Cybersecurity Latest Rundown

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

SOX: 15 HIPAA: 4 FISMA: 2 PCI DSS: 1

Industry Watch

🚨 Government (FISMA) CRITICAL

Threat activity 3.5x above normal

Key threat: React2Shell (CVE-2025-55182) Exploitation in Federal Systems

Action: Review React2Shell Exploitation Escalates into Large-Scale Global Attacks, U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog

Healthcare (HIPAA) ELEVATED

Threat activity 2.2x above normal

Key threat: GeminiJack Zero-Click Data Exfiltration

Action: Review GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration, Following the digital trail: what happens to data stolen in a phishing attack

CyberSecurity Latest Rundown

Heroes, React2Shell is a MAJOR vulnerability. We have starting points to help you address that and more: Here's a curated look at the current cybersecurity landscape for December 12, 2025.

CRITICAL ITEMS

React2Shell Exploitation Escalates into Large-Scale Global Attacks
Date & Time: 2025-12-12T08:41:00

CISA has issued an emergency mandate for federal agencies to patch the React2Shell vulnerability (CVSS 10.0) by today, December 12, 2025, following confirmed widespread exploitation. This critical flaw in React Server allows attackers to execute arbitrary code remotely, leading to full system compromise.

Business impact

If exploited, attackers gain complete control over web servers—expect immediate data breaches, operational shutdowns, and mandatory federal reporting. Non-compliance with the CISA deadline carries significant regulatory penalties for government contractors.

Recommended action

Ask your IT team: "Have we identified all instances of React Server in our environment and applied the CVE-2025-55182 patch as of this morning?"

CVE: CVE-2025-55182 | Compliance: SOX, FISMA | Source: The Hacker News ↗, Reddit ↗
U.S. CISA adds GeoServer flaw to Known Exploited Vulnerabilities
Date & Time: 2025-12-12T09:24:42

CISA has added a critical GeoServer vulnerability (CVSS 8.2) to its KEV catalog, confirming active exploitation in the wild. This flaw allows unauthenticated attackers to execute arbitrary code on servers managing geospatial data.

Business impact

Exploitation allows attackers to steal proprietary mapping data or use the server as a beachhead for ransomware deployment. Organizations using GeoServer face immediate risk of lateral movement and data theft.

Recommended action

Ask your IT team: "Is our GeoServer infrastructure isolated from the public internet, and have we applied the patch for CVE-2025-58360 immediately?"

CVE: CVE-2025-58360 | Compliance: SOX, FISMA | Source: SecurityAffairs ↗, SecurityWeek ↗
GeminiJack zero-click flaw in Gemini Enterprise
Date & Time: 2025-12-11T20:16:22

Google has patched "GeminiJack," a critical zero-click vulnerability in Gemini Enterprise that allowed attackers to exfiltrate corporate data via crafted emails or documents without user interaction. This flaw bypassed standard user defenses by triggering directly through the platform's processing logic.

Business impact

This vulnerability exposed sensitive corporate data processed by AI tools to theft without any employee error. A successful exploit could result in the silent loss of intellectual property and severe GDPR/HIPAA violations.

Recommended action

Ask your IT team: "Can we verify that our Google Workspace environment has received the Gemini Enterprise patch and are there any logs indicating unusual data access patterns from the AI service?"

CVE: n/a | Compliance: SOX, HIPAA | Source: SecurityAffairs ↗

HIGH SEVERITY ITEMS

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2
Date & Time: 2025-12-12T11:11:36

Elastic Security Labs has discovered NANOREMOTE, a sophisticated Windows backdoor that utilizes the Google Drive API for Command and Control (C2). This technique allows the malware to blend its traffic with legitimate business operations, making detection difficult for standard network filters.

Business impact

Attackers can maintain persistent, stealthy access to corporate networks, enabling long-term espionage or data theft. Traditional firewall rules may fail to block this traffic since it appears as trusted Google services.

Recommended action

Ask your SOC team: "Do we have detection logic in place to identify high-frequency or anomalous Google Drive API usage from non-user endpoints?"

CVE: n/a | Compliance: SOX, GDPR | Source: SecurityAffairs ↗
Microsoft Bug Bounty Program Expanded to Third-Party Code
Date & Time: 2025-12-12T11:01:04

Microsoft has expanded its bug bounty program to include critical vulnerabilities in third-party and open-source code that impacts Microsoft services. This strategic shift acknowledges that supply chain vulnerabilities are now as critical as first-party code defects.

Business impact

This highlights the systemic risk of open-source dependencies in enterprise software. While it incentivizes security research, it also signals that third-party components are a primary attack vector for major platforms.

Recommended action

Ask your AppSec team: "Are we monitoring the Microsoft bounty disclosures for third-party components that we also use in our own internal applications?"

CVE: n/a | Compliance: SOX | Source: SecurityWeek ↗
React and Next.js disclose follow-up vulnerabilities
Date & Time: 2025-12-12T12:25:30

Following the critical React2Shell disclosure, new vulnerabilities have been found in React and Next.js that allow for Denial-of-Service (DoS) and source code exposure. While less severe than RCE, these flaws can still disrupt operations and leak intellectual property.

Business impact

Operational downtime due to DoS attacks and potential exposure of proprietary application logic. This increases the attack surface for web applications already under stress from patching the critical RCE.

Recommended action

Ask your developers: "Have we applied the secondary patches for React and Next.js to prevent DoS and source code leakage?"

CVE: n/a | Compliance: SOX | Source: Reddit ↗

MEDIUM SEVERITY ITEMS

$320,000 Paid Out at Zeroday.Cloud for Open Source Exploits
Date & Time: 2025-12-12T07:41:41

A hacking competition awarded significant bounties for zero-day exploits in critical infrastructure software including Grafana, Linux Kernel, Redis, and PostgreSQL. This underscores the active market for exploits in foundational open-source technologies used by most enterprises.

CVE: n/a | Compliance: SOX | Source: SecurityWeek ↗
Zigbee assessment in industrial environments
Date & Time: 2025-12-12T08:00:17

New research highlights security risks in the Zigbee protocol used extensively in industrial IoT and home automation. The assessment reveals how these "simple" devices can introduce complex vulnerabilities into OT networks.

CVE: n/a | Compliance: SOX | Source: Kaspersky Securelist ↗
Following the digital trail: data stolen in phishing
Date & Time: 2025-12-12T10:00:39

Analysis details the post-compromise lifecycle of data stolen via phishing, showing immediate transformation into commodities on the dark web. This emphasizes that the "breach" is just the beginning of the attack chain.

CVE: n/a | Compliance: HIPAA, PCI DSS | Source: Kaspersky Securelist ↗

EXECUTIVE INSIGHTS

CISA Releases National Critical Functions Set
Date & Time: 2025-12-11T12:00:00

CISA has released the inaugural set of National Critical Functions, defining vital government and private sector operations. This framework will likely guide future regulatory priorities and resilience planning requirements.

Source: CISA ↗
DHS Holds Classified Briefing for Election Companies
Date & Time: 2025-12-11T12:00:00

DHS conducted a classified briefing on the cyber threat landscape for the election infrastructure sector. This indicates heightened concern regarding election security and potential nation-state interference vectors.

Source: CISA ↗

VENDOR SPOTLIGHT

Spotlight Rationale: Selected for rapid detection of the React2Shell (CVE-2025-55182) vulnerability and protection against web-based exploitation vectors highlighted in today's critical intelligence.

Threat Context: React2Shell and related RSC vulnerabilities

Platform Focus: Cloudflare Cloudforce One & WAF

Cloudflare's Cloudforce One threat intelligence team identified and began monitoring the React2Shell vulnerability immediately upon disclosure. Their WAF platform leverages this real-time intelligence to block exploitation attempts (like the observed scanning activity) at the network edge before they reach your servers, providing a critical shield for unpatched systems.

Actionable Platform Guidance: Ensure your Cloudflare WAF is configured to block requests matching the specific signatures for CVE-2025-55182. Enable "Managed Rules" for recent CVEs and review the "Security Events" log for blocked requests targeting shell execution paths.

Source: Cloudflare ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - Cloudflare WAF

# Cloudflare WAF Configuration Steps for React2Shell Protection
# 1. Navigate to Security > WAF > Managed Rules
# 2. Locate "Cloudflare Managed Ruleset"
# 3. Search for rule ID associated with CVE-2025-55182 (React2Shell)
# 4. Set action to "BLOCK"
# 5. Verify deployment:
curl -I -H "User-Agent: React2Shell-Scanner" https://your-domain.com
# Expected response: 403 Forbidden
}

2. YARA Rule for NANOREMOTE

rule NANOREMOTE_GoogleDrive_C2 {
meta:
description = "Detects NANOREMOTE backdoor artifacts and Google Drive API abuse indicators"
author = "Threat Rundown"
date = "2025-12-12"
reference = "https://securityaffairs.com/?p=185613"
severity = "medium"
tlp = "white"
strings:
$s1 = "NANOREMOTE" ascii wide
$s2 = "AshTag" ascii wide
$s3 = "AshenLoader" ascii wide
$s4 = "AshenOrchestrator" ascii wide
$s5 = "Ashen" ascii wide
$c2_api = "googleapis.com/drive/v3/files" ascii wide
condition:
uint16(0) == 0x5A4D and
(any of ($s*) or $c2_api)
}

3. SIEM Query — GeoServer Exploitation (CVE-2025-58360)

index=security sourcetype="web_server_logs"
uri_path="*/geoserver/wms*"
(method="POST" OR method="PUT")
| eval risk_score=case(
match(uri_query, "(?i)cmd="), 100,
match(user_agent, "(?i)China|GetMap"), 100,
status=200, 50,
1==1, 0)
| where risk_score >= 50
| table _time, src_ip, dest_ip, uri_path, user_agent, risk_score
| sort -_time

4. PowerShell Script — Check for GeoServer/China Threat Artifacts

$computers = "localhost", "SERVER01", "WKSTN01"
foreach ($computer in $computers) {
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Write-Host "Checking $computer for CVE-2025-58360 artifacts..."

# Check for known malicious filenames associated with the campaign
$malware = Invoke-Command -ComputerName $computer -ScriptBlock {
Get-ChildItem -Path "C:\Windows\Temp", "C:\Users\Public" -Recurse -ErrorAction SilentlyContinue |
Where-Object { $_.Name -eq "caidao.exe" }
}

if ($malware) {
Write-Warning "CRITICAL: Malicious artifact 'caidao.exe' found on $computer!"
} else {
Write-Host "Clean: No artifacts found on $computer." -ForegroundColor Green
}
}
}

