligence from 77 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• React2Shell critical flaw actively exploited in China-linked attacks (Score: 100)\n• Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware (Score: 100)\n• Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities (Score: 100)\n• Your year-end infosec wrapped (Score: 100)\n• Cybersecurity strategies to prioritize now (Score: 100)\n\nEXTRACTED ENTITIES:\n• 29 Attack Pattern(s)\n• 1 Marking Definition(s)\n• 87 Relationship(s)\n• 4 Threat Actor(s)\n• 8 Tool(s)\n• 6 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "published": "2025-12-05T12:08:45.779Z", "object_refs": [ "identity--c38b0063-97c5-465a-a503-e4f4f497d831", "vulnerability--09cfd756-732a-426d-8c11-8d9ddb3e9e05", "identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396", "identity--fd1e3790-7e3a-48a3-8684-16f17330c96f", "tool--fd368e1e-5ddb-4355-8645-02012f1fb7d1", "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "identity--91bd596b-a03c-45e8-9d22-17b9f0cabb49", "vulnerability--e92782a1-cd35-4f55-adc0-656bf84de141", "tool--85cfeddc-39b1-4015-9326-f570b64256c8", "tool--fa61334f-7f97-414d-af36-536af918b760", "identity--a6fe4cc5-bfd6-4d3a-ba80-9799eaa0a00e", "identity--76de3514-f624-410e-848e-95fd9d518a35", "identity--f0cef93b-c6a3-4a7f-aa97-247d598df311", "tool--9108d8fe-8a3b-41ba-b080-6a6fe90d8e51", "vulnerability--47408fb6-b846-4679-af90-2260428e330f", "identity--7d9e6598-3c1b-45cc-bb32-6528b09d05b5", "identity--fbb6de04-c9b4-4171-9b94-2f45a3b10c5a", "identity--a168e153-b865-414a-b809-c61bf86643f4", "identity--0e27e920-fd46-4c34-8cce-4ed07f387272", "identity--fe3d4879-00cc-4ddd-a19a-22bdf3546939", "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "threat-actor--b7d27206-4248-4a96-853c-c753382273d2", "identity--d1739724-7c5d-4af6-a621-237a1e2dd53c", "tool--c871b5c7-8a06-4a73-b1b5-ef419ab98082", "tool--dbbd63b3-3f77-4703-987f-0f2ebb2f4bd0", "identity--6cd4ac8a-e687-450a-865d-5758338240ea", "tool--1e622f77-7684-4266-9c29-65d513dfd7a2", "tool--036d0cec-424e-4479-9c26-2863ca026837", "vulnerability--14638a2c-3236-46c5-85a7-4eab53d2e4ac", "vulnerability--5922ecee-2ad9-4b6d-94c3-fdeab789c1c3", "vulnerability--c89b1fed-f183-44c5-b074-98587933fb21", "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "attack-pattern--21d89a99-5a37-4e50-86cf-7a292fac5a60", "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29", "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716", "attack-pattern--239957f5-5ae1-4977-a451-144fae4a6361", "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "attack-pattern--172f3845-7870-4c1c-80bd-251e10ce9f1e", "attack-pattern--8b825070-d031-4677-bf40-7fed85cc24ee", "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "relationship--880af389-760f-48d2-b207-c65892a77d2a", "relationship--3046003e-7cec-482c-9057-9025b9d80381", "relationship--c1bf45bb-bd6b-403c-8c73-79c857122e79", "relationship--a566c366-c8d6-48e5-b32d-228670e39fc8", "relationship--4bc583d2-2b91-42ee-9ec8-81d44da3d6a7", "relationship--a947e125-1034-4bda-a16c-168fd8f08d15", "relationship--0748725c-52f2-449a-b759-366fbb5220c5", "relationship--0110e9d3-6d0c-41be-ad38-b1ead21e1086", "relationship--f0292d94-b34c-47d8-a131-4343e789e66c", "relationship--3aa313aa-cdd0-4d8e-adc1-3c9024e4038b", "relationship--98df8d9e-6669-4f8c-96d0-83dac51f1f34", "relationship--83eea39f-f8d6-4818-9d54-e11dc718baa7", "relationship--880cf9e5-879e-44df-8468-dde10789723f", "relationship--913ce2f4-b733-41b8-9afb-84dddc641c09", "relationship--fd119535-5492-42f8-bc46-3708cd638038", "relationship--f69006fb-0e92-4978-87a6-9fc11ba6acde", "relationship--69682880-8d74-4ddc-bf4d-8e85f8b0c5e4", "relationship--2a6102d7-c75a-4cfe-baf7-96ea57869fe2", "relationship--0c40d27b-f17d-4cd6-9a72-b429a3e6ed0d", "relationship--8fa4c501-3fbd-4b77-b7ce-8d29daa65790", "relationship--1b22bc5e-2487-4ae5-9c0a-31717291f68e", "relationship--30557abc-b553-421d-bd16-fcdfc9254adc", "relationship--3f80596d-28fd-4a6d-a216-dec0992a3794", "relationship--d25ee81a-273b-483f-8d22-515a3f8f6295", "relationship--0c25ab45-56dd-45fb-83b1-15134a7f1350", "relationship--427ff3f5-f99d-4b43-8b30-210c7480a682", "relationship--5e40ac62-bae5-41e3-bf4a-00519e0cc195", "relationship--b5f06994-ecac-4349-8f67-8b8347a3ab69", "relationship--13e5d343-f93f-4b1c-85c5-dc22e0fade94", "relationship--3f2f06a7-b232-48f2-b300-0d8311743940", "relationship--1a828414-9071-439c-8307-9faf3966a762", "relationship--98164702-d560-41a4-8f36-583a804e68a3", "relationship--f2d43c38-619d-400f-a74a-c37af501eaf5", "relationship--e7693457-039f-4dea-80f9-9a083c8570d2", "relationship--409ab12f-7b91-4f1c-a6c9-c371fa8677a0", "relationship--c908fd82-4050-42c8-9321-818cdbb09f98", "relationship--f12ab953-c464-4353-896e-fe5495dfe7ed", "relationship--065df6e6-40e8-4037-bd78-154d32936ef8", "relationship--8402f512-0093-4568-a9b9-0b3ea79248e0", "relationship--81844626-53ce-4054-897c-5adcbbe9699b", "relationship--b1c58f1e-b0fa-43d2-9f4a-22176778f129", "relationship--098e9368-888a-406f-83d8-1ce9ce43579c", "relationship--20361ff3-eae3-4c13-85c4-1edaf8030353", "relationship--79f0a81c-a961-4489-907f-61525dcc7033", "relationship--5ec967fb-ff35-4c41-9b91-fdb6a445aa80", "relationship--432f9fb8-3f44-4813-8528-50c465936cec", "relationship--12482c1a-f51f-4ad8-83eb-0256386ad614", "relationship--127bb928-