Cybersecurity Latest Rundown

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

SOX: 16 FISMA: 2 HIPAA: 1

Industry Watch

🚨 Critical Infrastructure (SOX) CRITICAL

Active exploitation of legacy hardware

Key threat: Sierra Wireless AirLink ALEOS Router RCE (CVE-2018-4063)

Action: Review Sierra Wireless Router Flaw Enabling RCE Attacks, Apply Firmware Updates Immediately

Technology & Mobile (SOX) ELEVATED

Zero-day exploitation in wild

Key threat: WebKit Vulnerabilities affecting iOS/macOS devices

Action: Review Apple Security Updates for WebKit Flaws, Enforce OS Patching

CyberSecurity Latest Rundown

Heroes, a movie review! Also, update your Apple devices!! Here's a curated look at the current cybersecurity landscape for December 13, 2025.

CRITICAL ITEMS

Apple Issues Emergency Updates for WebKit Flaws Exploited in the Wild
Date & Time: 2025-12-13T05:32:00

Apple has released urgent security updates for the entire Apple ecosystem (iOS, macOS, etc.) to address two WebKit vulnerabilities that are currently being exploited by attackers. These flaws allow malicious web content to execute code on the victim's device simply by visiting a compromised site.

Business impact

If exploited, this vulnerability allows attackers to compromise executive mobile devices and workstations, leading to data theft, spyware installation, and unauthorized access to corporate resources. This poses a severe risk to intellectual property and executive privacy.

Recommended action

Ask your IT/MDM team: "What is the compliance status of our Apple fleet regarding today's emergency security updates, and can we force a restart for non-compliant devices within 24 hours?"

CVE: CVE-2025-24201 | Compliance: SOX | Source: The Hacker News ↗
CISA Adds Actively Exploited Sierra Wireless Router Flaw to KEV
Date & Time: 2025-12-13T12:33:00

CISA has confirmed active exploitation of a critical vulnerability in Sierra Wireless AirLink ALEOS routers, adding it to the Known Exploited Vulnerabilities (KEV) catalog. This flaw allows remote attackers to execute arbitrary code on the device, potentially granting full control over network edge devices.

Business impact

Compromise of these routers can allow attackers to intercept sensitive data, disrupt critical communications, or use the devices as a beachhead to launch further attacks into the internal network. For critical infrastructure, this represents a direct risk to operational continuity and safety.

Recommended action

Ask your Network Engineering team: "Do we have any Sierra Wireless AirLink routers in our fleet, and have we verified they are running the latest firmware patched against CVE-2018-4063?"

CVE: CVE-2018-4063 | Compliance: SOX | Source: The Hacker News ↗, Tenable ↗. [The Hacker News +1]

🎥 blackhat: 5/5

Chris Hemsworth shatters the glass ceiling and shows that handsome men with rugged jawlines and who wear the bejeezus out of a linen shirt can be technically capable.

HIGH SEVERITY ITEMS

Notepad++ Fixes Updater Vulnerability Allowing Traffic Hijacking
Date & Time: 2025-12-12T22:16:28

The popular text editor Notepad++ has patched a vulnerability in its updater mechanism that allowed attackers to hijack the update process due to weak file authentication. This could enable a supply chain-style attack where users believe they are updating the software but are instead downloading malware.

Business impact

Compromised developer tools are a primary vector for supply chain attacks; if exploited, attackers could gain persistent access to developer workstations, potentially leading to code theft or the injection of malicious code into your own products.

Recommended action

Ask your Endpoint Security team: "Can we verify that all instances of Notepad++ in our environment are updated to the latest version, or block the application's update URL at the gateway until patched?"

CVE: n/a | Compliance: SOX | Source: Security Affairs ↗
Microsoft Expands Bug Bounty to Cover Third-Party Code Risks
Date & Time: 2025-12-12T19:20:40

Acknowledging the growing supply chain threat, Microsoft is expanding its bug bounty program to reward researchers for finding vulnerabilities in third-party code (commercial and open source) that impacts Microsoft users. This strategic shift highlights the critical nature of third-party dependencies in modern cloud and AI environments.

Business impact

This move signals an increased scrutiny on the software supply chain; organizations should expect more vulnerabilities to be disclosed in common dependencies, requiring faster patch management cycles to avoid regulatory penalties and breaches.

Recommended action

Ask your AppSec team: "Do we have an automated inventory of third-party components (SBOM) for our critical applications to quickly react when new supply chain vulnerabilities are disclosed?"

CVE: n/a | Compliance: SOX | Source: Security Boulevard ↗

MEDIUM SEVERITY ITEMS

NCSC Warns Prompt Injection Requires Impact Reduction, Not Just Prevention
Date & Time: 2025-12-12T18:36:11

The NCSC has issued guidance stating that prompt injection in LLMs cannot be fully mitigated like traditional SQL injection. Organizations are urged to shift focus from pure prevention to architectural defense-in-depth and impact reduction.

CVE: n/a | Compliance: SOX | Source: Security Boulevard ↗
OWASP and CISA Highlight Top Agentic AI and Software Flaws
Date & Time: 2025-12-12T14:00:00

Tenable reports on new OWASP rankings for Agentic AI application risks and CISA's list of most dangerous software flaws for 2025. This underscores the emerging attack surface created by autonomous AI agents in enterprise environments.

CVE: n/a | Compliance: SOX | Source: Tenable ↗

🔵 LOW SEVERITY ITEMS

DOJ Sues Fulton County Over 2020 Voter Data Records
Date & Time: 2025-12-12T20:37:10

The DOJ is suing Fulton County, Georgia, for refusing to hand over voter records as part of a nationwide data collection project. This highlights the ongoing legal and compliance complexities surrounding election data governance.

CVE: n/a | Compliance: SOX | Source: CyberScoop ↗

EXECUTIVE INSIGHTS

MIT Launches Program to Train Military Leaders for the AI Age
Date & Time: 2025-12-12T18:10:00

MIT has launched a joint program to train military leaders in applied artificial intelligence, emphasizing AI's critical role in national security decision-making. This reflects a broader trend of upskilling leadership to manage AI-driven operational risks.

Source: MIT News ↗

VENDOR SPOTLIGHT

Spotlight Rationale: With Tenable and OWASP highlighting Agentic AI risks and the explosion of machine identities, securing Non-Human Identities (NHIs) is now a critical priority.

Threat Context: OWASP Ranks Top Agentic AI App Risks

Platform Focus: Entro Security (NHI & Secrets Management)

As organizations deploy Agentic AI (as noted in today's Tenable report), the number of Non-Human Identities (NHIs)—API keys, tokens, and service accounts—explodes. Entro Security provides a specialized platform to discover, classify, and secure these identities, directly addressing the "Agentic AI security" gap by ensuring the secrets these agents use are not exposed or over-privileged.

Actionable Platform Guidance: Implement Entro's discovery engine to map all NHIs associated with AI agents. Specifically, audit permissions for any NHI used by an autonomous agent to ensure least-privilege access, mitigating the impact of the "Prompt Injection" risks warned about by the NCSC today.

Source: Entro Security ↗, Entro Security ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - Entro Security

# Entro Security CLI - NHI Discovery for AI Agents
# Prerequisite: Entro CLI installed and authenticated

# 1. List all discovered Non-Human Identities (NHIs) tagged with 'AI' or 'Agent'
entro-cli secrets list --tags "AI,Agent,LLM" --format json > ai_secrets_audit.json

# 2. Analyze permissions for high-risk secrets
# Look for secrets with 'admin' or 'write' privileges
cat ai_secrets_audit.json | jq '.[] | select(.permissions | contains("admin") or contains("write"))'

# 3. Rotate compromised or over-privileged secrets immediately
# entro-cli secrets rotate --id [SECRET_ID]

2. YARA Rule for Sierra Wireless Malware Indicators

rule SierraWireless_Malware_Indicators {
meta:
description = "Detects malware artifacts associated with Sierra Wireless router exploitation (Chaya, RondoDox, Redtail)"
author = "Threat Rundown"
date = "2025-12-13"
reference = "https://thehackernews.com/2025/12/cisa-adds-actively-exploited-sierra.html"
severity = "critical"
tlp = "white"
strings:
$s1 = "Chaya" ascii wide
$s2 = "RondoDox" ascii wide
$s3 = "Redtail" ascii wide
$s4 = "ShadowV2" ascii wide
$h1 = { 45 4c 46 01 01 01 00 } // ELF Header common in IoT malware
condition:
uint32(0) == 0x464c457f and (any of ($s*) or ($h1 and 2 of ($s*)))
}

3. SIEM Query — Sierra Wireless Exploitation Attempts

index=security sourcetype="firewall" OR sourcetype="web_proxy"
(dest_port=80 OR dest_port=443 OR dest_port=8080)
(url="*/api/*" OR url="*/admin/*")
| eval risk_score=case(
match(user_agent, "(?i)(Chaya|RondoDox|Redtail)"), 100,
match(dest_ip, "[Known_Compromised_IP_List]"), 90,
1==1, 0)
| where risk_score >= 90
| table _time, src_ip, dest_ip, url, user_agent, risk_score
| sort -_time

4. PowerShell Script — Notepad++ Version Audit

$computers = "localhost", "WKSTN01", "WKSTN02"
foreach ($computer in $computers) {
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Invoke-Command -ComputerName $computer -ScriptBlock {
$npp = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" |
Where-Object { $_.DisplayName -like "*Notepad++*" }
if ($npp) {
Write-Host "Found Notepad++ Version: $($npp.DisplayVersion) on $env:COMPUTERNAME"
# Alert if version is vulnerable (Example logic)
}
}
}
}