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "type": "bundle", "id": "bundle--07d622af-4bd0-49e6-86bf-5d5b7ebb4c7c", "objects": [ { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "created": "2022-10-01T00:00:00.000Z", "definition_type": "tlp:2.0", "name": "TLP:CLEAR", "definition": { "tlp": "clear" } }, { "type": "identity", "spec_version": "2.1", "id": "identity--30fb8658-d4f1-4a64-87a8-42846b60b5f7", "created": "2025-12-12T17:22:57.146Z", "modified": "2025-12-12T17:22:57.146Z", "name": "MikeGPT Intelligence Platform", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "identity_class": "organization", "sectors": [ "technology", "defense" ], "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "report", "spec_version": "2.1", "id": "report--40e0067c-180f-4b68-8ea8-633e78c11ab5", "created": "2025-12-12T17:22:57.146Z", "modified": "2025-12-12T17:22:57.146Z", "name": "Threat Intelligence Report - 2025-12-12", "description": "Threat Intelligence Report - 2025-12-12\n\nThis report consolidates actionable cybersecurity intelligence from 88 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• How to Code Signing an Electron.js App for macOS? (Score: 100)\n• How Secure Is Your Password? It Could Be Cracked Within an Hour (Score: 100)\n• In Other News: PromptPwnd Attack, Small macOS Bounties, Chinese Hackers Trained in Cisco Academy (Score: 100)\n• Elastic detects stealthy NANOREMOTE malware using Google Drive as C2 (Score: 100)\n• Microsoft Bug Bounty Program Expanded to Third-Party Code (Score: 100)\n\nEXTRACTED ENTITIES:\n• 21 Attack Pattern(s)\n• 53 Domain Name(s)\n• 3 File:Hashes.Sha 256(s)\n• 56 Indicator(s)\n• 4 Malware(s)\n• 1 Marking Definition(s)\n• 188 Relationship(s)\n• 1 Threat Actor(s)\n• 6 Tool(s)\n• 4 Url(s)\n• 4 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "published": "2025-12-12T17:22:57.146Z", "object_refs": [ "identity--30fb8658-d4f1-4a64-87a8-42846b60b5f7", "identity--cf8ac5fd-11aa-467e-b6bf-1f56ee5d1cce", "identity--ae4d5f46-29c5-40ae-842b-378abf057c12", "identity--53a6e913-b371-4d86-baa7-f737222b3ce5", "identity--8c780a2d-c2e1-4081-a002-eb0698c76ec2", "vulnerability--71cb02e4-ad92-4347-aa2b-cfd49c7cfd7d", "vulnerability--09cfd756-732a-426d-8c11-8d9ddb3e9e05", "identity--161fc746-cd49-4615-ab48-81a93a1b16b4", "identity--d5a86945-8ad0-49a2-bb31-9bcb1acf001a", "identity--0e413d56-4228-4335-b45d-ec9e01065428", "vulnerability--d95868d7-4f07-4d84-b742-07ee4cf4adbf", "tool--b7b55583-fb7b-43d9-83be-0835e0fe62ec", "identity--47bf9d38-d349-402a-a13a-80902512dd17", "identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396", "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "identity--b0cec87f-da35-4d9b-b1e6-e530898b873e", "identity--1edd8fa1-7960-4001-a45a-4ef8628fe2d8", "identity--903cbc0e-f08a-4348-9af6-d661a1cf1372", "identity--044fde07-eb6c-4c20-922f-0b39f08e3011", "identity--0e5cc220-09c8-4170-a1c8-d12d4cf1445e", "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "identity--69268c33-6dec-4faa-a418-09b5f7cf3f86", "identity--bf0ff4d9-0f5b-43f5-94a0-21793cede8b4", "identity--5091dd52-af66-4aa1-9c68-b36f398344ff", "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "tool--e8031cd8-c13d-49fd-93bc-c206e5451874", "tool--0857daa5-805a-4e9e-a632-102fb5f470c7", "identity--d7f2021c-5587-4887-b946-e550eefb52ee", "tool--e40833f0-0b4e-4844-b1d8-9e9c2c96c638", "tool--8af2422b-83ad-48ab-a355-0c457fd5ff29", "identity--17d85fe0-e189-492a-8b69-6e8f0b6a5007", "identity--8cc898f8-e51f-4925-9414-deff32fce145", "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "identity--afca59b3-d698-4d28-91ec-9265880465f7", "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "vulnerability--ad22f1fe-82f3-4974-af26-79310368fc0a", "identity--092208fd-b85c-4175-94a6-1920497be945", "identity--d77cc049-c871-4d91-8b0d-c0fea99118c9", "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "identity--911a7bf8-d4d0-45e3-b8d4-b847fb3f1076", "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "attack-pattern--97050bed-0864-4e3c-9f82-facd1eb7fc63", "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "relationship--c1e50105-821c-4154-a5bb-dcddaca3a8da", "relationship--09b79339-bcaf-439b-8c6d-a31a9d13c4a8", "relationship--ec1858a8-3a62-4a06-8def-246132934411", "relationship--16aafd48-4efe-4a1d-8ab7-123f98ac7d6f", "relationship--7f3fad84-fd00-485d-ac47-0f1a292304f4", "relationship--4d4de7e2-b60c-4eb8-82e5-b4779e9ba4d5", "relationship--618aba8f-e81f-41e0-a579-f20352124723", "relationship--0aedfa28-6f88-46f6-a319-a9be3fbe0cdc", "relationship--bff83e25-8487-4082-8dea-51f7bbca1d10", "relationship--e149cf3a-72b2-45e5-aa9e-a3ca503ba50c", "relationship--9c2f7179-610d-4ccf-844b-23092d23f634", "relationship--7fdd92c8-037c-4940-a042-ca7fa2f8e030", "relationship--d67d702e-4f94-476d-b1e0-290fd8f13b3d", "relationship--f33d0bbd-3556-4ae9-9312-fc3bf4776213", "relationship--32c34951-4b28-4d8a-a6ca-dd1eb6aa86a8", "relationship--de3b18d2-cd51-4d25-a6f0-2008be9553e9", "relationship--e0231f81-e17d-4d79-86d6-50b4c1986a3f", "relationship--10d04504-2aa0-417f-81c7-b5ce66e962bd", "relationship--37e64697-3769-4321-bdf4-4a35ef519d8b", "relationship--b80c4101-23c0-450e-838e-bd15b7bdc54a", "relationship--5a9a4bad-7328-496e-aafe-ef32dd813395", "relationship--c228bac6-4afd-4c9c-b035-6f5aadfbee62", "relationship--897437e8-4b74-472a-8313-330e7b717be6", "relationship--6ab19616-f0ff-4550-981e-43190cedf4b8", "relationship--6b1096a1-413e-456e-ba99-47aa41e34765", "relationship--276baab8-b1ee-4f85-9739-af636fab9fc5", "relationship--e7434984-aaf4-4463-9f4b-a72b8ff72792", "relationship--08225d8d-6da0-433e-9861-3ff0e1910c58", "relationship--52674229-0ae9-48e5-b142-6191d969cc86", "relationship--afa97e29-7c2e-4d3d-b3c5-7d0a0feacdfa", "relationship--92cb050c-f3f9-4041-baee-adba030a9495", "relationship--5d66f9b5-fcca-4e47-b8bb-cd8875645c69", "relationship--b96262ca-9639-4d1f-8085-59eccd955bec", "relationship--d9d2cbc4-83d8-4dd4-ae9a-a6a0504baace", "relationship--e4a1d88d-f4cf-422c-9472-724ed6a58f98", "relationship--c20971c8-f61c-4bee-bbf9-32da245f6550", "relationship--6400b154-ebe7-4b5a-b564-84a1154660ad", "relationship--ff055bb1-8927-40dd-8e92-0cdf1ffd519c", "relationship--601b08d2-1844-4d31-a5e5-ccb0b2bc66b2", "relationship--d1fcb49f-d4bc-4e8a-8047-72d6053d2a15", "relationship--d7c8f4ff-dd11-4b35-b216-69c6570cdb94", "relationship--41a5c615-de2f-47dd-ac90-7a93ecd0a94b", "relationship--073c77f8-4b53-46ba-bbb0-0dd14ba4658a", "relationship--f24411b0-c4da-404c-b49b-77543886392a", "relationship--141581aa-31a8-4b53-8f2d-9e9656feb177", "relationship--b1a48beb-1858-4846-9a89-1e30dabe554a", "relationship--10ede251-dcc0-4844-9244-a826e6b006f6", "relationship--8dbaa9db-e4ac-4e12-b31a-6c4d003c5407", "relationship--996bafa3-3b1a-457d-a9bf-8b146718de49", "relationship--b689b8a8-f9b7-46e8-ad00-4e31430f8efc", "relationship--df059b84-2d3e-4a95-84e4-4c912b884e7d", "relationship--0751058e-8d39-4d06-bbbf-ba488e23f35d", "relationship--2f0d53ad-d746-4b6d-8d91-0867fa781f72", "relationship--2ecaf22f-43b9-4dc7-93b4-8fe67638fc6e", "relationship--797d6c6e-37fc-4f8e-85e5-0467eaf2c8ef", "relationship--1b26fc54-962d-48df-b1de-6e77979ba59d", "relationship--90d896df-09f0-4802-8869-e68e99462cf0", "relationship--b6067c5e-d03b-4222-9248-035fce452101", "relationship--df35a234-6203-4a5e-9b63-acda366e393c", "relationship--e7658ed6-d6a2-48a6-9396-16f7ab0199c8", "relationship--3a7df8b3-4d2c-4232-9fbe-905256962579", "relationship--c9cc25a3-0f90-4453-a824-3ba2cac4d5f2", "relationship--3a1625e1-d2f1-4242-86f6-1c5b0f5d511b", "relationship--81a17c7f-c0cc-41cd-bc1b-468aae5b408e", "relationship--0cdce77d-7b16-4509-9d97-daa9fbc17e0a", "relationship--c039e269-d014-46d6-b31a-8d82a77d3cab", "relationship--6d9a3f70-2626-4d39-8b48-70a563ee3aaf", "relationship--836fa353-f48f-43d3-b3a2-a2cd7dedfe27", "relationship--00e8b2f9-14b3-41de-b44e-7d2ca198f19b", "relationship--3064b193-8319-4250-8eac-e93b45ffa2dd", "relationship--64410936-8483-4bae-983f-2a0cb161f7a8", "relationship--b3c58115-1f9a-4abd-8f9f-359413d3b34a", "relationship--511f45fb-3983-4d2a-9045-0c6a84811dff", "relationship--a21233b0-0133-492f-b6d0-a54506be9bce", "relationship--89cfd520-8578-4429-97ff-baa89411c027", "relationship--f19ee770-a56f-41f8-9585-81d5cd3ddc77", "relationship--453f2a0a-e793-4f7e-84cc-a2d49eef6299", "relationship--2737e996-1985-4641-aa7a-6568977b1e4e", "relationship--77b7cf6f-27db-442b-bfbf-b07918ee49ba", "relationship--d45c9e5b-8bfb-43cf-8ec4-ad857153b8e0", "relationship--85ef8e8b-caf5-4073-9eec-b92d4e9064ab", "relationship--3888c592-f64c-419d-a984-179f4bc0b7a2", "relationship--6999a889-2a51-4414-bb42-fc64ff304c78", "relationship--7fdb1675-5fb5-4ec8-8152-a2b48273c9bc", "relationship--a32fbd16-6de7-4dae-ad6d-c41f65f97597", "relationship--f6fb0c10-8f13-48d6-8f11-6fbd8ad7f801", "relationship--d4e63c1f-8395-4f71-9e6a-17eadfcb3252", "relationship--7d0791fe-4591-47a5-978c-edb93028b285", "relationship--d6287d12-632d-4baa-8601-ff83d38c06e2", "relationship--efccaea8-e755-43cd-960c-6b154d6f2c68", "relationship--e9e5343e-65f1-41ae-b342-c078b7d8c08c", "relationship--19183f6f-0d88-4906-af0f-2e7bf9041092", "relationship--6093f126-b754-49f6-bb16-44b63546166b", "relationship--3c70ce4c-d5a7-4162-8640-cd00f801a814", "relationship--3555ae16-51e3-47fb-a770-bba4072516cd", "relationship--5a46faa5-6385-4da3-9032-cc3369f31138", "relationship--fdbe84bf-c9b8-457f-923c-e5621207644a", "relationship--a1762911-e7cb-4277-8c0e-863817c1ac96", "relationship--7cfae5a0-bd08-45b2-9605-e46c06ba65db", "relationship--f52cd531-e834-45cd-89fe-d7b58d6ff89e", "relationship--a30b79c2-0636-42c0-8516-038b2f085498", "relationship--f7216cda-e035-4563-b513-adca10d0036f", "relationship--ce0c7ca8-7936-446b-b8d5-395756e01b56", "relationship--f6150a42-71f3-4eba-b0c0-c399e2731b3e", "relationship--7eed996b-7b35-4e15-99fc-6716a20de679", "relationship--173566dd-0b48-406e-aeec-3cdcdf4f2a53", "relationship--a32b8c08-e658-4959-9639-b150eb28f903", "relationship--30be195c-a9bc-4bb7-ae30-a0295f65a3d8", "relationship--2661e712-5094-449f-a54d-ed5620a24f0c", "relationship--77481b5f-9d4c-4d7d-af00-ade2c9c35788", "relationship--f57639b0-14d9-4173-9584-818ba995536a", "relationship--4d49ce2b-ade4-4a6e-82a5-4bdbc3ac8a41", "relationship--a4258a5e-7392-4edd-affc-b0b85888ce3e", "relationship--c2552193-f1b4-40dd-b738-b414d24d26be", "relationship--42435157-d169-482a-85e9-d10b1bd61af1", "relationship--be6782ba-6aba-4ae9-a515-ef59cc8a5c75", "relationship--5e680e1b-bcb6-4ca5-86a7-a652b2febce2", "relationship--fa98a280-7d70-4d65-956a-197baa6ae08e", "relationship--d51462d9-cf31-4794-ab63-be3a8a98c1a4", "relationship--f147f8c6-badf-4ec2-a10c-3bc2651749bb", "relationship--5b6cdb7c-72b0-4e7d-9d8b-d3f84b688624", "relationship--561d1049-3ad1-48ed-a8b7-9e58488c78c1", "relationship--b79c200e-900f-4fa6-ae83-7d38ca128a3c", "relationship--92b81ea5-6807-4807-b601-14af0c33b13a", "relationship--fe4db3df-5406-40d7-a890-106ce23d1fca", "relationship--0c377dd8-defe-4904-8f6b-c1cebae84200", "relationship--0666afb6-b444-42c2-a6bc-ef0436480a4c", "relationship--d4859b25-5bba-4376-98cd-14640c665e4e", "relationship--f0e6c179-0899-4c86-a942-42b2ee4e7270", "relationship--81c943e6-aad8-4689-b214-760352fbc493", "relationship--2b9a2387-1796-4c74-ba89-e60d312e7dc6", "relationship--be659a78-15c5-4115-a428-586df6cfd560", "domain-name--cef44310-0a09-4fec-a2d2-395216ea1d92", "domain-name--40e0295c-7915-4630-9c0a-33408ed013ef", "domain-name--079dc616-debf-416a-bf78-ce296784b3da", "domain-name--5198960c-59f2-4e42-a8a2-846594eb874e", "domain-name--2758b67c-7bfe-468f-9e9e-3097fe4ac93a", "domain-name--f5740dfd-0c0b-4c1d-a370-575516292cc1", "domain-name--ca70c5a9-70e5-4938-bf7f-004034ea8536", "domain-name--af016774-6e15-42db-ba82-d5f8eb606c6c", "domain-name--539beff5-3fc1-4919-a24b-efd63cba3c80", "domain-name--bec195ae-8507-4bb3-b6fb-0af657ee8c94", "domain-name--857b86f6-4582-48ef-834f-f28066776b1b", "domain-name--6eda7a23-ea91-46cb-a26e-65abe3fe88da", "domain-name--5a83240b-58ec-4d43-96b0-fe66bb2c5454", "domain-name--216d649a-1d24-4806-8cf8-6bf9afc8d8f8", "domain-name--c4d53482-88ec-45d0-93bc-a03886aa4631", "domain-name--c72da80e-c934-4957-a835-75bdec3148ce", "domain-name--c3f0aa9c-4b40-412a-afba-e45479028a74", "domain-name--833d79aa-becb-4709-9860-21b1d886a24c", "domain-name--81c44f89-db1c-444d-98bb-c48e3f0c9ed6", "domain-name--61d2fa2d-0b17-4e8c-ad34-d8dd31380760", "url--0b21aba5-1f3a-4278-8ed8-42f097ae9c98", "url--543e1227-5f9b-46aa-b81c-dcb4cba2fc9a", "url--df2b58ec-5476-4cec-818c-b89fe061d95d", "file:hashes.SHA-256--ddac3126-06eb-49cd-9e1b-a96e4b3f4317", "domain-name--b7c018f6-b60a-4d4b-870e-3eaf2fc4f401", "file:hashes.SHA-256--3793ed8a-f538-42cd-a260-979ababa4a44", "file:hashes.SHA-256--047ba89f-b224-4b2b-9dee-cf40edcfe785", "url--93867192-1605-4756-a2c6-c22fa5f81523", "domain-name--4100378c-1e04-43e4-bdec-e2fc1489d87a", "domain-name--c8466904-c7cf-45ab-aa13-8edccbb34e48", "domain-name--118a8f47-d0cd-4ed1-9e49-b16bc78e5c01", "domain-name--d9601077-ee38-4ce5-904e-65367aef2d7a", "domain-name--eed18f06-8d67-4576-8ea0-12be9d6dc84e", "domain-name--a618ed0c-53a0-4c93-94f0-2429196d1c1c", "domain-name--e99d12ab-a1a6-4d5e-94c4-259513a00ae0", "domain-name--f0ec9750-c9b4-432b-b7f2-f0e9095a5909", "domain-name--143138d3-9956-4aa3-9fe5-2f440a6b9314", "domain-name--dcff5ca5-28d1-4329-b382-ad32cc980f04", "domain-name--eab3fadb-cde5-4ad0-b8b6-2250a8b3ca48", "domain-name--fa1f2df4-6f28-467c-b367-22392642fa14", "domain-name--b7d14ee7-4225-40f2-9972-74670716d13f", "domain-name--0e1bd390-9e8b-4f66-b68c-a103ab8266bb", "domain-name--17ba9f44-5930-43f1-bcf7-e72eeeb2ba83", "domain-name--4173b272-1fcd-4ba0-8e63-a4669be79ef4", "domain-name--031a0608-2b94-4d25-a7c3-2617f8243c6a", "domain-name--44df0249-465e-4900-aa1e-61b0b1ce2317", "domain-name--88cb9577-0268-4c4a-be4d-3e608de1c8b2", "domain-name--209edcd8-ab1b-4b19-96ed-feada1bc87b6", "domain-name--38421339-d71c-436e-9dfb-79d7902eb0c1", "domain-name--616eb973-e101-48b3-a9e1-9394a7644816", "domain-name--0757422d-fd22-4da4-9e51-2fd0d038bb0f", "domain-name--e598714c-13f3-4676-8d52-6aa264969832", "domain-name--054249ea-c08a-4c2a-af44-2d03f10ce1f0", "domain-name--7a05ea38-9f31-4a8a-9eba-defd93ba8877", "domain-name--7cf1a6b4-f205-4aaf-a904-4fca948a824a", "domain-name--516cbadd-a8ed-40f1-93e3-6483c1679b2b", "domain-name--8dddd3a3-c417-46e3-81f2-5cceb2404b73", "domain-name--68df9655-8bef-4502-909e-d7741e666334", "domain-name--8b0a73b5-dd89-4803-98e3-86cdacdbad88", "domain-name--7be7cce6-3efb-4e1a-9f3e-464e89c52849", "indicator--a54c2ae7-2ffb-4615-a62e-e6a9c050a4e8", "relationship--8959a1a7-327b-4d4c-89f8-5b24969d554f", "indicator--421d045d-e727-43ff-97de-8fb0f59c41ee", "relationship--33f17853-c256-46e7-86c1-4ece444dccf3", "indicator--369b264f-8703-4b39-94a1-2c4d2082c55b", "relationship--d9d563a8-e2c6-46ba-b560-faeb6689f216", "indicator--d2889eec-e7c2-498b-9cff-db2f86ab33e2", "relationship--e4fc2b86-49cb-44a5-986e-15af1779fa23", "indicator--f06506df-48b3-42b0-af2e-a6000cff2a3b", "relationship--ba5f4388-da27-42f1-9d9a-6f184ded3fa3", "indicator--7e2906b0-4301-4df9-99ba-c0610a4ac288", "relationship--01367018-26aa-4ccc-80f9-bdc70758a706", "indicator--2a6ca592-526e-4a13-9418-21bfa657532f", "relationship--b3acaf24-7569-475a-8a3d-8040ad2ab912", "indicator--c194a0df-065c-4578-89c9-3ab41ed37575", "relationship--6ac91548-56ae-4bd6-86fd-1ef3c6e49ef5", "indicator--ee2e6a13-b2da-48ab-8a2b-f8fc7e7cf66c", "relationship--a59a4b17-0d55-471a-872d-ca3f8004562a", "indicator--cb7730ea-506c-4f89-8f8f-f96d0e9201cf", "relationship--16f8af93-7304-4843-94ab-0a0d570f79ce", "indicator--bf731d7d-81f8-42a6-b294-696f9ca3937f", "relationship--cdbff4ea-1610-4ec9-ab11-774a3af3742e", "indicator--acdfdd62-697d-48c3-9447-3413aaeebcb3", "relationship--dc18b085-535a-41c1-9bee-8894ae0e4a3f", "indicator--ee5c0233-f514-4e52-a99f-5a2999860d17", "relationship--2bf233de-1196-47bc-bbbd-2ae8a64781f5", "indicator--2cc7cec0-fc60-4b41-9f1b-c6e6ca66e3b6", "relationship--6f7ef2ef-cac6-4041-944c-e8e4432b488e", "indicator--eaf3318d-4c7a-4624-84c7-86e244b7c85d", "relationship--4d042a95-e97f-4c50-875a-ee5ebab72d23", "indicator--a821e50c-01bb-