Cybersecurity Latest Rundown

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

SOX: 13 HIPAA: 3 PCI DSS: 1 SOC 2: 1

Industry Watch

🚨 Healthcare (HIPAA) CRITICAL

Threat activity 3.5x above normal

Key threat: React4Shell (CVSS 10.0) & Gladinet Hard-Coded Keys

Action: Review React4Shell RCE, Gladinet CentreStack Vulnerabilities, Fortinet Auth Bypass

Enterprise (SOX) ELEVATED

Threat activity 2.4x above normal

Key threat: Gogs Zero-Day & NANOREMOTE Malware

Action: Review Gogs CVE-2025-8110, NANOREMOTE Google Drive C2, Microsoft Copilot Injection

CyberSecurity Latest Rundown

Heroes, lots to get to. Here's a curated look at the current cybersecurity landscape for December 11, 2025.

CRITICAL ITEMS

React4Shell: Critical RCE in React Server Components (CVSS 10.0)
Date & Time: 2025-12-11T07:30:41

A maximum-severity vulnerability dubbed "React4Shell" is under active exploitation, affecting web applications built with React Server Components (RSC). This flaw allows attackers to execute arbitrary code on the server, posing a catastrophic risk to modern web infrastructure.

Business impact

If exploited, this vulnerability grants attackers full control over the web server, leading to total data theft, service disruption, and potential lateral movement into the core network—expect immediate GDPR/HIPAA compliance violations and significant remediation costs.

Recommended action

Ask your AppSec team: "Are we using React Server Components in any public-facing applications, and have we applied the mitigation for CVE-2025-55182 immediately?"

CVE: CVE-2025-55182 | Compliance: HIPAA, GDPR | Source: Kaspersky ↗
Unpatched Gogs Zero-Day Exploited in 700+ Instances
Date & Time: 2025-12-11T10:30:00

A high-severity zero-day vulnerability in the Gogs self-hosted Git service is being actively exploited, with over 700 compromised instances already identified. The flaw allows attackers to overwrite files during updates, leading to system compromise.

Business impact

Compromise of a code repository can lead to intellectual property theft, injection of malicious code into your products (supply chain attack), and loss of competitive advantage.

Recommended action

Ask your DevOps lead: "Do we host any Gogs instances, and if so, are they isolated from the internet until a patch is verified and applied?"

CVE: CVE-2025-8110 | Compliance: SOX | Source: The Hacker News ↗
Active Exploitation of Hard-Coded Keys in Gladinet Products
Date & Time: 2025-12-11T05:56:00

Threat actors are actively exploiting hard-coded cryptographic keys in Gladinet's CentreStack and Triofox products to gain unauthorized access. This vulnerability allows attackers to access sensitive configuration files and potentially execute code.

Business impact

Exploitation allows attackers to bypass authentication and access sensitive corporate data stored in private clouds, resulting in immediate HIPAA/SOX compliance breaches and potential ransomware deployment.

Recommended action

Ask your IT Director: "Do we use CentreStack or Triofox for file sharing, and have we checked for indicators of compromise related to hard-coded key abuse?"

CVE: n/a | Compliance: HIPAA, SOX | Source: The Hacker News ↗
Fortinet Patches Critical Authentication Bypass Vulnerabilities
Date & Time: 2025-12-10T22:04:38

Fortinet has released patches for two critical authentication-bypass vulnerabilities affecting FortiOS, FortiWeb, and FortiProxy when FortiCloud SSO is enabled. These flaws allow attackers to bypass authentication and gain administrative access.

Business impact

An unauthenticated attacker gaining admin access to firewalls or proxies can dismantle network defenses, intercept traffic, and deploy malware deep within the network without detection.

Recommended action

Ask your Network Security team: "Have we applied the emergency patches for CVE-2025-59718 and CVE-2025-59719 on all Fortinet edge devices?"

CVE: CVE-2025-59718, CVE-2025-59719 | Compliance: HIPAA, SOX | Source: Security Affairs ↗
Microsoft Copilot Studio Prompt Injection Risks Financial Fraud
Date & Time: 2025-12-11T09:59:59

Researchers have demonstrated that Microsoft Copilot Studio is vulnerable to simple prompt injection attacks that can bypass security controls. This flaw was used to leak credit card data and fraudulently book services.

Business impact

Deployment of insecure AI agents can lead to direct financial loss, leakage of customer PII/PCI data, and reputational damage due to erratic AI behavior.

Recommended action

Ask your AI Governance lead: "Have we tested our Copilot agents for prompt injection vulnerabilities before allowing them to handle payment data or sensitive customer interactions?"

CVE: n/a | Compliance: PCI DSS, SOX | Source: Tenable ↗

HIGH SEVERITY ITEMS

NANOREMOTE Malware Abuses Google Drive API for C2
Date & Time: 2025-12-11T13:16:00

A new Windows backdoor named NANOREMOTE is using the Google Drive API for command-and-control communication, making detection difficult as traffic blends with legitimate user activity. It shares code similarities with the FINA implant.

Business impact

The use of legitimate cloud services for malware communication bypasses traditional firewall blocking, allowing attackers to maintain persistent, stealthy access to corporate networks for data exfiltration.

Recommended action

Ask your SOC Manager: "Can our network monitoring distinguish between legitimate Google Drive API usage and potential C2 traffic, or do we need to restrict API access?"

CVE: n/a | Compliance: SOX | Source: The Hacker News ↗
Hunting for Mythic Framework in Network Traffic
Date & Time: 2025-12-11T12:00:52

Threat actors are increasingly shifting to the open-source Mythic post-exploitation framework to maintain control over compromised hosts. This shift requires defenders to update detection logic previously focused on Cobalt Strike.

Business impact

Failure to detect post-exploitation frameworks allows attackers to move laterally across the network, escalating privileges and accessing critical financial or operational data.

Recommended action

Ask your Security Operations team: "Do our current detection rules specifically look for Mythic framework signatures in network traffic, or are we only watching for Cobalt Strike?"

CVE: n/a | Compliance: SOX | Source: Kaspersky ↗

MEDIUM SEVERITY ITEMS

Microsoft December Security Update Fixes 57 Vulnerabilities
Date & Time: 2025-12-11T07:21:35

Microsoft's December update addresses 57 security issues across Windows, Office, Exchange, and Azure, including high-risk privilege escalation flaws. Regular patching remains a cornerstone of defense.

CVE: n/a | Compliance: SOX | Source: NSFOCUS ↗, Tenable ↗

EXECUTIVE INSIGHTS

Lessons from 2025: Cyber Risk and CISO Accountability
Date & Time: 2025-12-11T10:02:09

The legal landscape for CISOs shifted dramatically in 2025, with increased personal liability and shareholder lawsuits. Boards must now navigate the ambiguity of accountability for autonomous systems and algorithmic risks.

Source: Last Watchdog ↗
Smart Secrets Management and Non-Human Identities
Date & Time: 2025-12-10T22:00:00

As cloud operations scale, safeguarding Non-Human Identities (NHIs) has become critical. Mismanaged machine identities are a leading vector for cloud breaches, necessitating specialized management strategies.

Source: Entro Security ↗

VENDOR SPOTLIGHT

Spotlight Rationale: Selected due to their direct discovery of the active Gladinet/CentreStack exploitation (Critical Item #3) and focus on persistent threat detection.

Threat Context: Active Attacks Exploit Gladinet's Hard-Coded Keys

Platform Focus: Huntress Managed Security Platform

Huntress specializes in exposing hidden threats that bypass preventive tools, specifically targeting persistent footholds like the hard-coded keys found in Gladinet products. Their platform combines automated detection with human threat hunting to identify "unhackable" flaws and logic abuse that standard EDRs often miss.

Actionable Platform Guidance: Huntress partners should immediately review the "Footholds" report for any CentreStack or Triofox agents showing anomalous `web.config` modifications or unexpected child processes, which are key indicators of the Gladinet exploitation.

