Cybersecurity Latest Rundown

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

SOX: 11 HIPAA: 3 General Enterprise: 3 FISMA: 1 NYDFS: 1 PCI DSS: 1 SOC 2: 1

Industry Watch

🚨 Healthcare (HIPAA) CRITICAL

Major data breach impacting 5.6M individuals

Key threat: 700Credit Breach exposes SSNs/DOB, Phantom Stealer targeting finance/healthcare...

Action: Review 700Credit Data Breach, Phantom Stealer Phishing Campaign

Finance (SOX) ELEVATED

Active infrastructure exploitation and RaaS activity

Key threat: Sierra Wireless Router RCE, VolkLocker Ransomware, MSMQ Update Failures...

Action: Review Sierra Wireless CVE-2018-4063, VolkLocker Ransomware, MSMQ Patch Issues

CyberSecurity Latest Rundown

Heroes, late breaking critical news. Here's a detailed look at the current cybersecurity landscape for December 15, 2025.

CRITICAL ITEMS

More React2Shell Exploits CVE-2025-55182
Date & Time: 2025-12-15T13:17:34

Attackers are actively exploiting the React2Shell vulnerability (CVE-2025-55182) with new payloads, indicating that unpatched servers are likely already compromised. The SANS Internet Storm Center reports high-volume exploitation attempts using `finger.exe` for payload delivery.

Business impact

If exploited, attackers gain remote control over web servers, allowing for data theft, ransomware deployment, or lateral movement into the corporate network - leading to significant operational downtime and potential regulatory fines.

Recommended action

Ask your IT team: "Have we scanned our public-facing web servers for CVE-2025-55182 today, and are we blocking outbound `finger.exe` traffic at the firewall?"

CVE: CVE-2025-55182 | Compliance: General Enterprise | Source: isc.sans.edu ↗
CISA Adds Actively Exploited Sierra Wireless Router Flaw
Date & Time: 2025-12-13T12:33:00

CISA has added a critical vulnerability in Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog due to active attacks in the wild. This flaw allows remote attackers to take full control of network edge devices.

Business impact

Compromised routers can allow attackers to intercept all network traffic, steal credentials, or launch attacks against internal systems, potentially violating SOX controls regarding network security perimeter integrity.

Recommended action

Ask your Network Engineering team: "Do we have any Sierra Wireless AirLink routers in our fleet, and have they been patched against CVE-2018-4063 or disconnected from the internet?"

CVE: CVE-2018-4063 | Compliance: SOX | Source: thehackernews.com ↗
700Credit Data Breach Impacts 5.6 Million People
Date & Time: 2025-12-15T11:23:02

Fintech and data services firm 700Credit suffered a massive breach exposing names, addresses, and Social Security numbers of 5.6 million individuals. As a provider of credit reports and identity verification, this breach poses severe downstream risks.

Business impact

Organizations relying on 700Credit for background checks or credit pulls face potential supply chain risks and must prepare for increased identity fraud attempts using the stolen data.

Recommended action

Ask your Vendor Risk Management team: "Do we utilize 700Credit services, and if so, has our specific account data been verified as impacted?"

CVE: n/a | Compliance: SOX, HIPAA | Source: securityaffairs.com ↗
VolkLocker Ransomware Exposed by Hard-Coded Master Key
Date & Time: 2025-12-15T05:33:00

A new pro-Russian ransomware group, CyberVolk, has launched "VolkLocker," but researchers found implementation errors allowing free decryption without payment. Despite the flaw, the group remains active and dangerous.

Business impact

While decryption is currently possible, a successful infection still causes operational disruption and requires incident response resources; future versions will likely fix these flaws, restoring the full threat of data loss.

Recommended action

Ask your Security Operations team: "Is our endpoint protection configured to detect the VolkLocker signatures identified by SentinelOne?"

CVE: n/a | Compliance: General Enterprise | Source: thehackernews.com ↗

HIGH SEVERITY ITEMS

Phantom Stealer Spread by ISO Phishing Emails
Date & Time: 2025-12-15T09:24:00

A new phishing campaign targeting the finance sector is delivering "Phantom Stealer" malware via malicious ISO disk image files. The campaign, codenamed Operation MoneyMount-ISO, bypasses some traditional email filters.

Business impact

Successful infection can lead to the theft of corporate banking credentials and sensitive financial data, resulting in direct financial loss and regulatory reporting requirements.

Recommended action

Ask your Email Security team: "Do we block or quarantine .ISO file attachments at the email gateway, and have we warned finance staff about this specific phishing tactic?"

CVE: n/a | Compliance: HIPAA, SOX | Source: thehackernews.com ↗
Microsoft December Updates Cause Message Queuing Failures
Date & Time: 2025-12-15T09:04:59

Microsoft confirmed that December 2025 security updates are breaking Message Queuing (MSMQ) services, critical for many enterprise applications and IIS websites. This is causing widespread application failures.

Business impact

Critical business applications relying on MSMQ may fail or behave erratically, causing immediate operational downtime and requiring emergency rollback or mitigation procedures.

Recommended action

Ask your Server Administration team: "Have we deployed the December Microsoft updates to servers running MSMQ, and are we seeing service failures in our monitoring?"

CVE: n/a | Compliance: GDPR, SOX | Source: bleepingcomputer.com ↗
Apple Releases macOS Sequoia 15.7.3 Security Update
Date & Time: 2025-12-15T11:53:14

Apple has released macOS Sequoia 15.7.3 containing important security fixes. Prompt patching is required to close vulnerabilities that could allow attackers to compromise Mac endpoints.

Business impact

Unpatched executive or developer MacBooks remain vulnerable to exploitation, potentially serving as entry points for attackers to access corporate cloud resources.

Recommended action

Ask your Endpoint Management team: "What is our timeline for deploying macOS 15.7.3 to the fleet, and can we enforce the update for high-risk users immediately?"

CVE: n/a | Compliance: SOX | Source: www.techrepublic.com ↗
Secret Spilling Drive: Leaking User Behavior Through SSD Contention
Date & Time: 2025-12-14T16:00:00

Researchers at NDSS 2025 have demonstrated a side-channel attack where user behavior can be inferred through SSD contention patterns. This highlights a hardware-level privacy risk in shared storage environments.

Business impact

While difficult to execute, this vulnerability could theoretically allow attackers in multi-tenant cloud environments to infer sensitive activity of other tenants on the same physical hardware.