47c1-883d-47d8aba2719e", "relationship--8a2fdf64-a501-454b-9c24-c394cc730cfc", "indicator--d0a5d150-4514-4343-9cf1-0ed07a2b0813", "relationship--655472f3-d69d-40f0-9edb-3cb84ced2c39", "indicator--06adb04a-b0ad-4964-a1fe-f2a91ecef425", "relationship--4830467b-f507-40ad-aa16-56eb5fd81102", "indicator--3831e165-ff29-4a1f-8564-9aacf1e14048", "relationship--0e275ae6-65c9-481f-85b3-0fa12aa41f6a", "indicator--fd60898e-1c8d-4d99-be71-97bc085298da", "relationship--51004368-f048-48ea-b626-4e61aa2e83d7", "indicator--9bfb4a3d-60cc-4b3e-aaad-855024e77458", "relationship--52bb0ae2-da52-4eb6-969f-021dd00b207b", "indicator--8f94ba14-58ac-4724-9cbc-6c5ca5f47307", "relationship--5d0381b7-a499-4124-9def-2be9c0f121d4", "indicator--127c71a4-6784-4fdb-87e3-86100125cd44", "relationship--0f820db8-1a19-4a8b-838d-e987a2c2314f", "indicator--b12deb41-9d91-4bd3-b0a8-8e7bbaf5b543", "relationship--83096f55-ba14-4b6e-ac9c-fe3638f0d938", "indicator--b32c86c9-d692-47cb-8d07-22378c1ce23e", "relationship--755e4f02-b667-4c8c-9236-1f3f1db28d05", "indicator--4e3363e0-0e38-4341-9a02-51d5be9f5f7a", "relationship--916c17f2-e5c4-4bd8-a837-bd6d42a264c7", "indicator--37cdf2e0-576c-484a-b17d-d9485b153dc0", "relationship--000b782b-a8e9-422e-b87b-822eaad250fe", "indicator--0d8da4df-860f-4413-a23d-2721a306edc5", "relationship--7da06c44-7ef9-489a-a759-1d660f36d86e", "indicator--97f329e0-5c83-443d-bf90-918e340c5143", "relationship--614e2093-0d57-4525-81a1-0986b2ee19bd", "indicator--d392e532-b19d-4d6e-b3fc-11eafd61f86e", "relationship--f4c633b3-4208-4c03-8fb0-9e6c72dfd790", "indicator--b93d48a7-6181-4bce-8eb6-2e44344bc4c3", "relationship--eeefc5f8-c371-4c3a-bb8b-85801db36b5b", "indicator--28ae8d9a-3c27-41d5-a3dd-a1177519b325", "relationship--a33eac14-9dd5-4159-92f1-d4cf7e8d4e14", "indicator--817d3b44-0f8b-4972-b5e6-c14db33c7517", "relationship--de7239dd-e8b2-4b2f-8a76-9a3116c32ac6", "indicator--f5d73a3d-98aa-4e01-ae02-1ea0afe31787", "relationship--1877aeeb-322b-4e40-a86d-e925dfe90cdb", "indicator--63e58e00-fe1a-46d6-959a-956777620385", "relationship--bf1ecb8f-5c5d-4613-a534-581fa3425570", "indicator--0b2c8f54-0a92-49e0-b7f5-ba60f368b1da", "relationship--9908bf90-f613-47f7-93b4-eeeb4fa5d2ff", "indicator--424996ea-9f17-48c8-b784-bed5b0e1ab1c", "relationship--629d4acc-771c-4bfe-b31f-360183d8dfbe", "indicator--3e363f52-fd5a-40d8-a22a-f43f6da3276a", "relationship--ac74ba29-9d05-4e6c-9506-c52e06cab67f", "indicator--6fffc1c5-d96d-4080-85d5-002edea1c87e", "relationship--7dbbf6cb-0346-473b-b10d-c1b2e66f6915", "indicator--63d91d9f-14aa-4773-9b82-9f83cb978668", "relationship--28a6e712-77f9-40b2-9350-f4a34f2f3ef2", "indicator--dea7941e-0050-4cac-91d2-c03f4fd2af94", "relationship--846db336-216c-4826-bbde-f29556cfdb7d", "indicator--b3f6338e-e8dc-406e-8ab2-6c1feb80cfb3", "relationship--c3998631-8c1e-4f72-be90-186cf34b8990", "indicator--8a555b03-8b5a-48ef-b4c8-4c5f07349e98", "relationship--8a770cbb-d230-4877-b02b-9830314c9bfb", "indicator--15241a80-52b5-4fd9-b779-73f754b61d76", "relationship--6c2b8df4-b999-4b0e-a0de-9f9be7955e8c", "indicator--469733cb-e2b1-4dce-87d3-91d8ffa939a5", "relationship--e039753d-9e37-4fde-a195-30e5e27a6bc3", "indicator--fcdaac8a-6cd8-4f13-a985-f27ad29351da", "relationship--f1ae4df6-e7d6-4c1d-ad2f-722ab1b1837d", "indicator--c5c92c33-a907-497e-88ed-1b669d969d01", "relationship--eb606f56-94c2-4c50-8152-76c6c812a1cc", "indicator--f17eb09f-5e09-4aff-86d6-0685fb702337", "relationship--864f0da5-f557-45b8-ba88-47edef073467", "indicator--f313fe7d-2ff7-4d85-b26b-9dcfad8e12c2", "relationship--372a3328-2e45-4137-837c-38bd22207882", "indicator--fb3e2a2c-3659-44a0-8e60-0ca780b450ce", "relationship--e25ae7ee-bbe1-4f12-baea-28f6881f09c3", "indicator--ef44a75d-4629-4d64-8865-2d04f65744bc", "relationship--3b34f742-ee58-47b4-959d-7b326c43d372", "indicator--2eae2239-1b94-4743-a60b-4a5dc0c7fa83", "relationship--db4746f7-5be4-421e-a0e9-aa357754ac72", "indicator--fa17a7f8-ee20-4a23-a381-1c4f1a5feaa1", "relationship--76ac8889-ba71-4bf1-996a-970933dfe151", "indicator--a6577c47-fe30-4f91-a1d8-49631c5012d1", "relationship--01d7d324-1d33-45c4-a20a-a62697de49fb", "indicator--8681977f-5937-41e5-90a0-ebb5b871b0fe", "relationship--245f2168-d545-48c1-b3d8-dde4e3903935", "indicator--3b757d04-6d1d-4c1c-9547-2c070460c8e0", "relationship--9faf1b61-f89f-4beb-b14e-d74339930485" ], "labels": [ "threat-report", "threat-intelligence" ], "created_by_ref": "identity--30fb8658-d4f1-4a64-87a8-42846b60b5f7", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.882Z", "modified": "2025-12-12T17:22:52.882Z", "confidence": 95, "type": "identity", "id": "identity--cf8ac5fd-11aa-467e-b6bf-1f56ee5d1cce", "name": "Pentagon", "identity_class": "unknown", "labels": [ "identity" ], "description": "The Pentagon is the headquarters of the United States Department of Defense, responsible for the country's defense and military operations. As a prominent government institution, the Pentagon is a potential target for cyber attacks and espionage. In the context of cybersecurity, the Pentagon's accelerated move to post-quantum cryptography (PQC) is noteworthy, as it highlights the organization's efforts to stay ahead of emerging threats and protect its sensitive information.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.882Z", "modified": "2025-12-12T17:22:52.882Z", "confidence": 95, "type": "identity", "id": "identity--ae4d5f46-29c5-40ae-842b-378abf057c12", "name": "Microsoft", "identity_class": "organization", "labels": [ "identity" ], "description": "Microsoft is a multinational technology company that develops, manufactures, licenses, and supports a wide range of software products, services, and devices.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.882Z", "modified": "2025-12-12T17:22:52.882Z", "confidence": 95, "type": "identity", "id": "identity--53a6e913-b371-4d86-baa7-f737222b3ce5", "name": "SecurityWeek", "identity_class": "organization", "labels": [ "identity" ], "description": "SecurityWeek is a cybersecurity news and information website that provides in-depth analysis and coverage of the latest threats, vulnerabilities, and industry trends.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.882Z", "modified": "2025-12-12T17:22:52.882Z", "confidence": 95, "type": "identity", "id": "identity--8c780a2d-c2e1-4081-a002-eb0698c76ec2", "name": "Infrastructure Security Agency", "identity_class": "organization", "labels": [ "organization" ], "description": "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is a federal agency responsible for protecting the United States' critical infrastructure from cybersecurity threats. It is a key player in the nation's cybersecurity efforts and provides various resources and guidelines for organizations to improve their cybersecurity posture.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.882Z", "modified": "2025-12-12T17:22:52.882Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--71cb02e4-ad92-4347-aa2b-cfd49c7cfd7d", "name": "CVE-2025-58360", "description": "GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.. CVSS Score: 8.2 (HIGH). CISA KEV: Active exploitation confirmed. EPSS: 73.2% exploitation probability", "x_cvss_score": 8.2, "x_cvss_severity": "HIGH", "x_kev_status": true, "x_epss_score": 0.73168, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-58360", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58360" }, { "source_name": "nvd", "external_id": "CVE-2025-58360", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58360" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.882Z", "modified": "2025-12-12T17:22:52.882Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--09cfd756-732a-426d-8c11-8d9ddb3e9e05", "name": "CVE-2025-55182", "description": "A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.. CVSS Score: 10.0 (CRITICAL). CISA KEV: Active exploitation confirmed. EPSS: 76.0% exploitation probability", "x_cvss_score": 10.0, "x_cvss_severity": "CRITICAL", "x_kev_status": true, "x_epss_score": 0.76008, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-55182", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55182" }, { "source_name": "nvd", "external_id": "CVE-2025-55182", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55182" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--161fc746-cd49-4615-ab48-81a93a1b16b4", "name": "GitHub", "identity_class": "organization", "labels": [ "identity" ], "description": "GitHub is a web-based platform for version control and collaboration on software development projects, allowing users to store, manage, and share their code with others.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--d5a86945-8ad0-49a2-bb31-9bcb1acf001a", "name": "GitLab", "identity_class": "organization", "labels": [ "identity" ], "description": "GitLab is a web-based platform for version control and collaboration on software development projects, offering features such as Git repository management, issue tracking, and continuous integration and deployment.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--0e413d56-4228-4335-b45d-ec9e01065428", "name": "Bitbucket", "identity_class": "unknown", "labels": [ "identity" ], "description": "Bitbucket is a web-based version control repository hosting service for source code and development projects, allowing users to host and manage Git repositories.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 89, "type": "vulnerability", "id": "vulnerability--d95868d7-4f07-4d84-b742-07ee4cf4adbf", "name": "React2Shell", "description": "React2Shell is a critical vulnerability impacting React Server Components (RSC), allowing for potential exploitation and compromise of systems. The vulnerability has been widely reported and acknowledged by reputable sources, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Imperva. CISA has urged federal agencies to patch the vulnerability by December 12, 2025, due to reports of widespread exploitation. React2Shell poses a significant threat to organizations using React Server Components, and prompt patching is necessary to prevent potential attacks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "tool", "id": "tool--b7b55583-fb7b-43d9-83be-0835e0fe62ec", "name": "React Server Components", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "React Server Components is a framework that has been exploited by threat actors with ties to North Korea to deliver a remote access trojan dubbed EtherRAT, indicating that React Server Components is a vulnerable technology being targeted by malicious actors to gain unauthorized access to systems.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--47bf9d38-d349-402a-a13a-80902512dd17", "name": "Imperva", "identity_class": "unknown", "labels": [ "identity" ], "description": "Imperva is a company", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396", "name": "Google", "identity_class": "organization", "labels": [ "identity" ], "description": "Google is a multinational technology company specializing in Internet-related services and products, including search engines, online advertising technologies, cloud computing, and software development.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 90, "type": "malware", "id": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "name": "Spiderman", "is_family": true, "malware_types": [ "stealer" ], "labels": [ "malicious-activity" ], "description": "Spiderman is a phishing kit capable of facilitating credential theft at scale. It is one of four newly documented kits, alongside BlackForce, GhostFrame, and InboxPrime AI, which are used by threat actors to compromise user credentials. Spiderman's capabilities and targets are not explicitly stated, but its inclusion in a list of phishing kits suggests it is a tool used for malicious purposes.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--b0cec87f-da35-4d9b-b1e6-e530898b873e", "name": "CentreStack", "identity_class": "unknown", "labels": [ "identity" ], "description": "CentreStack is a cloud file sharing and synchronization platform that enables users to access, share, and manage files across multiple devices and locations.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--1edd8fa1-7960-4001-a45a-4ef8628fe2d8", "name": "Hong Kong University of Science and Technology", "identity_class": "organization", "labels": [ "organization" ], "description": "The Hong Kong University of Science and Technology (HKUST) is a public research university in Clear Water Bay, Hong Kong. It is one of the top universities in Asia and has a strong reputation for its academic programs in science, technology, engineering, and mathematics (STEM) fields. In the context of the provided text, HKUST is mentioned as the affiliation of the authors of a research paper on federated learning.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--903cbc0e-f08a-4348-9af6-d661a1cf1372", "name": "Hangzhou Dianzi University", "identity_class": "organization", "labels": [ "organization" ], "description": "Hangzhou Dianzi University is a public university in Hangzhou, Zhejiang Province, China, known for its strong programs in engineering, computer science, and technology. The university has a research focus and has collaborated with other institutions on various projects, including those related to cybersecurity and artificial intelligence.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--044fde07-eb6c-4c20-922f-0b39f08e3011", "name": "Gartner", "identity_class": "organization", "labels": [ "identity" ], "description": "Gartner is a company", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 30, "type": "identity", "id": "identity--0e5cc220-09c8-4170-a1c8-d12d4cf1445e", "name": "Passkey", "identity_class": "unknown", "labels": [ "identity" ], "description": "Passkey is a password manager that uses a unique, randomly generated password for each account, eliminating the need for users to remember multiple complex passwords.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 90, "type": "tool", "id": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "name": "Chromium", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Chromium is an open-source web browser project that forms the basis for several other browsers, including Microsoft Edge. Vulnerabilities within Chromium can be exploited to compromise systems, and the ingestion of Chromium by Microsoft Edge addresses these potential security risks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--69268c33-6dec-4faa-a418-09b5f7cf3f86", "name": "Stripe", "identity_class": "unknown", "labels": [ "identity" ], "description": "Stripe is a global online payment processing system that provides businesses with tools to accept and manage various payment methods, including credit cards, bank transfers, and more.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--bf0ff4d9-0f5b-43f5-94a0-21793cede8b4", "name": "Hikvision Challenges FCC", "identity_class": "unknown", "labels": [ "identity" ], "description": "Hikvision Challenges FCC refers to Hikvision, a Chinese video surveillance equipment manufacturer, pushing back against the US Federal Communications Commission's (FCC) efforts to restrict its access to US technology and components.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.883Z", "modified": "2025-12-12T17:22:52.883Z", "confidence": 95, "type": "identity", "id": "identity--5091dd52-af66-4aa1-9c68-b36f398344ff", "name": "Nexperia", "identity_class": "unknown", "labels": [ "identity" ], "description": "Nexperia is a Dutch semiconductor company that specializes in the design, development, and manufacturing of power and logic semiconductors.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 92, "type": "malware", "id": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "name": "Qilin", "is_family": true, "malware_types": [ "ransomware" ], "labels": [ "malicious-activity" ], "description": "Qilin is a ransomware family known for its targeted attacks on enterprise environments. It is designed to encrypt files on infected systems and demands a ransom for the decryption key. Qilin has been observed in various high-profile incidents, often leveraging sophisticated techniques to evade detection and maximize impact.