Cybersecurity Latest Rundown

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

SOX: 17 FISMA: 3 General Enterprise: 3 HIPAA: 2 PCI DSS: 2

Industry Watch

🚨 Government (FISMA) CRITICAL

Threat activity targeting federal infrastructure

Key threat: Active exploitation of Ivanti EPM and router vulnerabilities in federal supply chains.

Action: Review Ivanti EPM Update Patches Critical Remote Code Execution Flaw, VU#821724: TOTOLINK s X5000R s (AX1800 router) lacks authentication for telnet

Healthcare (HIPAA) ELEVATED

Persistent espionage campaigns

Key threat: APT28/Fancy Bear targeting healthcare data for intelligence gathering.

Action: Review APT28 Cyber Threat Profile and Detailed TTPs

Finance (PCI DSS) ⚠️ WARNING

Encryption protocol vulnerabilities

Key threat: Flaws in PCIe Integrity and Data Encryption (IDE) impacting transaction security.

Action: Review VU#404544: Vulnerabilities identified in PCIe Integrity and Data Encryption (IDE) protocol specification

CyberSecurity Latest Rundown

Heroes, busy day. Microsoft and Adobe with big patch releases, and more. Here's a curated look at the current cybersecurity landscape for December 10, 2025.

CRITICAL ITEMS

Shai-Hulud 2.0: Massive Cloud Supply Chain Attack
Date & Time: 2025-12-09T21:41:32

A significant supply chain attack dubbed "Shai-Hulud 2.0" has compromised hundreds of publicly available software packages. Attackers are targeting developer environments and CI/CD pipelines to infiltrate cloud-native ecosystems.

Business impact

Using compromised software packages can introduce hidden backdoors into your applications, leading to data breaches and loss of customer trust.

Recommended action

Ask your IT team: "Are we scanning our development pipelines for the malicious packages identified in the Shai-Hulud 2.0 campaign?"

CVE: n/a | Compliance: SOX | Source: Microsoft ↗
Microsoft Patch Tuesday: 57 Vulnerabilities & Active Zero-Day
Date & Time: 2025-12-10T08:47:02

Microsoft has released urgent security updates addressing 57 vulnerabilities, including a critical "zero-day" flaw currently being used by attackers to compromise systems. This update spans Windows, Office, and Edge, closing actively exploited backdoors.

Business impact

Leaving these systems unpatched exposes the organization to immediate compromise, potentially leading to ransomware deployment, data exfiltration, and significant operational downtime.

Recommended action

Ask your IT team: "Have we prioritized the deployment of the December Patch Tuesday updates, specifically for the actively exploited zero-day?"

CVE: CVE-2025-62221 | Compliance: SOX | Source: SecurityAffairs ↗, Reddit ↗
Ivanti EPM Critical Remote Code Execution Flaw
Date & Time: 2025-12-10T11:53:55

Ivanti has patched a critical vulnerability in its Endpoint Manager (EPM) that allows remote attackers to execute malicious code with administrator privileges. This flaw leverages a Cross-Site Scripting (XSS) vector to gain control.

Business impact

Compromise of the endpoint management system allows attackers to deploy malware to all managed devices across the enterprise, causing widespread disruption and data loss.

Recommended action

Ask your IT team: "Have we updated our Ivanti EPM servers to the latest version to mitigate the RCE vulnerability?"

CVE: n/a | Compliance: SOX, FISMA | Source: SecurityWeek ↗
Gogs 0-Day Exploited in the Wild
Date & Time: 2025-12-10T15:00:01

Researchers have confirmed active exploitation of a critical zero-day vulnerability in Gogs, a self-hosted Git service. Attackers are using this to execute remote code on servers hosting source code repositories.

Business impact

Exploitation could lead to the theft of proprietary source code, insertion of backdoors into company software (supply chain attack), and loss of intellectual property.

Recommended action

Ask your IT team: "Do we use Gogs for code hosting, and if so, have we isolated the server or applied mitigations for CVE-2025-8110?"

CVE: CVE-2025-8110 | Compliance: General Enterprise | Source: Wiz ↗

HIGH SEVERITY ITEMS

Fortinet Patches Critical Authentication Bypass
Date & Time: 2025-12-10T12:39:07

A critical security defect in Fortinet's operating system allows attackers to bypass authentication and log in without credentials. This affects FortiOS, FortiWeb, and FortiProxy when connected to FortiCloud SSO.

Business impact

If exploited, unauthorized actors could gain full administrative control over the network perimeter, leading to a complete breach of internal systems and potential regulatory fines.

Recommended action

Ask your IT team: "Are our Fortinet devices configured with FortiCloud SSO, and have we applied the emergency patch to prevent unauthorized access?"

CVE: n/a | Compliance: SOX | Source: SecurityWeek ↗
Adobe Patches Nearly 140 Vulnerabilities
Date & Time: 2025-12-09T20:35:49

Adobe has released a massive security update addressing nearly 140 vulnerabilities, with a heavy focus on Adobe Experience Manager. The update fixes over 100 Cross-Site Scripting (XSS) flaws that could compromise web applications.

Business impact

Unpatched Adobe applications, particularly Experience Manager, can be exploited to hijack user sessions or deface corporate websites, damaging brand reputation.

Recommended action

Ask your IT team: "Have we scheduled the deployment of the latest Adobe security updates, particularly for our marketing and web experience platforms?"

CVE: n/a | Compliance: SOX | Source: SecurityWeek ↗
NVIDIA Isaac-GR00T Authentication Bypass
Date & Time: 2025-12-09T06:00:00

A vulnerability in NVIDIA's Isaac-GR00T allows remote attackers to bypass authentication completely. This affects robotic and AI development environments, permitting unauthorized access without credentials.

Business impact

Unauthorized access to AI/robotics development platforms can lead to IP theft and sabotage of critical R&D projects.

Recommended action

Ask your IT team: "Do we utilize NVIDIA Isaac-GR00T, and is it exposed to the network without the latest security patches?"

CVE: CVE-2025-33184 | Compliance: SOX | Source: NVIDIA ↗
TOTOLINK Routers Remote Code Execution
Date & Time: 2025-12-09T19:27:16

TOTOLINK X5000R routers contain a flaw where an unauthenticated HTTP request can enable telnet, leading to remote code execution with root privileges. This impacts small business and home office setups.

Business impact

Compromised routers can be used as entry points into the corporate network for remote workers, bypassing perimeter defenses.

Recommended action

Ask your IT team: "Do we have any remote employees using TOTOLINK routers, and have we advised them to update firmware immediately?"

CVE: n/a | Compliance: SOX, FISMA | Source: CERT ↗

MEDIUM SEVERITY ITEMS

PCIe Integrity and Data Encryption Vulnerabilities
Date & Time: 2025-12-09T18:09:16

Vulnerabilities have been identified in the PCIe IDE protocol specification, potentially allowing attackers with physical or local access to compromise encrypted data transfers.

CVE: n/a | Compliance: PCI DSS, SOX | Source: CERT ↗

🔵 LOW SEVERITY ITEMS

New Zealand Malware Infection Wave
Date & Time: 2025-12-09T17:58:01

New Zealand's cyber security agency warns that 26,000 devices have been infected with malware. While regionally specific, it indicates a broader botnet campaign.

CVE: n/a | Compliance: SOX | Source: Radio New Zealand ↗

OTHER NOTEWORTHY ITEMS

Google Chrome AI Security Boundaries
Date & Time: 2025-12-10T13:23:37

Google is implementing new AI security measures in Chrome to prevent hackers from bypassing browser defenses, backed by a $20,000 bug bounty.

Source: TechRepublic ↗

EXECUTIVE INSIGHTS

APT28 Cyber Threat Profile and TTPs
Date & Time: 2025-12-10T10:55:03

A detailed refresher on APT28 (Fancy Bear), a persistent Russian cyber espionage group. Understanding their Tactics, Techniques, and Procedures (TTPs) is vital for healthcare and government sectors currently in their crosshairs.

Source: Picus Security ↗
Securing Model Context Protocol (MCP)
Date & Time: 2025-12-10T13:25:53

As AI agents increasingly use the Model Context Protocol (MCP) to interact with external tools, securing these integrations is becoming critical to prevent unauthorized data access and actions.

Source: Security Boulevard ↗

VENDOR SPOTLIGHT

Spotlight Rationale: With the "Shai-Hulud 2.0" supply chain attack targeting cloud environments and new Federal AI mandates (FISMA), visibility into cloud assets and shadow AI is critical.

Threat Context: Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

Platform Focus: Orca Cloud Security Platform

Orca Security provides agentless cloud security that is essential for detecting the "maliciously modified packages" described in the Shai-Hulud 2.0 attack. Their platform aligns with the new Federal AI Action Plan by offering visibility into AI infrastructure and "shadow AI" usage, ensuring compliance with emerging FISMA requirements.

Actionable Platform Guidance: Enable the "AI Inventory" and "Shadow AI" detection modules immediately to identify unauthorized AI models or compromised CI/CD pipelines that may be affected by the Shai-Hulud campaign.

Source: Orca Security ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - Orca Security

# Orca Security CLI / API Configuration for AI & Supply Chain Detection

# 1. Enable Shadow AI Detection to spot unauthorized AI tools
# Verify current status
orca-cli policy get --name "Shadow AI Detection"

# Enable policy if disabled
orca-cli policy enable --name "Shadow AI Detection" --severity "High"

# 2. Scan CI/CD Pipelines for Shai-Hulud Indicators
# Trigger an on-demand scan of connected repositories
orca-cli scan trigger --type "repository" --all

# 3. Alert on Malicious Package Detection
# Configure alert output for supply chain risks
orca-cli alerts configure --filter "category='Supply Chain' AND risk_level='Critical'" --channel "SIEM_Webhook"

2. YARA Rule for Shai-Hulud/Supply Chain Suspicious Scripts

rule Suspicious_Install_Script_Network_Activity {
meta:
description = "Detects install scripts fetching external content, typical in Shai-Hulud supply chain attacks"
author = "Threat Rundown"
date = "2025-12-10"
reference = "https://www.microsoft.com/en-us/security/blog/?p=144311"
severity = "medium"
tlp = "white"
strings:
$s1 = "curl " ascii wide
$s2 = "wget " ascii wide
$s3 = "| bash" ascii wide
$s4 = "eval(" ascii wide
$susp_ip = "http://" ascii wide
$h1 = { 2F 62 69 6E 2F 73 68 } /* /bin/sh */
condition:
($h1 at 0) and (any of ($s*) and $susp_ip)
}

3. SIEM Query — Fortinet Authentication Bypass Attempts

index=security sourcetype="fortigate_event"
action="login"
| eval risk_score=case(
status=="failed", 10,
status=="success", 0,
1==1, 5)
| stats count(eval(status=="failed")) as fail_count, count(eval(status=="success")) as success_count by src_ip, user, _time
| where fail_count > 5 AND success_count > 0
| eval risk_score = 90
| table _time, src_ip, user, fail_count, success_count, risk_score
| sort -_time

4. PowerShell Script — Check for Critical Windows CVEs

$computers = "localhost", "SERVER01", "WKSTN01"
$critical_cves = @("KB5049876", "KB5049877") # Placeholder KB IDs for Dec 2025 Patch Tuesday

foreach ($computer in $computers) {
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
$hotfixes = Get-HotFix -ComputerName $computer
foreach ($kb in $critical_cves) {
if ($hotfixes.HotFixID -notcontains $kb) {
Write-Host "CRITICAL: $computer is missing $kb (Potential CVE-2025-62221 exposure)" -ForegroundColor Red
} else {
Write-Host "OK: $computer has $kb installed." -ForegroundColor Green
}
}
}
}