Recommended action

Ask your Cloud Architecture team: "Are our most sensitive workloads running on dedicated instances or shared storage infrastructure?"

CVE: n/a | Compliance: SOX, PCI DSS | Source: securityboulevard.com ↗

MEDIUM SEVERITY ITEMS

Man Jailed for Teaching Criminals How to Use Malware
Date & Time: 2025-12-15T10:25:46

A 49-year-old man was sentenced to over five years in prison for creating video tutorials teaching gangs how to use Android spyware to drain bank accounts. This underscores the "crime-as-a-service" enabler ecosystem.

CVE: n/a | Compliance: SOX | Source: grahamcluley.com ↗
Bugcrowd Puts Defenders on the Offensive With AI Triage Assistant
Date & Time: 2025-12-15T07:00:45

Bugcrowd has launched an AI Triage Assistant to help security teams analyze vulnerabilities faster. This tool aims to reduce Mean Time to Remediation (MTTR) by automating parts of the triage process.

CVE: n/a | Compliance: SOX | Source: securityboulevard.com ↗

EXECUTIVE INSIGHTS

Identity Risk Is Now the Front Door to Enterprise Breaches
Date & Time: 2025-12-15T08:29:00

Constella Intelligence reports that most modern breaches start with exposed identities rather than technical exploits. Harvested credentials and impersonation are the primary vectors, necessitating a shift from perimeter defense to identity-centric security.

Source: constella.ai ↗
Against the Federal Moratorium on State-Level Regulation of AI
Date & Time: 2025-12-15T12:02:15

Bruce Schneier argues against the proposed federal moratorium on state AI regulations. For executives, this signals a complex, fragmented regulatory landscape ahead where state-level compliance may remain a critical legal requirement.

Source: www.schneier.com ↗

VENDOR SPOTLIGHT

Spotlight Rationale: Selected for direct detection of the VolkLocker Ransomware highlighted in today's rundown.

Threat Context: VolkLocker Ransomware Exposed by Hard-Coded Master Key

Platform Focus: SentinelOne Singularity XDR

SentinelOne was explicitly cited in intelligence reports for identifying the VolkLocker ransomware artifacts and the implementation flaws that allow for free decryption. Their behavioral AI models are tuned to detect the specific encryption behaviors and "test artifacts" left by this new RaaS group, providing a defense layer that goes beyond static signatures.

Actionable Platform Guidance: SentinelOne administrators should verify that the "Anti-Ransomware" policy is set to "Protect" rather than "Detect" and ensure agents are updated to the latest version to leverage the specific behavioral indicators associated with CyberVolk/VolkLocker activity.

Source: thehackernews.com ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - SentinelOne Singularity XDR

# Recommended Action: Verify Anti-Ransomware Policy Status
# 1. Login to SentinelOne Management Console
# 2. Navigate to Sentinels > Policy
# 3. Select the relevant policy group (e.g., "Global" or "Workstations")
# 4. Under "Engines", locate "Anti-Ransomware"
# 5. Ensure Mode is set to "Protect"
# 6. Under "Exclusions", verify no broad path exclusions exist for %TEMP% or %APPDATA%
# 7. Save changes

# Verification Command (via Sentinelctl on endpoint):
sentinelctl config -p agent.anti_ransomware.enable true

2. YARA Rule for React2Shell & VolkLocker Indicators

rule React2Shell_VolkLocker_Hunt {
meta:
description = "Detects artifacts related to React2Shell (finger.exe abuse) and VolkLocker Ransomware"
author = "Threat Rundown"
date = "2025-12-15"
reference = "https://isc.sans.edu/diary/rss/32572"
severity = "medium"
tlp = "white"
strings:
$s1 = "finger.exe" ascii wide nocase
$s2 = "ClickFix" ascii wide
$s3 = "VolkLocker" ascii wide
$s4 = "CyberVolk" ascii wide
$h1 = { 4D 5A 90 00 03 00 00 00 }
condition:
uint16(0) == 0x5A4D and
(any of ($s*))
}

3. SIEM Query — React2Shell Payload Delivery (Finger.exe)

index=security sourcetype="WinEventLog:Security" OR sourcetype="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational"
(Image="*\\finger.exe" OR CommandLine="*finger.exe*")
| eval risk_score=case(
match(CommandLine, ".*@.*"), 100,
match(CommandLine, ".*http.*"), 100,
1==1, 50)
| where risk_score >= 50
| table _time, src_ip, dest_ip, ComputerName, User, CommandLine, risk_score
| sort -_time

4. PowerShell Script — Check MSMQ Service Status (Post-Update)

$computers = "localhost", "SERVER01", "WEB01" # Add your MSMQ servers here
foreach ($computer in $computers) {
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
try {
$service = Get-Service -Name MSMQ -ComputerName $computer -ErrorAction Stop
if ($service.Status -ne "Running") {
Write-Host "CRITICAL: MSMQ Service on $computer is $($service.Status)" -ForegroundColor Red
} else {
Write-Host "OK: MSMQ Service on $computer is Running" -ForegroundColor Green
}
} catch {
Write-Host "ERROR: Could not query MSMQ on $computer" -ForegroundColor Yellow
}
}
}