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "tool", "id": "tool--e8031cd8-c13d-49fd-93bc-c206e5451874", "name": "SELinux", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "SELinux is a Linux-based security module that provides mandatory access control, enforcing strict security policies to restrict access to system resources and prevent unauthorized actions.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "tool", "id": "tool--0857daa5-805a-4e9e-a632-102fb5f470c7", "name": "bpfjailer", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "bpfjailer is a security tool designed to enhance the capabilities of legacy Mandatory Access Control (MAC) systems. It provides features such as signed binary enforcement and deep protocol interception, which are not typically available in traditional MAC systems. bpfjailer is notable for its ability to operate without requiring upstream kernel patches, thereby providing a more efficient and streamlined security solution. Its performance is also reportedly not measurably impacted by its operation, making it a valuable asset in maintaining system security.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "identity", "id": "identity--d7f2021c-5587-4887-b946-e550eefb52ee", "name": "Saviynt", "identity_class": "unknown", "labels": [ "identity" ], "description": "Saviynt is a company", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "tool", "id": "tool--e40833f0-0b4e-4844-b1d8-9e9c2c96c638", "name": "AI-Infra-Guard", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "AI-Infra-Guard is an open-source security testing tool used to evaluate the security posture of infrastructure and applications. It is designed to identify vulnerabilities and weaknesses in systems, allowing users to conduct thorough security assessments. In the context provided, AI-Infra-Guard was used to test the security of Gemini 3.0 Pro, highlighting its potential as a useful tool for security researchers and professionals.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "tool", "id": "tool--8af2422b-83ad-48ab-a355-0c457fd5ff29", "name": "Gemini", "tool_types": [ "unknown" ], "labels": [ "tool" ], "description": "Gemini is a zero-click exploit framework used to deliver malware through various file types, including emails, calendar invites, and documents.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "identity", "id": "identity--17d85fe0-e189-492a-8b69-6e8f0b6a5007", "name": "Bitdefender GravityZone", "identity_class": "unknown", "labels": [ "identity" ], "description": "Bitdefender GravityZone is a company", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "identity", "id": "identity--8cc898f8-e51f-4925-9414-deff32fce145", "name": "GeoServer", "identity_class": "unknown", "labels": [ "identity" ], "description": "GeoServer is a company", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "malware", "id": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "name": "Akira ransomware", "is_family": true, "malware_types": [ "ransomware" ], "labels": [ "malicious-activity" ], "description": "Akira ransomware is a specific malware family that has been involved in high-profile attacks, including the Fieldtex Products hack in November. The group behind Akira ransomware has been known to claim responsibility for their attacks and demand ransom in exchange for stolen data. This ransomware family is notable for its ability to evade detection and its use of sophisticated tactics to compromise systems. As a result, Akira ransomware is a significant threat to organizations and individuals alike, and its activities are closely monitored by cybersecurity professionals.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "identity", "id": "identity--afca59b3-d698-4d28-91ec-9265880465f7", "name": "Fieldtex Data Breach", "identity_class": "unknown", "labels": [ "identity" ], "description": "Fieldtex is a company that experienced a data breach, resulting in the exposure of sensitive information of approximately 238,000 individuals. This breach highlights the importance of robust cybersecurity measures to protect against data theft and unauthorized access. As a victim of a data breach, Fieldtex serves as an example of the potential consequences of inadequate security controls.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "name": "APT28", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "description": "APT28, also known as Fancy Bear, is a sophisticated threat actor group attributed to Russian intelligence services. They are known for conducting cyber espionage campaigns targeting government, defense, and other high-profile sectors. APT28 has been linked to various high-profile breaches and is considered a significant threat to global cybersecurity. Their tactics, techniques, and procedures (TTPs) include spear phishing, exploitation of vulnerabilities, and use of custom malware. APT28's activities are often characterized by their sophistication and persistence, making them a formidable opponent for defenders.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--ad22f1fe-82f3-4974-af26-79310368fc0a", "name": "CVE-2025-67511", "description": "Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication.. CVSS Score: 9.6 (CRITICAL). EPSS: 0.1% exploitation probability", "x_cvss_score": 9.6, "x_cvss_severity": "CRITICAL", "x_kev_status": false, "x_epss_score": 0.00095, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-67511", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67511" }, { "source_name": "nvd", "external_id": "CVE-2025-67511", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67511" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "identity", "id": "identity--092208fd-b85c-4175-94a6-1920497be945", "name": "Zeroday.Cloud", "identity_class": "unknown", "labels": [ "identity" ], "description": "Zeroday.Cloud is a company", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "identity", "id": "identity--d77cc049-c871-4d91-8b0d-c0fea99118c9", "name": "deepmind.google", "identity_class": "unknown", "labels": [ "identity" ], "description": "deepmind.google is a company", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "malware", "id": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "name": "DroidLock Android", "is_family": true, "malware_types": [ "ransomware" ], "labels": [ "malicious-activity" ], "description": "DroidLock Android is a ransomware family that targets Android devices, encrypting files and demanding payment for decryption. This malware is notable for its ability to spread through various vectors, including infected apps and phishing campaigns. As a result, DroidLock Android poses a significant threat to mobile device security, highlighting the need for robust security measures and user awareness to prevent infection.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 95, "type": "identity", "id": "identity--911a7bf8-d4d0-45e3-b8d4-b847fb3f1076", "name": "Microsoft Bug Bounty Program Expanded", "identity_class": "organization", "labels": [ "identity" ], "description": "Microsoft Bug Bounty Program Expanded is a company", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:52.884Z", "modified": "2025-12-12T17:22:52.884Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "name": "Create or Modify System Process", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1543", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1543/", "external_id": "T1543" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.139Z", "modified": "2025-12-12T17:22:57.139Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "name": "Boot or Logon Autostart Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1547", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1547/", "external_id": "T1547" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.139Z", "modified": "2025-12-12T17:22:57.139Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "name": "Application Layer Protocol", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1071", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1071/", "external_id": "T1071" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.139Z", "modified": "2025-12-12T17:22:57.139Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "name": "Non-Application Layer Protocol", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1095", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1095/", "external_id": "T1095" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.139Z", "modified": "2025-12-12T17:22:57.139Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "name": "Exploit Public-Facing Application", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1190", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.139Z", "modified": "2025-12-12T17:22:57.139Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "name": "Exploitation for Client Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1203", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/", "external_id": "T1203" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.139Z", "modified": "2025-12-12T17:22:57.139Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "name": "Spearphishing Attachment", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/001/", "external_id": "T1566.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "name": "Spearphishing Link", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/002/", "external_id": "T1566.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "name": "Spearphishing via Service", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/003/", "external_id": "T1566.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "name": "Supply Chain Compromise", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/", "external_id": "T1195" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "name": "Command and Scripting Interpreter", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/", "external_id": "T1059" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "name": "Remote Services", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "lateral-movement" } ], "x_mitre_id": "T1021", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1021/", "external_id": "T1021" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "name": "Abuse Elevation Control Mechanism", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" }, { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1548", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1548/", "external_id": "T1548" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "name": "Access Token Manipulation", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1134", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1134/", "external_id": "T1134" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 83, "type": "attack-pattern", "id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "name": "Vulnerabilities", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/006/", "external_id": "T1588.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 82, "type": "attack-pattern", "id": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "name": "Code Signing Certificates", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/003/", "external_id": "T1588.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 77, "type": "attack-pattern", "id": "attack-pattern--97050bed-0864-4e3c-9f82-facd1eb7fc63", "name": "Code Signing", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1553.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1553/002/", "external_id": "T1553.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "name": "Scheduled Task", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1053.005", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/005/", "external_id": "T1053.005" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "name": "Archive via Utility", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1560.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/", "external_id": "T1560.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "name": "Screen Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1113", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/", "external_id": "T1113" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-12T17:22:57.140Z", "modified": "2025-12-12T17:22:57.140Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "name": "Adversary-in-the-Middle", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/", "external_id": "T1557" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c1e50105-821c-4154-a5bb-dcddaca3a8da", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 60, "description": "Co-occurrence: APT28 and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--09b79339-bcaf-439b-8c6d-a31a9d13c4a8", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 60, "description": "Co-occurrence: APT28 and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ec1858a8-3a62-4a06-8def-246132934411", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "confidence": 60, "description": "Co-occurrence: APT28 and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--16aafd48-4efe-4a1d-8ab7-123f98ac7d6f", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "confidence": 60, "description": "Co-occurrence: APT28 and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f3fad84-fd00-485d-ac47-0f1a292304f4", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 60, "description": "Co-occurrence: APT28 and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4d4de7e2-b60c-4eb8-82e5-b4779e9ba4d5", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 60, "description": "Co-occurrence: APT28 and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--618aba8f-e81f-41e0-a579-f20352124723", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 60, "description": "Co-occurrence: APT28 and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0aedfa28-6f88-46f6-a319-a9be3fbe0cdc", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 60, "description": "Co-occurrence: APT28 and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bff83e25-8487-4082-8dea-51f7bbca1d10", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 60, "description": "Co-occurrence: APT28 and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e149cf3a-72b2-45e5-aa9e-a3ca503ba50c", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 60, "description": "Co-occurrence: APT28 and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9c2f7179-610d-4ccf-844b-23092d23f634", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 60, "description": "Co-occurrence: APT28 and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7fdd92c8-037c-4940-a042-ca7fa2f8e030", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "confidence": 60, "description": "Co-occurrence: APT28 and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d67d702e-4f94-476d-b1e0-290fd8f13b3d", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 60, "description": "Co-occurrence: APT28 and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f33d0bbd-3556-4ae9-9312-fc3bf4776213", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 60, "description": "Co-occurrence: APT28 and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--32c34951-4b28-4d8a-a6ca-dd1eb6aa86a8", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 60, "description": "Co-occurrence: APT28 and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--de3b18d2-cd51-4d25-a6f0-2008be9553e9", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 60, "description": "Co-occurrence: APT28 and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e0231f81-e17d-4d79-86d6-50b4c1986a3f", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 60, "description": "Co-occurrence: APT28 