Source: The Hacker News ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - Huntress / General IIS Hardening

# Check for CentreStack/Triofox installation and potential web.config modification
# This script checks for the presence of the software and last write time of web.config

$targetPaths = @(
"C:\Program Files (x86)\Gladinet\CentreStack",
"C:\Program Files (x86)\Gladinet\Triofox"
)

foreach ($path in $targetPaths) {
if (Test-Path $path) {
Write-Host "[!] Found installation at: $path" -ForegroundColor Yellow
$webConfig = Join-Path $path "root\web.config"
if (Test-Path $webConfig) {
$item = Get-Item $webConfig
Write-Host "    web.config LastWriteTime: $($item.LastWriteTime)"
# In a real scenario, compare against known good hash or backup date
}
}
}

2. YARA Rule for NANOREMOTE Malware

rule NANOREMOTE_GoogleDrive_C2 {
meta:
description = "Detects NANOREMOTE malware strings related to Google Drive API usage"
author = "Threat Rundown"
date = "2025-12-11"
reference = "https://thehackernews.com/2025/12/nanoremote-malware-uses-google-drive.html"
severity = "high"
tlp = "white"
strings:
$s1 = "googleapis.com/drive/v3/files" ascii wide
$s2 = "NANOREMOTE" ascii wide
$s3 = "uploadType=multipart" ascii wide
$s4 = "Authorization: Bearer" ascii wide
$h1 = { 4D 5A 90 00 03 00 00 00 }
condition:
$h1 and (3 of ($s*) or ($s1 and $s4))
}

3. SIEM Query — React4Shell (CVE-2025-55182) Exploitation Attempts

index=web_logs sourcetype="access_combined"
(uri_path="*.rsc" OR http_header_content_type="text/x-component")
| eval risk_score=case(
match(uri_query, "(?i)(eval|exec|system|cmd)"), 100,
http_method="POST", 60,
1==1, 0)
| where risk_score >= 60
| table _time, src_ip, uri_path, http_user_agent, risk_score
| sort -risk_score

4. PowerShell Script — Check Gogs Service Status (CVE-2025-8110 Mitigation)

$serviceName = "gogs"
$gogsProcess = Get-Process -Name "gogs" -ErrorAction SilentlyContinue

if ($gogsProcess) {
Write-Host "[!] Gogs process found running (PID: $($gogsProcess.Id))." -ForegroundColor Red
Write-Host "    Verify version is patched against CVE-2025-8110 immediately."
Write-Host "    If unpatched, consider stopping service: Stop-Service -Name $serviceName"
} else {
Write-Host "[-] Gogs process not found running." -ForegroundColor Green
}