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "type": "bundle", "id": "bundle--28b55bc5-2670-4c40-833b-66883db97419", "objects": [ { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "created": "2022-10-01T00:00:00.000Z", "definition_type": "tlp:2.0", "name": "TLP:CLEAR", "definition": { "tlp": "clear" } }, { "type": "identity", "spec_version": "2.1", "id": "identity--9bd6f22f-a800-4060-ab21-b7d9d70a0a82", "created": "2025-12-13T19:23:15.922Z", "modified": "2025-12-13T19:23:15.922Z", "name": "MikeGPT Intelligence Platform", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "identity_class": "organization", "sectors": [ "technology", "defense" ], "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "report", "spec_version": "2.1", "id": "report--b0c38416-0b36-4825-8b22-daa3b1226a9f", "created": "2025-12-13T19:23:15.922Z", "modified": "2025-12-13T19:23:15.922Z", "name": "Threat Intelligence Report - 2025-12-13", "description": "Threat Intelligence Report - 2025-12-13\n\nThis report consolidates actionable cybersecurity intelligence from 81 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulner (Score: 100)\n• CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks (Score: 100)\n• Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild (Score: 100)\n• Emergency fixes deployed by Google and Apple after targeted attacks (Score: 100)\n• Microsoft Expands Its Bug Bounty Program to Include Third-Party Code (Score: 100)\n\nEXTRACTED ENTITIES:\n• 26 Attack Pattern(s)\n• 13 Domain Name(s)\n• 15 File:Hashes.Md5(s)\n• 5 File:Hashes.Sha 1(s)\n• 13 Indicator(s)\n• 5 Malware(s)\n• 1 Marking Definition(s)\n• 173 Relationship(s)\n• 1 Threat Actor(s)\n• 5 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "published": "2025-12-13T19:23:15.922Z", "object_refs": [ "identity--9bd6f22f-a800-4060-ab21-b7d9d70a0a82", "identity--c9e7a82f-9842-4d9a-8028-5e75682e6965", "vulnerability--02971bd4-3628-4eb1-b7c1-a58aeced450b", "identity--cf8ac5fd-11aa-467e-b6bf-1f56ee5d1cce", "identity--521469a3-aba0-42c9-92ab-b9c08b9632d4", "vulnerability--d95868d7-4f07-4d84-b742-07ee4cf4adbf", "identity--acb93a01-a11d-403f-b638-c94a395f04fd", "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "vulnerability--09cfd756-732a-426d-8c11-8d9ddb3e9e05", "identity--f1ffc8ad-3ef1-45fd-a7e5-806af119c598", "identity--f6a99f72-a94f-4e68-a5ba-aafcaac79603", "identity--9d0e9eda-f5a2-4ffb-9bcb-d07e3bd2de63", "identity--89d684e8-cde4-440c-8196-25d8a5bc5efd", "identity--decb6695-1ae6-4e57-a8c1-5496e3f27540", "identity--e835485c-2204-4cf2-a5fa-2b610e6ad752", "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "identity--cad9720c-9a30-444d-afca-bed90915623b", "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "vulnerability--037af9ea-e6a0-470f-bd5b-26e26782f1b8", "vulnerability--d0df28be-fd03-4f6b-82ae-ff41026a1523", "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "attack-pattern--34e7763c-ff57-4a68-9e1e-ebf4113d5699", "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "attack-pattern--f3417ce4-850c-4b35-a8f0-944ebd1397de", "attack-pattern--fe0dbb15-07c4-4317-bb17-07a290b37fc8", "attack-pattern--b8629e39-9577-449a-a60e-f83a0117adfb", "attack-pattern--84b7fc1e-6f1b-4dc6-9bcc-488b2727c7af", "attack-pattern--aafb87d3-d5e3-44d3-9260-c41332dda176", "attack-pattern--6ffaba66-d6ac-4af3-b4f3-8a5adabce2bb", "attack-pattern--e0ca9798-d35f-4b93-abdf-0bb71955851b", "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "attack-pattern--e2929ea1-90a3-4f9f-9b17-3b885a5c8383", "attack-pattern--16f10804-98f4-41fe-8ff6-1829e533747f", "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "attack-pattern--7f3ed782-2721-4672-8876-bb795e84c74b", "attack-pattern--6d9b81c7-ff41-4e95-a3ba-91d0ea450968", "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "relationship--936c71a0-6a59-480e-96c4-9a0a31ed513e", "relationship--8ed41604-9ff6-485b-9614-d391597a7082", "relationship--8c42b7d3-6043-43f3-b874-0d932f227584", "relationship--02feb9f9-2b26-4fbc-ac2e-0dd67036b957", "relationship--ba4df7ab-d102-48c8-9b26-65a710c3875a", "relationship--fa738229-44e6-4369-9fc0-6dc2c6a93ab5", "relationship--f5a9319c-0c02-4b32-ae7c-6e0a0e47b686", "relationship--ecf5ee93-331d-426f-a890-c9ffc6b850f8", "relationship--087f0472-85d8-4497-9e74-ca5a3d213086", "relationship--93b122d8-b1e9-4996-8347-5c2fe2f5f8d3", "relationship--f7e2456e-1d05-444b-a646-8b56ee2b3874", "relationship--36a1d126-b575-4f59-9843-00b033ad136b", "relationship--0758fe53-183a-4328-be39-e011b802a1ad", "relationship--96a0e417-c831-46cc-9d7d-42d9f94d3a84", "relationship--516f6931-7477-452e-86df-24f408108619", "relationship--34c2e743-9eec-43d1-9e23-e24876407e24", "relationship--d589fe0e-2a8f-4b13-aa9c-2b00ea0c9f2d", "relationship--de0fa671-36fb-44f8-976b-5d03f82250db", "relationship--7e8b64cf-6c1e-4689-8658-2860f1ce1787", "relationship--998904cc-1010-4a8c-b2e5-a7403098369c", "relationship--4ae7a442-176e-463a-8433-9aefddec3203", "relationship--55f9f5de-dd47-495d-80aa-5835060cdc5a", "relationship--0adaafa0-1340-41c8-bf0c-8c1b0eb463f1", "relationship--184264b3-4714-465c-8865-0282c8959271", "relationship--881a9521-711d-42f3-912a-d0088f80b395", "relationship--84e9df16-8425-4db1-a684-fd632649f6ff", "relationship--e777bf4a-901c-47d4-9463-a8dd7ca099db", "relationship--9f360f7f-7f0d-46e1-b0b7-fb4f4abc9e1e", "relationship--c89bcc2c-aa79-48f1-b380-481b9a6ba64e", "relationship--d40267b3-efae-43ff-a66a-7ae06c159e3f", "relationship--91b36ab9-1de4-47c0-b116-e6d4dbf4c395", "relationship--90c41c98-94a2-431d-91c8-84d4b75bf4be", "relationship--a1435d3c-36ba-4524-9d2a-ab25dcdb9d5f", "relationship--6e7a0b2e-7281-4464-a418-339d097cf131", "relationship--49de1463-f715-46f4-83fb-99d90e325a00", "relationship--1fe12e9f-adf0-42ad-b965-597f1aa72102", "relationship--e52d852f-1157-4698-82b7-37f8e4a81188", "relationship--33eb9cf0-f07f-4a89-bdee-e398bc1390a5", "relationship--6d413989-dc9b-4dbd-b70d-b8616f83886f", "relationship--8ee643f9-3efa-4e42-8e6d-8f3cbcf73e3d", "relationship--8b3f3af3-3d7a-4e46-b94c-1766c1d562ce", "relationship--41b69522-27a2-4843-aa09-f0caaec9d2c9", "relationship--1202c9f3-c5bc-48d5-bace-d85c4080c3f1", "relationship--2b7de5fe-3fef-4ff0-876c-e0cdc9f14b26", "relationship--e26deb7e-ed7b-459c-b6b6-79fa2d0da6a7", "relationship--8c0175a2-5292-47fd-834c-52563ee70fb7", "relationship--1e9c1271-a3f9-471f-bc77-5cd12fbdb83f", "relationship--296357c3-b77f-4da3-b76c-bd9acd5f77f8", "relationship--314d5ad4-82bb-430c-bd49-375edb3c3e57", "relationship--c24236de-8795-4413-87ab-9228c9d6d1da", "relationship--a2dd5d72-6b4c-4d1d-bd45-5ee3b713554c", "relationship--ab8cf589-8946-439e-9ba9-a71d2243574b", "relationship--8c77765a-e81a-470c-a979-c3024c445636", "relationship--6e88af65-2146-46ee-9728-474d185746e3", "relationship--5bf87c5c-37ee-46f2-ab29-403aa6f66ab2", "relationship--4ec203bf-b9d7-4b0e-82bc-a7b702c30447", "relationship--70a7c757-1c5f-4b3b-ac9c-cc59d8ecc3ab", "relationship--0a0b8889-d3dd-4642-93dd-5cb3fa55fa25", "relationship--bf2f3fcb-2fa0-461e-8bc5-d5955261a1bd", "relationship--6544d945-77e3-4c54-bd54-af5e48101b62", "relationship--33de123b-f6e9-4f52-af82-cb058179326e", "relationship--4ebdfdf1-24c2-41a4-b9ce-117c28919ac0", "relationship--4c821c46-5039-4a64-a3d2-9b77606fd0db", "relationship--9128635b-80f7-4be7-8640-6b27bd16d46d", "relationship--5c96483d-7e38-4f25-9ac5-362ac9b098a6", "relationship--5775338b-ce64-4757-8cd8-18b54c9f7cd2", "relationship--bdec3db7-3797-4ae4-93a3-ba83c4f7fde8", "relationship--52c3e1fd-6370-44ba-93cd-0bb21307f914", "relationship--3d23eb0f-bd49-4d42-a2c7-11e1c74c66ac", "relationship--16659cf1-4888-47b5-a040-b6f6d813ab91", "relationship--6ef621b3-2afd-4606-a04e-813fd2fcca63", "relationship--baf8b2db-d2e0-42f1-bf04-b66286c8a9d2", "relationship--be7673f2-48d3-4a1c-a8b4-ae1db04bd76b", "relationship--803d96f1-192e-467b-870a-1c77e9d151a2", "relationship--e86f691b-d6b4-4961-bbf5-b06cf408fedd", "relationship--28c8f4c1-5a33-4ac7-b9a3-76dacae4755c", "relationship--f33f2568-8cd2-4cfb-8f78-6e674e49cb3b", "relationship--e67f175a-bcd3-4bfb-a0c0-6c43779d454e", "relationship--dea7d603-31d9-4306-9461-fefc7c29b1e8", "relationship--18c870a3-a501-4643-833e-c7cd1bcc667d", "relationship--b4d3591c-e9fc-4a2c-acff-8f7aa176dac5", "relationship--3321651c-df65-4e87-b89a-1620b4f74be8", "relationship--77e34d1e-bd55-4adf-a883-e561eaf97a81", "relationship--9d689af1-646e-4258-85f0-ecb76edfe500", "relationship--97a29fd7-0f93-4aab-9971-c7e6b0273448", "relationship--f06d2b8c-9ef1-4b5f-8b55-7fb59e8951fe", "relationship--c041ce9d-f82d-423d-a2e8-98890f641070", "relationship--b1b2bf92-f3a5-4dc0-a2ed-6ed34fcf7fda", "relationship--3188f66f-fe22-4c36-b94c-78f988d629bd", "relationship--68ae03e9-c731-4973-b301-53d469c45f81", "relationship--28840c06-f15c-4c78-b525-4009782cad7b", "relationship--8e0bde01-34bb-45f5-a24a-86e9fc0b6c59", "relationship--390a8c01-0708-46f5-bb65-e8dc2a61eac2", "relationship--d8c1e418-f2a2-4bcd-bd3d-e6ebb1573812", "relationship--1e6d7d75-be37-428d-8d34-fe0bd48818f3", "relationship--7f420f11-c5b0-42ff-9a42-5f778050f6b2", "relationship--db3f4f90-aa17-4467-9f1c-e9ba045d9b64", "relationship--ea6a6806-c417-4a35-a0f3-71d868bc437f", "relationship--3c126820-e144-4804-bfdd-391b76857863", "relationship--c2e9f33e-2bb0-4a82-ba4e-82b295958461", "relationship--e73fbe08-0024-49c7-bbf5-c63aaffee181", "relationship--468aaec3-e3b5-40e8-b5a9-94a9ff6462ad", "relationship--7887cdd6-24ad-48b0-8875-dfec4c88f539", "relationship--45aa1e93-3fae-40d1-8aaf-fcff41befbbe", "relationship--59da45c8-90f1-48dc-9b05-b12638a7bcd5", "relationship--67aab3e1-8e67-4663-b37c-05f6ec4ceb69", "relationship--708a0cef-86e4-46fe-b910-bc3b4325d675", "relationship--d8780c74-c128-4f3d-aef8-cb8ab1214ce8", "relationship--da212b73-0dcb-43c7-827e-8754fdfd86ea", "relationship--cdfae853-44cb-4d6d-83a6-9722d2ba802d", "relationship--ecd9dfed-c8e8-4af1-ad84-9c147d4ab2a0", "relationship--75f9de70-6c95-4c89-b2aa-456d4a1b5c85", "relationship--9e6a8a27-2c40-42e5-837a-7f0dc04f3be2", "relationship--1af91548-5cd2-42dd-9269-0f8857aaea72", "relationship--9e18ff3d-891b-4447-b899-569ebd5af139", "relationship--204667b8-a321-4994-9d18-0bf02b26fe07", "relationship--829b9a26-58e0-4410-99a0-2d030a25c5dd", "relationship--626fd5a3-5d01-481b-a5fc-b027788441b1", "relationship--f649d038-ce41-4fbe-9ef3-b6e71029329d", "relationship--47ccfc3c-6abc-4c52-8e59-98b27b314539", "relationship--a7a0544b-49a3-4534-afad-fb4e8550a8e7", "relationship--ce8446c2-a5cf-4073-b821-999aed4be805", "relationship--813d3609-372c-4ec7-a9bf-bb6e96b23303", "relationship--ff8c8722-3072-42e6-a883-5ed0be621149", "relationship--9873f429-96d4-4164-8dfc-55382aa5f4fa", "relationship--d1ff0c39-565b-488d-bf9c-86b2d57f0ac0", "relationship--198e8cc9-8f76-4941-a701-152d6538c6a9", "relationship--d2bdfee1-f593-4e40-acae-5b754531c79b", "relationship--1678dd06-aa0d-407b-bd31-a64864950709", "relationship--fe1bc984-7ca9-4838-8e79-53ff41efec89", "relationship--0621a8b4-af26-4cb8-ad6b-ae609822a098", "relationship--598200b0-10ad-4913-a1a5-a5d81f6decb9", "relationship--57f59a75-01b6-49a7-9f48-78fa53a1ab70", "relationship--8c36b042-ad92-4f8e-ba1b-6dcc1dc3631c", "relationship--e9d1b624-8a67-42b1-8ae5-4f8c8dbcbcaa", "relationship--b3893e8c-a292-46df-85b1-0e7a01f5743a", "relationship--66f9080a-2d37-48fb-8f45-0e85d297340a", "relationship--1818087a-5e62-4bd4-83e7-1e23cef1e4f3", "relationship--a176ee2a-723b-4c1e-9014-77ca66ac6447", "relationship--6a1a7894-a56b-4e29-86f6-83cf05aed6b6", "relationship--90ea01bd-0fea-4261-b1bf-a4d4a489bc21", "relationship--7778485e-b1ea-4455-965f-130640240d5f", "relationship--edb47256-ba5d-4e12-9a41-e39edda98f84", "relationship--aaffcb7d-36ea-48fe-8bc8-bd31caa15ba9", "relationship--566b28f2-ddfb-466b-ad1c-1262f0135692", "relationship--e27faecb-f822-439f-965d-cdbf3a50fd69", "relationship--eb5cf164-1034-4ac5-bf3c-701ac9b03d92", "relationship--6e714976-6d6f-413c-a73b-30c3c6987bff", "relationship--4f4751aa-b7fe-48d8-9cd4-661415864b5b", "relationship--308c62a5-adff-4d7e-86cf-54de80e52996", "relationship--083cf8f2-62d4-4f3c-9091-f9d0b1089bb1", "relationship--77f621b9-04f3-47e9-87f3-e76791b8b470", "relationship--5bfa6ae4-0e25-45d5-ba14-3e3c2bc2044f", "relationship--8c2472c2-af76-456e-bf93-31f3ff619984", "relationship--2259181c-a854-4b2e-95ba-7fff537d10a9", "relationship--4e4bfa58-9937-4951-ba82-3b4a202129a9", "relationship--