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "type": "bundle", "id": "bundle--af38e548-1a16-4456-aa42-510e840a967c", "objects": [ { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "created": "2022-10-01T00:00:00.000Z", "definition_type": "tlp:2.0", "name": "TLP:CLEAR", "definition": { "tlp": "clear" } }, { "type": "identity", "spec_version": "2.1", "id": "identity--e2499b94-8dc3-4d55-bca0-3803f62dbb4b", "created": "2025-12-10T15:15:10.237Z", "modified": "2025-12-10T15:15:10.237Z", "name": "MikeGPT Intelligence Platform", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "identity_class": "organization", "sectors": [ "technology", "defense" ], "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "report", "spec_version": "2.1", "id": "report--c78e1e47-9fc2-4a41-b458-bb6c597491a9", "created": "2025-12-10T15:15:10.237Z", "modified": "2025-12-10T15:15:10.237Z", "name": "Threat Intelligence Report - 2025-12-10", "description": "Threat Intelligence Report - 2025-12-10\n\nThis report consolidates actionable cybersecurity intelligence from 94 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• Google Chrome’s New AI Security Aims to Stop Hackers Cold (Score: 100)\n• Fortinet Patches Critical Authentication Bypass Vulnerabilities (Score: 100)\n• Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data (Score: 100)\n• Ivanti EPM Update Patches Critical Remote Code Execution Flaw (Score: 100)\n• Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day (Score: 100)\n\nEXTRACTED ENTITIES:\n• 25 Attack Pattern(s)\n• 27 Domain Name(s)\n• 40 Indicator(s)\n• 1 Ipv4 Addr(s)\n• 3 Malware(s)\n• 1 Marking Definition(s)\n• 118 Relationship(s)\n• 14 Tool(s)\n• 12 Url(s)\n• 8 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "published": "2025-12-10T15:15:10.237Z", "object_refs": [ "identity--e2499b94-8dc3-4d55-bca0-3803f62dbb4b", "identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396", "identity--58e712bb-1d06-44ac-9240-0adca25c19c3", "identity--8c1fecc5-666c-4007-be86-c4b6d149231b", "identity--53a6e913-b371-4d86-baa7-f737222b3ce5", "identity--8c780a2d-c2e1-4081-a002-eb0698c76ec2", "identity--ae4d5f46-29c5-40ae-842b-378abf057c12", "tool--fd368e1e-5ddb-4355-8645-02012f1fb7d1", "tool--f8803d1f-88cf-4e2d-9ed7-583cbb378365", "identity--06b70d7b-8838-4176-9d1c-742c3c4155df", "tool--d26f1136-5a4f-4c9a-a816-418197a66ed2", "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "identity--d48d0179-a8bc-4c9e-89ef-4347fcbce1fa", "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "tool--6c7aaabc-f060-4d19-a478-ab25432ffbb8", "tool--8af2422b-83ad-48ab-a355-0c457fd5ff29", "vulnerability--a3e90944-f57c-4157-bc40-bb1f7045b705", "identity--f6e6cd05-205a-4c16-9851-9959d6ab6d90", "identity--c4bddfde-bffe-4aa3-970b-dd430d1877f3", "tool--c6d3842e-0110-4fb6-a690-c74abfb2be6e", "tool--2d5dce87-f632-4d64-83c7-e62154759ce2", "tool--15b5138f-58fa-4d16-87d7-650d87e2f7ca", "vulnerability--ce6228e2-8fe3-4275-a422-a3655631a74f", "tool--1b14a4d3-2166-441d-b035-f5ed21363096", "vulnerability--ee965578-219a-4d94-a714-d90b683d3a8a", "tool--b7b55583-fb7b-43d9-83be-0835e0fe62ec", "tool--a6dadba1-3166-446d-a655-a0932eaa1bfa", "identity--a1e4678f-7e7b-46ff-8baf-547f62e4e8d0", "vulnerability--b0130c1c-ecc3-4dc2-a135-ea2cf5b4cbaa", "tool--aff37570-139e-49ee-a9c2-53bbb22ac55e", "identity--16e430aa-6114-4537-b474-bd3596fdd82c", "identity--68aa8a21-08e3-46ba-bea4-61aed61c8df9", "identity--c9008b15-f933-4b05-ba71-fd47e6d48750", "tool--dfb28c55-f7ed-4379-9ffc-beef2effe401", "identity--760b93e5-d4e4-4bfd-9a13-457f35cee59a", "tool--327d3d37-419b-4135-80fd-72fd2f4a455e", "vulnerability--6b59d7e9-48f1-4960-ba69-7a3bdd77ee0b", "identity--7bb33173-9386-40cf-a0f7-cce6903ff1ca", "identity--72ad4015-9d7c-4cc7-b720-ec3274e4c161", "vulnerability--1c2808fc-0c16-4c57-a615-6389815faf9a", "identity--421dd0c0-c7eb-4edf-9cc1-bdfd1cbe9d15", "vulnerability--98aa061f-8cda-4066-ab82-56c0370156f5", "vulnerability--c018c0b9-61da-436e-83e2-e615ed7e3b07", "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "attack-pattern--01df90e4-619d-4268-90c9-6e2aa84079d9", "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "attack-pattern--af705332-242d-4c31-9955-6dca77d560de", "attack-pattern--75f8063e-1388-4007-8255-4523fceba24e", "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "attack-pattern--270f3200-ac63-4d2d-be73-645b1794d56d", "attack-pattern--13975792-7c14-4c1e-a11e-80b1ecbde971", "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "attack-pattern--5d331945-e11f-455a-bb36-5c5d2c1e2a38", "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "attack-pattern--28d556b1-41a4-46dd-9e44-02b0593dd0e4", "relationship--e9153178-2552-4b76-bee3-2825a2aac744", "relationship--381c32ac-4715-466d-a169-3fa855ca9726", "relationship--3f6f7417-5d06-48a2-927a-90a3b1abcf04", "relationship--a2f386ce-7d4b-480a-b9db-80025594eec5", "relationship--a2a37cb9-d886-4023-b2e8-7ccc9d7a984a", "relationship--01320d4a-4bb0-4561-8c15-25d527211884", "relationship--c9f7e272-f386-47bd-8f35-adaf000a2fe4", "relationship--a12d92f0-7b55-4bc0-b813-a8081391aabf", "relationship--2c4251e1-b059-4673-9d12-419880e34618", "relationship--5d579a26-e43e-4bdc-9506-70ced87d477c", "relationship--ae19d9da-accf-43fa-92dc-336bf3fb420c", "relationship--6101d896-653e-4340-8e14-62f9adaf24fe", "relationship--ad0527c5-ceb0-4a17-97f8-4372997ffe0b", "relationship--cde95e06-2fbf-4e5b-8163-8a6c2d31ea62", "relationship--a3789d4e-18b4-4aa3-9f1a-a3d866624c13", "relationship--5598598e-459d-4a2c-9be0-cabdb3d4e744", "relationship--a8727ca3-6225-4a03-9158-76986091f77b", "relationship--fba44374-a791-4e5c-b4c2-87a989372c5c", "relationship--eae1233f-8bc6-4d09-b906-3b54c1cb06bc", "relationship--c5ec1c6d-8ce5-427e-ba94-245b90fb47f2", "relationship--c332c298-d024-4fcc-bd7f-8c15d49e34e8", "relationship--f78303ec-01bd-4c58-a643-2aa36457e192", "relationship--bd89a76d-30e3-443f-bf90-ac405956ca4a", "relationship--65346aa5-baac-4274-a307-0209e3398a73", "relationship--157505bc-2857-43bc-86db-c37b0d23d8af", "relationship--f0ca89da-1617-4057-9389-2ab706719fb8", "relationship--9f9389bd-336d-4ee4-b9ce-6aa863695c83", "relationship--27e14551-57f2-43c8-bde4-abb993a54921", "relationship--696359b2-89f9-4f9c-9de5-b6931d7146ef", "relationship--51ab74fe-4cad-4265-873e-9421ff12a39a", "relationship--9917fd04-45c9-495a-b80e-d011d5144913", "relationship--3d87016f-2fcc-4b62-b220-39e3225a59b8", "relationship--194fcdd2-d5d9-4d5f-868c-406521712521", "relationship--54d67aed-8a8c-4b26-a47a-cc9de0e4ad3f", "relationship--2c108836-7e0f-4dd4-af0a-4679a59f2957", "relationship--cec0754b-67bc-465a-8bdd-d67eadac9431", "relationship--33a76b8e-b5ad-4c0f-93cd-0ca419ebfc7a", "relationship--4a7edadd-6bbd-4789-860f-a85b73c7bd33", "relationship--fd907a42-f5d6-4110-9a14-591fa1a28263", "relationship--9ffe9cf7-fe25-4d81-93b3-9ba4400b8fe5", "relationship--8c5b0c4d-f697-4e9f-8b90-c3d7d0ea53f0", "relationship--0aea6072-9023-4ebc-9e1e-3933fb20721e", "relationship--080fff43-8e9d-49e3-8e4e-a99c9e86a50f", "relationship--3ac61e37-0f6f-4a9d-b13e-acf6a4591cf6", "relationship--2ca3bf34-d73e-4f75-bf8c-6fa9c2f8a8c4", "relationship--58560999-356d-42e4-8418-bd6be0c0c500", "relationship--e68b4c3d-0269-4ec6-b2cb-43a2a2232ef7", "relationship--46906eec-c57a-41a8-8bd8-1a4dc26f937d", "relationship--8091688c-391d-49c3-909b-b29d528266a0", "relationship--fa147f6a-9205-40ae-9df3-ec297bd85f88", "relationship--6693439c-0924-424a-9fc6-454ff91402ef", "relationship--5252d745-3669-4d4a-9199-07ef5e73be5d", "relationship--f1f9222b-12cf-40db-af5f-6262cac1b98f", "relationship--6539a26c-6d86-4686-a57d-874365ed8217", "relationship--682321f0-0a95-48c8-9cef-c1a5c62059e6", "relationship--cbf86be3-4a53-48b4-869d-5b7022f8f819", "relationship--060c4d97-9dba-4da3-aa07-f58daa22a4bd", "relationship--ba59da00-18f7-4b11-a5b0-d964faf38400", "relationship--05b75c8e-a229-4e45-9fbd-ead3b72099b9", "relationship--7bd77a1f-049f-434c-9443-2945f3268292", "relationship--f25f5523-baa2-4312-b25b-23f236460a5a", "relationship--827a7b6f-39a8-45d8-8c63-47b6eb422300", "relationship--a6b2bb06-9832-4672-91e3-002a09327ff8", "relationship--8aa94997-f2fc-4438-bc6b-c5dfddf252a0", "relationship--de362fde-715a-445e-9aaf-c52f73ac6950", "relationship--3fb63400-46d7-4005-93f4-1ebd9917ef0c", "relationship--b1575926-8fe1-42e7-8194-2064d91ed7cc", "relationship--eb38bd9a-e373-40d7-90cb-918d9bcb7fbd", "relationship--d59f3384-b8e9-432b-84b8-486849286a22", "relationship--ecf43bc1-e512-441a-ae92-5713fa457ad0", "relationship--1cf51524-db26-4bda-ba4e-b8451c556fb5", "relationship--32dc57ae-5cd4-4461-8c19-72bde0d17c6b", "relationship--1d224434-ecd2-47b2-b8d9-b0de34f110e6", "relationship--25b50cb6-c718-4f9a-b81b-51094d559a0a", "relationship--e9d152fd-4005-4885-a01d-046c4db27a71", "relationship--38fcc757-95ba-4164-8981-c73e125581ca", "relationship--47230070-753b-4b1f-a4f4-99c088cf3bb1", "relationship--f0807bde-ec7e-40fd-84b1-68733308e6b6", "domain-name--11dc0d49-f841-4aa1-8b61-d7b8d48b6760", "domain-name--3482cf77-d2ac-4d84-bb1a-e5e3b4463cfb", "domain-name--a7e0b372-b32b-4dbd-b036-863754377227", "domain-name--bd8870e6-bd93-459d-b16c-7a82d220df68", "domain-name--22f140eb-4ed9-49d2-8194-38fae1ff2c75", "domain-name--e668ee12-a076-46c2-9c5f-59c1b24ba683", "domain-name--ec0c81f0-c73e-416e-8446-eec51db2affb", "domain-name--9b26ee15-06c8-4a37-a280-3552c9d5ad31", "domain-name--97a79b7b-ba35-481a-9e6f-1e358ddfe376", "domain-name--8da76589-685d-4726-bf84-b9f9f546fadd", "domain-name--a520236f-12ed-4504-b67c-1b7d54b2a85f", "domain-name--2d57b052-d03b-4bf9-a4b7-56c800aed87f", "domain-name--65231d9b-eacd-45e4-b365-b955d9a5642c", "domain-name--d1f3ade6-74a3-46d3-8436-ffde42f76993", "domain-name--066d493e-df61-4cb9-a70d-a63fe44535fe", "domain-name--03eef932-00d7-4c20-a9c3-3b8ff534b016", "domain-name--ce6eaa52-2370-4a41-9f0c-45a61c2a54ca", "domain-name--ed86617c-364b-410b-94b1-0a760c7643b1", "domain-name--1306a03e-8a80-483b-aea0-adf44a7313e1", "domain-name--6d5a2ce6-3f96-4835-9b12-1e509f723e82", "ipv4-addr--2628aebb-a820-4356-910a-ba3e9a0c33b2", "url--f632dbee-380f-4e2d-a645-a657d1e132b8", "url--e9d37ced-a89f-4ab3-9dbf-bdff7695b58e", "url--fe1214ff-9b4a-4308-98cf-45553363e557", "url--5ea8b3b5-7bf6-489b-acbc-ce63f378ef89", "url--b6050c1d-1eaf-48d1-86af-451a60cec9af", "url--38dbd474-f8f8-4889-aec0-4b6a8176acfa", "url--e9606738-e5da-4e8d-9f5b-4631226dbf47", "url--cf185a06-907b-4b5c-b2fe-c65510184971", "url--dc07cb18-b9e8-40be-9a92-a243a10204fd", "url--e0afcc3e-3279-42dc-a3ab-9c1da6e9abb4", "url--49299af2-34f6-436c-9093-b8a378c3d960", "url--2c252573-6db8-4e26-aa94-7a93b70c9b1d", "domain-name--7c856008-cbc1-4bad-8ba5-39a9cf6d6c62", "domain-name--7fa1067d-df69-47d6-8d0e-092f4e0673f6", "domain-name--c34b3927-943d-47fa-97c0-21edf4aa4536", "domain-name--47ae0c81-61c0-408b-b735-646657c82331", "domain-name--e4bc879c-5f99-400e-96c8-84e3aa59b7ab", "domain-name--2fbe8bea-2985-495a-ae42-dc5cfd039b3b", "domain-name--b7207373-1976-4b1b-8d30-e56abd7c405b", "indicator--0b09032d-eef7-459b-843b-5d3f229a97e1", "relationship--f9dd09b6-a5fa-4b6d-8a33-750ad8d6affe", "indicator--79f38787-f81c-4760-8f59-e779847348a6", "relationship--3a9730fd-5f37-43f3-9049-0beb1a88999c", "indicator--738cc7e7-7e45-42ea-ae84-88799fdbf63d", "relationship--b5acdfee-17f7-4bae-82bd-c7d333e60b0d", "indicator--276dbaea-0704-4062-b751-86291e087b4c", "relationship--187891bd-0d13-40b2-b2c6-84a448d19d3d", "indicator--75aa85bf-55d7-47d6-b76f-d93e6876d27b", "relationship--cad9d831-75fe-4407-bfc0-c21d0d628de5", "indicator--5a84e774-6025-4005-85cd-417870a01cd7", "relationship--35947f64-bb07-491b-80e8-f6f827e84dbc", "indicator--14ddca08-5900-4893-8a57-acd2c4bc9afa", "relationship--55fa29c1-d1aa-4889-9cbe-42aa3a81cc7f", "indicator--5d57e646-9ca1-4a93-a642-21de5278889b", "relationship--8233edb7-4c71-4720-9836-06e2fbfe518f", "indicator--759cf316-fe25-48f7-b9fa-f1b24e7d76d7", "relationship--f6710f7b-6887-477e-a312-0052885fe373", "indicator--b0997639-7a5b-4652-bd00-e47dfd29b7ea", "relationship--b69a8897-77fa-4544-b3dd-3212989b63da", "indicator--fdff90c8-9d92-4b96-bdd4-269a5ca1f4cd", "relationship--1cbee4b8-512b-4943-9011-f54943d3642b", "indicator--5bd108f8-701e-4646-b8d6-9573fababf1a", "relationship--756928bc-89fc-4e01-92a7-fd6732bbd05c", "indicator--1a6b0908-d621-4d0f-a207-1c08f86fb942", "relationship--3834c1ca-d383-4040-8c31-ce6fbe24b792", "indicator--4c0094b5-7ad3-480f-ace5-5d5268b3e37b", "relationship--e8a30ae0-5ee8-4fcd-89aa-9b0e07dc036d", "indicator--f326e9df-7f5b-42d5-bd1f-b08bb3f533e9", "relationship--f50e52ab-cf2b-4917-b505-122c937c7b51", "indicator--52a11114-282e-464d-9377-213bc5a99f80", "relationship--48aa931c-d455-4d61-8337-fa742460595c", "indicator--7e08fcac-f5b8-4557-b122-eb66a434b1a4", "relationship--11725f33-c832-4ab6-b4dc-e277d5813704", "indicator--ad8b3d05-fb20-4d1f-9278-d7ee7b0a26be", "relationship--c410ff0d-d7c8-4380-8a39-8d0aed0ff22a", "indicator--994b92f8-757b-4857-bd21-e65c1b36b36c", "relationship--c782bb08-6517-48f9-8951-7d1e2077bb89", "indicator--80fc8ba8-5dee-4818-94a1-8093da9fd404", "relationship--db2bde7d-a1b7-4bce-bd6f-6886b0ce4156", "indicator--d914a9f1-d3a1-4e4a-bba9-386e25a44226", "relationship--189cff5c-b8e7-4ed5-bc0d-ec97552d6759", "indicator--235e5ff7-dbbb-4a9c-b17f-a22234c36dba", "relationship--9e09d118-1e08-46bc-926b-5cfc22977aed", "indicator--d083b57f-e81a-4c76-b74e-cb3a53e1a5e3", "relationship--32141c49-2510-4b3b-9bb0-5d6d85ba4ce7", "indicator--7ce14ee5-469e-41a9-a66f-d45f7b993b72", "relationship--d245e55a-af70-48d5-8d86-e77e8aa7ec51", "indicator--d95075bb-c750-40e9-bc81-787d621269de", "relationship--2d2d2e5a-1850-440f-83e5-002e3fe88508", "indicator--161376a6-34c2-4dfa-988e-13def4847b4c", "relationship--6e90a967-0d9f-40a3-bc17-65ee9d3b7882", "indicator--117590f4-41f8-4bfd-94c6-a36b652184e5", "relationship--779e4479-f03f-4751-919e-c5eb84294d8c", "indicator--f5a63f75-4234-48db-8ad3-989cc4d42e52", "relationship--2e802dbe-eea5-434b-857f-d47e1dadfbe6", "indicator--b958621e-b36b-44b0-ad57-cc431fb8e64d", "relationship--6380b060-7475-4436-b1c0-34ec90dfb06d", "indicator--499d68cd-8a1e-4ee5-9207-bb0ea0f25219", "relationship--90bea11d-5db7-4b00-8c42-a36db01444a3", "indicator--c2d05e2b-4fd5-4474-8518-512ab4d39b42", "relationship--8750a30f-0936-4f90-9d7b-96cccfcf4a5c", "indicator--55e3d3d4-bf9d-4ba8-9353-58140f7e69b9", "relationship--14e19e0a-d563-4357-a512-dd18c8ad5718", "indicator--4d7632cd-5c92-4088-81b1-469faba0f35c", "relationship--793b2f51-da14-4cb1-9c2e-a6b74fc8adc3", "indicator--245bd82a-4c5c-4e4a-a8c0-32ada74d447a", "relationship--192a7245-1679-4713-9e9d-79c74ad27937", "indicator--2684300f-5f99-4127-ae75-6919fc625c03", "relationship--8c6e1ba6-50d9-4f84-aa78-0efc62ad7cf8", "indicator--9e85286e-fd6d-4924-b6fc-a12fff940805", "relationship--d7208999-6f5b-448a-8283-e49f97bf2b34", "indicator--4eedfae1-ea15-47c8-9b40-c7216cfbc31c", "relationship--f71cf887-3dfb-4352-9b25-95b4de38f48a", "indicator--b64868d8-c7a9-4d4c-9e6e-74441a33d10c", "relationship--7c159d8c-35ea-4e47-b6e7-bd6fe0a2a12b", "indicator--8982fea9-fda2-4e61-b509-f9d02c0d9cc9", "relationship--00d39a62-11bf-4372-9e65-9a4b0e37d5f4", "indicator--2de0425a-b3bb-44a0-8694-6fee064a5585", "relationship--d0fb2c22-a58e-4a7b-95ef-345dde45b091" ], "labels": [ "threat-report", "threat-intelligence" ], "created_by_ref": "identity--e2499b94-8dc3-4d55-bca0-3803f62dbb4b", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.229Z", "modified": "2025-12-10T15:15:10.229Z", "confidence": 95, "type": "identity", "id": "identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396", "name": "Google", "identity_class": "organization", "labels": [ "identity" ], "description": "Google is a multinational technology company specializing in Internet-related services and products, including search engines, online advertising technologies, cloud computing, and software development.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.230Z", "modified": "2025-12-10T15:15:10.230Z", "confidence": 95, "type": "identity", "id": "identity--58e712bb-1d06-44ac-9240-0adca25c19c3", "name": "TechRepublic", "identity_class": "organization", "labels": [ "organization" ], "description": "TechRepublic is a technology news and information website that provides articles, blogs, and other resources on various technology topics, including cybersecurity and data breaches.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.230Z", "modified": "2025-12-10T15:15:10.230Z", "confidence": 95, "type": "identity", "id": "identity--8c1fecc5-666c-4007-be86-c4b6d149231b", "name": "FortiWeb", "identity_class": "unknown", "labels": [ "identity" ], "description": "FortiWeb is a company", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.230Z", "modified": "2025-12-10T15:15:10.230Z", "confidence": 95, "type": "identity", "id": "identity--53a6e913-b371-4d86-baa7-f737222b3ce5", "name": "SecurityWeek", "identity_class": "organization", "labels": [ "identity" ], "description": "SecurityWeek is a cybersecurity news and information website that provides in-depth analysis and coverage of the latest threats, vulnerabilities, and industry trends.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.230Z", "modified": "2025-12-10T15:15:10.230Z", "confidence": 95, "type": "identity", "id": "identity--8c780a2d-c2e1-4081-a002-eb0698c76ec2", "name": "Infrastructure Security Agency", "identity_class": "organization", "labels": [ "organization" ], "description": "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is a federal agency responsible for protecting the United States' critical infrastructure from cybersecurity threats. It is a key player in the nation's cybersecurity efforts and provides various resources and guidelines for organizations to improve their cybersecurity posture.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.230Z", "modified": "2025-12-10T15:15:10.230Z", "confidence": 95, "type": "identity", "id": "identity--ae4d5f46-29c5-40ae-842b-378abf057c12", "name": "Microsoft", "identity_class": "organization", "labels": [ "identity" ], "description": "Microsoft is a multinational technology company that develops, manufactures, licenses, and supports a wide range of software products, services, and devices.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.230Z", "modified": "2025-12-10T15:15:10.230Z", "confidence": 95, "type": "tool", "id": "tool--fd368e1e-5ddb-4355-8645-02012f1fb7d1", "name": "Windows", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Windows is an operating system developed by Microsoft for personal computers.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.230Z", "modified": "2025-12-10T15:15:10.230Z", "confidence": 95, "type": "tool", "id": "tool--f8803d1f-88cf-4e2d-9ed7-583cbb378365", "name": "Ethereum", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Ethereum is a decentralized open-source blockchain platform that enables developers to build and deploy decentralized applications. In the context provided, Ethereum is used as a communication channel for EtherRAT malware, which is a new implant deployed in a React2Shell attack.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.231Z", "modified": "2025-12-10T15:15:10.231Z", "confidence": 95, "type": "identity", "id": "identity--06b70d7b-8838-4176-9d1c-742c3c4155df", "name": "Sausalito", "identity_class": "unknown", "labels": [ "identity" ], "description": "Sausalito is a city in Marin County, California, and is not a threat actor or malware. However, it is mentioned in the context of a cybersecurity news article, indicating that it may be related to a company or organization involved in the cybersecurity industry.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.231Z", "modified": "2025-12-10T15:15:10.231Z", "confidence": 95, "type": "tool", "id": "tool--d26f1136-5a4f-4c9a-a816-418197a66ed2", "name": "WinRAR", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "WinRAR is a file archiver and compression utility that allows users to create and extract RAR and ZIP files.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.231Z", "modified": "2025-12-10T15:15:10.231Z", "confidence": 95, "type": "malware", "id": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "name": "Android malware", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "description": "Android malware refers to malicious software designed to target Android operating systems, often distributed through fake apps, phishing campaigns, or exploited vulnerabilities. This type of malware can compromise user data, disrupt device functionality, and even lead to financial losses. The Android malware landscape is constantly evolving, with new strains emerging regularly, such as FvncBot and SeedSnatcher, highlighting the importance of robust security measures and timely software updates.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.231Z", "modified": "2025-12-10T15:15:10.231Z", "confidence": 90, "type": "malware", "id": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "name": "SeedSnatcher", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "description": "SeedSnatcher is a recently disclosed Android malware family, a variant of ClayRat, that is known to perform various malicious activities such as stealing credentials, SMS messages, contacts, and other sensitive data.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.231Z", "modified": "2025-12-10T15:15:10.231Z", "confidence": 95, "type": "identity", "id": "identity--d48d0179-a8bc-4c9e-89ef-4347fcbce1fa", "name": "Barracuda", "identity_class": "organization", "labels": [ "identity" ], "description": "Barracuda is a cybersecurity company that provides innovative solutions and AI-powered platforms to protect against cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.231Z", "modified": "2025-12-10T15:15:10.231Z", "confidence": 95, "type": "malware", "id": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "name": "EtherRAT", "is_family": true, "malware_types": [ "remote-access-trojan" ], "labels": [ "malicious-activity" ], "description": "EtherRAT is a malware implant that runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. It is deployed in a recent React2Shell attack, highlighting its significance in the threat landscape. EtherRAT's use of Ethereum smart contracts for communication adds a layer of complexity to its operation, making it a notable malware variant.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.231Z", "modified": "2025-12-10T15:15:10.231Z", "confidence": 95, "type": "tool", "id": "tool--6c7aaabc-f060-4d19-a478-ab25432ffbb8", "name": "FortiProxy", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "FortiProxy is a web proxy solution that provides secure web filtering, content inspection, and threat protection for organizations.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.231Z", "modified": "2025-12-10T15:15:10.231Z", "confidence": 95, "type": "tool", "id": "tool--8af2422b-83ad-48ab-a355-0c457fd5ff29", "name": "Gemini", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Gemini is a zero-click exploit framework used to deliver malware through various file types, including emails, calendar invites, and documents.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.231Z", "modified": "2025-12-10T15:15:10.232Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--a3e90944-f57c-4157-bc40-bb1f7045b705", "name": "Critical", "description": "Critical refers to a severity rating in vulnerability assessments, indicating a flaw that can cause significant damage or disruption if exploited, often allowing an attacker to take control of a system or steal sensitive data.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.232Z", "modified": "2025-12-10T15:15:10.232Z", "confidence": 95, "type": "identity", "id": "identity--f6e6cd05-205a-4c16-9851-9959d6ab6d90", "name": "Ivanti", "identity_class": "organization", "labels": [ "identity" ], "description": "Ivanti is a company that provides IT service management and endpoint management software solutions to help organizations manage and secure their IT infrastructure.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.232Z", "modified": "2025-12-10T15:15:10.232Z", "confidence": 95, "type": "identity", "id": "identity--c4bddfde-bffe-4aa3-970b-dd430d1877f3", "name": "Fortinet", "identity_class": "organization", "labels": [ "identity" ], "description": "Fortinet is a company that specializes in network security, providing a range of products and solutions to protect against cyber threats and vulnerabilities in enterprise networks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.232Z", "modified": "2025-12-10T15:15:10.232Z", "confidence": 95, "type": "tool", "id": "tool--c6d3842e-0110-4fb6-a690-c74abfb2be6e", "name": "Adobe Acrobat Reader DC", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Adobe Acrobat Reader DC is a free software used to view, create, edit, and print PDF files.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.232Z", "modified": "2025-12-10T15:15:10.233Z", "confidence": 95, "type": "tool", "id": "tool--2d5dce87-f632-4d64-83c7-e62154759ce2", "name": "FortiOS", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "FortiOS is a network operating system developed by Fortinet for managing and securing network devices and infrastructure.