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "type": "bundle", "id": "bundle--637330bc-4b69-41d0-91e2-42b16920fcd6", "objects": [ { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "created": "2022-10-01T00:00:00.000Z", "definition_type": "tlp:2.0", "name": "TLP:CLEAR", "definition": { "tlp": "clear" } }, { "type": "identity", "spec_version": "2.1", "id": "identity--384e5705-9b1a-4e26-b47f-acd1ac33fe41", "created": "2025-12-11T13:32:06.493Z", "modified": "2025-12-11T13:32:06.493Z", "name": "MikeGPT Intelligence Platform", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "identity_class": "organization", "sectors": [ "technology", "defense" ], "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "report", "spec_version": "2.1", "id": "report--8fa89cef-d25e-4e45-a88f-343ea39c2971", "created": "2025-12-11T13:32:06.493Z", "modified": "2025-12-11T13:32:06.493Z", "name": "Threat Intelligence Report - 2025-12-11", "description": "Threat Intelligence Report - 2025-12-11\n\nThis report consolidates actionable cybersecurity intelligence from 86 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• Hunting for Mythic in network traffic (Score: 100)\n• Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution (Score: 100)\n• Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw (Score: 100)\n• Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks (Score: 100)\n• Google Patches Mysterious Chrome Zero-Day Exploited in the Wild (Score: 100)\n\nEXTRACTED ENTITIES:\n• 28 Attack Pattern(s)\n• 5 Domain Name(s)\n• 2 Email Addr(s)\n• 7 File:Hashes.Md5(s)\n• 6 File:Hashes.Sha 1(s)\n• 7 File:Hashes.Sha 256(s)\n• 18 Indicator(s)\n• 2 Malware(s)\n• 1 Marking Definition(s)\n• 74 Relationship(s)\n• 8 Tool(s)\n• 13 Url(s)\n• 4 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "published": "2025-12-11T13:32:06.493Z", "object_refs": [ "identity--384e5705-9b1a-4e26-b47f-acd1ac33fe41", "identity--b0cec87f-da35-4d9b-b1e6-e530898b873e", "vulnerability--ee965578-219a-4d94-a714-d90b683d3a8a", "tool--1e9f1ece-0f03-438d-afe4-32400a806b4d", "identity--2daf3eee-ee2d-4a01-b724-90e3ce3a3f4f", "identity--cd5ed758-3f50-4269-947a-07bbfc1783c0", "identity--ae4d5f46-29c5-40ae-842b-378abf057c12", "tool--fd368e1e-5ddb-4355-8645-02012f1fb7d1", "identity--006f3ed2-727f-4541-989c-d9ee76a497b2", "identity--26d42040-be49-40b4-a934-aa7a77e1f18b", "tool--2d5dce87-f632-4d64-83c7-e62154759ce2", "tool--2f500a6e-9fac-4263-a2a7-8de0f60bbcf0", "tool--6c7aaabc-f060-4d19-a478-ab25432ffbb8", "vulnerability--6f755432-a4ca-486c-9420-ba4ebca3e2c7", "identity--27951707-88a2-42b8-b72b-fd73409a93a1", "identity--b450ad91-4f65-42f3-81f8-0c725a25d8e9", "tool--86b6288a-3de1-437a-88cf-c81928d22bf9", "identity--76de3514-f624-410e-848e-95fd9d518a35", "tool--ccd21ac3-b6c7-47b0-9d2a-7cfab9bde159", "identity--d2ef45c2-8dbc-4d22-935f-5ff8ec8de775", "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "identity--9abde0c0-183c-4f99-9b4f-07d79ec74339", "identity--52acbab6-0ee9-45dd-9337-955c5e866aef", "identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396", "tool--71f28f85-9897-477e-9c42-fcbe5704fa09", "identity--bdf7bdb7-b0dc-4f93-ab81-2be626deafae", "identity--d9d05144-eca9-4087-96b7-9191f59f0456", "identity--9a361a75-ece7-4f4b-8732-7f4848676467", "identity--90623fdc-9e93-4f85-853e-560afad72ada", "identity--5d64386e-28ba-4fd0-ab62-7357b8e3bbcb", "identity--161fc746-cd49-4615-ab48-81a93a1b16b4", "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "vulnerability--1dd165a0-27bf-4659-9f0f-200e45743f55", "vulnerability--d8541713-ed77-470f-ae9a-1a9e980b18a0", "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "attack-pattern--4b0a5199-2908-43a4-87bb-f021b55f6001", "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "attack-pattern--270f3200-ac63-4d2d-be73-645b1794d56d", "attack-pattern--775a5581-fd79-4cfc-a505-6d409b3bbfba", "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716", "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29", "attack-pattern--5d331945-e11f-455a-bb36-5c5d2c1e2a38", "attack-pattern--1af573e9-5ac2-46ba-ab87-8af3af61a0d4", "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "attack-pattern--cd3c35f6-1260-4d03-b316-6c43a8f5a755", "attack-pattern--7aa19707-a8bb-4175-a9ce-0dc6a85cf429", "attack-pattern--d35aab7a-eaa0-4d19-9889-83b049aaf2d5", "relationship--bf11bf31-05b5-4aa2-b778-4efd420d03b1", "relationship--a0961036-52eb-4c08-b080-e9b0483e33ca", "relationship--714737bf-1f9b-4174-a622-c07aa46f1754", "relationship--325bade9-e9b8-404b-b77c-0e6912b4affc", "relationship--8637cfb7-a7b4-4961-933a-04f0df15f7ce", "relationship--a2f87ae1-ebc8-4f9a-9db4-c3773a0e637b", "relationship--588dbe52-2cd2-4e15-91db-d469bc95733d", "relationship--91f24c0c-8636-4785-93b4-ef117d255cd5", "relationship--5d2216f3-bf94-46aa-992c-0d75cb1212d2", "relationship--24451337-1ea2-46c8-96c9-f54b4a12cb00", "relationship--390f6053-b43d-404a-805b-8e2c00d23074", "relationship--0acc9e69-33b6-448c-a9e4-1b7b2f4357e3", "relationship--2db48118-594e-4ce8-af47-33bcc7a2f3cd", "relationship--28921fe1-2183-43fa-8557-96a5444257c2", "relationship--f9ae7b41-6e67-44fa-b033-015eded4c3c6", "relationship--89b7fd4b-b871-42ee-a5f9-ef62eea59ca0", "relationship--e9dbfe29-72fc-4470-88f4-d380c102c89f", "relationship--d8b58694-6e19-4c74-99c6-85dc63a4120d", "relationship--bc8d6267-9f14-437f-9dab-906d29634658", "relationship--891b24c3-3f1b-41bb-93b9-fc24837880bb", "relationship--a570b1eb-be11-4be7-8757-f56dd95b3caa", "relationship--54c737e0-4083-4a0b-af17-63eac259b9db", "relationship--1aa1c2a7-9593-4487-b172-968e40dcee25", "relationship--1a0223be-7766-49bb-bafc-f0d24601ebf0", "relationship--0cfe2266-6e28-4bb9-95dc-c17ea47f4368", "relationship--a9b6c4ef-8f30-4052-9a6e-5cb81a299844", "relationship--5cbcb649-2856-41a2-8ee5-eff208599ea5", "relationship--b38c013c-2caf-4de8-8133-0d928a52c86c", "relationship--be518df9-e39a-448f-b359-3ea80cd4e7ce", "relationship--ce3efec0-4f67-4009-b0ca-d43358b25141", "relationship--48ce2cfe-51b4-4307-98cf-7e00e1fa079d", "relationship--cce0747a-a351-4bb5-9a5c-56064cb80236", "relationship--91c9b049-32b4-4deb-bc4f-bfbafc39e422", "relationship--8488bc95-fb14-4b4f-99e8-786d2df7bf76", "relationship--933c187a-8771-4b33-815b-a3491545e285", "relationship--2400ec2b-7ba8-4435-81c9-49a0406c740d", "relationship--0333ec49-75a1-4781-be7e-81fd810c9322", "relationship--46e39341-42cc-4db5-b4a6-177b9195a81d", "relationship--00c10b9e-543e-4220-81f0-ef3c3c0b9a47", "relationship--370457d2-2ce9-4615-9298-d0ffb500165d", "relationship--9cba2b94-2901-4ce6-b3f9-f47113d1bb3b", "relationship--99c05618-8b5c-4315-bdda-d2b56ba7e936", "relationship--4017ea21-e2ba-4746-8be1-084f97c3b6c3", "relationship--9e657e70-7487-431f-bf9f-c9ae2599ada8", "relationship--a9a22e7e-e874-4d2e-95b3-8bf692682707", "relationship--4a62163c-cf95-4a6d-be96-35b3f8435836", "relationship--876159c3-0054-448f-a714-38ba7ea2d8d8", "relationship--e9a0d959-f2ac-4106-a414-380cdd320b2d", "relationship--3efb978b-ffd6-44ff-ad85-7a6c0ce793be", "relationship--9c793cf5-a0ac-4a52-85a7-a11f137b3361", "relationship--a18a2ef5-9885-41f2-9003-d301807455ea", "relationship--ca1ae1ca-ee60-439a-9bb8-185b0d555f6f", "relationship--9d16b31c-86c5-46ee-b286-4a147762c537", "relationship--b47b0c97-1bd9-41ec-9a19-f89ccaa9ee5b", "relationship--b6a7abe6-8834-4510-8d9c-f43e5e18e7da", "relationship--7b934ae4-9134-4db9-811d-fa3c049d3f5c", "file:hashes.SHA-256--43b5216b-0d5d-44ff-9e8f-e1a8e5b8c112", "file:hashes.SHA-256--8389cdae-e830-47d9-9c7c-c0763c6517eb", "file:hashes.SHA-256--075ff036-4f2a-4c06-991e-10871ddd2064", "file:hashes.SHA-256--3286cc8f-9a0f-4f89-8d63-fb5e82343977", "file:hashes.SHA-256--20b7fac6-8a5d-4d6a-9e3f-7ff9900311b6", "file:hashes.SHA-256--fe271cfb-bc48-46ee-b77e-5852d2a7a0cd", "file:hashes.SHA-256--8ae94dfc-54a7-4641-8af2-fe26168afe33", "file:hashes.MD5--2e1f4888-bf2a-4a93-9e30-6248251d1337", "file:hashes.MD5--c460690d-33ae-4f6d-9166-64c46eec926e", "file:hashes.MD5--8067531e-8ea1-4a28-8e23-4e7a3d49ea77", "file:hashes.MD5--da80c182-984c-4c72-9e14-98b5d8510ddd", "file:hashes.MD5--5e84e785-878d-44db-b9ed-ae73276f29de", "file:hashes.MD5--62f8b3c0-8080-455b-acae-d8ea39f07fd1", "file:hashes.MD5--7c0e8e20-5883-475a-aeb2-e1380ed2c2ef", "file:hashes.SHA-1--3cc170d8-76e8-4354-b536-fcd8d293491c", "file:hashes.SHA-1--fbe91819-b35d-4b7e-8236-d204b323722a", "file:hashes.SHA-1--81e556f3-559b-46ad-a958-ff64cbb9ef2d", "file:hashes.SHA-1--06d0d74c-2be9-40a9-8d39-d032f4387b55", "file:hashes.SHA-1--576d354b-302d-4f9d-8872-8c69958558e4", "file:hashes.SHA-1--f4127ec1-ac61-4432-a631-a259506a5fe7", "domain-name--bb91a130-0bff-48cc-90b6-583c0cec049a", "domain-name--35abccb9-c3d7-4a34-ba64-b2bb8174527f", "domain-name--1f264755-f1e1-4969-b6af-94a905ad1257", "domain-name--a2c1a747-5e9c-4577-8cf1-0ab5833fc9c7", "domain-name--95ca67b7-9d25-4581-a42e-dfb652b61bc8", "url--a9f7e6df-aaf5-465c-b9c9-87fde7a63e9c", "url--5c8ca6f7-31e2-40ff-9978-56acd2550faf", "url--d011b8ea-e381-415f-ae87-43a75981320c", "url--d2eecf67-45f9-4f9d-9c81-2ff3d0587fe7", "url--3faa9a78-59e4-4af9-b4ce-e2d707931c68", "url--ef2a4642-20fa-4495-8b15-c44a51abe47c", "url--ffca36c7-544c-4607-92e0-4686474910a5", "url--2bb4c248-b696-404b-83fb-63e1fb5cbda0", "url--8f829d6b-eef6-47cc-8af0-3d9c0b897dcb", "url--69fc85e4-9d56-40be-92f4-07e7cfa34a6a", "url--36f9a200-5a79-402b-ac77-fcf65d06a4c2", "url--9e1f63b3-347c-4079-a486-5a65b679bc68", "url--fe45f1bf-a867-41d5-a4fb-84369c3cd8fb", "email-addr--64830605-2875-43a5-aa18-fcd5f9fc296a", "email-addr--7133c1ee-5364-465a-9345-177ac764efe4", "indicator--a5d0dbcc-b7b9-44ea-8388-131fa97fefff", "relationship--8053b14d-eb59-42db-8769-82c8616e8d93", "indicator--4032c22e-31fc-4fb6-a65c-425f62eed0d5", "relationship--c7e11963-40ca-4312-83ec-e7707343510d", "indicator--a79d555e-590f-4936-8790-734ff4642622", "relationship--ccd6f1fa-6169-4ee6-8ddb-acd9dff37d27", "indicator--ed7c65f6-b660-4a99-a249-57d3cc9a099c", "relationship--0dd9b504-8932-47c2-8f4a-4c64de13407f", "indicator--ffc1e50b-bf8c-44df-891e-7fb17adf30e9", "relationship--252c12eb-82c3-4c0e-8ac6-d5a42b1a9821", "indicator--06ff5edc-6db1-4231-8805-04e7e54a34d8", "relationship--fc5f794c-a465-47a6-97d4-2a59cd0b1c56", "indicator--cc56f07f-b0e0-4383-95b1-1c08b3356bba", "relationship--191fe5e3-a5d6-4920-8a6e-0cb37e8ac488", "indicator--79037e24-8df5-4e1f-91d4-e8a1c29302b8", "relationship--789b9c7f-8b01-4d40-a14b-91cda0287c52", "indicator--0bba4b86-8244-46a4-9b0c-a7de3246a916", "relationship--30f665f5-d8c0-4165-9613-152b5c9f7397", "indicator--dcdfd2b9-539b-493b-bc7b-749996b34289", "relationship--5f738681-6421-4c58-bb46-a9e40b891ef6", "indicator--08a18ad6-3240-4037-b6a4-1af70f466322", "relationship--fedbafd0-992f-4199-8fa3-4da1276ce567", "indicator--b2c430eb-af51-4de8-8e46-978aef94c240", "relationship--2499904c-762d-46b0-a3b6-59e006eeb4ae", "indicator--5f613c14-db4a-4a80-9947-526c2e4cd4f5", "relationship--c2ccd10d-7183-4907-871c-786a5e6633ee", "indicator--9c2257b0-dd91-4787-b3e8-400068406316", "relationship--5322c32b-e0a5-4b61-84ea-9aa69a2b5e9f", "indicator--3263ac3b-0df7-44a3-9247-9f16cf1411d1", "relationship--080f13b1-117e-438b-bb68-93e5cf571fae", "indicator--0ef18466-3e06-431b-966a-83707ea0aa9f", "relationship--ff6459f3-ad68-4608-b701-a93b640e8cf8", "indicator--d866dc52-d84b-46c3-910d-976fc57eb9a6", "relationship--33052b0f-0c2c-4a98-8dba-c680572508f9", "indicator--ca12746e-8df1-43ba-b407-66decc0331f6", "relationship--334c7daa-3754-4917-830e-e467668d9b9d" ], "labels": [ "threat-report", "threat-intelligence" ], "created_by_ref": "identity--384e5705-9b1a-4e26-b47f-acd1ac33fe41", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.487Z", "modified": "2025-12-11T13:32:06.487Z", "confidence": 95, "type": "identity", "id": "identity--b0cec87f-da35-4d9b-b1e6-e530898b873e", "name": "CentreStack", "identity_class": "organization", "labels": [ "identity" ], "description": "CentreStack is a cloud file sharing and synchronization platform that enables users to access, share, and manage files across multiple devices and locations.