7aa47539-4827-44ad-bdb6-8adf64852ac3", "relationship--754157ec-a73b-4a75-b36e-a38f51123c0c", "relationship--3cc26127-37c3-46a9-9416-91a22bc0a48d", "relationship--2b26a9c2-8288-487e-9743-57df36cc5d08", "domain-name--84063b4e-97ae-482f-949f-3b5300e5ca7e", "domain-name--d9a74de9-38c5-4dd3-89e3-cb1c9751b6c2", "domain-name--bd07b9a7-6359-4134-8834-37f62a299832", "domain-name--68d73be4-c675-4e01-b1a6-cf8e59c65eaa", "domain-name--240da8ae-0587-43fc-bed9-3f3be36ffb26", "domain-name--0cefb4bb-b2e3-49b6-a0f0-d2f6803baa0a", "domain-name--a24c5601-5684-4ddf-9602-25cb0d515182", "domain-name--7f008c64-1cc0-4810-9fdb-d384c4d72664", "domain-name--94206935-adb6-4e2a-bb5e-635d28fd8179", "domain-name--c64a03a9-8e8a-4160-bacd-007321a69dd8", "domain-name--81274b62-7cb3-4609-a5cd-db3262383205", "domain-name--42e3490c-0e7d-4468-9adb-01f07abfb1b0", "domain-name--c7e9ba5c-2576-42a9-a9e7-8c75b1fbae59", "file:hashes.MD5--4b106548-bac2-406c-949f-ad0449b6f7ba", "file:hashes.MD5--137e0b13-7078-49ad-a149-461749098eda", "file:hashes.MD5--9a41b951-a018-4d9f-815e-fcc7418c4cca", "file:hashes.MD5--5e43d892-58ec-4211-970a-edf2648a2dba", "file:hashes.MD5--50149387-b0c6-442a-8f26-2ac6d0ef1712", "file:hashes.MD5--8981bdbe-5b94-4749-8491-e2e1f4dd460d", "file:hashes.MD5--f6c7f5d0-157b-4ae9-a5a8-1d7abb391456", "file:hashes.MD5--fc6216ad-4e0d-49d7-924d-5b5a4f7d7fa7", "file:hashes.MD5--d724eea3-e2bb-4d71-85f3-800aa7d7905e", "file:hashes.MD5--d1753064-6659-45ca-bb3b-47263d3fb032", "file:hashes.MD5--37d47de2-8bce-4269-9645-ce50fc4d6581", "file:hashes.MD5--1a3c93d4-ced1-45e1-8292-4a87e424fbb0", "file:hashes.MD5--fc16c0d4-55c7-4358-869a-9bc95c8816aa", "file:hashes.MD5--19886dec-2bd9-4d1f-b62a-6376ffd9b4ac", "file:hashes.MD5--82323d53-9627-4357-bd7b-e5f4aae59b7e", "file:hashes.SHA-1--2c432a88-8b1b-4d02-81ac-c3b837527d45", "file:hashes.SHA-1--6fc705d3-fb31-45be-a471-790a7af885a4", "file:hashes.SHA-1--c0d20b86-0bca-4de6-bbfd-9e7c45f48690", "file:hashes.SHA-1--6ea8592a-c768-4d7f-bfc6-e6c94a6974af", "file:hashes.SHA-1--f74ec3cb-ca9a-4d5e-a3db-670b76db331a", "indicator--ddf32721-da92-4dcf-9338-ac95924a8b7a", "relationship--fa7c33bc-96ed-4b13-beac-ab1cfe01eb24", "indicator--44714991-659b-41d8-852f-64f89f07300c", "relationship--b4007bbb-e86a-4368-8aef-029b18b17989", "indicator--0b3662ac-6cd9-471e-a149-b3fb49a42f22", "relationship--d31054ed-e1d7-4e08-b739-88fdff52ee60", "indicator--6a352beb-8e24-45c4-89a3-8db578fcdeea", "relationship--653e3218-cdb3-4fcd-b60b-87980c085965", "indicator--701db1d9-9393-4fe7-8223-132b0f83e0e2", "relationship--0d49a1f1-0ca3-48e8-adf8-56f382b9e688", "indicator--31844328-57e2-4b4c-bc1a-6e11350ecc67", "relationship--fec47288-192d-499d-b072-b4dab3f56f6e", "indicator--0e6524bf-91f9-48c2-904d-d2d98a5bc4b1", "relationship--11ceddd4-f2d3-4319-8c2d-6f8ff5e7945e", "indicator--2cb9ac12-4f40-422e-806d-4bb3c5083aef", "relationship--eff3ba5d-c454-437e-bc47-d42e950dcb5f", "indicator--97e2be5f-0485-4e18-946d-78b99235d9d9", "relationship--1f38f4d3-96f3-4893-8280-6e1f4a98c479", "indicator--a02e435e-3a67-4685-9603-de996c720475", "relationship--c6a0f562-9384-4450-a366-8f13eed399cf", "indicator--2d72f780-2b13-4bee-ad4f-09e3fedf8e28", "relationship--8bcda135-0e9a-4978-9cbb-0b458f68cf6a", "indicator--3b890a66-a7bb-4702-962d-06ca4db940b0", "relationship--032045b8-95d8-4969-875a-17155a292c43", "indicator--b3f38416-0242-440f-a26c-bdc51e80ed63", "relationship--6e399865-9b8d-41ff-999a-abba3a4303a4" ], "labels": [ "threat-report", "threat-intelligence" ], "created_by_ref": "identity--9bd6f22f-a800-4060-ab21-b7d9d70a0a82", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.850Z", "modified": "2025-12-13T19:23:14.850Z", "confidence": 95, "type": "identity", "id": "identity--c9e7a82f-9842-4d9a-8028-5e75682e6965", "name": "Sierra Wireless AirLink ALEOS", "identity_class": "system", "labels": [ "identity" ], "description": "Sierra Wireless AirLink ALEOS refers to a series of routers and gateways designed for machine-to-machine (M2M) and Internet of Things (IoT) communications. These devices are manufactured by Sierra Wireless, a company specializing in wireless communications solutions. Sierra Wireless AirLink ALEOS routers are used in various industries to enable secure and reliable connectivity for remote monitoring and control applications.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.851Z", "modified": "2025-12-13T19:23:14.851Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--02971bd4-3628-4eb1-b7c1-a58aeced450b", "name": "CVE-2018-4063", "description": "An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.. CVSS Score: 8.8 (HIGH). CISA KEV: Active exploitation confirmed. EPSS: 4.3% exploitation probability", "x_cvss_score": 8.8, "x_cvss_severity": "HIGH", "x_kev_status": true, "x_epss_score": 0.04294, "external_references": [ { "source_name": "cve", "external_id": "CVE-2018-4063", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4063" }, { "source_name": "nvd", "external_id": "CVE-2018-4063", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4063" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.851Z", "modified": "2025-12-13T19:23:14.851Z", "confidence": 95, "type": "identity", "id": "identity--cf8ac5fd-11aa-467e-b6bf-1f56ee5d1cce", "name": "Pentagon", "identity_class": "government", "labels": [ "identity" ], "description": "The Pentagon, formally known as the United States Department of Defense, is the executive department responsible for managing and coordinating the nation's military forces. It plays a crucial role in national security and cyber defense, including initiatives like the accelerated adoption of post-quantum cryptography (PQC) to safeguard against advanced cyber threats. The Pentagon is a prime target for cyber attacks due to its strategic importance and the sensitive information it handles.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.851Z", "modified": "2025-12-13T19:23:14.851Z", "confidence": 95, "type": "identity", "id": "identity--521469a3-aba0-42c9-92ab-b9c08b9632d4", "name": "The Department of Justice", "identity_class": "government", "labels": [ "identity" ], "description": "The Department of Justice (DOJ) is the federal executive department of the United States responsible for enforcing federal law and administering justice. It plays a pivotal role in national security, law enforcement, and the protection of citizens' rights. The DOJ's actions include legal proceedings, investigations, and the collection of critical information, such as voter records, to ensure the integrity of elections and other national processes.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.851Z", "modified": "2025-12-13T19:23:14.851Z", "confidence": 89, "type": "vulnerability", "id": "vulnerability--d95868d7-4f07-4d84-b742-07ee4cf4adbf", "name": "React2Shell", "description": "React2Shell is a vulnerability in React Server Components that could lead to denial-of-service attacks or the exposure of source code. It is one of several recently discovered flaws in React Server Components, including CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779. React2Shell is considered a dangerous vulnerability that requires immediate attention from security teams to prevent exploitation by threat actors.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.851Z", "modified": "2025-12-13T19:23:14.851Z", "confidence": 95, "type": "identity", "id": "identity--acb93a01-a11d-403f-b638-c94a395f04fd", "name": "Graz University of Technology", "identity_class": "organization", "labels": [ "identity" ], "description": "Graz University of Technology, located in Graz, Austria, is a prominent public research university known for its strong emphasis on innovation and cutting-edge research. The institution is particularly notable for its contributions in the fields of computer science and cybersecurity. It serves as a hub for experts and researchers, with faculty and students actively involved in publishing and presenting groundbreaking research in cybersecurity, as evidenced by their involvement in papers on side-channel attacks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.851Z", "modified": "2025-12-13T19:23:14.851Z", "confidence": 95, "type": "malware", "id": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "name": "BlackForce", "is_family": true, "malware_types": [ "stealer" ], "labels": [ "malicious-activity" ], "description": "BlackForce is a malware family designed to steal credentials and perform Man-in-the-Browser (MitB) attacks. It was first detected in August 2025 and is part of a new wave of phishing kits capable of facilitating credential theft at scale. BlackForce is notable for its ability to evade detection and its focus on stealing sensitive information from compromised systems. Its discovery highlights the ongoing threat of phishing and credential theft in the cybersecurity landscape.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "malware", "id": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "name": "GhostFrame", "is_family": true, "malware_types": [ "stealer" ], "labels": [ "malicious-activity" ], "description": "GhostFrame is a phishing kit capable of facilitating credential theft at scale. It is one of four newly documented kits, along with BlackForce, InboxPrime AI, and Spiderman, which are designed to steal sensitive information from unsuspecting victims. As a specific malware family, GhostFrame poses a significant threat to individuals and organizations, highlighting the need for robust cybersecurity measures to prevent credential theft and protect sensitive data.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "malware", "id": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "name": "InboxPrime AI", "is_family": true, "malware_types": [ "stealer" ], "labels": [ "malicious-activity" ], "description": "InboxPrime AI is a phishing kit capable of facilitating credential theft at scale. It is one of four newly documented kits, along with BlackForce, GhostFrame, and Spiderman, that pose a significant threat to online security. These kits are designed to steal sensitive information, such as login credentials, and can be used by attackers to gain unauthorized access to systems and data. The emergence of these kits highlights the evolving nature of phishing threats and the need for continued vigilance in cybersecurity.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--09cfd756-732a-426d-8c11-8d9ddb3e9e05", "name": "CVE-2025-55182", "description": "A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.. CVSS Score: 10.0 (CRITICAL). CISA KEV: Active exploitation confirmed. EPSS: 76.0% exploitation probability", "x_cvss_score": 10.0, "x_cvss_severity": "CRITICAL", "x_kev_status": true, "x_epss_score": 0.76008, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-55182", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55182" }, { "source_name": "nvd", "external_id": "CVE-2025-55182", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55182" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "identity", "id": "identity--f1ffc8ad-3ef1-45fd-a7e5-806af119c598", "name": "LangGraph", "identity_class": "system", "labels": [ "identity" ], "description": "LangGraph is a cybersecurity tool specifically designed for offensive security automation. It is particularly known for its ReAct agents, which facilitate penetration testing and red teaming efforts. LangGraph enables security professionals to automate various tasks and simulate real-world attacks, making it a valuable asset for testing and improving defensive strategies.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "identity", "id": "identity--f6a99f72-a94f-4e68-a5ba-aafcaac79603", "name": "VirusTotal", "identity_class": "organization", "labels": [ "identity" ], "description": "VirusTotal is a cybersecurity platform that specializes in the analysis and sharing of malware and suspicious files. It allows users to upload files and URLs to check for viruses, worms, trojans, and other kinds of malicious content using multiple antivirus engines and website/domain scanning engines. VirusTotal is widely used by cybersecurity professionals and researchers to identify and mitigate cyber threats, providing a collaborative environment for threat intelligence.