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.233Z", "modified": "2025-12-10T15:15:10.233Z", "confidence": 95, "type": "tool", "id": "tool--15b5138f-58fa-4d16-87d7-650d87e2f7ca", "name": "FortiCloud SSO", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "FortiCloud SSO is a single sign-on (SSO) authentication service that enables users to log in to multiple Fortinet devices and applications with a single set of credentials.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.233Z", "modified": "2025-12-10T15:15:10.233Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--ce6228e2-8fe3-4275-a422-a3655631a74f", "name": "CVE-2025-59517", "description": "Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.. CVSS Score: 7.8 (HIGH). EPSS: 0.1% exploitation probability", "x_cvss_score": 7.8, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.00074, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-59517", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59517" }, { "source_name": "nvd", "external_id": "CVE-2025-59517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59517" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.233Z", "modified": "2025-12-10T15:15:10.233Z", "confidence": 95, "type": "tool", "id": "tool--1b14a4d3-2166-441d-b035-f5ed21363096", "name": "Windows Cloud Files Mini Filter", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Windows Cloud Files Mini Filter is a Windows kernel-mode file system filter driver that manages cloud storage files.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.233Z", "modified": "2025-12-10T15:15:10.233Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--ee965578-219a-4d94-a714-d90b683d3a8a", "name": "CVE-2025-8110", "description": "Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.", "x_kev_status": false, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-8110", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8110" }, { "source_name": "nvd", "external_id": "CVE-2025-8110", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8110" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.233Z", "modified": "2025-12-10T15:15:10.233Z", "confidence": 95, "type": "tool", "id": "tool--b7b55583-fb7b-43d9-83be-0835e0fe62ec", "name": "React Server Components", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "React Server Components is a framework that has been exploited by threat actors with ties to North Korea to deliver a remote access trojan dubbed EtherRAT, indicating that React Server Components is a vulnerable technology being targeted by malicious actors to gain unauthorized access to systems.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.233Z", "modified": "2025-12-10T15:15:10.233Z", "confidence": 95, "type": "tool", "id": "tool--a6dadba1-3166-446d-a655-a0932eaa1bfa", "name": "Bitdefender Total Security", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Bitdefender Total Security is a comprehensive antivirus software suite that provides real-time protection against malware, phishing, and other online threats, as well as additional features like password management and system optimization.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.233Z", "modified": "2025-12-10T15:15:10.233Z", "confidence": 95, "type": "identity", "id": "identity--a1e4678f-7e7b-46ff-8baf-547f62e4e8d0", "name": "Secur", "identity_class": "organization", "labels": [ "identity" ], "description": "Secur is a company.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.233Z", "modified": "2025-12-10T15:15:10.233Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--b0130c1c-ecc3-4dc2-a135-ea2cf5b4cbaa", "name": "CVE-2025-10573", "description": "Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.. CVSS Score: 9.6 (CRITICAL). EPSS: 0.1% exploitation probability", "x_cvss_score": 9.6, "x_cvss_severity": "CRITICAL", "x_kev_status": false, "x_epss_score": 0.00108, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-10573", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10573" }, { "source_name": "nvd", "external_id": "CVE-2025-10573", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10573" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "tool", "id": "tool--aff37570-139e-49ee-a9c2-53bbb22ac55e", "name": "Schneider Electric PowerChute Serial Shutdown", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Schneider Electric PowerChute Serial Shutdown is a software used for serial shutdown of servers and other equipment in data centers.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "identity", "id": "identity--16e430aa-6114-4537-b474-bd3596fdd82c", "name": "Siemens", "identity_class": "organization", "labels": [ "identity" ], "description": "Siemens is a multinational conglomerate that specializes in electronics, electrical engineering, and automation technologies.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "identity", "id": "identity--68aa8a21-08e3-46ba-bea4-61aed61c8df9", "name": "Rockwell", "identity_class": "organization", "labels": [ "identity" ], "description": "Rockwell is a company that specializes in industrial automation and information technology, providing control systems and software solutions for various industries, including manufacturing and energy.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "identity", "id": "identity--c9008b15-f933-4b05-ba71-fd47e6d48750", "name": "Schneider", "identity_class": "organization", "labels": [ "identity" ], "description": "Schneider Electric is a multinational corporation specializing in energy management and automation technologies for various industries, including power distribution, building management, and industrial control systems.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "tool", "id": "tool--dfb28c55-f7ed-4379-9ffc-beef2effe401", "name": "Siemens Simcenter Femap", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Siemens Simcenter Femap is a finite element analysis software used for modeling and simulating physical systems, such as mechanical and thermal systems, to predict their behavior under various conditions.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "identity", "id": "identity--760b93e5-d4e4-4bfd-9a13-457f35cee59a", "name": "SAP Patches Critical Vulnerabilities", "identity_class": "organization", "labels": [ "identity" ], "description": "SAP Patches Critical Vulnerabilities is a company.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "tool", "id": "tool--327d3d37-419b-4135-80fd-72fd2f4a455e", "name": "Windows Hyper-V", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Windows Hyper-V is a virtualization feature in Windows operating systems that allows users to create and manage virtual machines (VMs) on a single physical host.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--6b59d7e9-48f1-4960-ba69-7a3bdd77ee0b", "name": "CVE-2025-60710", "description": "Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.. CVSS Score: 7.8 (HIGH). EPSS: 0.1% exploitation probability", "x_cvss_score": 7.8, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.00076, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-60710", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60710" }, { "source_name": "nvd", "external_id": "CVE-2025-60710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60710" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "identity", "id": "identity--7bb33173-9386-40cf-a0f7-cce6903ff1ca", "name": "Windows 11", "identity_class": "organization", "labels": [ "identity" ], "description": "Windows 11 is a personal computer operating system developed by Microsoft.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "identity", "id": "identity--72ad4015-9d7c-4cc7-b720-ec3274e4c161", "name": "Protegrity", "identity_class": "organization", "labels": [ "identity" ], "description": "Protegrity is a company that specializes in data security and protection solutions, providing data encryption, tokenization, and access control to safeguard sensitive information.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--1c2808fc-0c16-4c57-a615-6389815faf9a", "name": "CVE-2025-6218", "description": "RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can lever. CVSS Score: 7.8 (HIGH). CISA KEV: Active exploitation confirmed. EPSS: 8.0% exploitation probability", "x_cvss_score": 7.8, "x_cvss_severity": "HIGH", "x_kev_status": true, "x_epss_score": 0.0803, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-6218", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6218" }, { "source_name": "nvd", "external_id": "CVE-2025-6218", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6218" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "identity", "id": "identity--421dd0c0-c7eb-4edf-9cc1-bdfd1cbe9d15", "name": "Akamai", "identity_class": "organization", "labels": [ "identity" ], "description": "Akamai is a content delivery network (CDN) and cybersecurity services provider that helps protect and deliver digital content across the globe.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--98aa061f-8cda-4066-ab82-56c0370156f5", "name": "CVE-2025-33184", "description": "NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.. CVSS Score: 7.8 (HIGH). EPSS: 0.0% exploitation probability", "x_cvss_score": 7.8, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.00021, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-33184", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33184" }, { "source_name": "nvd", "external_id": "CVE-2025-33184", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33184" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--c018c0b9-61da-436e-83e2-e615ed7e3b07", "name": "CVE-2025-62454", "description": "Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.. CVSS Score: 7.8 (HIGH). EPSS: 0.1% exploitation probability", "x_cvss_score": 7.8, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.0008, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-62454", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62454" }, { "source_name": "nvd", "external_id": "CVE-2025-62454", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62454" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.234Z", "modified": "2025-12-10T15:15:10.234Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "name": "Exploit Public-Facing Application", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1190", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "name": "Exploitation for Client Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1203", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/", "external_id": "T1203" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "name": "Command and Scripting Interpreter", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/", "external_id": "T1059" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "name": "Abuse Elevation Control Mechanism", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" }, { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1548", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1548/", "external_id": "T1548" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "name": "Access Token Manipulation", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1134", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1134/", "external_id": "T1134" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "name": "Supply Chain Compromise", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/", "external_id": "T1195" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "name": "Remote Services", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "lateral-movement" } ], "x_mitre_id": "T1021", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1021/", "external_id": "T1021" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--01df90e4-619d-4268-90c9-6e2aa84079d9", "name": "PowerShell", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/001/", "external_id": "T1059.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "name": "Create or Modify System Process", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1543", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1543/", "external_id": "T1543" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "name": "Boot or Logon Autostart Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1547", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1547/", "external_id": "T1547" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--af705332-242d-4c31-9955-6dca77d560de", "name": "Modify Registry", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1112", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1112/", "external_id": "T1112" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--75f8063e-1388-4007-8255-4523fceba24e", "name": "Registry Run Keys / Startup Folder", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1547.