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.487Z", "modified": "2025-12-11T13:32:06.487Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--ee965578-219a-4d94-a714-d90b683d3a8a", "name": "CVE-2025-8110", "description": "Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.", "x_kev_status": false, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-8110", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8110" }, { "source_name": "nvd", "external_id": "CVE-2025-8110", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8110" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.487Z", "modified": "2025-12-11T13:32:06.487Z", "confidence": 95, "type": "tool", "id": "tool--1e9f1ece-0f03-438d-afe4-32400a806b4d", "name": "Oracle Fusion Cloud Services", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Oracle Fusion Cloud Services is a cloud-based enterprise software suite that provides integrated business applications for finance, human capital management, and customer experience management.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.487Z", "modified": "2025-12-11T13:32:06.487Z", "confidence": 95, "type": "identity", "id": "identity--2daf3eee-ee2d-4a01-b724-90e3ce3a3f4f", "name": "Thales", "identity_class": "organization", "labels": [ "identity" ], "description": "Thales is a global technology company specializing in digital security, cybersecurity, and data protection solutions for governments, organizations, and individuals.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.487Z", "modified": "2025-12-11T13:32:06.487Z", "confidence": 95, "type": "identity", "id": "identity--cd5ed758-3f50-4269-947a-07bbfc1783c0", "name": "NSFOCUS CERT", "identity_class": "organization", "labels": [ "identity" ], "description": "NSFOCUS CERT is a cybersecurity emergency response team that detects and reports on security threats and vulnerabilities in software and systems.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.487Z", "modified": "2025-12-11T13:32:06.487Z", "confidence": 95, "type": "identity", "id": "identity--ae4d5f46-29c5-40ae-842b-378abf057c12", "name": "Microsoft", "identity_class": "organization", "labels": [ "identity" ], "description": "Microsoft is a multinational technology company that develops, manufactures, licenses, and supports a wide range of software products, services, and devices.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "tool", "id": "tool--fd368e1e-5ddb-4355-8645-02012f1fb7d1", "name": "Windows", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Windows is a widely used operating system for personal computers, providing a platform for running applications, managing files, and accessing various software and hardware components.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "identity", "id": "identity--006f3ed2-727f-4541-989c-d9ee76a497b2", "name": "Microsoft Copilot Studio", "identity_class": "organization", "labels": [ "identity" ], "description": "Microsoft Copilot Studio is a no-code platform that enables users to create custom applications and workflows without requiring extensive coding knowledge.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "identity", "id": "identity--26d42040-be49-40b4-a934-aa7a77e1f18b", "name": "IceWarp", "identity_class": "organization", "labels": [ "identity" ], "description": "IceWarp is a comprehensive email server and collaboration platform that provides email, calendar, and contact management features for businesses and organizations.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "tool", "id": "tool--2d5dce87-f632-4d64-83c7-e62154759ce2", "name": "FortiOS", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "FortiOS is a network operating system developed by Fortinet for its network security appliances, providing firewall, VPN, and other security features to protect networks from cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "tool", "id": "tool--2f500a6e-9fac-4263-a2a7-8de0f60bbcf0", "name": "FortiWeb", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "FortiWeb is a web application firewall (WAF) that protects against various types of cyber threats and attacks by filtering and controlling incoming and outgoing web traffic.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "tool", "id": "tool--6c7aaabc-f060-4d19-a478-ab25432ffbb8", "name": "FortiProxy", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "FortiProxy is a web proxy solution that provides secure web filtering, content inspection, and threat protection for organizations.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--6f755432-a4ca-486c-9420-ba4ebca3e2c7", "name": "CVE-2025-59718", "description": "A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a craf. CVSS Score: 9.8 (CRITICAL). EPSS: 0.1% exploitation probability", "x_cvss_score": 9.8, "x_cvss_severity": "CRITICAL", "x_kev_status": false, "x_epss_score": 0.00089, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-59718", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59718" }, { "source_name": "nvd", "external_id": "CVE-2025-59718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59718" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "identity", "id": "identity--27951707-88a2-42b8-b72b-fd73409a93a1", "name": "Cisco Vulnerability Management", "identity_class": "organization", "labels": [ "identity" ], "description": "Cisco Vulnerability Management is a platform that helps security teams identify, prioritize, and remediate vulnerabilities across their IT environments, providing visibility and control to reduce risk and improve overall security posture.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "identity", "id": "identity--b450ad91-4f65-42f3-81f8-0c725a25d8e9", "name": "AttackIQ", "identity_class": "organization", "labels": [ "identity" ], "description": "AttackIQ is a company that provides a platform for simulating cyber attacks to test and improve an organization's defenses, helping to identify vulnerabilities and optimize security controls.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "tool", "id": "tool--86b6288a-3de1-437a-88cf-c81928d22bf9", "name": "Next.js", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Next.js is a popular, open-source React-based framework for building server-side rendered and statically generated websites and applications. It is widely used in web development for its performance, scalability, and ease of use. However, as seen in the context, Next.js can be vulnerable to critical security issues, such as the React2Shell vulnerability, which allows for remote code execution.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "identity", "id": "identity--76de3514-f624-410e-848e-95fd9d518a35", "name": "Huntress", "identity_class": "organization", "labels": [ "identity" ], "description": "Huntress is a cybersecurity company that provides threat detection and incident response services to protect businesses from cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "tool", "id": "tool--ccd21ac3-b6c7-47b0-9d2a-7cfab9bde159", "name": "Fuji Electric Monitouch V-SFT", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Fuji Electric Monitouch V-SFT is a human-machine interface (HMI) system used for monitoring and controlling industrial processes.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "identity", "id": "identity--d2ef45c2-8dbc-4d22-935f-5ff8ec8de775", "name": "EasyDMARC", "identity_class": "organization", "labels": [ "identity" ], "description": "EasyDMARC is a company that specializes in email security solutions, particularly in implementing and managing DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies to protect against email spoofing and phishing attacks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.488Z", "modified": "2025-12-11T13:32:06.488Z", "confidence": 95, "type": "malware", "id": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "name": "ClickFix", "is_family": true, "malware_types": [ "trojan" ], "labels": [ "malicious-activity" ], "description": "ClickFix is a social engineering tactic used by attackers to deliver malware, including RATs and info-stealers, directly from memory. It is part of a CastleLoader malware variant discovered by Blackpoint Cyber researchers.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 95, "type": "identity", "id": "identity--9abde0c0-183c-4f99-9b4f-07d79ec74339", "name": "Flashpoint", "identity_class": "organization", "labels": [ "identity" ], "description": "Flashpoint is a cybersecurity company that provides threat intelligence and risk management solutions to help organizations protect themselves against cyber threats. In the context provided, Flashpoint is mentioned as the source of intelligence that revealed the digital operational security failures and reliance on AI of a North Korean threat actor.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 95, "type": "identity", "id": "identity--52acbab6-0ee9-45dd-9337-955c5e866aef", "name": "Windscribe", "identity_class": "organization", "labels": [ "identity" ], "description": "Windscribe is a virtual private network (VPN) service that provides users with secure and private internet browsing.