and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--10d04504-2aa0-417f-81c7-b5ce66e962bd", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--97050bed-0864-4e3c-9f82-facd1eb7fc63", "confidence": 60, "description": "Co-occurrence: APT28 and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--37e64697-3769-4321-bdf4-4a35ef519d8b", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 60, "description": "Co-occurrence: APT28 and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b80c4101-23c0-450e-838e-bd15b7bdc54a", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 60, "description": "Co-occurrence: APT28 and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5a9a4bad-7328-496e-aafe-ef32dd813395", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 60, "description": "Co-occurrence: APT28 and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c228bac6-4afd-4c9c-b035-6f5aadfbee62", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 60, "description": "Co-occurrence: APT28 and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--897437e8-4b74-472a-8313-330e7b717be6", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 55, "description": "Co-occurrence: Spiderman and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6ab19616-f0ff-4550-981e-43190cedf4b8", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 55, "description": "Co-occurrence: Spiderman and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6b1096a1-413e-456e-ba99-47aa41e34765", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "confidence": 55, "description": "Co-occurrence: Spiderman and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--276baab8-b1ee-4f85-9739-af636fab9fc5", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "confidence": 55, "description": "Co-occurrence: Spiderman and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e7434984-aaf4-4463-9f4b-a72b8ff72792", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: Spiderman and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--08225d8d-6da0-433e-9861-3ff0e1910c58", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: Spiderman and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--52674229-0ae9-48e5-b142-6191d969cc86", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: Spiderman and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--afa97e29-7c2e-4d3d-b3c5-7d0a0feacdfa", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: Spiderman and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--92cb050c-f3f9-4041-baee-adba030a9495", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: Spiderman and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d66f9b5-fcca-4e47-b8bb-cd8875645c69", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: Spiderman and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b96262ca-9639-4d1f-8085-59eccd955bec", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: Spiderman and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d9d2cbc4-83d8-4dd4-ae9a-a6a0504baace", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "confidence": 55, "description": "Co-occurrence: Spiderman and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4a1d88d-f4cf-422c-9472-724ed6a58f98", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: Spiderman and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c20971c8-f61c-4bee-bbf9-32da245f6550", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: Spiderman and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6400b154-ebe7-4b5a-b564-84a1154660ad", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: Spiderman and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ff055bb1-8927-40dd-8e92-0cdf1ffd519c", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 55, "description": "Co-occurrence: Spiderman and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--601b08d2-1844-4d31-a5e5-ccb0b2bc66b2", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 55, "description": "Co-occurrence: Spiderman and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d1fcb49f-d4bc-4e8a-8047-72d6053d2a15", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--97050bed-0864-4e3c-9f82-facd1eb7fc63", "confidence": 55, "description": "Co-occurrence: Spiderman and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d7c8f4ff-dd11-4b35-b216-69c6570cdb94", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: Spiderman and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--41a5c615-de2f-47dd-ac90-7a93ecd0a94b", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: Spiderman and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--073c77f8-4b53-46ba-bbb0-0dd14ba4658a", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: Spiderman and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f24411b0-c4da-404c-b49b-77543886392a", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "malware--2b3aefad-dc8b-4614-b55e-a5d0469aa4b0", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: Spiderman and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--141581aa-31a8-4b53-8f2d-9e9656feb177", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 55, "description": "Co-occurrence: Chromium and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b1a48beb-1858-4846-9a89-1e30dabe554a", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 55, "description": "Co-occurrence: Chromium and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--10ede251-dcc0-4844-9244-a826e6b006f6", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "confidence": 55, "description": "Co-occurrence: Chromium and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8dbaa9db-e4ac-4e12-b31a-6c4d003c5407", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "confidence": 55, "description": "Co-occurrence: Chromium and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--996bafa3-3b1a-457d-a9bf-8b146718de49", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: Chromium and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b689b8a8-f9b7-46e8-ad00-4e31430f8efc", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: Chromium and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--df059b84-2d3e-4a95-84e4-4c912b884e7d", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: Chromium and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0751058e-8d39-4d06-bbbf-ba488e23f35d", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: Chromium and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2f0d53ad-d746-4b6d-8d91-0867fa781f72", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: Chromium and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2ecaf22f-43b9-4dc7-93b4-8fe67638fc6e", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: Chromium and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--797d6c6e-37fc-4f8e-85e5-0467eaf2c8ef", "created": "2025-12-12T17:22:57.141Z", "modified": "2025-12-12T17:22:57.141Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: Chromium and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b26fc54-962d-48df-b1de-6e77979ba59d", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "confidence": 55, "description": "Co-occurrence: Chromium and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--90d896df-09f0-4802-8869-e68e99462cf0", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: Chromium and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b6067c5e-d03b-4222-9248-035fce452101", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: Chromium and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--df35a234-6203-4a5e-9b63-acda366e393c", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: Chromium and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e7658ed6-d6a2-48a6-9396-16f7ab0199c8", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 55, "description": "Co-occurrence: Chromium and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3a7df8b3-4d2c-4232-9fbe-905256962579", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 55, "description": "Co-occurrence: Chromium and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c9cc25a3-0f90-4453-a824-3ba2cac4d5f2", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--97050bed-0864-4e3c-9f82-facd1eb7fc63", "confidence": 55, "description": "Co-occurrence: Chromium and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3a1625e1-d2f1-4242-86f6-1c5b0f5d511b", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: Chromium and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--81a17c7f-c0cc-41cd-bc1b-468aae5b408e", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: Chromium and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0cdce77d-7b16-4509-9d97-daa9fbc17e0a", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: Chromium and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c039e269-d014-46d6-b31a-8d82a77d3cab", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "tool--53bca708-ea5f-47d8-902f-59c949adcb8e", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: Chromium and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6d9a3f70-2626-4d39-8b48-70a563ee3aaf", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 55, "description": "Co-occurrence: Qilin and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--836fa353-f48f-43d3-b3a2-a2cd7dedfe27", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 55, "description": "Co-occurrence: Qilin and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--00e8b2f9-14b3-41de-b44e-7d2ca198f19b", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "confidence": 55, "description": "Co-occurrence: Qilin and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3064b193-8319-4250-8eac-e93b45ffa2dd", "created": "2025-12-12T17:22:57.142Z", "modified": "2025-12-12T17:22:57.142Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "confidence": 55, "description": "Co-occurrence: Qilin and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--64410936-8483-4bae-983f-2a0cb161f7a8", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: Qilin and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b3c58115-1f9a-4abd-8f9f-359413d3b34a", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: Qilin and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--511f45fb-3983-4d2a-9045-0c6a84811dff", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: Qilin and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a21233b0-0133-492f-b6d0-a54506be9bce", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: Qilin and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--89cfd520-8578-4429-97ff-baa89411c027", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: Qilin and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f19ee770-a56f-41f8-9585-81d5cd3ddc77", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: Qilin and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--453f2a0a-e793-4f7e-84cc-a2d49eef6299", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: Qilin and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2737e996-1985-4641-aa7a-6568977b1e4e", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "confidence": 55, "description": "Co-occurrence: Qilin and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77b7cf6f-27db-442b-bfbf-b07918ee49ba", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: Qilin and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d45c9e5b-8bfb-43cf-8ec4-ad857153b8e0", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: Qilin and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--85ef8e8b-caf5-4073-9eec-b92d4e9064ab", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: Qilin and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3888c592-f64c-419d-a984-179f4bc0b7a2", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 55, "description": "Co-occurrence: Qilin and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6999a889-2a51-4414-bb42-fc64ff304c78", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 55, "description": "Co-occurrence: Qilin and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7fdb1675-5fb5-4ec8-8152-a2b48273c9bc", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--97050bed-0864-4e3c-9f82-facd1eb7fc63", "confidence": 55, "description": "Co-occurrence: Qilin and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a32fbd16-6de7-4dae-ad6d-c41f65f97597", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: Qilin and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f6fb0c10-8f13-48d6-8f11-6fbd8ad7f801", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: Qilin and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d4e63c1f-8395-4f71-9e6a-17eadfcb3252", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: Qilin and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7d0791fe-4591-47a5-978c-edb93028b285", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--9878a65c-bda5-4d6c-80c8-a2350dafbdcd", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: Qilin and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d6287d12-632d-4baa-8601-ff83d38c06e2", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--efccaea8-e755-43cd-960c-6b154d6f2c68", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9e5343e-65f1-41ae-b342-c078b7d8c08c", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--19183f6f-0d88-4906-af0f-2e7bf9041092", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6093f126-b754-49f6-bb16-44b63546166b", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3c70ce4c-d5a7-4162-8640-cd00f801a814", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3555ae16-51e3-47fb-a770-bba4072516cd", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5a46faa5-6385-4da3-9032-cc3369f31138", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fdbe84bf-c9b8-457f-923c-e5621207644a", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a1762911-e7cb-4277-8c0e-863817c1ac96", "created": "2025-12-12T17:22:57.143Z", "modified": "2025-12-12T17:22:57.143Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7cfae5a0-bd08-45b2-9605-e46c06ba65db", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f52cd531-e834-45cd-89fe-d7b58d6ff89e", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a30b79c2-0636-42c0-8516-038b2f085498", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7216cda-e035-4563-b513-adca10d0036f", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ce0c7ca8-7936-446b-b8d5-395756e01b56", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f6150a42-71f3-4eba-b0c0-c399e2731b3e", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7eed996b-7b35-4e15-99fc-6716a20de679", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--173566dd-0b48-406e-aeec-3cdcdf4f2a53", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--97050bed-0864-4e3c-9f82-facd1eb7fc63", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a32b8c08-e658-4959-9639-b150eb28f903", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--30be195c-a9bc-4bb7-ae30-a0295f65a3d8", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2661e712-5094-449f-a54d-ed5620a24f0c", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77481b5f-9d4c-4d7d-af00-ade2c9c35788", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: Akira ransomware and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f57639b0-14d9-4173-9584-818ba995536a", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Create or Modify System Process (T1543) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4d49ce2b-ade4-4a6e-82a5-4bdbc3ac8a41", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Boot or Logon Autostart Execution (T1547) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a4258a5e-7392-4edd-affc-b0b85888ce3e", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--4a2578d4-fdf6-48d3-b66a-93c681e1e21e", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c2552193-f1b4-40dd-b738-b414d24d26be", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--68a5c7b8-09b4-49b1-8149-bc23ed0260c9", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--42435157-d169-482a-85e9-d10b1bd61af1", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--be6782ba-6aba-4ae9-a515-ef59cc8a5c75", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5e680e1b-bcb6-4ca5-86a7-a652b2febce2", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fa98a280-7d70-4d65-956a-197baa6ae08e", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d51462d9-cf31-4794-ab63-be3a8a98c1a4", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f147f8c6-badf-4ec2-a10c-3bc2651749bb", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5b6cdb7c-72b0-4e7d-9d8b-d3f84b688624", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Command and Scripting Interpreter (T1059) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--561d1049-3ad1-48ed-a8b7-9e58488c78c1", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b79c200e-900f-4fa6-ae83-7d38ca128a3c", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Abuse Elevation Control Mechanism (T1548) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--92b81ea5-6807-4807-b601-14af0c33b13a", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Access Token Manipulation (T1134) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fe4db3df-5406-40d7-a890-106ce23d1fca", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Vulnerabilities (T1588.006) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c377dd8-defe-4904-8f6b-c1cebae84200", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0666afb6-b444-42c2-a6bc-ef0436480a4c", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--c1ff2266-1a4b-4292-80e6-f593eb2569a9", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d4859b25-5bba-4376-98cd-14640c665e4e", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--97050bed-0864-4e3c-9f82-facd1eb7fc63", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f0e6c179-0899-4c86-a942-42b2ee4e7270", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--81c943e6-aad8-4689-b214-760352fbc493", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2b9a2387-1796-4c74-ba89-e60d312e7dc6", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--be659a78-15c5-4115-a428-586df6cfd560", "created": "2025-12-12T17:22:57.144Z", "modified": "2025-12-12T17:22:57.144Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "domain-name", "value": "0paypal.