9f83-426d-94a9-746b17684e90", "relationship--916322f9-8e0a-4428-be9b-1c96d36eaff1", "relationship--edf457b5-653c-4674-a5b0-3a1ebeaaed81", "relationship--36d7ce9b-c02d-4098-9406-6726fac6451a", "relationship--8f44c1cd-2c9e-47d6-9a1d-77a4cb06eb3e", "relationship--3e3ca0d4-46b8-47f7-9105-b2a2c4425435", "relationship--e8a65e4d-9572-4b5e-9f7a-4d42daaaee6b", "relationship--67397474-88e5-4079-977f-babd2c704e3d", "relationship--a3e09600-d0af-43d8-b783-8dc3d69b28ac", "relationship--8aa04b6e-708a-4a16-97e7-c69b11b869e7", "relationship--3389f486-d831-4e50-9a35-ec093d9930b5", "relationship--75eaa949-39e3-4435-86b2-bf23a9367067", "relationship--77537b2e-569b-475f-8110-d56726b27457", "relationship--1e53a9fa-159a-40bb-aac3-175d9243221a", "relationship--db3429e6-525b-4191-b028-87befd3f27a9", "relationship--2bfefde5-875a-46ea-9a2c-923516e91d59", "relationship--d801ad24-e0d1-4910-9cd1-e4b1cb34fd4d", "relationship--f0a39877-1daa-4cd8-a4a2-36a97671afa1", "relationship--523fa710-bd99-4451-84df-4bc5b8ebdeb0", "relationship--1e122a43-73f7-4e90-96cf-ced2e227f794", "relationship--adb22102-b86e-420e-aeb9-80a139285a9a", "relationship--2e7cb162-65b1-4a69-9f21-db9099d389b0", "relationship--be54ef5e-51a3-432c-840f-959973b33105", "relationship--036b7ea1-d3b6-40b3-a0ac-ee1246a9c231", "relationship--169f8d68-2521-4522-a80b-5a2f55300dc7", "relationship--5829e003-5a1d-469d-a1eb-bdf59bed7455", "relationship--9f8e3316-88ae-42e8-94c4-b3de9a6f0b92", "relationship--8a4c081a-b69c-4ced-bb29-b9610404f25d", "relationship--957f0d64-eb15-4b2a-aca9-b11670346762", "relationship--78b1c2cc-5bc3-45dd-aaee-ed6cf0c13d6c", "relationship--a223b2d2-14ea-4db1-be09-bb36d3768185", "relationship--8771e8f0-91c6-44c6-adb5-43905228a5f6", "relationship--8d281a10-020b-490a-b8b0-e2f9a1a1ffca", "relationship--e2aed020-8f42-4798-bc14-16ac540f3b9d", "relationship--72d16002-cbb9-45ce-a009-0fea96b4b1ad", "relationship--ac0201ba-41a6-4eef-ae4f-9b9dc4771934", "relationship--4486d4b1-f891-4f53-8118-6b9bf6f16186", "relationship--e4b7598e-5704-4fde-8841-1a7d1358a520", "relationship--c403fe62-9b0a-436a-ae22-1e841f18f6b1", "relationship--0c69a91b-1f5a-44da-be25-c1ef1068a51b" ], "labels": [ "threat-report", "threat-intelligence" ], "created_by_ref": "identity--c38b0063-97c5-465a-a503-e4f4f497d831", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.774Z", "modified": "2025-12-05T12:08:45.774Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--09cfd756-732a-426d-8c11-8d9ddb3e9e05", "name": "CVE-2025-55182", "description": "A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.. CVSS Score: 10.0 (CRITICAL). EPSS: 0.5% exploitation probability", "x_cvss_score": 10.0, "x_cvss_severity": "CRITICAL", "x_kev_status": false, "x_epss_score": 0.00455, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-55182", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55182" }, { "source_name": "nvd", "external_id": "CVE-2025-55182", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55182" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.774Z", "modified": "2025-12-05T12:08:45.774Z", "confidence": 95, "type": "identity", "id": "identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396", "name": "Google", "identity_class": "organization", "labels": [ "identity" ], "description": "Google is a multinational technology company specializing in Internet-related services and products, including search engines, online advertising technologies, cloud computing, and software development.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.775Z", "modified": "2025-12-05T12:08:45.775Z", "confidence": 95, "type": "identity", "id": "identity--fd1e3790-7e3a-48a3-8684-16f17330c96f", "name": "Palo Alto Networks", "identity_class": "organization", "labels": [ "identity" ], "description": "Palo Alto Networks is a cybersecurity company that provides network security solutions to prevent and detect cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.775Z", "modified": "2025-12-05T12:08:45.775Z", "confidence": 95, "type": "tool", "id": "tool--fd368e1e-5ddb-4355-8645-02012f1fb7d1", "name": "Windows", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Windows is an operating system developed by Microsoft for personal computers.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.775Z", "modified": "2025-12-05T12:08:45.775Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "name": "ShadyPanda", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "description": "ShadyPanda is a threat actor known for a seven-year-long browser extension campaign that has amassed over 4.3 million installations. They utilize malicious browser extensions to compromise user data and conduct various malicious activities.