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 95, "type": "identity", "id": "identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396", "name": "Google", "identity_class": "organization", "labels": [ "identity" ], "description": "Google is a multinational technology company specializing in Internet-related services and products, including search engines, online advertising technologies, cloud computing, and software development.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 95, "type": "tool", "id": "tool--71f28f85-9897-477e-9c42-fcbe5704fa09", "name": "TradingView Desktop", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "TradingView Desktop is a financial charting and analysis software for traders and investors.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 95, "type": "identity", "id": "identity--bdf7bdb7-b0dc-4f93-ab81-2be626deafae", "name": "PH Molds Limited", "identity_class": "unknown", "labels": [ "identity" ], "description": "PH Molds Limited is a Canadian plastic injection mold design and manufacturing company that was targeted by the Akira ransomware group, resulting in a data breach and a ransom demand.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 95, "type": "identity", "id": "identity--d9d05144-eca9-4087-96b7-9191f59f0456", "name": "Darktrace", "identity_class": "organization", "labels": [ "identity" ], "description": "Darktrace is an AI-powered cybersecurity company that detects and responds to in-progress cyber-attacks in real-time, using machine learning and anomaly detection to identify and mitigate threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 95, "type": "identity", "id": "identity--9a361a75-ece7-4f4b-8732-7f4848676467", "name": "Inotiv", "identity_class": "unknown", "labels": [ "identity" ], "description": "Inotiv is a drug research firm that was affected by a ransomware attack in August, allegedly by the Qilin gang, and is still evaluating the financial and operational impact of the breach.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 95, "type": "identity", "id": "identity--90623fdc-9e93-4f85-853e-560afad72ada", "name": "Udemy", "identity_class": "organization", "labels": [ "identity" ], "description": "Udemy is an online learning platform offering courses and tutorials on various subjects, including technology, business, and creative skills, often taught by industry experts.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 95, "type": "identity", "id": "identity--5d64386e-28ba-4fd0-ab62-7357b8e3bbcb", "name": "CyberProof", "identity_class": "organization", "labels": [ "identity" ], "description": "CyberProof is a cybersecurity company that provides threat detection and incident response services.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 95, "type": "identity", "id": "identity--161fc746-cd49-4615-ab48-81a93a1b16b4", "name": "GitHub", "identity_class": "organization", "labels": [ "identity" ], "description": "GitHub is a web-based platform for version control and collaboration on software development projects, allowing users to store, share, and manage their code.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 90, "type": "malware", "id": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "name": "infostealer", "is_family": true, "malware_types": [ "stealer" ], "labels": [ "malicious-activity" ], "description": "Infostealer is a type of malware designed to steal sensitive information from infected systems, often used by threat actors to gain unauthorized access to sensitive data. In the context of the North Korean threat actor's machine, the infostealer infection exposed their digital operational security failures and reliance on AI.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 80, "type": "vulnerability", "id": "vulnerability--1dd165a0-27bf-4659-9f0f-200e45743f55", "name": "CVE-2025-14500", "description": "The following CVEs are assigned: CVE-2025-14500.", "x_cvss_severity": "Unknown", "x_kev_status": false, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-14500", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14500" }, { "source_name": "nvd", "external_id": "CVE-2025-14500", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14500" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 80, "type": "vulnerability", "id": "vulnerability--d8541713-ed77-470f-ae9a-1a9e980b18a0", "name": "CVE-2025-12491", "description": "The following CVEs are assigned: CVE-2025-12491.", "x_cvss_severity": "Unknown", "x_kev_status": false, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-12491", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12491" }, { "source_name": "nvd", "external_id": "CVE-2025-12491", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12491" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.489Z", "modified": "2025-12-11T13:32:06.489Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "name": "Exploit Public-Facing Application", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1190", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "name": "Exploitation for Client Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1203", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/", "external_id": "T1203" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "name": "Command and Scripting Interpreter", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/", "external_id": "T1059" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "name": "Adversary-in-the-Middle", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/", "external_id": "T1557" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "name": "Abuse Elevation Control Mechanism", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" }, { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1548", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1548/", "external_id": "T1548" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "name": "Access Token Manipulation", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1134", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1134/", "external_id": "T1134" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "name": "Create or Modify System Process", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1543", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1543/", "external_id": "T1543" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "name": "Boot or Logon Autostart Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1547", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1547/", "external_id": "T1547" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "name": "Spearphishing Attachment", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/001/", "external_id": "T1566.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "name": "Spearphishing Link", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/002/", "external_id": "T1566.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "name": "Spearphishing via Service", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/003/", "external_id": "T1566.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--4b0a5199-2908-43a4-87bb-f021b55f6001", "name": "Cloud Services", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "lateral-movement" } ], "x_mitre_id": "T1021.007", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1021/007/", "external_id": "T1021.007" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "name": "Vulnerabilities", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/006/", "external_id": "T1588.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--270f3200-ac63-4d2d-be73-645b1794d56d", "name": "Local Groups", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1069.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1069/001/", "external_id": "T1069.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--775a5581-fd79-4cfc-a505-6d409b3bbfba", "name": "Browser Session Hijacking", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1185", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1185/", "external_id": "T1185" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 79, "type": "attack-pattern", "id": "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716", "name": "Python", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/006/", "external_id": "T1059.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 78, "type": "attack-pattern", "id": "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29", "name": "Python Startup Hooks", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1546.018", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1546/018/", "external_id": "T1546.018" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 78, "type": "attack-pattern", "id": "attack-pattern--5d331945-e11f-455a-bb36-5c5d2c1e2a38", "name": "Cloud Groups", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1069.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1069/003/", "external_id": "T1069.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 78, "type": "attack-pattern", "id": "attack-pattern--1af573e9-5ac2-46ba-ab87-8af3af61a0d4", "name": "Silver Ticket", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" } ], "x_mitre_id": "T1558.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1558/002/", "external_id": "T1558.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "name": "Scheduled Task", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1053.005", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/005/", "external_id": "T1053.005" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "name": "Socket Filters", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1205.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1205/002/", "external_id": "T1205.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "name": "Malicious Shell Modification", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1156", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1156/", "external_id": "T1156" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "name": "Archive via Utility", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1560.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/", "external_id": "T1560.