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1547/001/", "external_id": "T1547.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "name": "Scheduled Task/Job", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1053", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/", "external_id": "T1053" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--270f3200-ac63-4d2d-be73-645b1794d56d", "name": "Local Groups", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1069.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1069/001/", "external_id": "T1069.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--13975792-7c14-4c1e-a11e-80b1ecbde971", "name": "Disable or Modify Linux Audit System", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1562.012", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1562/012/", "external_id": "T1562.012" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 77, "type": "attack-pattern", "id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "name": "Vulnerabilities", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/006/", "external_id": "T1588.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 75, "type": "attack-pattern", "id": "attack-pattern--5d331945-e11f-455a-bb36-5c5d2c1e2a38", "name": "Cloud Groups", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1069.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1069/003/", "external_id": "T1069.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 71, "type": "attack-pattern", "id": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "name": "Artificial Intelligence", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.007", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/007/", "external_id": "T1588.007" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "name": "Archive via Utility", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1560.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/", "external_id": "T1560.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "name": "Screen Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1113", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/", "external_id": "T1113" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "name": "Adversary-in-the-Middle", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/", "external_id": "T1557" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "name": "Scheduled Task", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1053.005", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/005/", "external_id": "T1053.005" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "name": "Socket Filters", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1205.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1205/002/", "external_id": "T1205.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "name": "Malicious Shell Modification", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1156", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1156/", "external_id": "T1156" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "confidence": 66, "type": "attack-pattern", "id": "attack-pattern--28d556b1-41a4-46dd-9e44-02b0593dd0e4", "name": "IDE Tunneling", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1219.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1219/001/", "external_id": "T1219.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9153178-2552-4b76-bee3-2825a2aac744", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: Android malware and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--381c32ac-4715-466d-a169-3fa855ca9726", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: Android malware and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3f6f7417-5d06-48a2-927a-90a3b1abcf04", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: Android malware and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a2f386ce-7d4b-480a-b9db-80025594eec5", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: Android malware and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a2a37cb9-d886-4023-b2e8-7ccc9d7a984a", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: Android malware and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--01320d4a-4bb0-4561-8c15-25d527211884", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: Android malware and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c9f7e272-f386-47bd-8f35-adaf000a2fe4", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "confidence": 55, "description": "Co-occurrence: Android malware and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a12d92f0-7b55-4bc0-b813-a8081391aabf", "created": "2025-12-10T15:15:10.235Z", "modified": "2025-12-10T15:15:10.235Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--01df90e4-619d-4268-90c9-6e2aa84079d9", "confidence": 55, "description": "Co-occurrence: Android malware and PowerShell (T1059.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c4251e1-b059-4673-9d12-419880e34618", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 55, "description": "Co-occurrence: Android malware and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d579a26-e43e-4bdc-9506-70ced87d477c", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 55, "description": "Co-occurrence: Android malware and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ae19d9da-accf-43fa-92dc-336bf3fb420c", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--af705332-242d-4c31-9955-6dca77d560de", "confidence": 55, "description": "Co-occurrence: Android malware and Modify Registry (T1112) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6101d896-653e-4340-8e14-62f9adaf24fe", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--75f8063e-1388-4007-8255-4523fceba24e", "confidence": 55, "description": "Co-occurrence: Android malware and Registry Run Keys / Startup Folder (T1547.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ad0527c5-ceb0-4a17-97f8-4372997ffe0b", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "confidence": 55, "description": "Co-occurrence: Android malware and Scheduled Task/Job (T1053) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cde95e06-2fbf-4e5b-8163-8a6c2d31ea62", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--270f3200-ac63-4d2d-be73-645b1794d56d", "confidence": 55, "description": "Co-occurrence: Android malware and Local Groups (T1069.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a3789d4e-18b4-4aa3-9f1a-a3d866624c13", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--13975792-7c14-4c1e-a11e-80b1ecbde971", "confidence": 55, "description": "Co-occurrence: Android malware and Disable or Modify Linux Audit System (T1562.012) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5598598e-459d-4a2c-9be0-cabdb3d4e744", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: Android malware and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a8727ca3-6225-4a03-9158-76986091f77b", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--5d331945-e11f-455a-bb36-5c5d2c1e2a38", "confidence": 55, "description": "Co-occurrence: Android malware and Cloud Groups (T1069.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fba44374-a791-4e5c-b4c2-87a989372c5c", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 55, "description": "Co-occurrence: Android malware and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eae1233f-8bc6-4d09-b906-3b54c1cb06bc", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: Android malware and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c5ec1c6d-8ce5-427e-ba94-245b90fb47f2", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: Android malware and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c332c298-d024-4fcc-bd7f-8c15d49e34e8", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: Android malware and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f78303ec-01bd-4c58-a643-2aa36457e192", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: Android malware and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bd89a76d-30e3-443f-bf90-ac405956ca4a", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 55, "description": "Co-occurrence: Android malware and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--65346aa5-baac-4274-a307-0209e3398a73", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 55, "description": "Co-occurrence: Android malware and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--157505bc-2857-43bc-86db-c37b0d23d8af", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--01df90e4-619d-4268-90c9-6e2aa84079d9", "confidence": 55, "description": "Co-occurrence: Android malware and PowerShell (T1086) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f0ca89da-1617-4057-9389-2ab706719fb8", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--c8cb5656-c619-482a-a114-a3884d2001a2", "target_ref": "attack-pattern--28d556b1-41a4-46dd-9e44-02b0593dd0e4", "confidence": 55, "description": "Co-occurrence: Android malware and IDE Tunneling (T1219.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9f9389bd-336d-4ee4-b9ce-6aa863695c83", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--27e14551-57f2-43c8-bde4-abb993a54921", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--696359b2-89f9-4f9c-9de5-b6931d7146ef", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--51ab74fe-4cad-4265-873e-9421ff12a39a", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9917fd04-45c9-495a-b80e-d011d5144913", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3d87016f-2fcc-4b62-b220-39e3225a59b8", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--194fcdd2-d5d9-4d5f-868c-406521712521", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--54d67aed-8a8c-4b26-a47a-cc9de0e4ad3f", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--01df90e4-619d-4268-90c9-6e2aa84079d9", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and PowerShell (T1059.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c108836-7e0f-4dd4-af0a-4679a59f2957", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cec0754b-67bc-465a-8bdd-d67eadac9431", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--33a76b8e-b5ad-4c0f-93cd-0ca419ebfc7a", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--af705332-242d-4c31-9955-6dca77d560de", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Modify Registry (T1112) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4a7edadd-6bbd-4789-860f-a85b73c7bd33", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--75f8063e-1388-4007-8255-4523fceba24e", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Registry Run Keys / Startup Folder (T1547.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fd907a42-f5d6-4110-9a14-591fa1a28263", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Scheduled Task/Job (T1053) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9ffe9cf7-fe25-4d81-93b3-9ba4400b8fe5", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--270f3200-ac63-4d2d-be73-645b1794d56d", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Local Groups (T1069.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c5b0c4d-f697-4e9f-8b90-c3d7d0ea53f0", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--13975792-7c14-4c1e-a11e-80b1ecbde971", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Disable or Modify Linux Audit System (T1562.012) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0aea6072-9023-4ebc-9e1e-3933fb20721e", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--080fff43-8e9d-49e3-8e4e-a99c9e86a50f", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--5d331945-e11f-455a-bb36-5c5d2c1e2a38", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Cloud Groups (T1069.