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "identity", "id": "identity--9d0e9eda-f5a2-4ffb-9bcb-d07e3bd2de63", "name": "Google Threat Intelligence Group", "identity_class": "group", "labels": [ "identity" ], "description": "The Google Threat Intelligence Group is a specialized team within Google dedicated to identifying, analyzing, and mitigating cyber threats. They collaborate with other organizations, such as Meta, to share intelligence and address emerging threats. The group focuses on providing actionable intelligence to protect users and organizations from various cyber threats, including unauthorized access and handling day-to-day security issues.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "identity", "id": "identity--89d684e8-cde4-440c-8196-25d8a5bc5efd", "name": "DomainOptic", "identity_class": "system", "labels": [ "identity" ], "description": "DomainOptic is a cybersecurity tool developed to prevent the accidental exposure of sensitive data, particularly focusing on the prevention of shipping sensitive keys in production bundles. It performs six critical checks, including SSL certificate validation, DNS health, security headers, and blacklist status, to ensure robust security practices during software development.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "identity", "id": "identity--decb6695-1ae6-4e57-a8c1-5496e3f27540", "name": "The French Ministry of Interior", "identity_class": "government", "labels": [ "identity" ], "description": "The French Ministry of Interior, also known as the Ministère de l'Intérieur, is the government agency responsible for the internal security and domestic policy of France. It oversees various critical functions including law enforcement, national security, immigration, and civil protection. The Ministry plays a pivotal role in maintaining public order and safeguarding national interests, making it a prime target for cyber threats, as evidenced by the suspected nation-state cyberattack on its email server.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "identity", "id": "identity--e835485c-2204-4cf2-a5fa-2b610e6ad752", "name": "Mandiant", "identity_class": "organization", "labels": [ "identity" ], "description": "Mandiant is a prominent cybersecurity firm renowned for its expertise in incident response, threat intelligence, and security consulting services. The company assists organizations in defending against sophisticated cyber threats and attacks, providing critical support in identifying, mitigating, and recovering from security breaches. Mandiant's services are essential for enhancing the cybersecurity posture of businesses and government entities worldwide.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "name": "APT28", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "description": "APT28, also known as Fancy Bear, is a sophisticated threat actor group attributed to Russian intelligence services, known for cyber espionage campaigns targeting government, defense, and other high-profile sectors. They are known for their advanced tactics, techniques, and procedures (TTPs), including the use of zero-day exploits and social engineering. APT28 has been linked to several high-profile breaches and is considered a significant threat to global cybersecurity.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "identity", "id": "identity--cad9720c-9a30-444d-afca-bed90915623b", "name": "Qwen3", "identity_class": "system", "labels": [ "identity" ], "description": "Qwen3 is an open-source model, specifically the Qwen3:1.7b variant, utilized in autonomous exploitation frameworks for offensive security automation. It facilitates the chaining together of reconnaissance, vulnerability analysis, and exploit execution, making it a tool for both threat actors and security researchers in conducting cybersecurity operations.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "malware", "id": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "name": "PyStoreRAT", "is_family": true, "malware_types": [ "remote-access-trojan" ], "labels": [ "malicious-activity" ], "description": "PyStoreRAT is a previously undocumented JavaScript-based Remote Access Trojan (RAT) that is being distributed through GitHub-hosted Python repositories. This malware allows attackers to gain unauthorized access to compromised systems, enabling them to steal sensitive information, install additional malware, and conduct other malicious activities. PyStoreRAT's use of JavaScript and Python repositories makes it a unique and potentially significant threat in the cybersecurity landscape.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--037af9ea-e6a0-470f-bd5b-26e26782f1b8", "name": "CVE-2025-67779", "description": "It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.. CVSS Score: 7.5 (HIGH). EPSS: 0.1% exploitation probability", "x_cvss_score": 7.5, "x_cvss_severity": "HIGH", "x_kev_status": false, "x_epss_score": 0.00055, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-67779", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67779" }, { "source_name": "nvd", "external_id": "CVE-2025-67779", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67779" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--d0df28be-fd03-4f6b-82ae-ff41026a1523", "name": "CVE-2025-66516", "description": "Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerabi. EPSS: 0.1% exploitation probability", "x_kev_status": false, "x_epss_score": 0.00063, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-66516", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66516" }, { "source_name": "nvd", "external_id": "CVE-2025-66516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66516" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 95, "type": "malware", "id": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "name": "DroidLock Android", "is_family": true, "malware_types": [ "ransomware" ], "labels": [ "malicious-activity" ], "description": "DroidLock Android is a specific ransomware family targeting Android devices. It is designed to encrypt files on infected devices and demand payment for decryption. This malware is noteworthy due to its ability to compromise Android devices, which are widely used for personal and professional purposes. The fact that it is mentioned alongside other significant cybersecurity stories suggests that DroidLock Android is a notable threat in the cybersecurity landscape.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:14.852Z", "modified": "2025-12-13T19:23:14.852Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "name": "Exploit Public-Facing Application", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1190", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "name": "Exploitation for Client Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1203", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/", "external_id": "T1203" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--34e7763c-ff57-4a68-9e1e-ebf4113d5699", "name": "Supply Chain Compromise", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/", "external_id": "T1195" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "name": "Spearphishing Attachment", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/001/", "external_id": "T1566.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "name": "Spearphishing Link", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/002/", "external_id": "T1566.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "name": "Spearphishing via Service", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/003/", "external_id": "T1566.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f3417ce4-850c-4b35-a8f0-944ebd1397de", "name": "Remote Services", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "lateral-movement" } ], "x_mitre_id": "T1021", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1021/", "external_id": "T1021" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--fe0dbb15-07c4-4317-bb17-07a290b37fc8", "name": "Exfiltration Over C2 Channel", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "exfiltration" } ], "x_mitre_id": "T1041", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1041/", "external_id": "T1041" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--b8629e39-9577-449a-a60e-f83a0117adfb", "name": "Exfiltration Over Alternative Protocol", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "exfiltration" } ], "x_mitre_id": "T1048", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1048/", "external_id": "T1048" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--84b7fc1e-6f1b-4dc6-9bcc-488b2727c7af", "name": "System Information Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1082", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1082/", "external_id": "T1082" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--aafb87d3-d5e3-44d3-9260-c41332dda176", "name": "File and Directory Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1083", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1083/", "external_id": "T1083" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--6ffaba66-d6ac-4af3-b4f3-8a5adabce2bb", "name": "Process Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1057", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1057/", "external_id": "T1057" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 82, "type": "attack-pattern", "id": "attack-pattern--e0ca9798-d35f-4b93-abdf-0bb71955851b", "name": "Code Signing Certificates", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/003/", "external_id": "T1588.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 80, "type": "attack-pattern", "id": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "name": "Code Signing Certificates", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1587.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1587/002/", "external_id": "T1587.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 77, "type": "attack-pattern", "id": "attack-pattern--e2929ea1-90a3-4f9f-9b17-3b885a5c8383", "name": "Code Signing", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1553.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1553/002/", "external_id": "T1553.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--16f10804-98f4-41fe-8ff6-1829e533747f", "name": "DNS Calculation", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1568.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1568/003/", "external_id": "T1568.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "name": "Archive via Utility", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1560.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/", "external_id": "T1560.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "name": "Screen Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1113", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/", "external_id": "T1113" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "name": "Adversary-in-the-Middle", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/", "external_id": "T1557" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "name": "Scheduled Task", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1053.005", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/005/", "external_id": "T1053.005" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "name": "Socket Filters", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1205.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1205/002/", "external_id": "T1205.