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "name": "Screen Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1113", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/", "external_id": "T1113" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 67, "type": "attack-pattern", "id": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "name": "Artificial Intelligence", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.007", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/007/", "external_id": "T1588.007" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 66, "type": "attack-pattern", "id": "attack-pattern--cd3c35f6-1260-4d03-b316-6c43a8f5a755", "name": "Domain Groups", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1069.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1069/002/", "external_id": "T1069.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 65, "type": "attack-pattern", "id": "attack-pattern--7aa19707-a8bb-4175-a9ce-0dc6a85cf429", "name": "DNS", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1071.004", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1071/004/", "external_id": "T1071.004" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "confidence": 65, "type": "attack-pattern", "id": "attack-pattern--d35aab7a-eaa0-4d19-9889-83b049aaf2d5", "name": "Cloud Service Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1526", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1526/", "external_id": "T1526" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf11bf31-05b5-4aa2-b778-4efd420d03b1", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: ClickFix and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a0961036-52eb-4c08-b080-e9b0483e33ca", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: ClickFix and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--714737bf-1f9b-4174-a622-c07aa46f1754", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: ClickFix and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--325bade9-e9b8-404b-b77c-0e6912b4affc", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: ClickFix and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8637cfb7-a7b4-4961-933a-04f0df15f7ce", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: ClickFix and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a2f87ae1-ebc8-4f9a-9db4-c3773a0e637b", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: ClickFix and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--588dbe52-2cd2-4e15-91db-d469bc95733d", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 55, "description": "Co-occurrence: ClickFix and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--91f24c0c-8636-4785-93b4-ef117d255cd5", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 55, "description": "Co-occurrence: ClickFix and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d2216f3-bf94-46aa-992c-0d75cb1212d2", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: ClickFix and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24451337-1ea2-46c8-96c9-f54b4a12cb00", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: ClickFix and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--390f6053-b43d-404a-805b-8e2c00d23074", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: ClickFix and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0acc9e69-33b6-448c-a9e4-1b7b2f4357e3", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--4b0a5199-2908-43a4-87bb-f021b55f6001", "confidence": 55, "description": "Co-occurrence: ClickFix and Cloud Services (T1021.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2db48118-594e-4ce8-af47-33bcc7a2f3cd", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: ClickFix and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--28921fe1-2183-43fa-8557-96a5444257c2", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--270f3200-ac63-4d2d-be73-645b1794d56d", "confidence": 55, "description": "Co-occurrence: ClickFix and Local Groups (T1069.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f9ae7b41-6e67-44fa-b033-015eded4c3c6", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--775a5581-fd79-4cfc-a505-6d409b3bbfba", "confidence": 55, "description": "Co-occurrence: ClickFix and Browser Session Hijacking (T1185) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--89b7fd4b-b871-42ee-a5f9-ef62eea59ca0", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716", "confidence": 55, "description": "Co-occurrence: ClickFix and Python (T1059.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9dbfe29-72fc-4470-88f4-d380c102c89f", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29", "confidence": 55, "description": "Co-occurrence: ClickFix and Python Startup Hooks (T1546.018) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d8b58694-6e19-4c74-99c6-85dc63a4120d", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.490Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--5d331945-e11f-455a-bb36-5c5d2c1e2a38", "confidence": 55, "description": "Co-occurrence: ClickFix and Cloud Groups (T1069.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bc8d6267-9f14-437f-9dab-906d29634658", "created": "2025-12-11T13:32:06.490Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--1af573e9-5ac2-46ba-ab87-8af3af61a0d4", "confidence": 55, "description": "Co-occurrence: ClickFix and Silver Ticket (T1558.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--891b24c3-3f1b-41bb-93b9-fc24837880bb", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: ClickFix and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a570b1eb-be11-4be7-8757-f56dd95b3caa", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 55, "description": "Co-occurrence: ClickFix and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--54c737e0-4083-4a0b-af17-63eac259b9db", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 55, "description": "Co-occurrence: ClickFix and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1aa1c2a7-9593-4487-b172-968e40dcee25", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: ClickFix and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1a0223be-7766-49bb-bafc-f0d24601ebf0", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: ClickFix and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0cfe2266-6e28-4bb9-95dc-c17ea47f4368", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 55, "description": "Co-occurrence: ClickFix and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a9b6c4ef-8f30-4052-9a6e-5cb81a299844", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--cd3c35f6-1260-4d03-b316-6c43a8f5a755", "confidence": 55, "description": "Co-occurrence: ClickFix and Domain Groups (T1069.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5cbcb649-2856-41a2-8ee5-eff208599ea5", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--7aa19707-a8bb-4175-a9ce-0dc6a85cf429", "confidence": 55, "description": "Co-occurrence: ClickFix and DNS (T1071.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b38c013c-2caf-4de8-8133-0d928a52c86c", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--52c1192f-9bee-4f58-ab86-1c55430bdc17", "target_ref": "attack-pattern--d35aab7a-eaa0-4d19-9889-83b049aaf2d5", "confidence": 55, "description": "Co-occurrence: ClickFix and Cloud Service Discovery (T1526) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--be518df9-e39a-448f-b359-3ea80cd4e7ce", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: infostealer and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ce3efec0-4f67-4009-b0ca-d43358b25141", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: infostealer and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--48ce2cfe-51b4-4307-98cf-7e00e1fa079d", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: infostealer and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cce0747a-a351-4bb5-9a5c-56064cb80236", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: infostealer and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--91c9b049-32b4-4deb-bc4f-bfbafc39e422", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: infostealer and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8488bc95-fb14-4b4f-99e8-786d2df7bf76", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: infostealer and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--933c187a-8771-4b33-815b-a3491545e285", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 55, "description": "Co-occurrence: infostealer and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2400ec2b-7ba8-4435-81c9-49a0406c740d", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 55, "description": "Co-occurrence: infostealer and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0333ec49-75a1-4781-be7e-81fd810c9322", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: infostealer and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--46e39341-42cc-4db5-b4a6-177b9195a81d", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: infostealer and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--00c10b9e-543e-4220-81f0-ef3c3c0b9a47", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: infostealer and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--370457d2-2ce9-4615-9298-d0ffb500165d", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--4b0a5199-2908-43a4-87bb-f021b55f6001", "confidence": 55, "description": "Co-occurrence: infostealer and Cloud Services (T1021.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9cba2b94-2901-4ce6-b3f9-f47113d1bb3b", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: infostealer and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--99c05618-8b5c-4315-bdda-d2b56ba7e936", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--270f3200-ac63-4d2d-be73-645b1794d56d", "confidence": 55, "description": "Co-occurrence: infostealer and Local Groups (T1069.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4017ea21-e2ba-4746-8be1-084f97c3b6c3", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--775a5581-fd79-4cfc-a505-6d409b3bbfba", "confidence": 55, "description": "Co-occurrence: infostealer and Browser Session Hijacking (T1185) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9e657e70-7487-431f-bf9f-c9ae2599ada8", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716", "confidence": 55, "description": "Co-occurrence: infostealer and Python (T1059.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a9a22e7e-e874-4d2e-95b3-8bf692682707", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29", "confidence": 55, "description": "Co-occurrence: infostealer and Python Startup Hooks (T1546.018) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4a62163c-cf95-4a6d-be96-35b3f8435836", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--5d331945-e11f-455a-bb36-5c5d2c1e2a38", "confidence": 55, "description": "Co-occurrence: infostealer and Cloud Groups (T1069.