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3ac61e37-0f6f-4a9d-b13e-acf6a4591cf6", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2ca3bf34-d73e-4f75-bf8c-6fa9c2f8a8c4", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--58560999-356d-42e4-8418-bd6be0c0c500", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e68b4c3d-0269-4ec6-b2cb-43a2a2232ef7", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--46906eec-c57a-41a8-8bd8-1a4dc26f937d", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8091688c-391d-49c3-909b-b29d528266a0", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fa147f6a-9205-40ae-9df3-ec297bd85f88", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6693439c-0924-424a-9fc6-454ff91402ef", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--01df90e4-619d-4268-90c9-6e2aa84079d9", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and PowerShell (T1086) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5252d745-3669-4d4a-9199-07ef5e73be5d", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--ff681e4d-8cd1-4be9-8cfb-d1a79593a0e3", "target_ref": "attack-pattern--28d556b1-41a4-46dd-9e44-02b0593dd0e4", "confidence": 55, "description": "Co-occurrence: SeedSnatcher and IDE Tunneling (T1219.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f1f9222b-12cf-40db-af5f-6262cac1b98f", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: EtherRAT and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6539a26c-6d86-4686-a57d-874365ed8217", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: EtherRAT and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--682321f0-0a95-48c8-9cef-c1a5c62059e6", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: EtherRAT and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cbf86be3-4a53-48b4-869d-5b7022f8f819", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: EtherRAT and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--060c4d97-9dba-4da3-aa07-f58daa22a4bd", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: EtherRAT and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ba59da00-18f7-4b11-a5b0-d964faf38400", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: EtherRAT and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--05b75c8e-a229-4e45-9fbd-ead3b72099b9", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "confidence": 55, "description": "Co-occurrence: EtherRAT and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7bd77a1f-049f-434c-9443-2945f3268292", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--01df90e4-619d-4268-90c9-6e2aa84079d9", "confidence": 55, "description": "Co-occurrence: EtherRAT and PowerShell (T1059.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f25f5523-baa2-4312-b25b-23f236460a5a", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 55, "description": "Co-occurrence: EtherRAT and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--827a7b6f-39a8-45d8-8c63-47b6eb422300", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 55, "description": "Co-occurrence: EtherRAT and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a6b2bb06-9832-4672-91e3-002a09327ff8", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--af705332-242d-4c31-9955-6dca77d560de", "confidence": 55, "description": "Co-occurrence: EtherRAT and Modify Registry (T1112) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8aa94997-f2fc-4438-bc6b-c5dfddf252a0", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--75f8063e-1388-4007-8255-4523fceba24e", "confidence": 55, "description": "Co-occurrence: EtherRAT and Registry Run Keys / Startup Folder (T1547.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--de362fde-715a-445e-9aaf-c52f73ac6950", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "confidence": 55, "description": "Co-occurrence: EtherRAT and Scheduled Task/Job (T1053) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3fb63400-46d7-4005-93f4-1ebd9917ef0c", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--270f3200-ac63-4d2d-be73-645b1794d56d", "confidence": 55, "description": "Co-occurrence: EtherRAT and Local Groups (T1069.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b1575926-8fe1-42e7-8194-2064d91ed7cc", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--13975792-7c14-4c1e-a11e-80b1ecbde971", "confidence": 55, "description": "Co-occurrence: EtherRAT and Disable or Modify Linux Audit System (T1562.012) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eb38bd9a-e373-40d7-90cb-918d9bcb7fbd", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: EtherRAT and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d59f3384-b8e9-432b-84b8-486849286a22", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--5d331945-e11f-455a-bb36-5c5d2c1e2a38", "confidence": 55, "description": "Co-occurrence: EtherRAT and Cloud Groups (T1069.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ecf43bc1-e512-441a-ae92-5713fa457ad0", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 55, "description": "Co-occurrence: EtherRAT and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1cf51524-db26-4bda-ba4e-b8451c556fb5", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: EtherRAT and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--32dc57ae-5cd4-4461-8c19-72bde0d17c6b", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: EtherRAT and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1d224434-ecd2-47b2-b8d9-b0de34f110e6", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: EtherRAT and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--25b50cb6-c718-4f9a-b81b-51094d559a0a", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: EtherRAT and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9d152fd-4005-4885-a01d-046c4db27a71", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 55, "description": "Co-occurrence: EtherRAT and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--38fcc757-95ba-4164-8981-c73e125581ca", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 55, "description": "Co-occurrence: EtherRAT and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--47230070-753b-4b1f-a4f4-99c088cf3bb1", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--01df90e4-619d-4268-90c9-6e2aa84079d9", "confidence": 55, "description": "Co-occurrence: EtherRAT and PowerShell (T1086) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f0807bde-ec7e-40fd-84b1-68733308e6b6", "created": "2025-12-10T15:15:10.236Z", "modified": "2025-12-10T15:15:10.236Z", "relationship_type": "uses", "source_ref": "malware--6d215d91-1322-4735-bb15-eeba2b72a759", "target_ref": "attack-pattern--28d556b1-41a4-46dd-9e44-02b0593dd0e4", "confidence": 55, "description": "Co-occurrence: EtherRAT and IDE Tunneling (T1219.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "domain-name", "value": "udaore.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--11dc0d49-f841-4aa1-8b61-d7b8d48b6760" }, { "type": "domain-name", "value": "weolir.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--3482cf77-d2ac-4d84-bb1a-e5e3b4463cfb" }, { "type": "domain-name", "value": "aiucr.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--a7e0b372-b32b-4dbd-b036-863754377227" }, { "type": "domain-name", "value": "riusdu.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--bd8870e6-bd93-459d-b16c-7a82d220df68" }, { "type": "domain-name", "value": "uisoa.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--22f140eb-4ed9-49d2-8194-38fae1ff2c75" }, { "type": "domain-name", "value": "islpast.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--e668ee12-a076-46c2-9c5f-59c1b24ba683" }, { "type": "domain-name", "value": "piajesj.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--ec0c81f0-c73e-416e-8446-eec51db2affb" }, { "type": "domain-name", "value": "widifu.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--9b26ee15-06c8-4a37-a280-3552c9d5ad31" }, { "type": "domain-name", "value": "qoewsl.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--97a79b7b-ba35-481a-9e6f-1e358ddfe376" }, { "type": "domain-name", "value": "frijd.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--8da76589-685d-4726-bf84-b9f9f546fadd" }, { "type": "domain-name", "value": "www.islpast.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--a520236f-12ed-4504-b67c-1b7d54b2a85f" }, { "type": "domain-name", "value": "www.piajesj.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--2d57b052-d03b-4bf9-a4b7-56c800aed87f" }, { "type": "domain-name", "value": "www.riusdu.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--65231d9b-eacd-45e4-b365-b955d9a5642c" }, { "type": "domain-name", "value": "www.udaore.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--d1f3ade6-74a3-46d3-8436-ffde42f76993" }, { "type": "domain-name", "value": "www.qoewsl.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--066d493e-df61-4cb9-a70d-a63fe44535fe" }, { "type": "domain-name", "value": "www.widifu.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--03eef932-00d7-4c20-a9c3-3b8ff534b016" }, { "type": "domain-name", "value": "www.weolir.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--ce6eaa52-2370-4a41-9f0c-45a61c2a54ca" }, { "type": "domain-name", "value": "www.aiucr.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--ed86617c-364b-410b-94b1-0a760c7643b1" }, { "type": "domain-name", "value": "www.frijd.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--1306a03e-8a80-483b-aea0-adf44a7313e1" }, { "type": "domain-name", "value": "www.uisoa.com", "source": "OTX", "malware_family": "Android malware", "pulse_name": "Geinimi Malware Android", "id": "domain-name--6d5a2ce6-3f96-4835-9b12-1e509f723e82" }, { "type": "ipv4-addr", "value": "193.24.123.68", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "ipv4-addr--2628aebb-a820-4356-910a-ba3e9a0c33b2" }, { "type": "url", "value": "http://193.24.123.68:3001", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--f632dbee-380f-4e2d-a645-a657d1e132b8" }, { "type": "url", "value": "http://193.24.123.68:3001/gfdsgsdfhfsd_ghsfdgsfdgsdfg.sh", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--e9d37ced-a89f-4ab3-9dbf-bdff7695b58e" }, { "type": "url", "value": "https://eth.drpc.org", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--fe1214ff-9b4a-4308-98cf-45553363e557" }, { "type": "url", "value": "https://ethereum-rpc.publicnode.com", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--5ea8b3b5-7bf6-489b-acbc-ce63f378ef89" }, { "type": "url", "value": "http://193.24.123.68:3001/gfdsgsdfhfsd_ghsfdgsfdgsdfg.sh'", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--b6050c1d-1eaf-48d1-86af-451a60cec9af" }, { "type": "url", "value": "https://eth-mainnet.public.blastapi.io", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--38dbd474-f8f8-4889-aec0-4b6a8176acfa" }, { "type": "url", "value": "https://eth.llamarpc.com", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--e9606738-e5da-4e8d-9f5b-4631226dbf47" }, { "type": "url", "value": "https://eth.merkle.io", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--cf185a06-907b-4b5c-b2fe-c65510184971" }, { "type": "url", "value": "https://mainnet.gateway.tenderly.co", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--dc07cb18-b9e8-40be-9a92-a243a10204fd" }, { "type": "url", "value": "https://rpc.flashbots.net/fast", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--e0afcc3e-3279-42dc-a3ab-9c1da6e9abb4" }, { "type": "url", "value": "https://rpc.mevblocker.io", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--49299af2-34f6-436c-9093-b8a378c3d960" }, { "type": "url", "value": "https://rpc.payload.de", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "url--2c252573-6db8-4e26-aa94-7a93b70c9b1d" }, { "type": "domain-name", "value": "default.target", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "domain-name--7c856008-cbc1-4bad-8ba5-39a9cf6d6c62" }, { "type": "domain-name", "value": "network.target", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "domain-name--7fa1067d-df69-47d6-8d0e-092f4e0673f6" }, { "type": "domain-name", "value": "eth-mainnet.public.blastapi.io", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "domain-name--c34b3927-943d-47fa-97c0-21edf4aa4536" }, { "type": "domain-name", "value": "eth.drpc.org", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "domain-name--47ae0c81-61c0-408b-b735-646657c82331" }, { "type": "domain-name", "value": "eth.llamarpc.com", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "domain-name--e4bc879c-5f99-400e-96c8-84e3aa59b7ab" }, { "type": "domain-name", "value": "eth.merkle.io", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "domain-name--2fbe8bea-2985-495a-ae42-dc5cfd039b3b" }, { "type": "domain-name", "value": "ethereum-rpc.publicnode.com", "source": "OTX", "malware_family": "EtherRAT", "pulse_name": "DPRK’s New Weapon EtherRAT Uses Smart Contracts to Outsmart Defenders", "id": "domain-name--b7207373-1976-4b1b-8d30-e56abd7c405b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b09032d-eef7-459b-843b-5d3f229a97e1", "created": "2025-12-10T15:14:28.203Z", "modified": "2025-12-10T15:14:28.203Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'udaore.