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "name": "Boot or Logon Initialization Scripts", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1037", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1037/", "external_id": "T1037" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 69, "type": "attack-pattern", "id": "attack-pattern--7f3ed782-2721-4672-8876-bb795e84c74b", "name": "Video Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1125", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1125/", "external_id": "T1125" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 68, "type": "attack-pattern", "id": "attack-pattern--6d9b81c7-ff41-4e95-a3ba-91d0ea450968", "name": "Search Threat Vendor Data", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "reconnaissance" } ], "x_mitre_id": "T1681", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1681/", "external_id": "T1681" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 65, "type": "attack-pattern", "id": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "name": "Exploits", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.005", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/005/", "external_id": "T1588.005" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-13T19:23:15.917Z", "modified": "2025-12-13T19:23:15.917Z", "confidence": 65, "type": "attack-pattern", "id": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "name": "Fast Flux DNS", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1568.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1568/001/", "external_id": "T1568.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--936c71a0-6a59-480e-96c4-9a0a31ed513e", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.918Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "confidence": 60, "description": "Co-occurrence: APT28 and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8ed41604-9ff6-485b-9614-d391597a7082", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.918Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "confidence": 60, "description": "Co-occurrence: APT28 and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c42b7d3-6043-43f3-b874-0d932f227584", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.918Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--34e7763c-ff57-4a68-9e1e-ebf4113d5699", "confidence": 60, "description": "Co-occurrence: APT28 and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--02feb9f9-2b26-4fbc-ac2e-0dd67036b957", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.918Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "confidence": 60, "description": "Co-occurrence: APT28 and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ba4df7ab-d102-48c8-9b26-65a710c3875a", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.918Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "confidence": 60, "description": "Co-occurrence: APT28 and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fa738229-44e6-4369-9fc0-6dc2c6a93ab5", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.918Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "confidence": 60, "description": "Co-occurrence: APT28 and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f5a9319c-0c02-4b32-ae7c-6e0a0e47b686", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.918Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--f3417ce4-850c-4b35-a8f0-944ebd1397de", "confidence": 60, "description": "Co-occurrence: APT28 and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ecf5ee93-331d-426f-a890-c9ffc6b850f8", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.918Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--fe0dbb15-07c4-4317-bb17-07a290b37fc8", "confidence": 60, "description": "Co-occurrence: APT28 and Exfiltration Over C2 Channel (T1041) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--087f0472-85d8-4497-9e74-ca5a3d213086", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.918Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--b8629e39-9577-449a-a60e-f83a0117adfb", "confidence": 60, "description": "Co-occurrence: APT28 and Exfiltration Over Alternative Protocol (T1048) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--93b122d8-b1e9-4996-8347-5c2fe2f5f8d3", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.918Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--84b7fc1e-6f1b-4dc6-9bcc-488b2727c7af", "confidence": 60, "description": "Co-occurrence: APT28 and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7e2456e-1d05-444b-a646-8b56ee2b3874", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.918Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--aafb87d3-d5e3-44d3-9260-c41332dda176", "confidence": 60, "description": "Co-occurrence: APT28 and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--36a1d126-b575-4f59-9843-00b033ad136b", "created": "2025-12-13T19:23:15.918Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--6ffaba66-d6ac-4af3-b4f3-8a5adabce2bb", "confidence": 60, "description": "Co-occurrence: APT28 and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0758fe53-183a-4328-be39-e011b802a1ad", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 60, "description": "Co-occurrence: APT28 and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--96a0e417-c831-46cc-9d7d-42d9f94d3a84", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 60, "description": "Co-occurrence: APT28 and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--516f6931-7477-452e-86df-24f408108619", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--e2929ea1-90a3-4f9f-9b17-3b885a5c8383", "confidence": 60, "description": "Co-occurrence: APT28 and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--34c2e743-9eec-43d1-9e23-e24876407e24", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--16f10804-98f4-41fe-8ff6-1829e533747f", "confidence": 60, "description": "Co-occurrence: APT28 and DNS Calculation (T1568.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d589fe0e-2a8f-4b13-aa9c-2b00ea0c9f2d", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "confidence": 60, "description": "Co-occurrence: APT28 and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--de0fa671-36fb-44f8-976b-5d03f82250db", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "confidence": 60, "description": "Co-occurrence: APT28 and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7e8b64cf-6c1e-4689-8658-2860f1ce1787", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "confidence": 60, "description": "Co-occurrence: APT28 and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--998904cc-1010-4a8c-b2e5-a7403098369c", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "confidence": 60, "description": "Co-occurrence: APT28 and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4ae7a442-176e-463a-8433-9aefddec3203", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "confidence": 60, "description": "Co-occurrence: APT28 and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--55f9f5de-dd47-495d-80aa-5835060cdc5a", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "confidence": 60, "description": "Co-occurrence: APT28 and Boot or Logon Initialization Scripts (T1037) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0adaafa0-1340-41c8-bf0c-8c1b0eb463f1", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--7f3ed782-2721-4672-8876-bb795e84c74b", "confidence": 60, "description": "Co-occurrence: APT28 and Video Capture (T1125) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--184264b3-4714-465c-8865-0282c8959271", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--6d9b81c7-ff41-4e95-a3ba-91d0ea450968", "confidence": 60, "description": "Co-occurrence: APT28 and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--881a9521-711d-42f3-912a-d0088f80b395", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "confidence": 60, "description": "Co-occurrence: APT28 and Exploits (T1588.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--84e9df16-8425-4db1-a684-fd632649f6ff", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "threat-actor--a4948aa2-fa1b-40cb-ad64-3bab783f6427", "target_ref": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "confidence": 60, "description": "Co-occurrence: APT28 and Fast Flux DNS (T1568.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e777bf4a-901c-47d4-9463-a8dd7ca099db", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "confidence": 55, "description": "Co-occurrence: BlackForce and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9f360f7f-7f0d-46e1-b0b7-fb4f4abc9e1e", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "confidence": 55, "description": "Co-occurrence: BlackForce and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c89bcc2c-aa79-48f1-b380-481b9a6ba64e", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--34e7763c-ff57-4a68-9e1e-ebf4113d5699", "confidence": 55, "description": "Co-occurrence: BlackForce and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d40267b3-efae-43ff-a66a-7ae06c159e3f", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "confidence": 55, "description": "Co-occurrence: BlackForce and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--91b36ab9-1de4-47c0-b116-e6d4dbf4c395", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "confidence": 55, "description": "Co-occurrence: BlackForce and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--90c41c98-94a2-431d-91c8-84d4b75bf4be", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "confidence": 55, "description": "Co-occurrence: BlackForce and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a1435d3c-36ba-4524-9d2a-ab25dcdb9d5f", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--f3417ce4-850c-4b35-a8f0-944ebd1397de", "confidence": 55, "description": "Co-occurrence: BlackForce and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6e7a0b2e-7281-4464-a418-339d097cf131", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--fe0dbb15-07c4-4317-bb17-07a290b37fc8", "confidence": 55, "description": "Co-occurrence: BlackForce and Exfiltration Over C2 Channel (T1041) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--49de1463-f715-46f4-83fb-99d90e325a00", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--b8629e39-9577-449a-a60e-f83a0117adfb", "confidence": 55, "description": "Co-occurrence: BlackForce and Exfiltration Over Alternative Protocol (T1048) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1fe12e9f-adf0-42ad-b965-597f1aa72102", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--84b7fc1e-6f1b-4dc6-9bcc-488b2727c7af", "confidence": 55, "description": "Co-occurrence: BlackForce and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e52d852f-1157-4698-82b7-37f8e4a81188", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--aafb87d3-d5e3-44d3-9260-c41332dda176", "confidence": 55, "description": "Co-occurrence: BlackForce and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--33eb9cf0-f07f-4a89-bdee-e398bc1390a5", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--6ffaba66-d6ac-4af3-b4f3-8a5adabce2bb", "confidence": 55, "description": "Co-occurrence: BlackForce and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6d413989-dc9b-4dbd-b70d-b8616f83886f", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 55, "description": "Co-occurrence: BlackForce and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8ee643f9-3efa-4e42-8e6d-8f3cbcf73e3d", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 55, "description": "Co-occurrence: BlackForce and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8b3f3af3-3d7a-4e46-b94c-1766c1d562ce", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--e2929ea1-90a3-4f9f-9b17-3b885a5c8383", "confidence": 55, "description": "Co-occurrence: BlackForce and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--41b69522-27a2-4843-aa09-f0caaec9d2c9", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--16f10804-98f4-41fe-8ff6-1829e533747f", "confidence": 55, "description": "Co-occurrence: BlackForce and DNS Calculation (T1568.