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--876159c3-0054-448f-a714-38ba7ea2d8d8", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--1af573e9-5ac2-46ba-ab87-8af3af61a0d4", "confidence": 55, "description": "Co-occurrence: infostealer and Silver Ticket (T1558.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9a0d959-f2ac-4106-a414-380cdd320b2d", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: infostealer and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3efb978b-ffd6-44ff-ad85-7a6c0ce793be", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "confidence": 55, "description": "Co-occurrence: infostealer and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9c793cf5-a0ac-4a52-85a7-a11f137b3361", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "confidence": 55, "description": "Co-occurrence: infostealer and Malicious Shell Modification (T1156) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a18a2ef5-9885-41f2-9003-d301807455ea", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: infostealer and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ca1ae1ca-ee60-439a-9bb8-185b0d555f6f", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: infostealer and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9d16b31c-86c5-46ee-b286-4a147762c537", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "confidence": 55, "description": "Co-occurrence: infostealer and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b47b0c97-1bd9-41ec-9a19-f89ccaa9ee5b", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--cd3c35f6-1260-4d03-b316-6c43a8f5a755", "confidence": 55, "description": "Co-occurrence: infostealer and Domain Groups (T1069.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b6a7abe6-8834-4510-8d9c-f43e5e18e7da", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--7aa19707-a8bb-4175-a9ce-0dc6a85cf429", "confidence": 55, "description": "Co-occurrence: infostealer and DNS (T1071.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7b934ae4-9134-4db9-811d-fa3c049d3f5c", "created": "2025-12-11T13:32:06.491Z", "modified": "2025-12-11T13:32:06.491Z", "relationship_type": "uses", "source_ref": "malware--4ce98fa3-be7c-4c19-947d-6fd8054ea06e", "target_ref": "attack-pattern--d35aab7a-eaa0-4d19-9889-83b049aaf2d5", "confidence": 55, "description": "Co-occurrence: infostealer and Cloud Service Discovery (T1526) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "file:hashes.SHA-256", "value": "5c204217d48f2565990dfdf2269c26113bd14c204484d8f466fb873312da80cf", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--43b5216b-0d5d-44ff-9e8f-e1a8e5b8c112" }, { "type": "file:hashes.SHA-256", "value": "e9ad648589aa3e15ce61c6a3be4fc98429581be738792ed17a713b4980c9a4a2", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--8389cdae-e830-47d9-9c7c-c0763c6517eb" }, { "type": "file:hashes.SHA-256", "value": "8c382d51459b91b7f74b23fbad7dd2e8c818961561603c8f6614edc9bb1637d1", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--075ff036-4f2a-4c06-991e-10871ddd2064" }, { "type": "file:hashes.SHA-256", "value": "7d8a4aa184eb350f4be8706afb0d7527fca40c4667ab0491217b9e1e9d0f9c81", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--3286cc8f-9a0f-4f89-8d63-fb5e82343977" }, { "type": "file:hashes.SHA-256", "value": "07594ba29d456e140a171cba12d8d9a2db8405755b81da063a425b1a8b50d073", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--20b7fac6-8a5d-4d6a-9e3f-7ff9900311b6" }, { "type": "file:hashes.SHA-256", "value": "6608aeae3695b739311a47c63358d0f9dbe5710bd0073042629f8d9c1df905a8", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--fe271cfb-bc48-46ee-b77e-5852d2a7a0cd" }, { "type": "file:hashes.SHA-256", "value": "e60d911f2ef120ed782449f1136c23ddf0c1c81f7479c5ce31ed6dcea6f6adf9", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "A Social Engineering Tactic to Deploy Malware", "id": "file:hashes.SHA-256--8ae94dfc-54a7-4641-8af2-fe26168afe33" }, { "type": "file:hashes.MD5", "value": "35205de239cdef9ef9d0e324a21d8d0e", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--2e1f4888-bf2a-4a93-9e30-6248251d1337" }, { "type": "file:hashes.MD5", "value": "62a705c41fd982f241d348e11b65fca9", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--c460690d-33ae-4f6d-9166-64c46eec926e" }, { "type": "file:hashes.MD5", "value": "74652854a125d4395122e1afddf3615a", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--8067531e-8ea1-4a28-8e23-4e7a3d49ea77" }, { "type": "file:hashes.MD5", "value": "895531f9d849155e054903e7cc466888", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--da80c182-984c-4c72-9e14-98b5d8510ddd" }, { "type": "file:hashes.MD5", "value": "a77becccca5571c00ebc9e516fd96ce8", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--5e84e785-878d-44db-b9ed-ae73276f29de" }, { "type": "file:hashes.MD5", "value": "eb69150e0f3bfc15abea38fdf4df95cf", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--62f8b3c0-8080-455b-acae-d8ea39f07fd1" }, { "type": "file:hashes.MD5", "value": "f2e4351aa516a1f2e59ade5d9e7aa1d6", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.MD5--7c0e8e20-5883-475a-aeb2-e1380ed2c2ef" }, { "type": "file:hashes.SHA-1", "value": "1b751a2ee3af91c4cdf020914de19169fceb51ac", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--3cc170d8-76e8-4354-b536-fcd8d293491c" }, { "type": "file:hashes.SHA-1", "value": "238e3da6ee00ef8162bb866ef42ee818d42c99dd", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--fbe91819-b35d-4b7e-8236-d204b323722a" }, { "type": "file:hashes.SHA-1", "value": "4271c3690af27765533a3f1eb30a40d5aebf90bc", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--81e556f3-559b-46ad-a958-ff64cbb9ef2d" }, { "type": "file:hashes.SHA-1", "value": "838581a9ce8e41432b1581363aa8c2b55a5ea733", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--06d0d74c-2be9-40a9-8d39-d032f4387b55" }, { "type": "file:hashes.SHA-1", "value": "c8eae0a24785d7e7cceaa4eb4c5b25114b5f91c9", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--576d354b-302d-4f9d-8872-8c69958558e4" }, { "type": "file:hashes.SHA-1", "value": "d060e074371eedfc3f7c2c1f7a782b6f4979c8f4", "source": "OTX", "malware_family": "ClickFix", "pulse_name": "“ClickFix” Malware Delivery Method", "id": "file:hashes.SHA-1--f4127ec1-ac61-4432-a631-a259506a5fe7" }, { "type": "domain-name", "value": "ripola.net", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "domain-name--bb91a130-0bff-48cc-90b6-583c0cec049a" }, { "type": "domain-name", "value": "plantsroyal.org", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "domain-name--35abccb9-c3d7-4a34-ba64-b2bb8174527f" }, { "type": "domain-name", "value": "valanoice.org", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "domain-name--1f264755-f1e1-4969-b6af-94a905ad1257" }, { "type": "domain-name", "value": "jackropely.org", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "domain-name--a2c1a747-5e9c-4577-8cf1-0ab5833fc9c7" }, { "type": "domain-name", "value": "adorephoto.org", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "domain-name--95ca67b7-9d25-4581-a42e-dfb652b61bc8" }, { "type": "url", "value": "http://valanoice.org/corton/paltor.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--a9f7e6df-aaf5-465c-b9c9-87fde7a63e9c" }, { "type": "url", "value": "http://plantsroyal.org/css/dissa.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--5c8ca6f7-31e2-40ff-9978-56acd2550faf" }, { "type": "url", "value": "http://ripola.net/data/darling.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--d011b8ea-e381-415f-ae87-43a75981320c" }, { "type": "url", "value": "http://plantsroyal.org/css/dina.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--d2eecf67-45f9-4f9d-9c81-2ff3d0587fe7" }, { "type": "url", "value": "http://plantsroyal.org/css/salomon.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--3faa9a78-59e4-4af9-b4ce-e2d707931c68" }, { "type": "url", "value": "http://valanoice.org/dallas/rocket.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--ef2a4642-20fa-4495-8b15-c44a51abe47c" }, { "type": "url", "value": "http://jackropely.org/talker/tirony.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--ffca36c7-544c-4607-92e0-4686474910a5" }, { "type": "url", "value": "http://ripola.net/rist/ristan/poper.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--2bb4c248-b696-404b-83fb-63e1fb5cbda0" }, { "type": "url", "value": "http://valanoice.org/talker/simma.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--8f829d6b-eef6-47cc-8af0-3d9c0b897dcb" }, { "type": "url", "value": "http://jackropely.org/talker/monopolker.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--69fc85e4-9d56-40be-92f4-07e7cfa34a6a" }, { "type": "url", "value": "http://plantsroyal.org/css/pibody.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--36f9a200-5a79-402b-ac77-fcf65d06a4c2" }, { "type": "url", "value": "http://plantsroyal.org/css/parken.