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.203Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f9dd09b6-a5fa-4b6d-8a33-750ad8d6affe", "created": "2025-12-10T15:14:28.204Z", "modified": "2025-12-10T15:14:28.204Z", "relationship_type": "based-on", "source_ref": "indicator--0b09032d-eef7-459b-843b-5d3f229a97e1", "target_ref": "domain-name--11dc0d49-f841-4aa1-8b61-d7b8d48b6760" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79f38787-f81c-4760-8f59-e779847348a6", "created": "2025-12-10T15:14:28.213Z", "modified": "2025-12-10T15:14:28.213Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'weolir.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.213Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3a9730fd-5f37-43f3-9049-0beb1a88999c", "created": "2025-12-10T15:14:28.213Z", "modified": "2025-12-10T15:14:28.213Z", "relationship_type": "based-on", "source_ref": "indicator--79f38787-f81c-4760-8f59-e779847348a6", "target_ref": "domain-name--3482cf77-d2ac-4d84-bb1a-e5e3b4463cfb" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--738cc7e7-7e45-42ea-ae84-88799fdbf63d", "created": "2025-12-10T15:14:28.222Z", "modified": "2025-12-10T15:14:28.222Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'aiucr.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.222Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b5acdfee-17f7-4bae-82bd-c7d333e60b0d", "created": "2025-12-10T15:14:28.222Z", "modified": "2025-12-10T15:14:28.222Z", "relationship_type": "based-on", "source_ref": "indicator--738cc7e7-7e45-42ea-ae84-88799fdbf63d", "target_ref": "domain-name--a7e0b372-b32b-4dbd-b036-863754377227" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--276dbaea-0704-4062-b751-86291e087b4c", "created": "2025-12-10T15:14:28.231Z", "modified": "2025-12-10T15:14:28.231Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'riusdu.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.231Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--187891bd-0d13-40b2-b2c6-84a448d19d3d", "created": "2025-12-10T15:14:28.231Z", "modified": "2025-12-10T15:14:28.231Z", "relationship_type": "based-on", "source_ref": "indicator--276dbaea-0704-4062-b751-86291e087b4c", "target_ref": "domain-name--bd8870e6-bd93-459d-b16c-7a82d220df68" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--75aa85bf-55d7-47d6-b76f-d93e6876d27b", "created": "2025-12-10T15:14:28.240Z", "modified": "2025-12-10T15:14:28.240Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'uisoa.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.240Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cad9d831-75fe-4407-bfc0-c21d0d628de5", "created": "2025-12-10T15:14:28.240Z", "modified": "2025-12-10T15:14:28.240Z", "relationship_type": "based-on", "source_ref": "indicator--75aa85bf-55d7-47d6-b76f-d93e6876d27b", "target_ref": "domain-name--22f140eb-4ed9-49d2-8194-38fae1ff2c75" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a84e774-6025-4005-85cd-417870a01cd7", "created": "2025-12-10T15:14:28.248Z", "modified": "2025-12-10T15:14:28.248Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'islpast.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.248Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--35947f64-bb07-491b-80e8-f6f827e84dbc", "created": "2025-12-10T15:14:28.248Z", "modified": "2025-12-10T15:14:28.248Z", "relationship_type": "based-on", "source_ref": "indicator--5a84e774-6025-4005-85cd-417870a01cd7", "target_ref": "domain-name--e668ee12-a076-46c2-9c5f-59c1b24ba683" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14ddca08-5900-4893-8a57-acd2c4bc9afa", "created": "2025-12-10T15:14:28.257Z", "modified": "2025-12-10T15:14:28.257Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'piajesj.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.257Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--55fa29c1-d1aa-4889-9cbe-42aa3a81cc7f", "created": "2025-12-10T15:14:28.257Z", "modified": "2025-12-10T15:14:28.257Z", "relationship_type": "based-on", "source_ref": "indicator--14ddca08-5900-4893-8a57-acd2c4bc9afa", "target_ref": "domain-name--ec0c81f0-c73e-416e-8446-eec51db2affb" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d57e646-9ca1-4a93-a642-21de5278889b", "created": "2025-12-10T15:14:28.265Z", "modified": "2025-12-10T15:14:28.265Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'widifu.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.265Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8233edb7-4c71-4720-9836-06e2fbfe518f", "created": "2025-12-10T15:14:28.265Z", "modified": "2025-12-10T15:14:28.265Z", "relationship_type": "based-on", "source_ref": "indicator--5d57e646-9ca1-4a93-a642-21de5278889b", "target_ref": "domain-name--9b26ee15-06c8-4a37-a280-3552c9d5ad31" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--759cf316-fe25-48f7-b9fa-f1b24e7d76d7", "created": "2025-12-10T15:14:28.274Z", "modified": "2025-12-10T15:14:28.274Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'qoewsl.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.274Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f6710f7b-6887-477e-a312-0052885fe373", "created": "2025-12-10T15:14:28.274Z", "modified": "2025-12-10T15:14:28.274Z", "relationship_type": "based-on", "source_ref": "indicator--759cf316-fe25-48f7-b9fa-f1b24e7d76d7", "target_ref": "domain-name--97a79b7b-ba35-481a-9e6f-1e358ddfe376" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0997639-7a5b-4652-bd00-e47dfd29b7ea", "created": "2025-12-10T15:14:28.283Z", "modified": "2025-12-10T15:14:28.283Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'frijd.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.283Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b69a8897-77fa-4544-b3dd-3212989b63da", "created": "2025-12-10T15:14:28.283Z", "modified": "2025-12-10T15:14:28.283Z", "relationship_type": "based-on", "source_ref": "indicator--b0997639-7a5b-4652-bd00-e47dfd29b7ea", "target_ref": "domain-name--8da76589-685d-4726-bf84-b9f9f546fadd" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fdff90c8-9d92-4b96-bdd4-269a5ca1f4cd", "created": "2025-12-10T15:14:28.290Z", "modified": "2025-12-10T15:14:28.290Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.islpast.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.290Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1cbee4b8-512b-4943-9011-f54943d3642b", "created": "2025-12-10T15:14:28.290Z", "modified": "2025-12-10T15:14:28.290Z", "relationship_type": "based-on", "source_ref": "indicator--fdff90c8-9d92-4b96-bdd4-269a5ca1f4cd", "target_ref": "domain-name--a520236f-12ed-4504-b67c-1b7d54b2a85f" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bd108f8-701e-4646-b8d6-9573fababf1a", "created": "2025-12-10T15:14:28.298Z", "modified": "2025-12-10T15:14:28.298Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.piajesj.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.298Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--756928bc-89fc-4e01-92a7-fd6732bbd05c", "created": "2025-12-10T15:14:28.298Z", "modified": "2025-12-10T15:14:28.298Z", "relationship_type": "based-on", "source_ref": "indicator--5bd108f8-701e-4646-b8d6-9573fababf1a", "target_ref": "domain-name--2d57b052-d03b-4bf9-a4b7-56c800aed87f" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1a6b0908-d621-4d0f-a207-1c08f86fb942", "created": "2025-12-10T15:14:28.306Z", "modified": "2025-12-10T15:14:28.306Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.riusdu.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.306Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3834c1ca-d383-4040-8c31-ce6fbe24b792", "created": "2025-12-10T15:14:28.306Z", "modified": "2025-12-10T15:14:28.306Z", "relationship_type": "based-on", "source_ref": "indicator--1a6b0908-d621-4d0f-a207-1c08f86fb942", "target_ref": "domain-name--65231d9b-eacd-45e4-b365-b955d9a5642c" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c0094b5-7ad3-480f-ace5-5d5268b3e37b", "created": "2025-12-10T15:14:28.314Z", "modified": "2025-12-10T15:14:28.314Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.udaore.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.314Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e8a30ae0-5ee8-4fcd-89aa-9b0e07dc036d", "created": "2025-12-10T15:14:28.314Z", "modified": "2025-12-10T15:14:28.314Z", "relationship_type": "based-on", "source_ref": "indicator--4c0094b5-7ad3-480f-ace5-5d5268b3e37b", "target_ref": "domain-name--d1f3ade6-74a3-46d3-8436-ffde42f76993" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f326e9df-7f5b-42d5-bd1f-b08bb3f533e9", "created": "2025-12-10T15:14:28.321Z", "modified": "2025-12-10T15:14:28.321Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.qoewsl.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.321Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f50e52ab-cf2b-4917-b505-122c937c7b51", "created": "2025-12-10T15:14:28.321Z", "modified": "2025-12-10T15:14:28.321Z", "relationship_type": "based-on", "source_ref": "indicator--f326e9df-7f5b-42d5-bd1f-b08bb3f533e9", "target_ref": "domain-name--066d493e-df61-4cb9-a70d-a63fe44535fe" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--52a11114-282e-464d-9377-213bc5a99f80", "created": "2025-12-10T15:14:28.328Z", "modified": "2025-12-10T15:14:28.328Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.widifu.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.328Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--48aa931c-d455-4d61-8337-fa742460595c", "created": "2025-12-10T15:14:28.328Z", "modified": "2025-12-10T15:14:28.328Z", "relationship_type": "based-on", "source_ref": "indicator--52a11114-282e-464d-9377-213bc5a99f80", "target_ref": "domain-name--03eef932-00d7-4c20-a9c3-3b8ff534b016" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e08fcac-f5b8-4557-b122-eb66a434b1a4", "created": "2025-12-10T15:14:28.336Z", "modified": "2025-12-10T15:14:28.336Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.weolir.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.336Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--11725f33-c832-4ab6-b4dc-e277d5813704", "created": "2025-12-10T15:14:28.336Z", "modified": "2025-12-10T15:14:28.336Z", "relationship_type": "based-on", "source_ref": "indicator--7e08fcac-f5b8-4557-b122-eb66a434b1a4", "target_ref": "domain-name--ce6eaa52-2370-4a41-9f0c-45a61c2a54ca" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad8b3d05-fb20-4d1f-9278-d7ee7b0a26be", "created": "2025-12-10T15:14:28.344Z", "modified": "2025-12-10T15:14:28.344Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.aiucr.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.344Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c410ff0d-d7c8-4380-8a39-8d0aed0ff22a", "created": "2025-12-10T15:14:28.344Z", "modified": "2025-12-10T15:14:28.344Z", "relationship_type": "based-on", "source_ref": "indicator--ad8b3d05-fb20-4d1f-9278-d7ee7b0a26be", "target_ref": "domain-name--ed86617c-364b-410b-94b1-0a760c7643b1" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--994b92f8-757b-4857-bd21-e65c1b36b36c", "created": "2025-12-10T15:14:28.351Z", "modified": "2025-12-10T15:14:28.351Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.frijd.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.351Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c782bb08-6517-48f9-8951-7d1e2077bb89", "created": "2025-12-10T15:14:28.351Z", "modified": "2025-12-10T15:14:28.351Z", "relationship_type": "based-on", "source_ref": "indicator--994b92f8-757b-4857-bd21-e65c1b36b36c", "target_ref": "domain-name--1306a03e-8a80-483b-aea0-adf44a7313e1" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80fc8ba8-5dee-4818-94a1-8093da9fd404", "created": "2025-12-10T15:14:28.359Z", "modified": "2025-12-10T15:14:28.359Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.uisoa.