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "type": "bundle", "id": "bundle--0d337a10-dc12-4300-be26-8ca286f6d00d", "objects": [ { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "created": "2022-10-01T00:00:00.000Z", "definition_type": "tlp:2.0", "name": "TLP:CLEAR", "definition": { "tlp": "clear" } }, { "type": "identity", "spec_version": "2.1", "id": "identity--5438d701-30cb-49db-963e-ab95940693de", "created": "2025-12-15T14:44:50.452Z", "modified": "2025-12-15T14:44:50.452Z", "name": "MikeGPT Intelligence Platform", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "identity_class": "organization", "sectors": [ "technology", "defense" ], "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "report", "spec_version": "2.1", "id": "report--d5335aef-27a2-4c6a-8e27-0505d8fcbe3e", "created": "2025-12-15T14:44:50.452Z", "modified": "2025-12-15T14:44:50.452Z", "name": "Threat Intelligence Report - 2025-12-15", "description": "Threat Intelligence Report - 2025-12-15\n\nThis report consolidates actionable cybersecurity intelligence from 78 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• More React2Shell Exploits CVE-2025-55182, (Mon, Dec 15th) (Score: 100)\n• Apple Releases macOS Sequoia 15.7.3 Security Update (Score: 100)\n• ⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More (Score: 100)\n• Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw (Score: 100)\n• Microsoft: December security updates cause Message Queuing failures (Score: 100)\n\nEXTRACTED ENTITIES:\n• 23 Attack Pattern(s)\n• 20 Domain Name(s)\n• 22 File:Hashes.Md5(s)\n• 2 File:Hashes.Sha 1(s)\n• 2 File:Hashes.Sha 256(s)\n• 20 Indicator(s)\n• 3 Malware(s)\n• 1 Marking Definition(s)\n• 137 Relationship(s)\n• 2 Threat Actor(s)\n• 2 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "published": "2025-12-15T14:44:50.452Z", "object_refs": [ "identity--5438d701-30cb-49db-963e-ab95940693de", "identity--ae4d5f46-29c5-40ae-842b-378abf057c12", "identity--acb93a01-a11d-403f-b638-c94a395f04fd", "vulnerability--09cfd756-732a-426d-8c11-8d9ddb3e9e05", "vulnerability--d95868d7-4f07-4d84-b742-07ee4cf4adbf", "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "identity--5653d5fd-3625-41d2-b03e-b4bf2db2b5f8", "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "identity--4a0ea356-910b-4135-8390-c178705bb54c", "identity--5a780c92-71d2-4acb-8feb-2bd89583e965", "identity--986da1de-6f62-48bd-89ef-df3c1ef74e42", "identity--a52c9d86-2b95-4a90-9b14-9091600c80e3", "identity--6fb9856d-c65f-4ee2-8c7e-57a2e7c3653f", "identity--d43d759d-0cf0-4934-8421-206c3afe0e60", "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "identity--c8c2152f-3706-464c-b869-20b4edcf412c", "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581", "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1", "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f", "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef", "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49", "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81", "attack-pattern--bc38fb55-802d-495f-9db5-d148da76a40b", "attack-pattern--1731bb02-f47b-4ea6-b4b5-8310407414cd", "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8", "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "relationship--4e0068cc-c39e-45ad-9f9a-480308a6ea8b", "relationship--26ddbd85-7d2e-426f-b5fa-2c745a8366a2", "relationship--9f6de550-3960-4bbf-89f6-3515aa564f90", "relationship--2c660767-13b5-4648-bf4e-c1a0715986d6", "relationship--8cfa7ab8-80cf-48ff-a236-ee7e0e806864", "relationship--977dc4ed-98fe-4465-812c-ac11d3f47e5f", "relationship--14e38a3c-98f1-4742-b546-577add4922a5", "relationship--21452b83-3741-4b98-a4e8-aa7f0c21a8f0", "relationship--991da0c5-0f0e-49c1-80ab-8f14ebf9a71a", "relationship--dd9cef81-597f-4fbe-b4ad-2a2cbf4cf65d", "relationship--d07d0bfc-b0bf-4b1e-abce-783c54074e01", "relationship--d4b78b21-d1ce-4a7d-b4ec-c5cfa5a2a6de", "relationship--72b8586e-fbaa-4f22-a9aa-07abb00d67c6", "relationship--10c296cd-70bc-429a-bef4-58c07ae7eeb6", "relationship--8e2f8d20-22df-403d-8e84-d0217bfeb3c1", "relationship--6e6c3354-5a29-423f-9456-329fbba86ae6", "relationship--d309ea51-de15-4b08-8a15-db2379034187", "relationship--d62ba897-026c-41b8-8a4b-9c363db5c873", "relationship--5abdadd4-5c15-488f-a73e-0571fd47f112", "relationship--5cd913c0-2556-4d01-bf9b-6f70b53e3c3b", "relationship--812e4e3f-3bcb-41e4-ae51-8b0f57cee60f", "relationship--5eb4c48f-b21d-4c94-995c-f762caefab8f", "relationship--5d014acb-fe15-4434-96dd-d5c8edd2e7fd", "relationship--604d8c71-e560-4d4e-918b-22e0bb770940", "relationship--cc47df8a-d52f-4af3-963a-5820e5f830af", "relationship--9c4280c6-9595-46eb-8d48-8b6a17798ec0", "relationship--4dc4c2c5-dfdf-48fb-9a3f-545b84be9167", "relationship--270d9f16-b97a-4b9e-90e7-b16b805ac2c1", "relationship--9e9a3c03-50a9-4fab-8c2d-7b73ec168176", "relationship--de44b8e9-bbe7-4035-83a6-30391f908916", "relationship--2b70ef6f-3aa9-4268-b4c2-109a8a93eebe", "relationship--75b98e09-4bdd-4a10-95dc-4b675cb20615", "relationship--a6377549-89a9-4e04-8423-a1e5e00683ab", "relationship--679c2057-5d7d-4ecb-ab46-5d3c6e66fd05", "relationship--771c48fe-389d-4661-9391-9e4653b1f5e4", "relationship--7efb30e0-d1ae-463c-ad40-cd7f486b33a3", "relationship--d267d243-f2a3-4a9f-8d7f-2c494de82173", "relationship--d593f3d4-a8d4-41ae-8f2b-7290b5287fe7", "relationship--c017f3d6-a7de-4d2a-a7e0-94483622ebcf", "relationship--cb35e64e-53f4-4628-87d2-81ae2c9f3bda", "relationship--b15893b8-aade-4efb-8734-55f39d869509", "relationship--8a7979cc-2e8d-4cb5-998d-c57e28e4ce96", "relationship--668d8c03-e23b-41c4-b221-bd61943ff74f", "relationship--6816280f-c2ab-46f6-916b-473c84dcd065", "relationship--96b2083b-1bc8-46fe-8179-b8eaf48f9446", "relationship--7a67f182-d5e1-4835-90ea-5e859240b169", "relationship--3e5fd06a-180c-4276-8486-03e537115dbf", "relationship--3454157c-f81e-4909-ba30-04256a8715c2", "relationship--c0866765-83e2-48d2-a8df-69dbe4a12ee8", "relationship--9f29fd95-9eba-4b58-bfdb-902d2da82c3c", "relationship--d2d68c0d-b090-42c6-9f24-b254d2c5b88e", "relationship--23e2e73c-0e48-45ca-a77e-c622dd3ae87c", "relationship--8ba27a6f-984d-4db3-9a09-e0d955d97daa", "relationship--fa31f176-5c64-42aa-9939-754bb8bccc4f", "relationship--841abf4d-8512-4a75-99b2-65d2949774b7", "relationship--7e89998e-a053-4135-8fc0-9d2fa74e8166", "relationship--56ee5dc5-40f1-4877-a7c1-6f59d40db9a1", "relationship--da00f1b9-a8b7-4f6d-93fb-8c35738a01d3", "relationship--a3f2b56e-7832-4142-b96f-7f26076d711c", "relationship--625f3124-79a6-4c16-90f9-b22b480e563a", "relationship--089b5991-4f8c-4450-aeb3-e45de4f1c8aa", "relationship--6f37292b-8335-45b4-ab9e-86370eff4715", "relationship--0122897a-f803-4881-8437-2c433f227657", "relationship--c03ae7df-5cd2-4552-b541-2a731a7ad7d9", "relationship--e20d0aea-c950-45ed-bdb0-a35e30bd25ce", "relationship--bd7d383c-f27d-442a-8ac5-4ef4b93ee9a9", "relationship--03b66472-40b8-4248-a90b-d9a9c3555a5b", "relationship--c1a93e7a-af10-4ecc-a02a-1891bc4398ee", "relationship--cbc082c4-c136-4598-883a-8f8b074f61eb", "relationship--25b53de3-fd9f-42af-ad78-2291d80f9e03", "relationship--ef820422-7092-4d44-b79a-5a5fb0653b2f", "relationship--691befd2-7a29-4e15-bc0f-b640c2a4fd9b", "relationship--0524ef9e-8703-46fa-83d6-098968fc7267", "relationship--095bedae-deac-4d78-9c8b-804a23495260", "relationship--ac4206f3-adf4-4745-b8a4-8e0e0b5485e7", "relationship--51953c80-fa15-42d1-8528-5c81a308644f", "relationship--e7c95282-a00f-4a4b-9152-268e4b21e587", "relationship--f1eeb2d9-2d2a-4b91-bb2d-83ecef5dbc7e", "relationship--c716e074-bd19-43c8-8ec8-c1f6ab8f57db", "relationship--d09d6050-10ea-47e0-a20a-f3c1091e7abe", "relationship--a9986794-799c-4fa3-b680-3bca5c0922fd", "relationship--18909b6e-365f-401c-b7b6-76a300b18498", "relationship--a6dd7762-54de-4429-b2f6-98f62707d5b1", "relationship--51b48100-8d4b-4eb1-a7b0-595aac5fe30d", "relationship--0c644958-1f5d-493f-8e12-fda992c610fc", "relationship--719b960b-f293-4739-8931-142833aa23e2", "relationship--a5d5319a-a445-4a41-9266-a90f3cfc3a79", "relationship--9eae8b59-17e8-4f78-89e8-cd74ef42fa2c", "relationship--037cdd3d-b6fd-41a8-9637-faf1fa131f86", "relationship--6cd148fd-8485-42bc-aae9-65b63d935cab", "relationship--35c2ec80-8348-4dc4-8165-d222c8bfb0cf", "relationship--fe6b8844-be9d-4d93-80c3-8d6eb90c5b7a", "relationship--9b4c4fd8-cabb-4363-83d3-2483f018ce31", "relationship--a6053a28-ef2d-4519-a5f7-980355da2a3a", "relationship--c8020b68-38e7-47b6-aed3-8e8a03549fde", "relationship--3b2fb00d-eaf7-45e2-ab91-7c0b9d392275", "relationship--3f46c81a-d13b-4f5e-9fce-619d1db839f4", "relationship--31c8b688-b4fc-4c43-97b8-15bcca365ad1", "relationship--f23f8879-b7cd-4e7b-9dd7-913f510041b4", "relationship--5bdefc26-551f-43fc-bc1b-1e5311706a30", "relationship--433a4bac-2103-4b71-b908-27a981c538b5", "relationship--541c1abc-73a8-4a60-9af5-d802188f1024", "relationship--73923e26-74af-4850-8c40-d96e4932b362", "relationship--f9a8b09c-2ce2-41b7-bb72-5e4cbd23bd6e", "relationship--0d0b6556-ddad-4ff3-a4e0-1ac337a19cfa", "relationship--c3ecf7f4-4a50-4298-90de-e41233850b78", "relationship--dd9a9e51-df06-431a-adf4-63f629d0392d", "relationship--fae7e86e-dbce-4364-9d3d-aaafc856c347", "relationship--eb817974-39f7-45eb-afe4-dc49db5ef9b9", "relationship--915d15b6-84d5-4a43-852e-0ace5f246ad1", "relationship--39161fc1-e94e-4a8b-b89c-600a4b9428b3", "relationship--54d8197a-2bf4-416a-88ae-27ccab7bd7e9", "relationship--95788fcd-f467-459e-ab09-a8812801a287", "relationship--89156f41-2c8b-4b35-8cbd-b58b903b4eeb", "relationship--42c5c384-cdc1-4185-b6b4-09b6681480a3", "relationship--3e3d911c-02da-42dd-9cc3-279e779e71c9", "relationship--1c86e3b8-a1a3-41a9-b49b-b987f0d94322", "file:hashes.MD5--15e0f130-881e-40da-9863-ecd6282a7924", "file:hashes.MD5--a895259c-b030-43a2-baad-434299cc8b08", "file:hashes.SHA-1--e49e6ad0-f41f-41d4-bccf-f02f8b8d7750", "file:hashes.SHA-1--0c97d439-1524-4bdb-bb52-e6cd9bcd4414", "file:hashes.SHA-256--eb08593e-ea36-46a0-bdce-9b83534a6907", "file:hashes.SHA-256--4398b0b9-dbe4-46b7-970d-6dae48a336ba", "domain-name--413f4f81-5bb5-4776-93f7-08bed426993e", "domain-name--f1b2150f-8ef8-480a-85dd-7b7d0c4f7e54", "domain-name--37ea6898-3226-470a-af5e-2a998d67f987", "domain-name--65892283-4861-4d33-80ee-96c2dab1e236", "domain-name--24f77506-1cae-4f7a-919f-e1bd66505e52", "domain-name--4723bafb-5ac7-47e2-a900-074f93a4be28", "domain-name--ce4fddac-6f3a-4ce5-a243-4511970ec450", "domain-name--32fd0b91-68d8-4b76-a2ef-be26faccc68d", "domain-name--89a1b56a-5d03-48ff-801e-ad72b8911744", "domain-name--ce70843e-e4f1-4705-856c-94e2b3066e4b", "domain-name--030c23df-a60e-42bb-a836-b7e48ef43db8", "domain-name--95aa85c2-900e-46f0-a66b-bfa495be33db", "domain-name--7129e929-74b7-42d5-ad4d-70f5d7ca2958", "domain-name--15668218-725d-4099-81ef-48fc85372b70", "domain-name--ffa9b246-5f1e-4274-8d34-338bf499ccbf", "domain-name--3befafa3-a1c5-453a-a21a-56747619819d", "domain-name--47c550f8-41bb-46cf-8473-2e25a71fa4ee", "domain-name--0f3338d1-3af5-4113-9f4a-e303a2dc8446", "domain-name--080ebe6e-c6d6-4d17-93a0-66c7740deb13", "domain-name--ef672049-3446-49e7-8fe4-62302ff037c9", "file:hashes.MD5--f0d81abb-6a3d-4746-9e44-b854d98997e8", "file:hashes.MD5--43e95749-eb79-4cdc-8c7d-e449090fd149", "file:hashes.MD5--12e072fb-0ab7-49bd-ae7f-7bdac874196c", "file:hashes.MD5--42c0e53b-b6c1-4816-9bb2-1e0ad7e8812b", "file:hashes.MD5--1fc9df82-2fbd-431b-a7b6-557ce4ce3ae0", "file:hashes.MD5--3ac4136d-f7fd-42fa-94df-197b6bea1565", "file:hashes.MD5--79f68313-fdd7-4232-80ea-6bf17cc9d8b3", "file:hashes.MD5--a3b250d8-e616-49d0-b733-615860f7dd15", "file:hashes.MD5--65bc979e-7914-43ab-882b-f5ed3e9e37a7", "file:hashes.MD5--3a629597-31c7-4ae0-9f59-cc5cc78819e9", "file:hashes.MD5--070b9133-ecbd-48bf-a235-4c1def34fd19", "file:hashes.MD5--5f7d8630-0bc8-48ae-82c6-5e39237259cd", "file:hashes.MD5--19fbaa43-6f7f-4996-ae46-38ea4dad09fc", "file:hashes.MD5--0af15c0a-dac7-4a9a-bf14-17b595d8b4d1", "file:hashes.MD5--776f73a6-0183-48db-bd4c-8600cad3b1a5", "file:hashes.MD5--ec7e3201-4fcd-47b4-a1c9-f75696dc8dd3", "file:hashes.MD5--7ce07401-a63e-416f-b481-154e066065c1", "file:hashes.MD5--f486f62a-491a-4de5-b450-a034d1f6dbf0", "file:hashes.MD5--95524c26-fc21-425c-8f1a-71192e2447c1", "file:hashes.MD5--1e5e806d-fccb-45ad-a373-1a0545e10d7a", "indicator--2034e073-9e78-4fa1-94e1-0d779d3bbc52", "relationship--b6aaf8c9-8959-4dfe-8a2d-517e532287f9", "indicator--a1d79897-18a0-47f7-bb4e-78a85339ae05", "relationship--ae49c5f8-dc29-4861-be04-2abc8056cba9", "indicator--9ce46670-e766-44c2-9cf9-490d5dfb37eb", "relationship--21b3aafb-4229-45e9-ba43-d60e633f332a", "indicator--f5989867-1183-4d6f-ba36-cb1b859f6d9c", "relationship--3cbb0d3c-5872-41c3-ae69-ecda2b29ea34", "indicator--ec3235c6-6061-43ce-bba6-99d4f16267df", "relationship--cba20242-d795-409c-a826-287f634f7c14", "indicator--37bcb173-8e61-4bef-a580-373387b71de1", "relationship--35808fc5-fd6c-4cdb-a31b-9708ea8d3758", "indicator--09969101-58e7-4a04-8d63-a7fe613f0b0d", "relationship--3d2f07b9-57fc-4e5d-9689-990e40512104", "indicator--9e32d7c7-6b8a-417a-91bd-10a0663ca4d9", "relationship--623cc084-3fce-4b97-b1f7-7db065cd009e", "indicator--f7850875-a5f5-4617-96df-35cad0edc544", "relationship--4cb6a97e-3252-4924-b3f6-66cc7f1ee4ee", "indicator--ca31aaa2-a7fd-4791-a057-c0fbe8fc7dcc", "relationship--ba74f4e6-cce9-4419-aee3-92b3393c0f81", "indicator--bb83989b-4dec-4bd7-a11d-a9553aee8b3e", "relationship--6a394159-1961-45fd-8368-8cb1f3ce8725", "indicator--84de44a7-e97e-46e3-9070-7676d79fdaa1", "relationship--31c561db-f1af-40a4-a496-27aa0bad7ac4", "indicator--7b853741-2d80-4c8d-8eb6-98607bd59a16", "relationship--13bbfae2-d419-4123-ada1-efd4e1727870", "indicator--e03353f2-8abd-46b1-95b8-10786ba17a0c", "relationship--3aa9fe2b-cd31-4d42-963f-641d0472e13f", "indicator--c40a25b9-7599-4348-87e7-7d247e5a350f", "relationship--d4a90523-a001-4247-9857-ab6cf8b7d59f", "indicator--92c7e549-c90b-4d05-88ec-0687ba4649ca", "relationship--50cf236f-90fd-4835-bdc3-9eced2c6e3b5", "indicator--7330f953-f38c-4d8e-ae39-5f9984c83b16", "relationship--323cc066-2bcf-47a2-9700-e2a80f39e76a", "indicator--c0fa677e-b555-46cd-be59-977e5cb68c7f", "relationship--60bed425-43cb-4a9d-9543-1317c091cd10", "indicator--ef5e262b-727a-4526-ad21-e770ab394a1c", "relationship--a4aec1dd-3e32-4852-bea1-013a68dd4b16", "indicator--cdb224f7-4af9-41b7-a756-9965e514a2f3", "relationship--c1ca12f1-1572-4730-836e-ceef8b26acef" ], "labels": [ "threat-report", "threat-intelligence" ], "created_by_ref": "identity--5438d701-30cb-49db-963e-ab95940693de", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.996Z", "modified": "2025-12-15T14:44:48.996Z", "confidence": 95, "type": "identity", "id": "identity--ae4d5f46-29c5-40ae-842b-378abf057c12", "name": "Microsoft", "identity_class": "organization", "labels": [ "identity" ], "description": "Microsoft is a multinational technology corporation that specializes in developing, manufacturing, licensing, and supporting a wide array of software products, services, and devices. Known for its operating systems like Windows, productivity software such as Microsoft Office, and cloud services through Microsoft Azure, the company plays a pivotal role in both consumer and enterprise technology sectors. Microsoft's products and services are integral to various industries, including enterprise applications and Internet Information Services (IIS) websites.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.996Z", "modified": "2025-12-15T14:44:48.996Z", "confidence": 95, "type": "identity", "id": "identity--acb93a01-a11d-403f-b638-c94a395f04fd", "name": "Graz University of Technology", "identity_class": "organization", "labels": [ "identity" ], "description": "Graz University of Technology, located in Graz, Austria, is a leading public research university with a strong emphasis on innovation and technology. It is particularly renowned for its contributions in computer science and cybersecurity. The university is home to experts and researchers who actively participate in and present at conferences, focusing on critical areas such as securing non-human identities (NHIs) and their secrets within cloud environments. Notable researchers from Graz University of Technology have authored papers on topics like side-channel attacks and data leakage through SSD content.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.996Z", "modified": "2025-12-15T14:44:48.996Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--09cfd756-732a-426d-8c11-8d9ddb3e9e05", "name": "CVE-2025-55182", "description": "A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.. CVSS Score: 10.0 (CRITICAL). CISA KEV: Active exploitation confirmed. EPSS: 76.0% exploitation probability", "x_cvss_score": 10.0, "x_cvss_severity": "CRITICAL", "x_kev_status": true, "x_epss_score": 0.76008, "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-55182", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55182" }, { "source_name": "nvd", "external_id": "CVE-2025-55182", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55182" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.996Z", "modified": "2025-12-15T14:44:48.996Z", "confidence": 95, "type": "vulnerability", "id": "vulnerability--d95868d7-4f07-4d84-b742-07ee4cf4adbf", "name": "React2Shell", "description": "React2Shell is a vulnerability in React Server Components that could lead to denial-of-service attacks or the exposure of source code. It is one of several recently discovered flaws in React Server Components, including CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779. React2Shell is considered a dangerous vulnerability that requires immediate attention from security teams to prevent exploitation by threat actors.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.996Z", "modified": "2025-12-15T14:44:48.996Z", "confidence": 95, "type": "malware", "id": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "name": "VolkLocker", "is_family": true, "malware_types": [ "ransomware" ], "labels": [ "malicious-activity" ], "description": "VolkLocker is a ransomware-as-a-service (RaaS) offering associated with the pro-Russian hacktivist group CyberVolk (aka GLORIAMIST). It has been observed to have implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee. This ransomware is notable for its affiliation with a known threat group and its potential for exploitation by malicious actors.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "identity", "id": "identity--5653d5fd-3625-41d2-b03e-b4bf2db2b5f8", "name": "Amazon", "identity_class": "organization", "labels": [ "identity" ], "description": "Amazon is a multinational technology company that specializes in e-commerce, cloud computing, digital streaming, and artificial intelligence. Amazon Web Services (AWS) is a prominent provider of cloud computing services, offering a wide range of infrastructure services such as computing power, storage options, and networking. The company is also involved in research and development, contributing to advancements in cybersecurity and technology through collaborations and presentations at academic conferences.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "malware", "id": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "name": "Beelzebub", "is_family": true, "malware_types": [ "stealer" ], "labels": [ "malicious-activity" ], "description": "Beelzebub is a malware family used in large-scale credential theft campaigns, as observed in 'Operation PCPcat'. This malware is designed to steal sensitive information from compromised systems, posing a significant threat to organizations and individuals alike. Its capabilities and targets are still being researched and monitored by cybersecurity experts.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "name": "ShadyPanda", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "description": "ShadyPanda is a threat group that has been operating for at least seven years, using a unique approach to compromise targets. They publish or acquire harmless extensions, allowing them to establish a foothold and gather intelligence before striking. This group's tactics demonstrate a high level of sophistication and patience, making them a significant threat to organizations. Their ability to blend in and avoid detection for extended periods makes them a challenging adversary to detect and mitigate.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "identity", "id": "identity--4a0ea356-910b-4135-8390-c178705bb54c", "name": "LinkedIn", "identity_class": "organization", "labels": [ "identity" ], "description": "LinkedIn is a social networking platform designed for professionals and businesses to connect and share information. As a major online platform, LinkedIn's data is a valuable target for threat actors seeking to exploit professional networks for social engineering attacks. The exposure of 4.3 billion professional records, including LinkedIn data, poses a significant risk to individuals and organizations, enabling large-scale AI-driven social engineering attacks.