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--9e1f63b3-347c-4079-a486-5a65b679bc68" }, { "type": "url", "value": "http://plantsroyal.org/css/papalore.rar", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "url--fe45f1bf-a867-41d5-a4fb-84369c3cd8fb" }, { "type": "email-addr", "value": "abramova.l@wibor5.ru", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "email-addr--64830605-2875-43a5-aa18-fcd5f9fc296a" }, { "type": "email-addr", "value": "y.volkova@i-jazz.ru", "source": "OTX", "malware_family": "infostealer", "pulse_name": "KRIPTOVOR: Infostealer Ransomware", "id": "email-addr--7133c1ee-5364-465a-9345-177ac764efe4" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5d0dbcc-b7b9-44ea-8388-131fa97fefff", "created": "2025-12-11T13:31:35.336Z", "modified": "2025-12-11T13:31:35.336Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'ripola.net']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.336Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8053b14d-eb59-42db-8769-82c8616e8d93", "created": "2025-12-11T13:31:35.336Z", "modified": "2025-12-11T13:31:35.336Z", "relationship_type": "based-on", "source_ref": "indicator--a5d0dbcc-b7b9-44ea-8388-131fa97fefff", "target_ref": "domain-name--bb91a130-0bff-48cc-90b6-583c0cec049a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4032c22e-31fc-4fb6-a65c-425f62eed0d5", "created": "2025-12-11T13:31:35.346Z", "modified": "2025-12-11T13:31:35.346Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'plantsroyal.org']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.346Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c7e11963-40ca-4312-83ec-e7707343510d", "created": "2025-12-11T13:31:35.346Z", "modified": "2025-12-11T13:31:35.346Z", "relationship_type": "based-on", "source_ref": "indicator--4032c22e-31fc-4fb6-a65c-425f62eed0d5", "target_ref": "domain-name--35abccb9-c3d7-4a34-ba64-b2bb8174527f" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a79d555e-590f-4936-8790-734ff4642622", "created": "2025-12-11T13:31:35.354Z", "modified": "2025-12-11T13:31:35.354Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'valanoice.org']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.354Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ccd6f1fa-6169-4ee6-8ddb-acd9dff37d27", "created": "2025-12-11T13:31:35.354Z", "modified": "2025-12-11T13:31:35.354Z", "relationship_type": "based-on", "source_ref": "indicator--a79d555e-590f-4936-8790-734ff4642622", "target_ref": "domain-name--1f264755-f1e1-4969-b6af-94a905ad1257" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed7c65f6-b660-4a99-a249-57d3cc9a099c", "created": "2025-12-11T13:31:35.364Z", "modified": "2025-12-11T13:31:35.364Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'jackropely.org']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.364Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0dd9b504-8932-47c2-8f4a-4c64de13407f", "created": "2025-12-11T13:31:35.364Z", "modified": "2025-12-11T13:31:35.364Z", "relationship_type": "based-on", "source_ref": "indicator--ed7c65f6-b660-4a99-a249-57d3cc9a099c", "target_ref": "domain-name--a2c1a747-5e9c-4577-8cf1-0ab5833fc9c7" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ffc1e50b-bf8c-44df-891e-7fb17adf30e9", "created": "2025-12-11T13:31:35.373Z", "modified": "2025-12-11T13:31:35.373Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'adorephoto.org']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.373Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--252c12eb-82c3-4c0e-8ac6-d5a42b1a9821", "created": "2025-12-11T13:31:35.373Z", "modified": "2025-12-11T13:31:35.373Z", "relationship_type": "based-on", "source_ref": "indicator--ffc1e50b-bf8c-44df-891e-7fb17adf30e9", "target_ref": "domain-name--95ca67b7-9d25-4581-a42e-dfb652b61bc8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06ff5edc-6db1-4231-8805-04e7e54a34d8", "created": "2025-12-11T13:31:35.382Z", "modified": "2025-12-11T13:31:35.382Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://valanoice.org/corton/paltor.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.382Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fc5f794c-a465-47a6-97d4-2a59cd0b1c56", "created": "2025-12-11T13:31:35.382Z", "modified": "2025-12-11T13:31:35.382Z", "relationship_type": "based-on", "source_ref": "indicator--06ff5edc-6db1-4231-8805-04e7e54a34d8", "target_ref": "url--a9f7e6df-aaf5-465c-b9c9-87fde7a63e9c" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc56f07f-b0e0-4383-95b1-1c08b3356bba", "created": "2025-12-11T13:31:35.391Z", "modified": "2025-12-11T13:31:35.391Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://plantsroyal.org/css/dissa.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.391Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--191fe5e3-a5d6-4920-8a6e-0cb37e8ac488", "created": "2025-12-11T13:31:35.391Z", "modified": "2025-12-11T13:31:35.391Z", "relationship_type": "based-on", "source_ref": "indicator--cc56f07f-b0e0-4383-95b1-1c08b3356bba", "target_ref": "url--5c8ca6f7-31e2-40ff-9978-56acd2550faf" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79037e24-8df5-4e1f-91d4-e8a1c29302b8", "created": "2025-12-11T13:31:35.400Z", "modified": "2025-12-11T13:31:35.400Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://ripola.net/data/darling.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.400Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--789b9c7f-8b01-4d40-a14b-91cda0287c52", "created": "2025-12-11T13:31:35.400Z", "modified": "2025-12-11T13:31:35.400Z", "relationship_type": "based-on", "source_ref": "indicator--79037e24-8df5-4e1f-91d4-e8a1c29302b8", "target_ref": "url--d011b8ea-e381-415f-ae87-43a75981320c" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0bba4b86-8244-46a4-9b0c-a7de3246a916", "created": "2025-12-11T13:31:35.410Z", "modified": "2025-12-11T13:31:35.410Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://plantsroyal.org/css/dina.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.410Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--30f665f5-d8c0-4165-9613-152b5c9f7397", "created": "2025-12-11T13:31:35.410Z", "modified": "2025-12-11T13:31:35.410Z", "relationship_type": "based-on", "source_ref": "indicator--0bba4b86-8244-46a4-9b0c-a7de3246a916", "target_ref": "url--d2eecf67-45f9-4f9d-9c81-2ff3d0587fe7" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dcdfd2b9-539b-493b-bc7b-749996b34289", "created": "2025-12-11T13:31:35.419Z", "modified": "2025-12-11T13:31:35.419Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://plantsroyal.org/css/salomon.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.419Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5f738681-6421-4c58-bb46-a9e40b891ef6", "created": "2025-12-11T13:31:35.419Z", "modified": "2025-12-11T13:31:35.419Z", "relationship_type": "based-on", "source_ref": "indicator--dcdfd2b9-539b-493b-bc7b-749996b34289", "target_ref": "url--3faa9a78-59e4-4af9-b4ce-e2d707931c68" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--08a18ad6-3240-4037-b6a4-1af70f466322", "created": "2025-12-11T13:31:35.428Z", "modified": "2025-12-11T13:31:35.428Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://valanoice.org/dallas/rocket.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.428Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fedbafd0-992f-4199-8fa3-4da1276ce567", "created": "2025-12-11T13:31:35.428Z", "modified": "2025-12-11T13:31:35.428Z", "relationship_type": "based-on", "source_ref": "indicator--08a18ad6-3240-4037-b6a4-1af70f466322", "target_ref": "url--ef2a4642-20fa-4495-8b15-c44a51abe47c" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2c430eb-af51-4de8-8e46-978aef94c240", "created": "2025-12-11T13:31:35.438Z", "modified": "2025-12-11T13:31:35.438Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://jackropely.org/talker/tirony.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.438Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2499904c-762d-46b0-a3b6-59e006eeb4ae", "created": "2025-12-11T13:31:35.438Z", "modified": "2025-12-11T13:31:35.438Z", "relationship_type": "based-on", "source_ref": "indicator--b2c430eb-af51-4de8-8e46-978aef94c240", "target_ref": "url--ffca36c7-544c-4607-92e0-4686474910a5" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f613c14-db4a-4a80-9947-526c2e4cd4f5", "created": "2025-12-11T13:31:35.447Z", "modified": "2025-12-11T13:31:35.447Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://ripola.net/rist/ristan/poper.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.447Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c2ccd10d-7183-4907-871c-786a5e6633ee", "created": "2025-12-11T13:31:35.447Z", "modified": "2025-12-11T13:31:35.447Z", "relationship_type": "based-on", "source_ref": "indicator--5f613c14-db4a-4a80-9947-526c2e4cd4f5", "target_ref": "url--2bb4c248-b696-404b-83fb-63e1fb5cbda0" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c2257b0-dd91-4787-b3e8-400068406316", "created": "2025-12-11T13:31:35.457Z", "modified": "2025-12-11T13:31:35.457Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://valanoice.org/talker/simma.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.457Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5322c32b-e0a5-4b61-84ea-9aa69a2b5e9f", "created": "2025-12-11T13:31:35.457Z", "modified": "2025-12-11T13:31:35.457Z", "relationship_type": "based-on", "source_ref": "indicator--9c2257b0-dd91-4787-b3e8-400068406316", "target_ref": "url--8f829d6b-eef6-47cc-8af0-3d9c0b897dcb" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3263ac3b-0df7-44a3-9247-9f16cf1411d1", "created": "2025-12-11T13:31:35.466Z", "modified": "2025-12-11T13:31:35.466Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://jackropely.org/talker/monopolker.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.466Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--080f13b1-117e-438b-bb68-93e5cf571fae", "created": "2025-12-11T13:31:35.466Z", "modified": "2025-12-11T13:31:35.466Z", "relationship_type": "based-on", "source_ref": "indicator--3263ac3b-0df7-44a3-9247-9f16cf1411d1", "target_ref": "url--69fc85e4-9d56-40be-92f4-07e7cfa34a6a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ef18466-3e06-431b-966a-83707ea0aa9f", "created": "2025-12-11T13:31:35.474Z", "modified": "2025-12-11T13:31:35.474Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://plantsroyal.org/css/pibody.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.474Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ff6459f3-ad68-4608-b701-a93b640e8cf8", "created": "2025-12-11T13:31:35.474Z", "modified": "2025-12-11T13:31:35.474Z", "relationship_type": "based-on", "source_ref": "indicator--0ef18466-3e06-431b-966a-83707ea0aa9f", "target_ref": "url--36f9a200-5a79-402b-ac77-fcf65d06a4c2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d866dc52-d84b-46c3-910d-976fc57eb9a6", "created": "2025-12-11T13:31:35.484Z", "modified": "2025-12-11T13:31:35.484Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://plantsroyal.org/css/parken.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.484Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--33052b0f-0c2c-4a98-8dba-c680572508f9", "created": "2025-12-11T13:31:35.484Z", "modified": "2025-12-11T13:31:35.484Z", "relationship_type": "based-on", "source_ref": "indicator--d866dc52-d84b-46c3-910d-976fc57eb9a6", "target_ref": "url--9e1f63b3-347c-4079-a486-5a65b679bc68" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca12746e-8df1-43ba-b407-66decc0331f6", "created": "2025-12-11T13:31:35.493Z", "modified": "2025-12-11T13:31:35.493Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://plantsroyal.org/css/papalore.rar']", "pattern_type": "stix", "valid_from": "2025-12-11T13:31:35.493Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--334c7daa-3754-4917-830e-e467668d9b9d", "created": "2025-12-11T13:31:35.493Z", "modified": "2025-12-11T13:31:35.493Z", "relationship_type": "based-on", "source_ref": "indicator--ca12746e-8df1-43ba-b407-66decc0331f6", "target_ref": "url--fe45f1bf-a867-41d5-a4fb-84369c3cd8fb" } ] }