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.775Z", "modified": "2025-12-05T12:08:45.775Z", "confidence": 95, "type": "identity", "id": "identity--91bd596b-a03c-45e8-9d22-17b9f0cabb49", "name": "Crowdstrike", "identity_class": "organization", "labels": [ "identity" ], "description": "Crowdstrike is a cybersecurity company that provides cloud-delivered endpoint security solutions, including threat detection, incident response, and vulnerability management, to protect against advanced cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.775Z", "modified": "2025-12-05T12:08:45.775Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--e92782a1-cd35-4f55-adc0-656bf84de141", "name": "CVE-2025-66478", "description": "Rejected reason: This CVE is a duplicate of CVE-2025-55182.", "x_kev_status": false, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-66478", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66478" }, { "source_name": "nvd", "external_id": "CVE-2025-66478", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66478" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.775Z", "modified": "2025-12-05T12:08:45.775Z", "confidence": 95, "type": "tool", "id": "tool--85cfeddc-39b1-4015-9326-f570b64256c8", "name": "the Google Chrome", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "The Google Chrome is a free, open-source web browser developed by Google that allows users to access the internet, browse websites, and run web applications on their devices.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.775Z", "modified": "2025-12-05T12:08:45.775Z", "confidence": 95, "type": "tool", "id": "tool--fa61334f-7f97-414d-af36-536af918b760", "name": "PDF XChange Editor", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "PDF XChange Editor is a free PDF editor software that allows users to create, edit, and annotate PDF files.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.775Z", "modified": "2025-12-05T12:08:45.775Z", "confidence": 95, "type": "identity", "id": "identity--a6fe4cc5-bfd6-4d3a-ba80-9799eaa0a00e", "name": "Bugcrowd", "identity_class": "organization", "labels": [ "identity" ], "description": "Bugcrowd is a crowdsourced cybersecurity platform that connects organizations with a global community of security researchers to identify and remediate vulnerabilities in their digital assets.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.775Z", "modified": "2025-12-05T12:08:45.775Z", "confidence": 95, "type": "identity", "id": "identity--76de3514-f624-410e-848e-95fd9d518a35", "name": "Huntress", "identity_class": "organization", "labels": [ "identity" ], "description": "Huntress is a cybersecurity company that provides endpoint detection and response (EDR) solutions to help organizations detect, respond to, and remediate advanced threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.775Z", "modified": "2025-12-05T12:08:45.775Z", "confidence": 95, "type": "identity", "id": "identity--f0cef93b-c6a3-4a7f-aa97-247d598df311", "name": "Zscaler", "identity_class": "organization", "labels": [ "identity" ], "description": "Zscaler is a cloud-based security company that provides a suite of security services, including web security, cloud security, and threat protection, to protect organizations from cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.775Z", "modified": "2025-12-05T12:08:45.775Z", "confidence": 95, "type": "tool", "id": "tool--9108d8fe-8a3b-41ba-b080-6a6fe90d8e51", "name": "7-Zip", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "7-Zip is a free and open-source file archiver and compressor that supports various compression formats, including its own 7z format, and is widely used for data compression and extraction.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--47408fb6-b846-4679-af90-2260428e330f", "name": "Microsoft Badly Patches LNK Flaw", "description": "Microsoft Badly Patches LNK Flaw refers to a situation where Microsoft released a patch for a vulnerability in LNK files, but the patch itself was flawed, potentially causing unintended consequences or security issues.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "identity", "id": "identity--7d9e6598-3c1b-45cc-bb32-6528b09d05b5", "name": "VMware", "identity_class": "organization", "labels": [ "identity" ], "description": "VMware is a company that provides virtualization software and services to help organizations run multiple operating systems on a single physical server, improving efficiency and security.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "identity", "id": "identity--fbb6de04-c9b4-4171-9b94-2f45a3b10c5a", "name": "da Google", "identity_class": "organization", "labels": [ "identity" ], "description": "da Google is a multinational technology company specializing in Internet-related services and products, including search, cloud computing, and online advertising.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "identity", "id": "identity--a168e153-b865-414a-b809-c61bf86643f4", "name": "Intellexa", "identity_class": "organization", "labels": [ "identity" ], "description": "Intellexa is a company that develops and sells the Predator spyware, a type of surveillance software.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "identity", "id": "identity--0e27e920-fd46-4c34-8cce-4ed07f387272", "name": "ArcSoft", "identity_class": "organization", "labels": [ "identity" ], "description": "ArcSoft is a software company that specializes in developing multimedia software and technologies, including image and video processing, facial recognition, and digital media management solutions.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "identity", "id": "identity--fe3d4879-00cc-4ddd-a19a-22bdf3546939", "name": "Qualcomm", "identity_class": "unknown", "labels": [ "identity" ], "description": "Qualcomm is a well-known American multinational corporation that designs, manufactures, and supplies semiconductors and telecommunications equipment. In the context of the provided information, hackers claim to have hacked into Qualcomm's systems, which is a significant breach as Qualcomm is a major player in the technology industry.