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.359Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--db2bde7d-a1b7-4bce-bd6f-6886b0ce4156", "created": "2025-12-10T15:14:28.359Z", "modified": "2025-12-10T15:14:28.359Z", "relationship_type": "based-on", "source_ref": "indicator--80fc8ba8-5dee-4818-94a1-8093da9fd404", "target_ref": "domain-name--6d5a2ce6-3f96-4835-9b12-1e509f723e82" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d914a9f1-d3a1-4e4a-bba9-386e25a44226", "created": "2025-12-10T15:14:28.359Z", "modified": "2025-12-10T15:14:28.359Z", "name": "Malicious ipv4-addr indicator", "description": "Malicious ipv4-addr identified in threat intelligence", "pattern": "[ipv4-addr:value = '193.24.123.68']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.359Z", "labels": [ "malicious-activity" ], "confidence": 65 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--189cff5c-b8e7-4ed5-bc0d-ec97552d6759", "created": "2025-12-10T15:14:28.359Z", "modified": "2025-12-10T15:14:28.359Z", "relationship_type": "based-on", "source_ref": "indicator--d914a9f1-d3a1-4e4a-bba9-386e25a44226", "target_ref": "ipv4-addr--2628aebb-a820-4356-910a-ba3e9a0c33b2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--235e5ff7-dbbb-4a9c-b17f-a22234c36dba", "created": "2025-12-10T15:14:28.367Z", "modified": "2025-12-10T15:14:28.367Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://193.24.123.68:3001']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.367Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9e09d118-1e08-46bc-926b-5cfc22977aed", "created": "2025-12-10T15:14:28.367Z", "modified": "2025-12-10T15:14:28.367Z", "relationship_type": "based-on", "source_ref": "indicator--235e5ff7-dbbb-4a9c-b17f-a22234c36dba", "target_ref": "url--f632dbee-380f-4e2d-a645-a657d1e132b8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d083b57f-e81a-4c76-b74e-cb3a53e1a5e3", "created": "2025-12-10T15:14:28.375Z", "modified": "2025-12-10T15:14:28.375Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://193.24.123.68:3001/gfdsgsdfhfsd_ghsfdgsfdgsdfg.sh']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.375Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--32141c49-2510-4b3b-9bb0-5d6d85ba4ce7", "created": "2025-12-10T15:14:28.375Z", "modified": "2025-12-10T15:14:28.375Z", "relationship_type": "based-on", "source_ref": "indicator--d083b57f-e81a-4c76-b74e-cb3a53e1a5e3", "target_ref": "url--e9d37ced-a89f-4ab3-9dbf-bdff7695b58e" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7ce14ee5-469e-41a9-a66f-d45f7b993b72", "created": "2025-12-10T15:14:28.384Z", "modified": "2025-12-10T15:14:28.384Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://eth.drpc.org']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.384Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d245e55a-af70-48d5-8d86-e77e8aa7ec51", "created": "2025-12-10T15:14:28.384Z", "modified": "2025-12-10T15:14:28.384Z", "relationship_type": "based-on", "source_ref": "indicator--7ce14ee5-469e-41a9-a66f-d45f7b993b72", "target_ref": "url--fe1214ff-9b4a-4308-98cf-45553363e557" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d95075bb-c750-40e9-bc81-787d621269de", "created": "2025-12-10T15:14:28.394Z", "modified": "2025-12-10T15:14:28.394Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://ethereum-rpc.publicnode.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.394Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2d2d2e5a-1850-440f-83e5-002e3fe88508", "created": "2025-12-10T15:14:28.394Z", "modified": "2025-12-10T15:14:28.394Z", "relationship_type": "based-on", "source_ref": "indicator--d95075bb-c750-40e9-bc81-787d621269de", "target_ref": "url--5ea8b3b5-7bf6-489b-acbc-ce63f378ef89" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--161376a6-34c2-4dfa-988e-13def4847b4c", "created": "2025-12-10T15:14:28.402Z", "modified": "2025-12-10T15:14:28.402Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://193.24.123.68:3001/gfdsgsdfhfsd_ghsfdgsfdgsdfg.sh'']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.402Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6e90a967-0d9f-40a3-bc17-65ee9d3b7882", "created": "2025-12-10T15:14:28.402Z", "modified": "2025-12-10T15:14:28.402Z", "relationship_type": "based-on", "source_ref": "indicator--161376a6-34c2-4dfa-988e-13def4847b4c", "target_ref": "url--b6050c1d-1eaf-48d1-86af-451a60cec9af" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--117590f4-41f8-4bfd-94c6-a36b652184e5", "created": "2025-12-10T15:14:28.410Z", "modified": "2025-12-10T15:14:28.410Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://eth-mainnet.public.blastapi.io']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.410Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--779e4479-f03f-4751-919e-c5eb84294d8c", "created": "2025-12-10T15:14:28.410Z", "modified": "2025-12-10T15:14:28.410Z", "relationship_type": "based-on", "source_ref": "indicator--117590f4-41f8-4bfd-94c6-a36b652184e5", "target_ref": "url--38dbd474-f8f8-4889-aec0-4b6a8176acfa" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f5a63f75-4234-48db-8ad3-989cc4d42e52", "created": "2025-12-10T15:14:28.418Z", "modified": "2025-12-10T15:14:28.418Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://eth.llamarpc.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.418Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2e802dbe-eea5-434b-857f-d47e1dadfbe6", "created": "2025-12-10T15:14:28.418Z", "modified": "2025-12-10T15:14:28.418Z", "relationship_type": "based-on", "source_ref": "indicator--f5a63f75-4234-48db-8ad3-989cc4d42e52", "target_ref": "url--e9606738-e5da-4e8d-9f5b-4631226dbf47" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b958621e-b36b-44b0-ad57-cc431fb8e64d", "created": "2025-12-10T15:14:28.426Z", "modified": "2025-12-10T15:14:28.426Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://eth.merkle.io']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.426Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6380b060-7475-4436-b1c0-34ec90dfb06d", "created": "2025-12-10T15:14:28.426Z", "modified": "2025-12-10T15:14:28.426Z", "relationship_type": "based-on", "source_ref": "indicator--b958621e-b36b-44b0-ad57-cc431fb8e64d", "target_ref": "url--cf185a06-907b-4b5c-b2fe-c65510184971" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--499d68cd-8a1e-4ee5-9207-bb0ea0f25219", "created": "2025-12-10T15:14:28.433Z", "modified": "2025-12-10T15:14:28.433Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://mainnet.gateway.tenderly.co']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.433Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--90bea11d-5db7-4b00-8c42-a36db01444a3", "created": "2025-12-10T15:14:28.433Z", "modified": "2025-12-10T15:14:28.433Z", "relationship_type": "based-on", "source_ref": "indicator--499d68cd-8a1e-4ee5-9207-bb0ea0f25219", "target_ref": "url--dc07cb18-b9e8-40be-9a92-a243a10204fd" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2d05e2b-4fd5-4474-8518-512ab4d39b42", "created": "2025-12-10T15:14:28.441Z", "modified": "2025-12-10T15:14:28.441Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://rpc.flashbots.net/fast']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.441Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8750a30f-0936-4f90-9d7b-96cccfcf4a5c", "created": "2025-12-10T15:14:28.441Z", "modified": "2025-12-10T15:14:28.441Z", "relationship_type": "based-on", "source_ref": "indicator--c2d05e2b-4fd5-4474-8518-512ab4d39b42", "target_ref": "url--e0afcc3e-3279-42dc-a3ab-9c1da6e9abb4" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55e3d3d4-bf9d-4ba8-9353-58140f7e69b9", "created": "2025-12-10T15:14:28.448Z", "modified": "2025-12-10T15:14:28.448Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://rpc.mevblocker.io']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.448Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--14e19e0a-d563-4357-a512-dd18c8ad5718", "created": "2025-12-10T15:14:28.448Z", "modified": "2025-12-10T15:14:28.448Z", "relationship_type": "based-on", "source_ref": "indicator--55e3d3d4-bf9d-4ba8-9353-58140f7e69b9", "target_ref": "url--49299af2-34f6-436c-9093-b8a378c3d960" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d7632cd-5c92-4088-81b1-469faba0f35c", "created": "2025-12-10T15:14:28.456Z", "modified": "2025-12-10T15:14:28.456Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://rpc.payload.de']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.456Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--793b2f51-da14-4cb1-9c2e-a6b74fc8adc3", "created": "2025-12-10T15:14:28.456Z", "modified": "2025-12-10T15:14:28.456Z", "relationship_type": "based-on", "source_ref": "indicator--4d7632cd-5c92-4088-81b1-469faba0f35c", "target_ref": "url--2c252573-6db8-4e26-aa94-7a93b70c9b1d" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--245bd82a-4c5c-4e4a-a8c0-32ada74d447a", "created": "2025-12-10T15:14:28.464Z", "modified": "2025-12-10T15:14:28.464Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'default.target']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.464Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--192a7245-1679-4713-9e9d-79c74ad27937", "created": "2025-12-10T15:14:28.464Z", "modified": "2025-12-10T15:14:28.464Z", "relationship_type": "based-on", "source_ref": "indicator--245bd82a-4c5c-4e4a-a8c0-32ada74d447a", "target_ref": "domain-name--7c856008-cbc1-4bad-8ba5-39a9cf6d6c62" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2684300f-5f99-4127-ae75-6919fc625c03", "created": "2025-12-10T15:14:28.472Z", "modified": "2025-12-10T15:14:28.473Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'network.target']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.473Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c6e1ba6-50d9-4f84-aa78-0efc62ad7cf8", "created": "2025-12-10T15:14:28.473Z", "modified": "2025-12-10T15:14:28.473Z", "relationship_type": "based-on", "source_ref": "indicator--2684300f-5f99-4127-ae75-6919fc625c03", "target_ref": "domain-name--7fa1067d-df69-47d6-8d0e-092f4e0673f6" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e85286e-fd6d-4924-b6fc-a12fff940805", "created": "2025-12-10T15:14:28.481Z", "modified": "2025-12-10T15:14:28.481Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'eth-mainnet.public.blastapi.io']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.481Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d7208999-6f5b-448a-8283-e49f97bf2b34", "created": "2025-12-10T15:14:28.481Z", "modified": "2025-12-10T15:14:28.481Z", "relationship_type": "based-on", "source_ref": "indicator--9e85286e-fd6d-4924-b6fc-a12fff940805", "target_ref": "domain-name--c34b3927-943d-47fa-97c0-21edf4aa4536" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4eedfae1-ea15-47c8-9b40-c7216cfbc31c", "created": "2025-12-10T15:14:28.490Z", "modified": "2025-12-10T15:14:28.490Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'eth.drpc.org']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.490Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f71cf887-3dfb-4352-9b25-95b4de38f48a", "created": "2025-12-10T15:14:28.490Z", "modified": "2025-12-10T15:14:28.490Z", "relationship_type": "based-on", "source_ref": "indicator--4eedfae1-ea15-47c8-9b40-c7216cfbc31c", "target_ref": "domain-name--47ae0c81-61c0-408b-b735-646657c82331" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b64868d8-c7a9-4d4c-9e6e-74441a33d10c", "created": "2025-12-10T15:14:28.498Z", "modified": "2025-12-10T15:14:28.498Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'eth.llamarpc.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.498Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7c159d8c-35ea-4e47-b6e7-bd6fe0a2a12b", "created": "2025-12-10T15:14:28.498Z", "modified": "2025-12-10T15:14:28.498Z", "relationship_type": "based-on", "source_ref": "indicator--b64868d8-c7a9-4d4c-9e6e-74441a33d10c", "target_ref": "domain-name--e4bc879c-5f99-400e-96c8-84e3aa59b7ab" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8982fea9-fda2-4e61-b509-f9d02c0d9cc9", "created": "2025-12-10T15:14:28.505Z", "modified": "2025-12-10T15:14:28.506Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'eth.merkle.io']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.506Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--00d39a62-11bf-4372-9e65-9a4b0e37d5f4", "created": "2025-12-10T15:14:28.506Z", "modified": "2025-12-10T15:14:28.506Z", "relationship_type": "based-on", "source_ref": "indicator--8982fea9-fda2-4e61-b509-f9d02c0d9cc9", "target_ref": "domain-name--2fbe8bea-2985-495a-ae42-dc5cfd039b3b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2de0425a-b3bb-44a0-8694-6fee064a5585", "created": "2025-12-10T15:14:28.513Z", "modified": "2025-12-10T15:14:28.513Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'ethereum-rpc.publicnode.com']", "pattern_type": "stix", "valid_from": "2025-12-10T15:14:28.513Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0fb2c22-a58e-4a7b-95ef-345dde45b091", "created": "2025-12-10T15:14:28.513Z", "modified": "2025-12-10T15:14:28.513Z", "relationship_type": "based-on", "source_ref": "indicator--2de0425a-b3bb-44a0-8694-6fee064a5585", "target_ref": "domain-name--b7207373-1976-4b1b-8d30-e56abd7c405b" } ] }