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "identity", "id": "identity--5a780c92-71d2-4acb-8feb-2bd89583e965", "name": "the Chicago Public Library", "identity_class": "organization", "labels": [ "identity" ], "description": "The Chicago Public Library is a public library system serving the city of Chicago, Illinois, USA. As a prominent cultural and educational institution, it may be a target for cyber threats or attacks, particularly those aimed at disrupting public services or stealing sensitive information. As a result, it is essential to monitor and protect the library's digital assets and infrastructure to prevent potential security breaches.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "identity", "id": "identity--986da1de-6f62-48bd-89ef-df3c1ef74e42", "name": "CERT-FR", "identity_class": "organization", "labels": [ "identity" ], "description": "CERT-FR (French Computer Emergency Response Team) is a national cybersecurity organization responsible for monitoring, analyzing, and responding to cybersecurity threats in France. As part of its mission, CERT-FR provides guidance and advisories to individuals and organizations on how to reduce their exposure to cyber risks. In this context, CERT-FR is advising iPhone and Android users to disable Wi-Fi to mitigate multiple vulnerabilities across wireless interfaces, apps, OSs, and hardware. As a trusted source of cybersecurity information, CERT-FR plays a critical role in helping to protect individuals and organizations from cyber threats.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "identity", "id": "identity--a52c9d86-2b95-4a90-9b14-9091600c80e3", "name": "The National Cybersecurity Committee", "identity_class": "government", "labels": [ "identity" ], "description": "The National Cybersecurity Committee is a federal agency responsible for overseeing and coordinating national cybersecurity efforts. As a government entity, it plays a critical role in shaping cybersecurity policies and regulations. The committee's work has a direct impact on the country's cybersecurity posture, making it a relevant entity in the context of national security.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "identity", "id": "identity--6fb9856d-c65f-4ee2-8c7e-57a2e7c3653f", "name": "Anatel", "identity_class": "organization", "labels": [ "identity" ], "description": "Anatel is the Brazilian National Telecommunications Agency, responsible for regulating and overseeing the telecommunications sector in Brazil. As a national authority, Anatel plays a critical role in ensuring the security and integrity of Brazil's telecommunications infrastructure. In the context of cybersecurity, Anatel's responsibilities may include monitoring and responding to cyber threats, developing and implementing cybersecurity policies, and collaborating with other government agencies and private sector organizations to enhance the country's overall cybersecurity posture.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "identity", "id": "identity--d43d759d-0cf0-4934-8421-206c3afe0e60", "name": "the Civil House", "identity_class": "government", "labels": [ "identity" ], "description": "The Civil House is a government entity in Brazil, responsible for assisting the President in the exercise of their powers. In the context of cybersecurity, the Civil House plays a crucial role in shaping the country's national cybersecurity policies and strategies. As a key stakeholder, the Civil House works closely with other government agencies, such as Anatel, to ensure the country's cybersecurity needs are met.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "malware", "id": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "name": "ClayRat", "is_family": true, "malware_types": [ "remote-access-trojan" ], "labels": [ "malicious-activity" ], "description": "ClayRat is a specific malware family that has been observed in various campaigns, including the UDPGangster campaigns that targeted multiple countries. The malware has been reported to have expanded features, indicating its ongoing development and use by threat actors. ClayRat's capabilities and targets are not explicitly stated in the context, but its mention in a malware newsletter and research suggests its significance in the cybersecurity landscape.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "threat-actor", "id": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "name": "CyberVolk", "threat_actor_types": [ "hacker" ], "labels": [ "threat-actor" ], "description": "CyberVolk, also known as GLORIAMIST, is a pro-Russian hacktivist group that has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker. The group's activities have been observed in the wild, and their ransomware has been found to have implementation lapses, allowing users to decrypt files without paying an extortion fee. CyberVolk's capabilities and targets are of interest to cybersecurity professionals, as they represent a new and evolving threat in the ransomware landscape.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 95, "type": "identity", "id": "identity--c8c2152f-3706-464c-b869-20b4edcf412c", "name": "Asahi", "identity_class": "organization", "labels": [ "identity" ], "description": "Asahi Group is a Japanese global beer, spirits, and soft drinks company that was targeted by a ransomware attack. The attack crippled the company's operations, prompting the CEO to consider creating a dedicated cyber unit to enhance their cybersecurity posture. As a prominent beverage company, Asahi Group's cybersecurity is crucial to protecting their business operations and customer data.", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:48.997Z", "modified": "2025-12-15T14:44:48.997Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "name": "Exploit Public-Facing Application", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1190", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "name": "Exploitation for Client Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1203", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/", "external_id": "T1203" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "name": "Spearphishing Attachment", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/001/", "external_id": "T1566.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "name": "Spearphishing Link", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/002/", "external_id": "T1566.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "name": "Spearphishing via Service", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/003/", "external_id": "T1566.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581", "name": "Application Layer Protocol", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1071", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1071/", "external_id": "T1071" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1", "name": "Non-Application Layer Protocol", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1095", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1095/", "external_id": "T1095" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f", "name": "Browser Extensions", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "x_mitre_id": "T1176.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1176/001/", "external_id": "T1176.