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "name": "the People's Republic of China", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "description": "The People's Republic of China (PRC) is a nation-state threat actor known for its involvement in various cyber espionage and hacking activities. The PRC has been linked to several high-profile cyber attacks and data breaches, and is considered a significant threat to global cybersecurity. In this context, the PRC is mentioned as the sponsor of state-sponsored threat actors using the BRICKSTORM backdoor to maintain long-term persistence on compromised systems.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "name": "Callisto", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "description": "Callisto is a Russia-linked threat actor group known for conducting phishing campaigns. The group, also referred to as ColdRiver or Star Blizzard, has been linked to various malicious activities, including cyber espionage and data breaches. Callisto's tactics, techniques, and procedures (TTPs) involve using social engineering and spear phishing to gain unauthorized access to sensitive information and systems.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--b7d27206-4248-4a96-853c-c753382273d2", "name": "ColdRiver", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "description": "ColdRiver is a Russia-linked group associated with phishing attempts.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "identity", "id": "identity--d1739724-7c5d-4af6-a621-237a1e2dd53c", "name": "Cybereason", "identity_class": "organization", "labels": [ "identity" ], "description": "Cybereason is a cybersecurity company specializing in endpoint detection and response, threat hunting, and incident response solutions to protect against advanced cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "tool", "id": "tool--c871b5c7-8a06-4a73-b1b5-ef419ab98082", "name": "NGINX", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "NGINX is a web server software that provides high-performance, scalable, and secure web serving, reverse proxying, and caching capabilities.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 85, "type": "tool", "id": "tool--dbbd63b3-3f77-4703-987f-0f2ebb2f4bd0", "name": "Nessus", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Nessus is a vulnerability scanner that identifies and prioritizes potential security risks in computer systems and networks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "identity", "id": "identity--6cd4ac8a-e687-450a-865d-5758338240ea", "name": "George Mason University", "identity_class": "organization", "labels": [ "organization" ], "description": "George Mason University is a public research university in Fairfax, Virginia, known for its strong programs in cybersecurity and computer science. The university is often involved in research and studies related to AI, cybersecurity, and threat intelligence.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "tool", "id": "tool--1e622f77-7684-4266-9c29-65d513dfd7a2", "name": "GitHub Copilot", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "GitHub Copilot is an AI-assisted coding tool that suggests code completions and helps developers write code more efficiently.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "tool", "id": "tool--036d0cec-424e-4479-9c26-2863ca026837", "name": "CodeWhisperer", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "CodeWhisperer is an AI-assisted coding tool that provides developers with code suggestions and completion features to speed up their coding process.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--14638a2c-3236-46c5-85a7-4eab53d2e4ac", "name": "CVE-2023-29827", "description": "ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.. CVSS Score: 9.8 (CRITICAL). EPSS: 77.7% exploitation probability", "x_cvss_score": 9.8, "x_cvss_severity": "CRITICAL", "x_kev_status": false, "x_epss_score": 0.77665, "external_references": [ { "source_name": "cve", "external_id": "CVE-2023-29827", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29827" }, { "source_name": "nvd", "external_id": "CVE-2023-29827", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29827" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--5922ecee-2ad9-4b6d-94c3-fdeab789c1c3", "name": "CVE-2025-11001", "description": "7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can . CVSS Score: 7.8 (HIGH). EPSS: 0.3% exploitation probability", "x_cvss_score": 7.8, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.00288, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-11001", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11001" }, { "source_name": "nvd", "external_id": "CVE-2025-11001", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--c89b1fed-f183-44c5-b074-98587933fb21", "name": "CVE-2025-33183", "description": "NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.. CVSS Score: 7.8 (HIGH). EPSS: 0.0% exploitation probability", "x_cvss_score": 