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1202c9f3-c5bc-48d5-bace-d85c4080c3f1", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "confidence": 55, "description": "Co-occurrence: BlackForce and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2b7de5fe-3fef-4ff0-876c-e0cdc9f14b26", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "confidence": 55, "description": "Co-occurrence: BlackForce and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e26deb7e-ed7b-459c-b6b6-79fa2d0da6a7", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "confidence": 55, "description": "Co-occurrence: BlackForce and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c0175a2-5292-47fd-834c-52563ee70fb7", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "confidence": 55, "description": "Co-occurrence: BlackForce and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1e9c1271-a3f9-471f-bc77-5cd12fbdb83f", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "confidence": 55, "description": "Co-occurrence: BlackForce and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--296357c3-b77f-4da3-b76c-bd9acd5f77f8", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "confidence": 55, "description": "Co-occurrence: BlackForce and Boot or Logon Initialization Scripts (T1037) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--314d5ad4-82bb-430c-bd49-375edb3c3e57", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--7f3ed782-2721-4672-8876-bb795e84c74b", "confidence": 55, "description": "Co-occurrence: BlackForce and Video Capture (T1125) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c24236de-8795-4413-87ab-9228c9d6d1da", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--6d9b81c7-ff41-4e95-a3ba-91d0ea450968", "confidence": 55, "description": "Co-occurrence: BlackForce and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a2dd5d72-6b4c-4d1d-bd45-5ee3b713554c", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "confidence": 55, "description": "Co-occurrence: BlackForce and Exploits (T1588.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ab8cf589-8946-439e-9ba9-a71d2243574b", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "target_ref": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "confidence": 55, "description": "Co-occurrence: BlackForce and Fast Flux DNS (T1568.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c77765a-e81a-470c-a979-c3024c445636", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "confidence": 55, "description": "Co-occurrence: GhostFrame and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6e88af65-2146-46ee-9728-474d185746e3", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "confidence": 55, "description": "Co-occurrence: GhostFrame and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5bf87c5c-37ee-46f2-ab29-403aa6f66ab2", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--34e7763c-ff57-4a68-9e1e-ebf4113d5699", "confidence": 55, "description": "Co-occurrence: GhostFrame and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4ec203bf-b9d7-4b0e-82bc-a7b702c30447", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "confidence": 55, "description": "Co-occurrence: GhostFrame and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--70a7c757-1c5f-4b3b-ac9c-cc59d8ecc3ab", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "confidence": 55, "description": "Co-occurrence: GhostFrame and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0a0b8889-d3dd-4642-93dd-5cb3fa55fa25", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "confidence": 55, "description": "Co-occurrence: GhostFrame and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf2f3fcb-2fa0-461e-8bc5-d5955261a1bd", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--f3417ce4-850c-4b35-a8f0-944ebd1397de", "confidence": 55, "description": "Co-occurrence: GhostFrame and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6544d945-77e3-4c54-bd54-af5e48101b62", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--fe0dbb15-07c4-4317-bb17-07a290b37fc8", "confidence": 55, "description": "Co-occurrence: GhostFrame and Exfiltration Over C2 Channel (T1041) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--33de123b-f6e9-4f52-af82-cb058179326e", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--b8629e39-9577-449a-a60e-f83a0117adfb", "confidence": 55, "description": "Co-occurrence: GhostFrame and Exfiltration Over Alternative Protocol (T1048) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4ebdfdf1-24c2-41a4-b9ce-117c28919ac0", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--84b7fc1e-6f1b-4dc6-9bcc-488b2727c7af", "confidence": 55, "description": "Co-occurrence: GhostFrame and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4c821c46-5039-4a64-a3d2-9b77606fd0db", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--aafb87d3-d5e3-44d3-9260-c41332dda176", "confidence": 55, "description": "Co-occurrence: GhostFrame and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9128635b-80f7-4be7-8640-6b27bd16d46d", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--6ffaba66-d6ac-4af3-b4f3-8a5adabce2bb", "confidence": 55, "description": "Co-occurrence: GhostFrame and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5c96483d-7e38-4f25-9ac5-362ac9b098a6", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 55, "description": "Co-occurrence: GhostFrame and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5775338b-ce64-4757-8cd8-18b54c9f7cd2", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 55, "description": "Co-occurrence: GhostFrame and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bdec3db7-3797-4ae4-93a3-ba83c4f7fde8", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--e2929ea1-90a3-4f9f-9b17-3b885a5c8383", "confidence": 55, "description": "Co-occurrence: GhostFrame and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--52c3e1fd-6370-44ba-93cd-0bb21307f914", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--16f10804-98f4-41fe-8ff6-1829e533747f", "confidence": 55, "description": "Co-occurrence: GhostFrame and DNS Calculation (T1568.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3d23eb0f-bd49-4d42-a2c7-11e1c74c66ac", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "confidence": 55, "description": "Co-occurrence: GhostFrame and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--16659cf1-4888-47b5-a040-b6f6d813ab91", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "confidence": 55, "description": "Co-occurrence: GhostFrame and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6ef621b3-2afd-4606-a04e-813fd2fcca63", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "confidence": 55, "description": "Co-occurrence: GhostFrame and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--baf8b2db-d2e0-42f1-bf04-b66286c8a9d2", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "confidence": 55, "description": "Co-occurrence: GhostFrame and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--be7673f2-48d3-4a1c-a8b4-ae1db04bd76b", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "confidence": 55, "description": "Co-occurrence: GhostFrame and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--803d96f1-192e-467b-870a-1c77e9d151a2", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "confidence": 55, "description": "Co-occurrence: GhostFrame and Boot or Logon Initialization Scripts (T1037) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e86f691b-d6b4-4961-bbf5-b06cf408fedd", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--7f3ed782-2721-4672-8876-bb795e84c74b", "confidence": 55, "description": "Co-occurrence: GhostFrame and Video Capture (T1125) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--28c8f4c1-5a33-4ac7-b9a3-76dacae4755c", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--6d9b81c7-ff41-4e95-a3ba-91d0ea450968", "confidence": 55, "description": "Co-occurrence: GhostFrame and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f33f2568-8cd2-4cfb-8f78-6e674e49cb3b", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "confidence": 55, "description": "Co-occurrence: GhostFrame and Exploits (T1588.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e67f175a-bcd3-4bfb-a0c0-6c43779d454e", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "confidence": 55, "description": "Co-occurrence: GhostFrame and Fast Flux DNS (T1568.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dea7d603-31d9-4306-9461-fefc7c29b1e8", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--18c870a3-a501-4643-833e-c7cd1bcc667d", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b4d3591c-e9fc-4a2c-acff-8f7aa176dac5", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--34e7763c-ff57-4a68-9e1e-ebf4113d5699", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3321651c-df65-4e87-b89a-1620b4f74be8", "created": "2025-12-13T19:23:15.919Z", "modified": "2025-12-13T19:23:15.919Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77e34d1e-bd55-4adf-a883-e561eaf97a81", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9d689af1-646e-4258-85f0-ecb76edfe500", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--97a29fd7-0f93-4aab-9971-c7e6b0273448", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--f3417ce4-850c-4b35-a8f0-944ebd1397de", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f06d2b8c-9ef1-4b5f-8b55-7fb59e8951fe", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--fe0dbb15-07c4-4317-bb17-07a290b37fc8", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Exfiltration Over C2 Channel (T1041) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c041ce9d-f82d-423d-a2e8-98890f641070", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--b8629e39-9577-449a-a60e-f83a0117adfb", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Exfiltration Over Alternative Protocol (T1048) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b1b2bf92-f3a5-4dc0-a2ed-6ed34fcf7fda", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--84b7fc1e-6f1b-4dc6-9bcc-488b2727c7af", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3188f66f-fe22-4c36-b94c-78f988d629bd", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--aafb87d3-d5e3-44d3-9260-c41332dda176", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--68ae03e9-c731-4973-b301-53d469c45f81", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--6ffaba66-d6ac-4af3-b4f3-8a5adabce2bb", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--28840c06-f15c-4c78-b525-4009782cad7b", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8e0bde01-34bb-45f5-a24a-86e9fc0b6c59", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--390a8c01-0708-46f5-bb65-e8dc2a61eac2", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--e2929ea1-90a3-4f9f-9b17-3b885a5c8383", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d8c1e418-f2a2-4bcd-bd3d-e6ebb1573812", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--16f10804-98f4-41fe-8ff6-1829e533747f", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and DNS Calculation (T1568.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1e6d7d75-be37-428d-8d34-fe0bd48818f3", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f420f11-c5b0-42ff-9a42-5f778050f6b2", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--db3f4f90-aa17-4467-9f1c-e9ba045d9b64", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ea6a6806-c417-4a35-a0f3-71d868bc437f", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3c126820-e144-4804-bfdd-391b76857863", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c2e9f33e-2bb0-4a82-ba4e-82b295958461", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Boot or Logon Initialization Scripts (T1037) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e73fbe08-0024-49c7-bbf5-c63aaffee181", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--7f3ed782-2721-4672-8876-bb795e84c74b", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Video Capture (T1125) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--468aaec3-e3b5-40e8-b5a9-94a9ff6462ad", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--6d9b81c7-ff41-4e95-a3ba-91d0ea450968", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7887cdd6-24ad-48b0-8875-dfec4c88f539", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Exploits (T1588.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--45aa1e93-3fae-40d1-8aaf-fcff41befbbe", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "confidence": 55, "description": "Co-occurrence: InboxPrime AI and Fast Flux DNS (T1568.