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef", "name": "Evil Twin", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557.004", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/004/", "external_id": "T1557.004" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49", "name": "Wi-Fi Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1016.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1016/002/", "external_id": "T1016.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81", "name": "Wi-Fi Networks", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1669", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1669/", "external_id": "T1669" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 83, "type": "attack-pattern", "id": "attack-pattern--bc38fb55-802d-495f-9db5-d148da76a40b", "name": "DNS", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1071.004", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1071/004/", "external_id": "T1071.004" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 79, "type": "attack-pattern", "id": "attack-pattern--1731bb02-f47b-4ea6-b4b5-8310407414cd", "name": "DNS Server", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1583.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1583/002/", "external_id": "T1583.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "name": "DNS", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "reconnaissance" } ], "x_mitre_id": "T1590.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1590/002/", "external_id": "T1590.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "name": "Archive via Utility", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1560.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/", "external_id": "T1560.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "name": "Screen Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1113", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/", "external_id": "T1113" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "name": "Adversary-in-the-Middle", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/", "external_id": "T1557" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "name": "Scheduled Task", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1053.005", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/005/", "external_id": "T1053.005" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "name": "Socket Filters", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1205.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1205/002/", "external_id": "T1205.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "name": "Boot or Logon Initialization Scripts", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "x_mitre_id": "T1037", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1037/", "external_id": "T1037" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 69, "type": "attack-pattern", "id": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "name": "Exploits", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.005", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/005/", "external_id": "T1588.005" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 68, "type": "attack-pattern", "id": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8", "name": "Artificial Intelligence", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.007", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/007/", "external_id": "T1588.007" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "confidence": 67, "type": "attack-pattern", "id": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "name": "Fast Flux DNS", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_id": "T1568.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1568/001/", "external_id": "T1568.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4e0068cc-c39e-45ad-9f9a-480308a6ea8b", "created": "2025-12-15T14:44:50.450Z", "modified": "2025-12-15T14:44:50.450Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--26ddbd85-7d2e-426f-b5fa-2c745a8366a2", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9f6de550-3960-4bbf-89f6-3515aa564f90", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c660767-13b5-4648-bf4e-c1a0715986d6", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8cfa7ab8-80cf-48ff-a236-ee7e0e806864", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--977dc4ed-98fe-4465-812c-ac11d3f47e5f", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--14e38a3c-98f1-4742-b546-577add4922a5", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--21452b83-3741-4b98-a4e8-aa7f0c21a8f0", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Browser Extensions (T1176.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--991da0c5-0f0e-49c1-80ab-8f14ebf9a71a", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Evil Twin (T1557.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dd9cef81-597f-4fbe-b4ad-2a2cbf4cf65d", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Wi-Fi Discovery (T1016.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d07d0bfc-b0bf-4b1e-abce-783c54074e01", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Wi-Fi Networks (T1669) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d4b78b21-d1ce-4a7d-b4ec-c5cfa5a2a6de", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "confidence": 60, "description": "Co-occurrence: ShadyPanda and DNS (T1071.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--72b8586e-fbaa-4f22-a9aa-07abb00d67c6", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--1731bb02-f47b-4ea6-b4b5-8310407414cd", "confidence": 60, "description": "Co-occurrence: ShadyPanda and DNS Server (T1583.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--10c296cd-70bc-429a-bef4-58c07ae7eeb6", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "confidence": 60, "description": "Co-occurrence: ShadyPanda and DNS (T1590.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8e2f8d20-22df-403d-8e84-d0217bfeb3c1", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6e6c3354-5a29-423f-9456-329fbba86ae6", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d309ea51-de15-4b08-8a15-db2379034187", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d62ba897-026c-41b8-8a4b-9c363db5c873", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5abdadd4-5c15-488f-a73e-0571fd47f112", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5cd913c0-2556-4d01-bf9b-6f70b53e3c3b", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Boot or Logon Initialization Scripts (T1037) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--812e4e3f-3bcb-41e4-ae51-8b0f57cee60f", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Exploits (T1588.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5eb4c48f-b21d-4c94-995c-f762caefab8f", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d014acb-fe15-4434-96dd-d5c8edd2e7fd", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f", "target_ref": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "confidence": 60, "description": "Co-occurrence: ShadyPanda and Fast Flux DNS (T1568.