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--cef44310-0a09-4fec-a2d2-395216ea1d92" }, { "type": "domain-name", "value": "account-page-recovery-process.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--40e0295c-7915-4630-9c0a-33408ed013ef" }, { "type": "domain-name", "value": "accountingsure.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--079dc616-debf-416a-bf78-ce296784b3da" }, { "type": "domain-name", "value": "alamatpaypal.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--5198960c-59f2-4e42-a8a2-846594eb874e" }, { "type": "domain-name", "value": "amazon-update.xyz", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--2758b67c-7bfe-468f-9e9e-3097fe4ac93a" }, { "type": "domain-name", "value": "appleid-fmi.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--f5740dfd-0c0b-4c1d-a370-575516292cc1" }, { "type": "domain-name", "value": "appleid-manageids.info", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--ca70c5a9-70e5-4938-bf7f-004034ea8536" }, { "type": "domain-name", "value": "applessecure.site", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--af016774-6e15-42db-ba82-d5f8eb606c6c" }, { "type": "domain-name", "value": "auth-03chase.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--539beff5-3fc1-4919-a24b-efd63cba3c80" }, { "type": "domain-name", "value": "banking-commbank.support", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--bec195ae-8507-4bb3-b6fb-0af657ee8c94" }, { "type": "domain-name", "value": "citi-securelogin.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--857b86f6-4582-48ef-834f-f28066776b1b" }, { "type": "domain-name", "value": "claireapplewhite.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--6eda7a23-ea91-46cb-a26e-65abe3fe88da" }, { "type": "domain-name", "value": "cvwwwe9851.xyz", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--5a83240b-58ec-4d43-96b0-fe66bb2c5454" }, { "type": "domain-name", "value": "docsaccount.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--216d649a-1d24-4806-8cf8-6bf9afc8d8f8" }, { "type": "domain-name", "value": "ebankingcode.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--c4d53482-88ec-45d0-93bc-a03886aa4631" }, { "type": "domain-name", "value": "hbsc-payment.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--c72da80e-c934-4957-a835-75bdec3148ce" }, { "type": "domain-name", "value": "hotelesanticrisis.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--c3f0aa9c-4b40-412a-afba-e45479028a74" }, { "type": "domain-name", "value": "https8xmao.xyz", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--833d79aa-becb-4709-9860-21b1d886a24c" }, { "type": "domain-name", "value": "icloudfindsimap.com", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--81c44f89-db1c-444d-98bb-c48e3f0c9ed6" }, { "type": "domain-name", "value": "imap-support.info", "source": "OTX", "malware_families": [ "Spiderman", "Qilin" ], "pulse_names": [ "Phishing & scam domain names" ], "id": "domain-name--61d2fa2d-0b17-4e8c-ad34-d8dd31380760" }, { "type": "url", "value": "http://nctrnl.us/", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Thief in the night: New Nocturnal Stealer grabs data on the cheap" ], "id": "url--0b21aba5-1f3a-4278-8ed8-42f097ae9c98" }, { "type": "url", "value": "http://nctrnl.us/ara.exe", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Thief in the night: New Nocturnal Stealer grabs data on the cheap" ], "id": "url--543e1227-5f9b-46aa-b81c-dcb4cba2fc9a" }, { "type": "url", "value": "http://nctrnl.us/ark.exe", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Thief in the night: New Nocturnal Stealer grabs data on the cheap" ], "id": "url--df2b58ec-5476-4cec-818c-b89fe061d95d" }, { "type": "file:hashes.SHA-256", "value": "c9a834dde38c8b559d575ac61046e3a3fada97d2953d902b74cf8d5e51ada30f", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Thief in the night: New Nocturnal Stealer grabs data on the cheap" ], "id": "file:hashes.SHA-256--ddac3126-06eb-49cd-9e1b-a96e4b3f4317" }, { "type": "domain-name", "value": "nctrnl.us", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Thief in the night: New Nocturnal Stealer grabs data on the cheap" ], "id": "domain-name--b7c018f6-b60a-4d4b-870e-3eaf2fc4f401" }, { "type": "file:hashes.SHA-256", "value": "205def439aeb685d5a9123613e49f59d4cd5ebab9e933a1567a2f2972bda18c3", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Thief in the night: New Nocturnal Stealer grabs data on the cheap" ], "id": "file:hashes.SHA-256--3793ed8a-f538-42cd-a260-979ababa4a44" }, { "type": "file:hashes.SHA-256", "value": "ae7e5a7b34dc216e9da384fcf9868ab2c1a1d731f583f893b2d2d4009da15a4e", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Thief in the night: New Nocturnal Stealer grabs data on the cheap" ], "id": "file:hashes.SHA-256--047ba89f-b224-4b2b-9dee-cf40edcfe785" }, { "type": "url", "value": "http://nctrnl.us/server/gate.php", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Thief in the night: New Nocturnal Stealer grabs data on the cheap" ], "id": "url--93867192-1605-4756-a2c6-c22fa5f81523" }, { "type": "domain-name", "value": "win-update.com", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--4100378c-1e04-43e4-bdec-e2fc1489d87a" }, { "type": "domain-name", "value": "azurewebsites.tech", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--c8466904-c7cf-45ab-aa13-8edccbb34e48" }, { "type": "domain-name", "value": "outlook360.org", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--118a8f47-d0cd-4ed1-9e49-b16bc78e5c01" }, { "type": "domain-name", "value": "sphotos-b.pw", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--d9601077-ee38-4ce5-904e-65367aef2d7a" }, { "type": "domain-name", "value": "ads-youtube.tech", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--eed18f06-8d67-4576-8ea0-12be9d6dc84e" }, { "type": "domain-name", "value": "broadcast-microsoft.tech", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--a618ed0c-53a0-4c93-94f0-2429196d1c1c" }, { "type": "domain-name", "value": "officeapps-live.com", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--e99d12ab-a1a6-4d5e-94c4-259513a00ae0" }, { "type": "domain-name", "value": "onlinewebcam.press", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--f0ec9750-c9b4-432b-b7f2-f0e9095a5909" }, { "type": "domain-name", "value": "fbstatic-akamaihd.com", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--143138d3-9956-4aa3-9fe5-2f440a6b9314" }, { "type": "domain-name", "value": "githubusecontent.tech", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--dcff5ca5-28d1-4329-b382-ad32cc980f04" }, { "type": "domain-name", "value": "cachevideo.online", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--eab3fadb-cde5-4ad0-b8b6-2250a8b3ca48" }, { "type": "domain-name", "value": "fbexternal-a.press", "source": "OTX", "malware_families": [ "Chromium" ], "pulse_names": [ "Indicators from previous campaigns by Iranian actors" ], "id": "domain-name--fa1f2df4-6f28-467c-b367-22392642fa14" }, { "type": "domain-name", "value": "checkbot8634938602.duckdns.org", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--b7d14ee7-4225-40f2-9972-74670716d13f" }, { "type": "domain-name", "value": "indianstreetbets.ddns.net", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--0e1bd390-9e8b-4f66-b68c-a103ab8266bb" }, { "type": "domain-name", "value": "billpaycanada.online", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--17ba9f44-5930-43f1-bcf7-e72eeeb2ba83" }, { "type": "domain-name", "value": "poorinfo.tk", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--4173b272-1fcd-4ba0-8e63-a4669be79ef4" }, { "type": "domain-name", "value": "9twelve-srvcs.zapto.org", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--031a0608-2b94-4d25-a7c3-2617f8243c6a" }, { "type": "domain-name", "value": "peak.serveftp.net", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--44df0249-465e-4900-aa1e-61b0b1ce2317" }, { "type": "domain-name", "value": "www.account-next.com", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--88cb9577-0268-4c4a-be4d-3e608de1c8b2" }, { "type": "domain-name", "value": "uyhb4rz7vcph6j.com", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--209edcd8-ab1b-4b19-96ed-feada1bc87b6" }, { "type": "domain-name", "value": "jjuangco.ddns.net", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--38421339-d71c-436e-9dfb-79d7902eb0c1" }, { "type": "domain-name", "value": "www.mohimjo.com", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--616eb973-e101-48b3-a9e1-9394a7644816" }, { "type": "domain-name", "value": "mi.cuenta.amazon.es.dsgaradcollegemohol.online", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--0757422d-fd22-4da4-9e51-2fd0d038bb0f" }, { "type": "domain-name", "value": "seeking0support.ddns.net", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--e598714c-13f3-4676-8d52-6aa264969832" }, { "type": "domain-name", "value": "www.dsgaradcollegemohol.online", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--054249ea-c08a-4c2a-af44-2d03f10ce1f0" }, { "type": "domain-name", "value": "freeworldlike.tk", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--7a05ea38-9f31-4a8a-9eba-defd93ba8877" }, { "type": "domain-name", "value": "www.oksurls.info", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--7cf1a6b4-f205-4aaf-a904-4fca948a824a" }, { "type": "domain-name", "value": "www.vbzurls.info", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--516cbadd-a8ed-40f1-93e3-6483c1679b2b" }, { "type": "domain-name", "value": "www.suncbi.com", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--8dddd3a3-c417-46e3-81f2-5cceb2404b73" }, { "type": "domain-name", "value": "facaziki2.xyz", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--68df9655-8bef-4502-909e-d7741e666334" }, { "type": "domain-name", "value": "www.krrurls.info", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--8b0a73b5-dd89-4803-98e3-86cdacdbad88" }, { "type": "domain-name", "value": "onstock.onlinesat.ddns.net", "source": "OTX", "malware_families": [ "Akira ransomware" ], "pulse_names": [ "Malware - Malware Domain Feed V2 - November 03 2020" ], "id": "domain-name--7be7cce6-3efb-4e1a-9f3e-464e89c52849" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a54c2ae7-2ffb-4615-a62e-e6a9c050a4e8", "created": "2025-12-12T17:21:49.231Z", "modified": "2025-12-12T17:21:49.231Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0paypal.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.231Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8959a1a7-327b-4d4c-89f8-5b24969d554f", "created": "2025-12-12T17:21:49.231Z", "modified": "2025-12-12T17:21:49.231Z", "relationship_type": "based-on", "source_ref": "indicator--a54c2ae7-2ffb-4615-a62e-e6a9c050a4e8", "target_ref": "domain-name--cef44310-0a09-4fec-a2d2-395216ea1d92" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--421d045d-e727-43ff-97de-8fb0f59c41ee", "created": "2025-12-12T17:21:49.242Z", "modified": "2025-12-12T17:21:49.242Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'account-page-recovery-process.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.242Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--33f17853-c256-46e7-86c1-4ece444dccf3", "created": "2025-12-12T17:21:49.242Z", "modified": "2025-12-12T17:21:49.242Z", "relationship_type": "based-on", "source_ref": "indicator--421d045d-e727-43ff-97de-8fb0f59c41ee", "target_ref": "domain-name--40e0295c-7915-4630-9c0a-33408ed013ef" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--369b264f-8703-4b39-94a1-2c4d2082c55b", "created": "2025-12-12T17:21:49.259Z", "modified": "2025-12-12T17:21:49.259Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'accountingsure.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.259Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d9d563a8-e2c6-46ba-b560-faeb6689f216", "created": "2025-12-12T17:21:49.259Z", "modified": "2025-12-12T17:21:49.259Z", "relationship_type": "based-on", "source_ref": "indicator--369b264f-8703-4b39-94a1-2c4d2082c55b", "target_ref": "domain-name--079dc616-debf-416a-bf78-ce296784b3da" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d2889eec-e7c2-498b-9cff-db2f86ab33e2", "created": "2025-12-12T17:21:49.272Z", "modified": "2025-12-12T17:21:49.272Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'alamatpaypal.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.272Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4fc2b86-49cb-44a5-986e-15af1779fa23", "created": "2025-12-12T17:21:49.272Z", "modified": "2025-12-12T17:21:49.272Z", "relationship_type": "based-on", "source_ref": "indicator--d2889eec-e7c2-498b-9cff-db2f86ab33e2", "target_ref": "domain-name--5198960c-59f2-4e42-a8a2-846594eb874e" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f06506df-48b3-42b0-af2e-a6000cff2a3b", "created": "2025-12-12T17:21:49.287Z", "modified": "2025-12-12T17:21:49.287Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'amazon-update.xyz']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.287Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ba5f4388-da27-42f1-9d9a-6f184ded3fa3", "created": "2025-12-12T17:21:49.287Z", "modified": "2025-12-12T17:21:49.287Z", "relationship_type": "based-on", "source_ref": "indicator--f06506df-48b3-42b0-af2e-a6000cff2a3b", "target_ref": "domain-name--2758b67c-7bfe-468f-9e9e-3097fe4ac93a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e2906b0-4301-4df9-99ba-c0610a4ac288", "created": "2025-12-12T17:21:49.299Z", "modified": "2025-12-12T17:21:49.299Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'appleid-fmi.