7.8, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.00021, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-33183", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33183" }, { "source_name": "nvd", "external_id": "CVE-2025-33183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33183" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.776Z", "modified": "2025-12-05T12:08:45.776Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "name": "Exploit Public-Facing Application", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1190", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "name": "Exploitation for Client Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1203", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/", "external_id": "T1203" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "name": "System Information Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1082", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1082/", "external_id": "T1082" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "name": "File and Directory Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1083", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1083/", "external_id": "T1083" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "name": "Process Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1057", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1057/", "external_id": "T1057" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "name": "Supply Chain Compromise", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/", "external_id": "T1195" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "name": "Command and Scripting Interpreter", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/", "external_id": "T1059" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "name": "Spearphishing Attachment", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/001/", "external_id": "T1566.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "name": "Spearphishing Link", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/002/", "external_id": "T1566.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "name": "Spearphishing via Service", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/003/", "external_id": "T1566.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "name": "Create or Modify System Process", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1543", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1543/", "external_id": "T1543" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "name": "Boot or Logon Autostart Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1547", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1547/", "external_id": "T1547" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "name": "Scheduled Task/Job", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1053", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/", "external_id": "T1053" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "name": "Application Layer Protocol", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1071", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1071/", "external_id": "T1071" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "name": "Non-Application Layer Protocol", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1095", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1095/", "external_id": "T1095" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--21d89a99-5a37-4e50-86cf-7a292fac5a60", "name": "Evil Twin", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557.004", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/004/", "external_id": "T1557.004" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29", "name": "Python Startup Hooks", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1546.018", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1546/018/", "external_id": "T1546.018" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716", "name": "Python", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/006/", "external_id": "T1059.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 81, "type": "attack-pattern", "id": "attack-pattern--239957f5-5ae1-4977-a451-144fae4a6361", "name": "Software Extensions", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1176", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1176/", "external_id": "T1176" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 79, "type": "attack-pattern", "id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "name": "Vulnerabilities", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/006/", "external_id": "T1588.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 78, "type": "attack-pattern", "id": "attack-pattern--172f3845-7870-4c1c-80bd-251e10ce9f1e", "name": "Browser Extensions", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1176.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1176/001/", "external_id": "T1176.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 76, "type": "attack-pattern", "id": "attack-pattern--8b825070-d031-4677-bf40-7fed85cc24ee", "name": "SMS Pumping", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "impact" } ], "x_mitre_id": "T1496.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1496/003/", "external_id": "T1496.