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--59da45c8-90f1-48dc-9b05-b12638a7bcd5", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--67aab3e1-8e67-4663-b37c-05f6ec4ceb69", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--708a0cef-86e4-46fe-b910-bc3b4325d675", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--34e7763c-ff57-4a68-9e1e-ebf4113d5699", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d8780c74-c128-4f3d-aef8-cb8ab1214ce8", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--da212b73-0dcb-43c7-827e-8754fdfd86ea", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cdfae853-44cb-4d6d-83a6-9722d2ba802d", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ecd9dfed-c8e8-4af1-ad84-9c147d4ab2a0", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--f3417ce4-850c-4b35-a8f0-944ebd1397de", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--75f9de70-6c95-4c89-b2aa-456d4a1b5c85", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--fe0dbb15-07c4-4317-bb17-07a290b37fc8", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Exfiltration Over C2 Channel (T1041) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9e6a8a27-2c40-42e5-837a-7f0dc04f3be2", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--b8629e39-9577-449a-a60e-f83a0117adfb", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Exfiltration Over Alternative Protocol (T1048) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1af91548-5cd2-42dd-9269-0f8857aaea72", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--84b7fc1e-6f1b-4dc6-9bcc-488b2727c7af", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9e18ff3d-891b-4447-b899-569ebd5af139", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--aafb87d3-d5e3-44d3-9260-c41332dda176", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--204667b8-a321-4994-9d18-0bf02b26fe07", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--6ffaba66-d6ac-4af3-b4f3-8a5adabce2bb", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--829b9a26-58e0-4410-99a0-2d030a25c5dd", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--626fd5a3-5d01-481b-a5fc-b027788441b1", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f649d038-ce41-4fbe-9ef3-b6e71029329d", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--e2929ea1-90a3-4f9f-9b17-3b885a5c8383", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--47ccfc3c-6abc-4c52-8e59-98b27b314539", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--16f10804-98f4-41fe-8ff6-1829e533747f", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and DNS Calculation (T1568.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a7a0544b-49a3-4534-afad-fb4e8550a8e7", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ce8446c2-a5cf-4073-b821-999aed4be805", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--813d3609-372c-4ec7-a9bf-bb6e96b23303", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ff8c8722-3072-42e6-a883-5ed0be621149", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9873f429-96d4-4164-8dfc-55382aa5f4fa", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d1ff0c39-565b-488d-bf9c-86b2d57f0ac0", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Boot or Logon Initialization Scripts (T1037) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--198e8cc9-8f76-4941-a701-152d6538c6a9", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--7f3ed782-2721-4672-8876-bb795e84c74b", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Video Capture (T1125) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d2bdfee1-f593-4e40-acae-5b754531c79b", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--6d9b81c7-ff41-4e95-a3ba-91d0ea450968", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1678dd06-aa0d-407b-bd31-a64864950709", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Exploits (T1588.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fe1bc984-7ca9-4838-8e79-53ff41efec89", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--02c6b00d-3a19-438c-8fd7-0334f3713d57", "target_ref": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "confidence": 55, "description": "Co-occurrence: PyStoreRAT and Fast Flux DNS (T1568.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0621a8b4-af26-4cb8-ad6b-ae609822a098", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--598200b0-10ad-4913-a1a5-a5d81f6decb9", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--57f59a75-01b6-49a7-9f48-78fa53a1ab70", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--34e7763c-ff57-4a68-9e1e-ebf4113d5699", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Supply Chain Compromise (T1195) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c36b042-ad92-4f8e-ba1b-6dcc1dc3631c", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9d1b624-8a67-42b1-8ae5-4f8c8dbcbcaa", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b3893e8c-a292-46df-85b1-0e7a01f5743a", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--66f9080a-2d37-48fb-8f45-0e85d297340a", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--f3417ce4-850c-4b35-a8f0-944ebd1397de", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Remote Services (T1021) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1818087a-5e62-4bd4-83e7-1e23cef1e4f3", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--fe0dbb15-07c4-4317-bb17-07a290b37fc8", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Exfiltration Over C2 Channel (T1041) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a176ee2a-723b-4c1e-9014-77ca66ac6447", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--b8629e39-9577-449a-a60e-f83a0117adfb", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Exfiltration Over Alternative Protocol (T1048) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6a1a7894-a56b-4e29-86f6-83cf05aed6b6", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--84b7fc1e-6f1b-4dc6-9bcc-488b2727c7af", "confidence": 55, "description": "Co-occurrence: DroidLock Android and System Information Discovery (T1082) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--90ea01bd-0fea-4261-b1bf-a4d4a489bc21", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--aafb87d3-d5e3-44d3-9260-c41332dda176", "confidence": 55, "description": "Co-occurrence: DroidLock Android and File and Directory Discovery (T1083) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7778485e-b1ea-4455-965f-130640240d5f", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--6ffaba66-d6ac-4af3-b4f3-8a5adabce2bb", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Process Discovery (T1057) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--edb47256-ba5d-4e12-9a41-e39edda98f84", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Code Signing Certificates (T1588.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aaffcb7d-36ea-48fe-8bc8-bd31caa15ba9", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--5cc9dbf8-c352-43e3-844f-00d67b9248f3", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Code Signing Certificates (T1587.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--566b28f2-ddfb-466b-ad1c-1262f0135692", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--e2929ea1-90a3-4f9f-9b17-3b885a5c8383", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Code Signing (T1553.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e27faecb-f822-439f-965d-cdbf3a50fd69", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--16f10804-98f4-41fe-8ff6-1829e533747f", "confidence": 55, "description": "Co-occurrence: DroidLock Android and DNS Calculation (T1568.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eb5cf164-1034-4ac5-bf3c-701ac9b03d92", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6e714976-6d6f-413c-a73b-30c3c6987bff", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4f4751aa-b7fe-48d8-9cd4-661415864b5b", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--308c62a5-adff-4d7e-86cf-54de80e52996", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--083cf8f2-62d4-4f3c-9091-f9d0b1089bb1", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77f621b9-04f3-47e9-87f3-e76791b8b470", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Boot or Logon Initialization Scripts (T1037) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5bfa6ae4-0e25-45d5-ba14-3e3c2bc2044f", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--7f3ed782-2721-4672-8876-bb795e84c74b", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Video Capture (T1125) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c2472c2-af76-456e-bf93-31f3ff619984", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--6d9b81c7-ff41-4e95-a3ba-91d0ea450968", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Search Threat Vendor Data (T1681) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2259181c-a854-4b2e-95ba-7fff537d10a9", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Exploits (T1588.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4e4bfa58-9937-4951-ba82-3b4a202129a9", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "uses", "source_ref": "malware--76c9823b-23ca-4015-b621-0dfd2e254d68", "target_ref": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "confidence": 55, "description": "Co-occurrence: DroidLock Android and Fast Flux DNS (T1568.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7aa47539-4827-44ad-bdb6-8adf64852ac3", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "related-to", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "confidence": 85, "description": "Both are newly documented kits capable of facilitating credential theft at scale.", "x_validation_method": "llm-semantic-discovery" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--754157ec-a73b-4a75-b36e-a38f51123c0c", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "related-to", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "malware--5829d8a1-4e8a-43b2-87c8-2ff2dbbe9fa1", "confidence": 85, "description": "Both are phishing kits capable of facilitating credential theft at scale.", "x_validation_method": "llm-semantic-discovery" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3cc26127-37c3-46a9-9416-91a22bc0a48d", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "related-to", "source_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "target_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "confidence": 85, "description": "Both are phishing kits capable of facilitating credential theft at scale.", "x_validation_method": "llm-semantic-discovery" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2b26a9c2-8288-487e-9743-57df36cc5d08", "created": "2025-12-13T19:23:15.920Z", "modified": "2025-12-13T19:23:15.920Z", "relationship_type": "related-to", "source_ref": "malware--9cefd86e-4e87-4e91-b29d-fa822f72b904", "target_ref": "malware--ed014a96-2f0b-4e75-9ca2-b1c56c1425d7", "confidence": 85, "description": "Both are phishing kits capable of facilitating credential theft at scale.", "x_validation_method": "llm-semantic-discovery" }, { "type": "domain-name", "value": "centro-de-ayuda-help.com", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--84063b4e-97ae-482f-949f-3b5300e5ca7e" }, { "type": "domain-name", "value": "connectrenew-gateway.com", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--d9a74de9-38c5-4dd3-89e3-cb1c9751b6c2" }, { "type": "domain-name", "value": "cuenta-renovacion-es.com", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--bd07b9a7-6359-4134-8834-37f62a299832" }, { "type": "domain-name", "value": "cuenta-renueva.com", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--68d73be4-c675-4e01-b1a6-cf8e59c65eaa" }, { "type": "domain-name", "value": "faq-help-center.com", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--240da8ae-0587-43fc-bed9-3f3be36ffb26" }, { "type": "domain-name", "value": "fixmy-nflix.info", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--0cefb4bb-b2e3-49b6-a0f0-d2f6803baa0a" }, { "type": "domain-name", "value": "myflx-sub.com", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--a24c5601-5684-4ddf-9602-25cb0d515182" }, { "type": "domain-name", "value": "netfliix-uae.com", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--7f008c64-1cc0-4810-9fdb-d384c4d72664" }, { "type": "domain-name", "value": "netfx-actualizar.com", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--94206935-adb6-4e2a-bb5e-635d28fd8179" }, { "type": "domain-name", "value": "obnovintfx.help", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--c64a03a9-8e8a-4160-bacd-007321a69dd8" }, { "type": "domain-name", "value": "renew-netfix.com", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--81274b62-7cb3-4609-a5cd-db3262383205" }, { "type": "domain-name", "value": "supportnetfiixsavza.com", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--42e3490c-0e7d-4468-9adb-01f07abfb1b0" }, { "type": "domain-name", "value": "telenet-flix.com", "source": "OTX", "malware_families": [ "BlackForce" ], "pulse_names": [ "Technical Analysis of the BlackForce Phishing Kit" ], "id": "domain-name--c7e9ba5c-2576-42a9-a9e7-8c75b1fbae59" }, { "type": "file:hashes.MD5", "value": "0696f40291761d2c9e5165cd800d0792", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--4b106548-bac2-406c-949f-ad0449b6f7ba" }, { "type": "file:hashes.MD5", "value": "182b44e85d68baff53f5ee34de89015a", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--137e0b13-7078-49ad-a149-461749098eda" }, { "type": "file:hashes.MD5", "value": "18e7e4457951798125ab24602da04495", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--9a41b951-a018-4d9f-815e-fcc7418c4cca" }, { "type": "file:hashes.MD5", "value": "5678f0b1d2045b5a9bfdb1c582a4670e", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--5e43d892-58ec-4211-970a-edf2648a2dba" }, { "type": "file:hashes.MD5", "value": "6e7e266d1ea14c9e572058ec9cecf9e9", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--50149387-b0c6-442a-8f26-2ac6d0ef1712" }, { "type": "file:hashes.MD5", "value": "72094c814d2615e9c429ee5dc598ef43", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--8981bdbe-5b94-4749-8491-e2e1f4dd460d" }, { "type": "file:hashes.MD5", "value": "7433d5647ce6635cb068ac6bb753518e", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--f6c7f5d0-157b-4ae9-a5a8-1d7abb391456" }, { "type": "file:hashes.MD5", "value": "77c3faa441af2745255c56791086911e", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--fc6216ad-4e0d-49d7-924d-5b5a4f7d7fa7" }, { "type": "file:hashes.MD5", "value": "791aa1652b60d5307ce121b6a30472d4", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--d724eea3-e2bb-4d71-85f3-800aa7d7905e" }, { "type": "file:hashes.MD5", "value": "85e01186535185bb4d808dd3c303d2dd", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--d1753064-6659-45ca-bb3b-47263d3fb032" }, { "type": "file:hashes.MD5", "value": "904d1931b543ba87e3e66111122ba99a", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--37d47de2-8bce-4269-9645-ce50fc4d6581" }, { "type": "file:hashes.MD5", "value": "a610b0876756cec435b8ee9ffb576409", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--1a3c93d4-ced1-45e1-8292-4a87e424fbb0" }, { "type": "file:hashes.MD5", "value": "ad320a2228ac04bbdb4583059bdbbcb6", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--fc16c0d4-55c7-4358-869a-9bc95c8816aa" }, { "type": "file:hashes.MD5", "value": "b8a9c93eb146a4bf1da083923a92e63c", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--19886dec-2bd9-4d1f-b62a-6376ffd9b4ac" }, { "type": "file:hashes.MD5", "value": "cf77f84bed85b434b36083ca9d783b64", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.MD5--82323d53-9627-4357-bd7b-e5f4aae59b7e" }, { "type": "file:hashes.SHA-1", "value": "06275b666a0a0a94cae8baeeff9f27fb9af86f06", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.SHA-1--2c432a88-8b1b-4d02-81ac-c3b837527d45" }, { "type": "file:hashes.SHA-1", "value": "0f64a5c7b23197957619fd9630d4dcad580b0c20", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.SHA-1--6fc705d3-fb31-45be-a471-790a7af885a4" }, { "type": "file:hashes.SHA-1", "value": "1eee5169ba60a6654ca45fce51ee6c1a9d4c5924", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.SHA-1--c0d20b86-0bca-4de6-bbfd-9e7c45f48690" }, { "type": "file:hashes.SHA-1", "value": "24aef9c929c0880d9969941b00a8e61009672bdd", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.SHA-1--6ea8592a-c768-4d7f-bfc6-e6c94a6974af" }, { "type": "file:hashes.SHA-1", "value": "2796d3c5afc53d26a8c7cacde0a12ba566ebd2e0", "source": "OTX", "malware_families": [ "DroidLock Android" ], "pulse_names": [ "Total Takeover: DroidLock Hijacks Your Device" ], "id": "file:hashes.SHA-1--f74ec3cb-ca9a-4d5e-a3db-670b76db331a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ddf32721-da92-4dcf-9338-ac95924a8b7a", "created": "2025-12-13T19:22:51.819Z", "modified": "2025-12-13T19:22:51.820Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'centro-de-ayuda-help.com']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.820Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fa7c33bc-96ed-4b13-beac-ab1cfe01eb24", "created": "2025-12-13T19:22:51.820Z", "modified": "2025-12-13T19:22:51.820Z", "relationship_type": "based-on", "source_ref": "indicator--ddf32721-da92-4dcf-9338-ac95924a8b7a", "target_ref": "domain-name--84063b4e-97ae-482f-949f-3b5300e5ca7e" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44714991-659b-41d8-852f-64f89f07300c", "created": "2025-12-13T19:22:51.830Z", "modified": "2025-12-13T19:22:51.831Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'connectrenew-gateway.com']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.831Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b4007bbb-e86a-4368-8aef-029b18b17989", "created": "2025-12-13T19:22:51.831Z", "modified": "2025-12-13T19:22:51.831Z", "relationship_type": "based-on", "source_ref": "indicator--44714991-659b-41d8-852f-64f89f07300c", "target_ref": "domain-name--d9a74de9-38c5-4dd3-89e3-cb1c9751b6c2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b3662ac-6cd9-471e-a149-b3fb49a42f22", "created": "2025-12-13T19:22:51.842Z", "modified": "2025-12-13T19:22:51.842Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'cuenta-renovacion-es.com']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.843Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d31054ed-e1d7-4e08-b739-88fdff52ee60", "created": "2025-12-13T19:22:51.843Z", "modified": "2025-12-13T19:22:51.843Z", "relationship_type": "based-on", "source_ref": "indicator--0b3662ac-6cd9-471e-a149-b3fb49a42f22", "target_ref": "domain-name--bd07b9a7-6359-4134-8834-37f62a299832" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a352beb-8e24-45c4-89a3-8db578fcdeea", "created": "2025-12-13T19:22:51.865Z", "modified": "2025-12-13T19:22:51.865Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'cuenta-renueva.com']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.865Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--653e3218-cdb3-4fcd-b60b-87980c085965", "created": "2025-12-13T19:22:51.865Z", "modified": "2025-12-13T19:22:51.865Z", "relationship_type": "based-on", "source_ref": "indicator--6a352beb-8e24-45c4-89a3-8db578fcdeea", "target_ref": "domain-name--68d73be4-c675-4e01-b1a6-cf8e59c65eaa" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--701db1d9-9393-4fe7-8223-132b0f83e0e2", "created": "2025-12-13T19:22:51.875Z", "modified": "2025-12-13T19:22:51.875Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'faq-help-center.com']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.875Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0d49a1f1-0ca3-48e8-adf8-56f382b9e688", "created": "2025-12-13T19:22:51.875Z", "modified": "2025-12-13T19:22:51.875Z", "relationship_type": "based-on", "source_ref": "indicator--701db1d9-9393-4fe7-8223-132b0f83e0e2", "target_ref": "domain-name--240da8ae-0587-43fc-bed9-3f3be36ffb26" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--31844328-57e2-4b4c-bc1a-6e11350ecc67", "created": "2025-12-13T19:22:51.885Z", "modified": "2025-12-13T19:22:51.885Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'fixmy-nflix.info']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.885Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fec47288-192d-499d-b072-b4dab3f56f6e", "created": "2025-12-13T19:22:51.885Z", "modified": "2025-12-13T19:22:51.885Z", "relationship_type": "based-on", "source_ref": "indicator--31844328-57e2-4b4c-bc1a-6e11350ecc67", "target_ref": "domain-name--0cefb4bb-b2e3-49b6-a0f0-d2f6803baa0a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e6524bf-91f9-48c2-904d-d2d98a5bc4b1", "created": "2025-12-13T19:22:51.895Z", "modified": "2025-12-13T19:22:51.895Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'myflx-sub.com']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.895Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--11ceddd4-f2d3-4319-8c2d-6f8ff5e7945e", "created": "2025-12-13T19:22:51.895Z", "modified": "2025-12-13T19:22:51.895Z", "relationship_type": "based-on", "source_ref": "indicator--0e6524bf-91f9-48c2-904d-d2d98a5bc4b1", "target_ref": "domain-name--a24c5601-5684-4ddf-9602-25cb0d515182" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2cb9ac12-4f40-422e-806d-4bb3c5083aef", "created": "2025-12-13T19:22:51.904Z", "modified": "2025-12-13T19:22:51.904Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'netfliix-uae.com']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.904Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eff3ba5d-c454-437e-bc47-d42e950dcb5f", "created": "2025-12-13T19:22:51.904Z", "modified": "2025-12-13T19:22:51.904Z", "relationship_type": "based-on", "source_ref": "indicator--2cb9ac12-4f40-422e-806d-4bb3c5083aef", "target_ref": "domain-name--7f008c64-1cc0-4810-9fdb-d384c4d72664" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97e2be5f-0485-4e18-946d-78b99235d9d9", "created": "2025-12-13T19:22:51.914Z", "modified": "2025-12-13T19:22:51.914Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'netfx-actualizar.com']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.914Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1f38f4d3-96f3-4893-8280-6e1f4a98c479", "created": "2025-12-13T19:22:51.914Z", "modified": "2025-12-13T19:22:51.914Z", "relationship_type": "based-on", "source_ref": "indicator--97e2be5f-0485-4e18-946d-78b99235d9d9", "target_ref": "domain-name--94206935-adb6-4e2a-bb5e-635d28fd8179" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a02e435e-3a67-4685-9603-de996c720475", "created": "2025-12-13T19:22:51.923Z", "modified": "2025-12-13T19:22:51.923Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'obnovintfx.help']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.923Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c6a0f562-9384-4450-a366-8f13eed399cf", "created": "2025-12-13T19:22:51.923Z", "modified": "2025-12-13T19:22:51.923Z", "relationship_type": "based-on", "source_ref": "indicator--a02e435e-3a67-4685-9603-de996c720475", "target_ref": "domain-name--c64a03a9-8e8a-4160-bacd-007321a69dd8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d72f780-2b13-4bee-ad4f-09e3fedf8e28", "created": "2025-12-13T19:22:51.931Z", "modified": "2025-12-13T19:22:51.931Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'renew-netfix.com']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.931Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8bcda135-0e9a-4978-9cbb-0b458f68cf6a", "created": "2025-12-13T19:22:51.931Z", "modified": "2025-12-13T19:22:51.931Z", "relationship_type": "based-on", "source_ref": "indicator--2d72f780-2b13-4bee-ad4f-09e3fedf8e28", "target_ref": "domain-name--81274b62-7cb3-4609-a5cd-db3262383205" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3b890a66-a7bb-4702-962d-06ca4db940b0", "created": "2025-12-13T19:22:51.941Z", "modified": "2025-12-13T19:22:51.941Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'supportnetfiixsavza.com']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.941Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--032045b8-95d8-4969-875a-17155a292c43", "created": "2025-12-13T19:22:51.941Z", "modified": "2025-12-13T19:22:51.941Z", "relationship_type": "based-on", "source_ref": "indicator--3b890a66-a7bb-4702-962d-06ca4db940b0", "target_ref": "domain-name--42e3490c-0e7d-4468-9adb-01f07abfb1b0" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3f38416-0242-440f-a26c-bdc51e80ed63", "created": "2025-12-13T19:22:51.950Z", "modified": "2025-12-13T19:22:51.950Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'telenet-flix.com']", "pattern_type": "stix", "valid_from": "2025-12-13T19:22:51.950Z", "labels": [ "malicious-activity" ], "confidence": 70 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6e399865-9b8d-41ff-999a-abba3a4303a4", "created": "2025-12-13T19:22:51.950Z", "modified": "2025-12-13T19:22:51.950Z", "relationship_type": "based-on", "source_ref": "indicator--b3f38416-0242-440f-a26c-bdc51e80ed63", "target_ref": "domain-name--c7e9ba5c-2576-42a9-a9e7-8c75b1fbae59" } ] }