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.299Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--01367018-26aa-4ccc-80f9-bdc70758a706", "created": "2025-12-12T17:21:49.299Z", "modified": "2025-12-12T17:21:49.299Z", "relationship_type": "based-on", "source_ref": "indicator--7e2906b0-4301-4df9-99ba-c0610a4ac288", "target_ref": "domain-name--f5740dfd-0c0b-4c1d-a370-575516292cc1" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a6ca592-526e-4a13-9418-21bfa657532f", "created": "2025-12-12T17:21:49.310Z", "modified": "2025-12-12T17:21:49.310Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'appleid-manageids.info']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.310Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b3acaf24-7569-475a-8a3d-8040ad2ab912", "created": "2025-12-12T17:21:49.310Z", "modified": "2025-12-12T17:21:49.310Z", "relationship_type": "based-on", "source_ref": "indicator--2a6ca592-526e-4a13-9418-21bfa657532f", "target_ref": "domain-name--ca70c5a9-70e5-4938-bf7f-004034ea8536" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c194a0df-065c-4578-89c9-3ab41ed37575", "created": "2025-12-12T17:21:49.321Z", "modified": "2025-12-12T17:21:49.322Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'applessecure.site']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.322Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6ac91548-56ae-4bd6-86fd-1ef3c6e49ef5", "created": "2025-12-12T17:21:49.322Z", "modified": "2025-12-12T17:21:49.322Z", "relationship_type": "based-on", "source_ref": "indicator--c194a0df-065c-4578-89c9-3ab41ed37575", "target_ref": "domain-name--af016774-6e15-42db-ba82-d5f8eb606c6c" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee2e6a13-b2da-48ab-8a2b-f8fc7e7cf66c", "created": "2025-12-12T17:21:49.334Z", "modified": "2025-12-12T17:21:49.334Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'auth-03chase.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.334Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a59a4b17-0d55-471a-872d-ca3f8004562a", "created": "2025-12-12T17:21:49.334Z", "modified": "2025-12-12T17:21:49.334Z", "relationship_type": "based-on", "source_ref": "indicator--ee2e6a13-b2da-48ab-8a2b-f8fc7e7cf66c", "target_ref": "domain-name--539beff5-3fc1-4919-a24b-efd63cba3c80" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cb7730ea-506c-4f89-8f8f-f96d0e9201cf", "created": "2025-12-12T17:21:49.413Z", "modified": "2025-12-12T17:21:49.413Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'banking-commbank.support']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.413Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--16f8af93-7304-4843-94ab-0a0d570f79ce", "created": "2025-12-12T17:21:49.413Z", "modified": "2025-12-12T17:21:49.413Z", "relationship_type": "based-on", "source_ref": "indicator--cb7730ea-506c-4f89-8f8f-f96d0e9201cf", "target_ref": "domain-name--bec195ae-8507-4bb3-b6fb-0af657ee8c94" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf731d7d-81f8-42a6-b294-696f9ca3937f", "created": "2025-12-12T17:21:49.434Z", "modified": "2025-12-12T17:21:49.434Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'citi-securelogin.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.434Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cdbff4ea-1610-4ec9-ab11-774a3af3742e", "created": "2025-12-12T17:21:49.434Z", "modified": "2025-12-12T17:21:49.434Z", "relationship_type": "based-on", "source_ref": "indicator--bf731d7d-81f8-42a6-b294-696f9ca3937f", "target_ref": "domain-name--857b86f6-4582-48ef-834f-f28066776b1b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--acdfdd62-697d-48c3-9447-3413aaeebcb3", "created": "2025-12-12T17:21:49.446Z", "modified": "2025-12-12T17:21:49.446Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'claireapplewhite.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.446Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dc18b085-535a-41c1-9bee-8894ae0e4a3f", "created": "2025-12-12T17:21:49.446Z", "modified": "2025-12-12T17:21:49.446Z", "relationship_type": "based-on", "source_ref": "indicator--acdfdd62-697d-48c3-9447-3413aaeebcb3", "target_ref": "domain-name--6eda7a23-ea91-46cb-a26e-65abe3fe88da" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee5c0233-f514-4e52-a99f-5a2999860d17", "created": "2025-12-12T17:21:49.456Z", "modified": "2025-12-12T17:21:49.456Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'cvwwwe9851.xyz']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.456Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2bf233de-1196-47bc-bbbd-2ae8a64781f5", "created": "2025-12-12T17:21:49.456Z", "modified": "2025-12-12T17:21:49.456Z", "relationship_type": "based-on", "source_ref": "indicator--ee5c0233-f514-4e52-a99f-5a2999860d17", "target_ref": "domain-name--5a83240b-58ec-4d43-96b0-fe66bb2c5454" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2cc7cec0-fc60-4b41-9f1b-c6e6ca66e3b6", "created": "2025-12-12T17:21:49.466Z", "modified": "2025-12-12T17:21:49.466Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'docsaccount.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.466Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6f7ef2ef-cac6-4041-944c-e8e4432b488e", "created": "2025-12-12T17:21:49.466Z", "modified": "2025-12-12T17:21:49.466Z", "relationship_type": "based-on", "source_ref": "indicator--2cc7cec0-fc60-4b41-9f1b-c6e6ca66e3b6", "target_ref": "domain-name--216d649a-1d24-4806-8cf8-6bf9afc8d8f8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eaf3318d-4c7a-4624-84c7-86e244b7c85d", "created": "2025-12-12T17:21:49.476Z", "modified": "2025-12-12T17:21:49.476Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'ebankingcode.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.476Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4d042a95-e97f-4c50-875a-ee5ebab72d23", "created": "2025-12-12T17:21:49.476Z", "modified": "2025-12-12T17:21:49.476Z", "relationship_type": "based-on", "source_ref": "indicator--eaf3318d-4c7a-4624-84c7-86e244b7c85d", "target_ref": "domain-name--c4d53482-88ec-45d0-93bc-a03886aa4631" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a821e50c-01bb-47c1-883d-47d8aba2719e", "created": "2025-12-12T17:21:49.486Z", "modified": "2025-12-12T17:21:49.486Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'hbsc-payment.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.486Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a2fdf64-a501-454b-9c24-c394cc730cfc", "created": "2025-12-12T17:21:49.486Z", "modified": "2025-12-12T17:21:49.486Z", "relationship_type": "based-on", "source_ref": "indicator--a821e50c-01bb-47c1-883d-47d8aba2719e", "target_ref": "domain-name--c72da80e-c934-4957-a835-75bdec3148ce" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0a5d150-4514-4343-9cf1-0ed07a2b0813", "created": "2025-12-12T17:21:49.497Z", "modified": "2025-12-12T17:21:49.497Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'hotelesanticrisis.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.497Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--655472f3-d69d-40f0-9edb-3cb84ced2c39", "created": "2025-12-12T17:21:49.497Z", "modified": "2025-12-12T17:21:49.497Z", "relationship_type": "based-on", "source_ref": "indicator--d0a5d150-4514-4343-9cf1-0ed07a2b0813", "target_ref": "domain-name--c3f0aa9c-4b40-412a-afba-e45479028a74" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06adb04a-b0ad-4964-a1fe-f2a91ecef425", "created": "2025-12-12T17:21:49.530Z", "modified": "2025-12-12T17:21:49.530Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'icloudfindsimap.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.530Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4830467b-f507-40ad-aa16-56eb5fd81102", "created": "2025-12-12T17:21:49.530Z", "modified": "2025-12-12T17:21:49.530Z", "relationship_type": "based-on", "source_ref": "indicator--06adb04a-b0ad-4964-a1fe-f2a91ecef425", "target_ref": "domain-name--81c44f89-db1c-444d-98bb-c48e3f0c9ed6" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3831e165-ff29-4a1f-8564-9aacf1e14048", "created": "2025-12-12T17:21:49.548Z", "modified": "2025-12-12T17:21:49.548Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'imap-support.info']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.548Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0e275ae6-65c9-481f-85b3-0fa12aa41f6a", "created": "2025-12-12T17:21:49.548Z", "modified": "2025-12-12T17:21:49.548Z", "relationship_type": "based-on", "source_ref": "indicator--3831e165-ff29-4a1f-8564-9aacf1e14048", "target_ref": "domain-name--61d2fa2d-0b17-4e8c-ad34-d8dd31380760" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd60898e-1c8d-4d99-be71-97bc085298da", "created": "2025-12-12T17:21:49.559Z", "modified": "2025-12-12T17:21:49.559Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://nctrnl.us/']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.559Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--51004368-f048-48ea-b626-4e61aa2e83d7", "created": "2025-12-12T17:21:49.559Z", "modified": "2025-12-12T17:21:49.559Z", "relationship_type": "based-on", "source_ref": "indicator--fd60898e-1c8d-4d99-be71-97bc085298da", "target_ref": "url--0b21aba5-1f3a-4278-8ed8-42f097ae9c98" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bfb4a3d-60cc-4b3e-aaad-855024e77458", "created": "2025-12-12T17:21:49.570Z", "modified": "2025-12-12T17:21:49.570Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://nctrnl.us/ara.exe']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.570Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--52bb0ae2-da52-4eb6-969f-021dd00b207b", "created": "2025-12-12T17:21:49.570Z", "modified": "2025-12-12T17:21:49.570Z", "relationship_type": "based-on", "source_ref": "indicator--9bfb4a3d-60cc-4b3e-aaad-855024e77458", "target_ref": "url--543e1227-5f9b-46aa-b81c-dcb4cba2fc9a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f94ba14-58ac-4724-9cbc-6c5ca5f47307", "created": "2025-12-12T17:21:49.582Z", "modified": "2025-12-12T17:21:49.582Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://nctrnl.us/ark.exe']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.582Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d0381b7-a499-4124-9def-2be9c0f121d4", "created": "2025-12-12T17:21:49.582Z", "modified": "2025-12-12T17:21:49.582Z", "relationship_type": "based-on", "source_ref": "indicator--8f94ba14-58ac-4724-9cbc-6c5ca5f47307", "target_ref": "url--df2b58ec-5476-4cec-818c-b89fe061d95d" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--127c71a4-6784-4fdb-87e3-86100125cd44", "created": "2025-12-12T17:21:49.592Z", "modified": "2025-12-12T17:21:49.592Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'nctrnl.us']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.592Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0f820db8-1a19-4a8b-838d-e987a2c2314f", "created": "2025-12-12T17:21:49.592Z", "modified": "2025-12-12T17:21:49.592Z", "relationship_type": "based-on", "source_ref": "indicator--127c71a4-6784-4fdb-87e3-86100125cd44", "target_ref": "domain-name--b7c018f6-b60a-4d4b-870e-3eaf2fc4f401" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b12deb41-9d91-4bd3-b0a8-8e7bbaf5b543", "created": "2025-12-12T17:21:49.602Z", "modified": "2025-12-12T17:21:49.602Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'http://nctrnl.us/server/gate.php']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.602Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--83096f55-ba14-4b6e-ac9c-fe3638f0d938", "created": "2025-12-12T17:21:49.602Z", "modified": "2025-12-12T17:21:49.602Z", "relationship_type": "based-on", "source_ref": "indicator--b12deb41-9d91-4bd3-b0a8-8e7bbaf5b543", "target_ref": "url--93867192-1605-4756-a2c6-c22fa5f81523" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b32c86c9-d692-47cb-8d07-22378c1ce23e", "created": "2025-12-12T17:21:49.613Z", "modified": "2025-12-12T17:21:49.613Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'win-update.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.613Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--755e4f02-b667-4c8c-9236-1f3f1db28d05", "created": "2025-12-12T17:21:49.613Z", "modified": "2025-12-12T17:21:49.613Z", "relationship_type": "based-on", "source_ref": "indicator--b32c86c9-d692-47cb-8d07-22378c1ce23e", "target_ref": "domain-name--4100378c-1e04-43e4-bdec-e2fc1489d87a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e3363e0-0e38-4341-9a02-51d5be9f5f7a", "created": "2025-12-12T17:21:49.623Z", "modified": "2025-12-12T17:21:49.624Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'azurewebsites.tech']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.624Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--916c17f2-e5c4-4bd8-a837-bd6d42a264c7", "created": "2025-12-12T17:21:49.624Z", "modified": "2025-12-12T17:21:49.624Z", "relationship_type": "based-on", "source_ref": "indicator--4e3363e0-0e38-4341-9a02-51d5be9f5f7a", "target_ref": "domain-name--c8466904-c7cf-45ab-aa13-8edccbb34e48" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37cdf2e0-576c-484a-b17d-d9485b153dc0", "created": "2025-12-12T17:21:49.634Z", "modified": "2025-12-12T17:21:49.634Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'outlook360.org']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.634Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--000b782b-a8e9-422e-b87b-822eaad250fe", "created": "2025-12-12T17:21:49.634Z", "modified": "2025-12-12T17:21:49.634Z", "relationship_type": "based-on", "source_ref": "indicator--37cdf2e0-576c-484a-b17d-d9485b153dc0", "target_ref": "domain-name--118a8f47-d0cd-4ed1-9e49-b16bc78e5c01" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d8da4df-860f-4413-a23d-2721a306edc5", "created": "2025-12-12T17:21:49.643Z", "modified": "2025-12-12T17:21:49.643Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'sphotos-b.pw']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.643Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7da06c44-7ef9-489a-a759-1d660f36d86e", "created": "2025-12-12T17:21:49.643Z", "modified": "2025-12-12T17:21:49.643Z", "relationship_type": "based-on", "source_ref": "indicator--0d8da4df-860f-4413-a23d-2721a306edc5", "target_ref": "domain-name--d9601077-ee38-4ce5-904e-65367aef2d7a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97f329e0-5c83-443d-bf90-918e340c5143", "created": "2025-12-12T17:21:49.662Z", "modified": "2025-12-12T17:21:49.663Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'ads-youtube.tech']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.663Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--614e2093-0d57-4525-81a1-0986b2ee19bd", "created": "2025-12-12T17:21:49.663Z", "modified": "2025-12-12T17:21:49.663Z", "relationship_type": "based-on", "source_ref": "indicator--97f329e0-5c83-443d-bf90-918e340c5143", "target_ref": "domain-name--eed18f06-8d67-4576-8ea0-12be9d6dc84e" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d392e532-b19d-4d6e-b3fc-11eafd61f86e", "created": "2025-12-12T17:21:49.681Z", "modified": "2025-12-12T17:21:49.681Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'broadcast-microsoft.tech']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.681Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f4c633b3-4208-4c03-8fb0-9e6c72dfd790", "created": "2025-12-12T17:21:49.681Z", "modified": "2025-12-12T17:21:49.681Z", "relationship_type": "based-on", "source_ref": "indicator--d392e532-b19d-4d6e-b3fc-11eafd61f86e", "target_ref": "domain-name--a618ed0c-53a0-4c93-94f0-2429196d1c1c" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b93d48a7-6181-4bce-8eb6-2e44344bc4c3", "created": "2025-12-12T17:21:49.699Z", "modified": "2025-12-12T17:21:49.699Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'officeapps-live.