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "name": "Artificial Intelligence", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.007", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/007/", "external_id": "T1588.007" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "name": "Scheduled Task", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1053.005", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/005/", "external_id": "T1053.005" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "name": "Socket Filters", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1205.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1205/002/", "external_id": "T1205.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "name": "Archive via Utility", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1560.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/", "external_id": "T1560.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "name": "Screen Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1113", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/", "external_id": "T1113" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "name": "Adversary-in-the-Middle", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/", "external_id": "T1557" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "name": "Malicious Shell Modification", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1156", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1156/", "external_id": "T1156" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--880af389-760f-48d2-b207-c65892a77d2a", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3046003e-7cec-482c-9057-9025b9d80381", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c1bf45bb-bd6b-403c-8c73-79c857122e79", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "confidence": 60, "description": "Co-occurrence: ShadyPanda and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a566c366-c8d6-48e5-b32d-228670e39fc8", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "confidence": 60, "description": "Co-occurrence: ShadyPanda and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4bc583d2-2b91-42ee-9ec8-81d44da3d6a7", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a947e125-1034-4bda-a16c-168fd8f08d15", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0748725c-52f2-449a-b759-366fbb5220c5", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0110e9d3-6d0c-41be-ad38-b1ead21e1086", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f0292d94-b34c-47d8-a131-4343e789e66c", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3aa313aa-cdd0-4d8e-adc1-3c9024e4038b", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--98df8d9e-6669-4f8c-96d0-83dac51f1f34", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--83eea39f-f8d6-4818-9d54-e11dc718baa7", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--880cf9e5-879e-44df-8468-dde10789723f", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Scheduled Task/Job (T1053) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--913ce2f4-b733-41b8-9afb-84dddc641c09", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fd119535-5492-42f8-bc46-3708cd638038", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f69006fb-0e92-4978-87a6-9fc11ba6acde", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--21d89a99-5a37-4e50-86cf-7a292fac5a60", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Evil Twin (T1557.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--69682880-8d74-4ddc-bf4d-8e85f8b0c5e4", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Python Startup Hooks (T1546.018) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2a6102d7-c75a-4cfe-baf7-96ea57869fe2", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Python (T1059.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c40d27b-f17d-4cd6-9a72-b429a3e6ed0d", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.777Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--239957f5-5ae1-4977-a451-144fae4a6361", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Software Extensions (T1176) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8fa4c501-3fbd-4b77-b7ce-8d29daa65790", "created": "2025-12-05T12:08:45.777Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b22bc5e-2487-4ae5-9c0a-31717291f68e", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--172f3845-7870-4c1c-80bd-251e10ce9f1e", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Browser Extensions (T1176.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--30557abc-b553-421d-bd16-fcdfc9254adc", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--8b825070-d031-4677-bf40-7fed85cc24ee", "confidence": 60, "description": "Co-occurrence: ShadyPanda and SMS Pumping (T1496.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3f80596d-28fd-4a6d-a216-dec0992a3794", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d25ee81a-273b-483f-8d22-515a3f8f6295", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c25ab45-56dd-45fb-83b1-15134a7f1350", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--427ff3f5-f99d-4b43-8b30-210c7480a682", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5e40ac62-bae5-41e3-bf4a-00519e0cc195", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b5f06994-ecac-4349-8f67-8b8347a3ab69", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--13e5d343-f93f-4b1c-85c5-dc22e0fade94", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3f2f06a7-b232-48f2-b300-0d8311743940", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1a828414-9071-439c-8307-9faf3966a762", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--98164702-d560-41a4-8f36-583a804e68a3", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f2d43c38-619d-400f-a74a-c37af501eaf5", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e7693457-039f-4dea-80f9-9a083c8570d2", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--409ab12f-7b91-4f1c-a6c9-c371fa8677a0", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c908fd82-4050-42c8-9321-818cdbb09f98", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f12ab953-c464-4353-896e-fe5495dfe7ed", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--065df6e6-40e8-4037-bd78-154d32936ef8", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8402f512-0093-4568-a9b9-0b3ea79248e0", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--81844626-53ce-4054-897c-5adcbbe9699b", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b1c58f1e-b0fa-43d2-9f4a-22176778f129", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--098e9368-888a-406f-83d8-1ce9ce43579c", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Scheduled Task/Job (T1053) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--20361ff3-eae3-4c13-85c4-1edaf8030353", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--79f0a81c-a961-4489-907f-61525dcc7033", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5ec967fb-ff35-4c41-9b91-fdb6a445aa80", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--21d89a99-5a37-4e50-86cf-7a292fac5a60", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Evil Twin (T1557.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--432f9fb8-3f44-4813-8528-50c465936cec", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Python Startup Hooks (T1546.018) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--12482c1a-f51f-4ad8-83eb-0256386ad614", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Python (T1059.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--127bb928-9f83-426d-94a9-746b17684e90", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--239957f5-5ae1-4977-a451-144fae4a6361", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Software Extensions (T1176) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--916322f9-8e0a-4428-be9b-1c96d36eaff1", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--edf457b5-653c-4674-a5b0-3a1ebeaaed81", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--172f3845-7870-4c1c-80bd-251e10ce9f1e", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Browser Extensions (T1176.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--36d7ce9b-c02d-4098-9406-6726fac6451a", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--8b825070-d031-4677-bf40-7fed85cc24ee", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and SMS Pumping (T1496.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8f44c1cd-2c9e-47d6-9a1d-77a4cb06eb3e", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3e3ca0d4-46b8-47f7-9105-b2a2c4425435", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e8a65e4d-9572-4b5e-9f7a-4d42daaaee6b", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--67397474-88e5-4079-977f-babd2c704e3d", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a3e09600-d0af-43d8-b783-8dc3d69b28ac", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8aa04b6e-708a-4a16-97e7-c69b11b869e7", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3389f486-d831-4e50-9a35-ec093d9930b5", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--c912f6db-4393-416c-b791-11960c8561c5", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 60, "description": "Co-occurrence: the People's Republic of China and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--75eaa949-39e3-4435-86b2-bf23a9367067", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 60, "description": "Co-occurrence: Callisto and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77537b2e-569b-475f-8110-d56726b27457", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 60, "description": "Co-occurrence: Callisto and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1e53a9fa-159a-40bb-aac3-175d9243221a", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "confidence": 60, "description": "Co-occurrence: Callisto and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--db3429e6-525b-4191-b028-87befd3f27a9", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "confidence": 60, "description": "Co-occurrence: Callisto and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2bfefde5-875a-46ea-9a2c-923516e91d59", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "confidence": 60, "description": "Co-occurrence: Callisto and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d801ad24-e0d1-4910-9cd1-e4b1cb34fd4d", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 60, "description": "Co-occurrence: Callisto and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f0a39877-1daa-4cd8-a4a2-36a97671afa1", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 60, "description": "Co-occurrence: Callisto and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--523fa710-bd99-4451-84df-4bc5b8ebdeb0", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 60, "description": "Co-occurrence: Callisto and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1e122a43-73f7-4e90-96cf-ced2e227f794", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 60, "description": "Co-occurrence: Callisto and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--adb22102-b86e-420e-aeb9-80a139285a9a", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 60, "description": "Co-occurrence: Callisto and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2e7cb162-65b1-4a69-9f21-db9099d389b0", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 60, "description": "Co-occurrence: Callisto and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--be54ef5e-51a3-432c-840f-959973b33105", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 60, "description": "Co-occurrence: Callisto and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--036b7ea1-d3b6-40b3-a0ac-ee1246a9c231", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "confidence": 60, "description": "Co-occurrence: Callisto and Scheduled Task/Job (T1053) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--169f8d68-2521-4522-a80b-5a2f55300dc7", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "confidence": 60, "description": "Co-occurrence: Callisto and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5829e003-5a1d-469d-a1eb-bdf59bed7455", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "confidence": 60, "description": "Co-occurrence: Callisto and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9f8e3316-88ae-42e8-94c4-b3de9a6f0b92", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--21d89a99-5a37-4e50-86cf-7a292fac5a60", "confidence": 60, "description": "Co-occurrence: Callisto and Evil Twin (T1557.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a4c081a-b69c-4ced-bb29-b9610404f25d", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29", "confidence": 60, "description": "Co-occurrence: Callisto and Python Startup Hooks (T1546.018) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--957f0d64-eb15-4b2a-aca9-b11670346762", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716", "confidence": 60, "description": "Co-occurrence: Callisto and Python (T1059.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--78b1c2cc-5bc3-45dd-aaee-ed6cf0c13d6c", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--239957f5-5ae1-4977-a451-144fae4a6361", "confidence": 60, "description": "Co-occurrence: Callisto and Software Extensions (T1176) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a223b2d2-14ea-4db1-be09-bb36d3768185", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 60, "description": "Co-occurrence: Callisto and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8771e8f0-91c6-44c6-adb5-43905228a5f6", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--172f3845-7870-4c1c-80bd-251e10ce9f1e", "confidence": 60, "description": "Co-occurrence: Callisto and Browser Extensions (T1176.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8d281a10-020b-490a-b8b0-e2f9a1a1ffca", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--8b825070-d031-4677-bf40-7fed85cc24ee", "confidence": 60, "description": "Co-occurrence: Callisto and SMS Pumping (T1496.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e2aed020-8f42-4798-bc14-16ac540f3b9d", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 60, "description": "Co-occurrence: Callisto and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--72d16002-cbb9-45ce-a009-0fea96b4b1ad", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 60, "description": "Co-occurrence: Callisto and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ac0201ba-41a6-4eef-ae4f-9b9dc4771934", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 60, "description": "Co-occurrence: Callisto and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4486d4b1-f891-4f53-8118-6b9bf6f16186", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 60, "description": "Co-occurrence: Callisto and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4b7598e-5704-4fde-8841-1a7d1358a520", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 60, "description": "Co-occurrence: Callisto and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c403fe62-9b0a-436a-ae22-1e841f18f6b1", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 60, "description": "Co-occurrence: Callisto and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c69a91b-1f5a-44da-be25-c1ef1068a51b", "created": "2025-12-05T12:08:45.778Z", "modified": "2025-12-05T12:08:45.778Z", "relationship_type": "uses", "source_ref": "threat-actor--54ee8b98-7615-4160-a33d-f25231b70fc5", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 60, "description": "Co-occurrence: Callisto and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" } ] }

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

Industry Watch

CyberSecurity Latest Rundown

CRITICAL ITEMS

HIGH SEVERITY ITEMS

EXECUTIVE INSIGHTS

OTHER NOTEWORTHY ITEMS

VENDOR SPOTLIGHT

DETECTION & RESPONSE KIT

Cookie Notice

STIX 2.1 Threat Intelligence Bundle

If you like MikeGPT CyberSecurity Newsletter, spread the word.