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.699Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eeefc5f8-c371-4c3a-bb8b-85801db36b5b", "created": "2025-12-12T17:21:49.699Z", "modified": "2025-12-12T17:21:49.699Z", "relationship_type": "based-on", "source_ref": "indicator--b93d48a7-6181-4bce-8eb6-2e44344bc4c3", "target_ref": "domain-name--e99d12ab-a1a6-4d5e-94c4-259513a00ae0" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28ae8d9a-3c27-41d5-a3dd-a1177519b325", "created": "2025-12-12T17:21:49.723Z", "modified": "2025-12-12T17:21:49.723Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'onlinewebcam.press']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.723Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a33eac14-9dd5-4159-92f1-d4cf7e8d4e14", "created": "2025-12-12T17:21:49.723Z", "modified": "2025-12-12T17:21:49.723Z", "relationship_type": "based-on", "source_ref": "indicator--28ae8d9a-3c27-41d5-a3dd-a1177519b325", "target_ref": "domain-name--f0ec9750-c9b4-432b-b7f2-f0e9095a5909" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--817d3b44-0f8b-4972-b5e6-c14db33c7517", "created": "2025-12-12T17:21:49.744Z", "modified": "2025-12-12T17:21:49.744Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'fbstatic-akamaihd.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.744Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--de7239dd-e8b2-4b2f-8a76-9a3116c32ac6", "created": "2025-12-12T17:21:49.744Z", "modified": "2025-12-12T17:21:49.744Z", "relationship_type": "based-on", "source_ref": "indicator--817d3b44-0f8b-4972-b5e6-c14db33c7517", "target_ref": "domain-name--143138d3-9956-4aa3-9fe5-2f440a6b9314" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f5d73a3d-98aa-4e01-ae02-1ea0afe31787", "created": "2025-12-12T17:21:49.774Z", "modified": "2025-12-12T17:21:49.774Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'githubusecontent.tech']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.774Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1877aeeb-322b-4e40-a86d-e925dfe90cdb", "created": "2025-12-12T17:21:49.774Z", "modified": "2025-12-12T17:21:49.774Z", "relationship_type": "based-on", "source_ref": "indicator--f5d73a3d-98aa-4e01-ae02-1ea0afe31787", "target_ref": "domain-name--dcff5ca5-28d1-4329-b382-ad32cc980f04" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--63e58e00-fe1a-46d6-959a-956777620385", "created": "2025-12-12T17:21:49.806Z", "modified": "2025-12-12T17:21:49.806Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'cachevideo.online']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.806Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf1ecb8f-5c5d-4613-a534-581fa3425570", "created": "2025-12-12T17:21:49.806Z", "modified": "2025-12-12T17:21:49.806Z", "relationship_type": "based-on", "source_ref": "indicator--63e58e00-fe1a-46d6-959a-956777620385", "target_ref": "domain-name--eab3fadb-cde5-4ad0-b8b6-2250a8b3ca48" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b2c8f54-0a92-49e0-b7f5-ba60f368b1da", "created": "2025-12-12T17:21:49.827Z", "modified": "2025-12-12T17:21:49.827Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'fbexternal-a.press']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.827Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9908bf90-f613-47f7-93b4-eeeb4fa5d2ff", "created": "2025-12-12T17:21:49.827Z", "modified": "2025-12-12T17:21:49.827Z", "relationship_type": "based-on", "source_ref": "indicator--0b2c8f54-0a92-49e0-b7f5-ba60f368b1da", "target_ref": "domain-name--fa1f2df4-6f28-467c-b367-22392642fa14" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--424996ea-9f17-48c8-b784-bed5b0e1ab1c", "created": "2025-12-12T17:21:49.854Z", "modified": "2025-12-12T17:21:49.854Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'checkbot8634938602.duckdns.org']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.854Z", "labels": [ "malicious-activity" ], "confidence": 80 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--629d4acc-771c-4bfe-b31f-360183d8dfbe", "created": "2025-12-12T17:21:49.854Z", "modified": "2025-12-12T17:21:49.854Z", "relationship_type": "based-on", "source_ref": "indicator--424996ea-9f17-48c8-b784-bed5b0e1ab1c", "target_ref": "domain-name--b7d14ee7-4225-40f2-9972-74670716d13f" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e363f52-fd5a-40d8-a22a-f43f6da3276a", "created": "2025-12-12T17:21:49.876Z", "modified": "2025-12-12T17:21:49.876Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'indianstreetbets.ddns.net']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.876Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ac74ba29-9d05-4e6c-9506-c52e06cab67f", "created": "2025-12-12T17:21:49.876Z", "modified": "2025-12-12T17:21:49.876Z", "relationship_type": "based-on", "source_ref": "indicator--3e363f52-fd5a-40d8-a22a-f43f6da3276a", "target_ref": "domain-name--0e1bd390-9e8b-4f66-b68c-a103ab8266bb" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6fffc1c5-d96d-4080-85d5-002edea1c87e", "created": "2025-12-12T17:21:49.896Z", "modified": "2025-12-12T17:21:49.896Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'billpaycanada.online']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.896Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7dbbf6cb-0346-473b-b10d-c1b2e66f6915", "created": "2025-12-12T17:21:49.896Z", "modified": "2025-12-12T17:21:49.896Z", "relationship_type": "based-on", "source_ref": "indicator--6fffc1c5-d96d-4080-85d5-002edea1c87e", "target_ref": "domain-name--17ba9f44-5930-43f1-bcf7-e72eeeb2ba83" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--63d91d9f-14aa-4773-9b82-9f83cb978668", "created": "2025-12-12T17:21:49.927Z", "modified": "2025-12-12T17:21:49.927Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'poorinfo.tk']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.927Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--28a6e712-77f9-40b2-9350-f4a34f2f3ef2", "created": "2025-12-12T17:21:49.927Z", "modified": "2025-12-12T17:21:49.927Z", "relationship_type": "based-on", "source_ref": "indicator--63d91d9f-14aa-4773-9b82-9f83cb978668", "target_ref": "domain-name--4173b272-1fcd-4ba0-8e63-a4669be79ef4" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dea7941e-0050-4cac-91d2-c03f4fd2af94", "created": "2025-12-12T17:21:49.948Z", "modified": "2025-12-12T17:21:49.948Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '9twelve-srvcs.zapto.org']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.948Z", "labels": [ "malicious-activity" ], "confidence": 80 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--846db336-216c-4826-bbde-f29556cfdb7d", "created": "2025-12-12T17:21:49.948Z", "modified": "2025-12-12T17:21:49.948Z", "relationship_type": "based-on", "source_ref": "indicator--dea7941e-0050-4cac-91d2-c03f4fd2af94", "target_ref": "domain-name--031a0608-2b94-4d25-a7c3-2617f8243c6a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3f6338e-e8dc-406e-8ab2-6c1feb80cfb3", "created": "2025-12-12T17:21:49.967Z", "modified": "2025-12-12T17:21:49.967Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'peak.serveftp.net']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.967Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c3998631-8c1e-4f72-be90-186cf34b8990", "created": "2025-12-12T17:21:49.967Z", "modified": "2025-12-12T17:21:49.967Z", "relationship_type": "based-on", "source_ref": "indicator--b3f6338e-e8dc-406e-8ab2-6c1feb80cfb3", "target_ref": "domain-name--44df0249-465e-4900-aa1e-61b0b1ce2317" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8a555b03-8b5a-48ef-b4c8-4c5f07349e98", "created": "2025-12-12T17:21:49.985Z", "modified": "2025-12-12T17:21:49.986Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.account-next.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:49.986Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a770cbb-d230-4877-b02b-9830314c9bfb", "created": "2025-12-12T17:21:49.986Z", "modified": "2025-12-12T17:21:49.986Z", "relationship_type": "based-on", "source_ref": "indicator--8a555b03-8b5a-48ef-b4c8-4c5f07349e98", "target_ref": "domain-name--88cb9577-0268-4c4a-be4d-3e608de1c8b2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--15241a80-52b5-4fd9-b779-73f754b61d76", "created": "2025-12-12T17:21:50.001Z", "modified": "2025-12-12T17:21:50.001Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'uyhb4rz7vcph6j.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.001Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6c2b8df4-b999-4b0e-a0de-9f9be7955e8c", "created": "2025-12-12T17:21:50.001Z", "modified": "2025-12-12T17:21:50.001Z", "relationship_type": "based-on", "source_ref": "indicator--15241a80-52b5-4fd9-b779-73f754b61d76", "target_ref": "domain-name--209edcd8-ab1b-4b19-96ed-feada1bc87b6" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--469733cb-e2b1-4dce-87d3-91d8ffa939a5", "created": "2025-12-12T17:21:50.023Z", "modified": "2025-12-12T17:21:50.023Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'jjuangco.ddns.net']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.023Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e039753d-9e37-4fde-a195-30e5e27a6bc3", "created": "2025-12-12T17:21:50.023Z", "modified": "2025-12-12T17:21:50.023Z", "relationship_type": "based-on", "source_ref": "indicator--469733cb-e2b1-4dce-87d3-91d8ffa939a5", "target_ref": "domain-name--38421339-d71c-436e-9dfb-79d7902eb0c1" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcdaac8a-6cd8-4f13-a985-f27ad29351da", "created": "2025-12-12T17:21:50.038Z", "modified": "2025-12-12T17:21:50.038Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.mohimjo.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.038Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f1ae4df6-e7d6-4c1d-ad2f-722ab1b1837d", "created": "2025-12-12T17:21:50.038Z", "modified": "2025-12-12T17:21:50.038Z", "relationship_type": "based-on", "source_ref": "indicator--fcdaac8a-6cd8-4f13-a985-f27ad29351da", "target_ref": "domain-name--616eb973-e101-48b3-a9e1-9394a7644816" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c5c92c33-a907-497e-88ed-1b669d969d01", "created": "2025-12-12T17:21:50.065Z", "modified": "2025-12-12T17:21:50.065Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'mi.cuenta.amazon.es.dsgaradcollegemohol.online']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.065Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eb606f56-94c2-4c50-8152-76c6c812a1cc", "created": "2025-12-12T17:21:50.065Z", "modified": "2025-12-12T17:21:50.065Z", "relationship_type": "based-on", "source_ref": "indicator--c5c92c33-a907-497e-88ed-1b669d969d01", "target_ref": "domain-name--0757422d-fd22-4da4-9e51-2fd0d038bb0f" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f17eb09f-5e09-4aff-86d6-0685fb702337", "created": "2025-12-12T17:21:50.085Z", "modified": "2025-12-12T17:21:50.085Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'seeking0support.ddns.net']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.085Z", "labels": [ "malicious-activity" ], "confidence": 80 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--864f0da5-f557-45b8-ba88-47edef073467", "created": "2025-12-12T17:21:50.085Z", "modified": "2025-12-12T17:21:50.085Z", "relationship_type": "based-on", "source_ref": "indicator--f17eb09f-5e09-4aff-86d6-0685fb702337", "target_ref": "domain-name--e598714c-13f3-4676-8d52-6aa264969832" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f313fe7d-2ff7-4d85-b26b-9dcfad8e12c2", "created": "2025-12-12T17:21:50.099Z", "modified": "2025-12-12T17:21:50.099Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.dsgaradcollegemohol.online']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.099Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--372a3328-2e45-4137-837c-38bd22207882", "created": "2025-12-12T17:21:50.099Z", "modified": "2025-12-12T17:21:50.099Z", "relationship_type": "based-on", "source_ref": "indicator--f313fe7d-2ff7-4d85-b26b-9dcfad8e12c2", "target_ref": "domain-name--054249ea-c08a-4c2a-af44-2d03f10ce1f0" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb3e2a2c-3659-44a0-8e60-0ca780b450ce", "created": "2025-12-12T17:21:50.110Z", "modified": "2025-12-12T17:21:50.110Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'freeworldlike.tk']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.110Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e25ae7ee-bbe1-4f12-baea-28f6881f09c3", "created": "2025-12-12T17:21:50.110Z", "modified": "2025-12-12T17:21:50.110Z", "relationship_type": "based-on", "source_ref": "indicator--fb3e2a2c-3659-44a0-8e60-0ca780b450ce", "target_ref": "domain-name--7a05ea38-9f31-4a8a-9eba-defd93ba8877" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef44a75d-4629-4d64-8865-2d04f65744bc", "created": "2025-12-12T17:21:50.125Z", "modified": "2025-12-12T17:21:50.125Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.oksurls.info']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.125Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3b34f742-ee58-47b4-959d-7b326c43d372", "created": "2025-12-12T17:21:50.125Z", "modified": "2025-12-12T17:21:50.125Z", "relationship_type": "based-on", "source_ref": "indicator--ef44a75d-4629-4d64-8865-2d04f65744bc", "target_ref": "domain-name--7cf1a6b4-f205-4aaf-a904-4fca948a824a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2eae2239-1b94-4743-a60b-4a5dc0c7fa83", "created": "2025-12-12T17:21:50.248Z", "modified": "2025-12-12T17:21:50.248Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.vbzurls.info']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.248Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--db4746f7-5be4-421e-a0e9-aa357754ac72", "created": "2025-12-12T17:21:50.248Z", "modified": "2025-12-12T17:21:50.248Z", "relationship_type": "based-on", "source_ref": "indicator--2eae2239-1b94-4743-a60b-4a5dc0c7fa83", "target_ref": "domain-name--516cbadd-a8ed-40f1-93e3-6483c1679b2b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa17a7f8-ee20-4a23-a381-1c4f1a5feaa1", "created": "2025-12-12T17:21:50.270Z", "modified": "2025-12-12T17:21:50.270Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.suncbi.com']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.270Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--76ac8889-ba71-4bf1-996a-970933dfe151", "created": "2025-12-12T17:21:50.270Z", "modified": "2025-12-12T17:21:50.270Z", "relationship_type": "based-on", "source_ref": "indicator--fa17a7f8-ee20-4a23-a381-1c4f1a5feaa1", "target_ref": "domain-name--8dddd3a3-c417-46e3-81f2-5cceb2404b73" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6577c47-fe30-4f91-a1d8-49631c5012d1", "created": "2025-12-12T17:21:50.287Z", "modified": "2025-12-12T17:21:50.287Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'facaziki2.xyz']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.287Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--01d7d324-1d33-45c4-a20a-a62697de49fb", "created": "2025-12-12T17:21:50.287Z", "modified": "2025-12-12T17:21:50.287Z", "relationship_type": "based-on", "source_ref": "indicator--a6577c47-fe30-4f91-a1d8-49631c5012d1", "target_ref": "domain-name--68df9655-8bef-4502-909e-d7741e666334" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8681977f-5937-41e5-90a0-ebb5b871b0fe", "created": "2025-12-12T17:21:50.304Z", "modified": "2025-12-12T17:21:50.304Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'www.krrurls.info']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.304Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--245f2168-d545-48c1-b3d8-dde4e3903935", "created": "2025-12-12T17:21:50.304Z", "modified": "2025-12-12T17:21:50.304Z", "relationship_type": "based-on", "source_ref": "indicator--8681977f-5937-41e5-90a0-ebb5b871b0fe", "target_ref": "domain-name--8b0a73b5-dd89-4803-98e3-86cdacdbad88" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3b757d04-6d1d-4c1c-9547-2c070460c8e0", "created": "2025-12-12T17:21:50.320Z", "modified": "2025-12-12T17:21:50.320Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'onstock.onlinesat.ddns.net']", "pattern_type": "stix", "valid_from": "2025-12-12T17:21:50.320Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9faf1b61-f89f-4beb-b14e-d74339930485", "created": "2025-12-12T17:21:50.320Z", "modified": "2025-12-12T17:21:50.320Z", "relationship_type": "based-on", "source_ref": "indicator--3b757d04-6d1d-4c1c-9547-2c070460c8e0", "target_ref": "domain-name--7be7cce6-3efb-4e1a-9f3e-464e89c52849" } ] }