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--604d8c71-e560-4d4e-918b-22e0bb770940", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "confidence": 60, "description": "Co-occurrence: CyberVolk and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cc47df8a-d52f-4af3-963a-5820e5f830af", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "confidence": 60, "description": "Co-occurrence: CyberVolk and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9c4280c6-9595-46eb-8d48-8b6a17798ec0", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "confidence": 60, "description": "Co-occurrence: CyberVolk and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4dc4c2c5-dfdf-48fb-9a3f-545b84be9167", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "confidence": 60, "description": "Co-occurrence: CyberVolk and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--270d9f16-b97a-4b9e-90e7-b16b805ac2c1", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "confidence": 60, "description": "Co-occurrence: CyberVolk and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9e9a3c03-50a9-4fab-8c2d-7b73ec168176", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581", "confidence": 60, "description": "Co-occurrence: CyberVolk and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--de44b8e9-bbe7-4035-83a6-30391f908916", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1", "confidence": 60, "description": "Co-occurrence: CyberVolk and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2b70ef6f-3aa9-4268-b4c2-109a8a93eebe", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f", "confidence": 60, "description": "Co-occurrence: CyberVolk and Browser Extensions (T1176.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--75b98e09-4bdd-4a10-95dc-4b675cb20615", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef", "confidence": 60, "description": "Co-occurrence: CyberVolk and Evil Twin (T1557.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a6377549-89a9-4e04-8423-a1e5e00683ab", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49", "confidence": 60, "description": "Co-occurrence: CyberVolk and Wi-Fi Discovery (T1016.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--679c2057-5d7d-4ecb-ab46-5d3c6e66fd05", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81", "confidence": 60, "description": "Co-occurrence: CyberVolk and Wi-Fi Networks (T1669) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--771c48fe-389d-4661-9391-9e4653b1f5e4", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "confidence": 60, "description": "Co-occurrence: CyberVolk and DNS (T1071.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7efb30e0-d1ae-463c-ad40-cd7f486b33a3", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--1731bb02-f47b-4ea6-b4b5-8310407414cd", "confidence": 60, "description": "Co-occurrence: CyberVolk and DNS Server (T1583.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d267d243-f2a3-4a9f-8d7f-2c494de82173", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "confidence": 60, "description": "Co-occurrence: CyberVolk and DNS (T1590.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d593f3d4-a8d4-41ae-8f2b-7290b5287fe7", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "confidence": 60, "description": "Co-occurrence: CyberVolk and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c017f3d6-a7de-4d2a-a7e0-94483622ebcf", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "confidence": 60, "description": "Co-occurrence: CyberVolk and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cb35e64e-53f4-4628-87d2-81ae2c9f3bda", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "confidence": 60, "description": "Co-occurrence: CyberVolk and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b15893b8-aade-4efb-8734-55f39d869509", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "confidence": 60, "description": "Co-occurrence: CyberVolk and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a7979cc-2e8d-4cb5-998d-c57e28e4ce96", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "confidence": 60, "description": "Co-occurrence: CyberVolk and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--668d8c03-e23b-41c4-b221-bd61943ff74f", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "confidence": 60, "description": "Co-occurrence: CyberVolk and Boot or Logon Initialization Scripts (T1037) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6816280f-c2ab-46f6-916b-473c84dcd065", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "confidence": 60, "description": "Co-occurrence: CyberVolk and Exploits (T1588.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--96b2083b-1bc8-46fe-8179-b8eaf48f9446", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8", "confidence": 60, "description": "Co-occurrence: CyberVolk and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7a67f182-d5e1-4835-90ea-5e859240b169", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "confidence": 60, "description": "Co-occurrence: CyberVolk and Fast Flux DNS (T1568.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3e5fd06a-180c-4276-8486-03e537115dbf", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "confidence": 55, "description": "Co-occurrence: VolkLocker and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3454157c-f81e-4909-ba30-04256a8715c2", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "confidence": 55, "description": "Co-occurrence: VolkLocker and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c0866765-83e2-48d2-a8df-69dbe4a12ee8", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "confidence": 55, "description": "Co-occurrence: VolkLocker and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9f29fd95-9eba-4b58-bfdb-902d2da82c3c", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "confidence": 55, "description": "Co-occurrence: VolkLocker and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d2d68c0d-b090-42c6-9f24-b254d2c5b88e", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "confidence": 55, "description": "Co-occurrence: VolkLocker and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--23e2e73c-0e48-45ca-a77e-c622dd3ae87c", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581", "confidence": 55, "description": "Co-occurrence: VolkLocker and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8ba27a6f-984d-4db3-9a09-e0d955d97daa", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1", "confidence": 55, "description": "Co-occurrence: VolkLocker and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fa31f176-5c64-42aa-9939-754bb8bccc4f", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f", "confidence": 55, "description": "Co-occurrence: VolkLocker and Browser Extensions (T1176.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--841abf4d-8512-4a75-99b2-65d2949774b7", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef", "confidence": 55, "description": "Co-occurrence: VolkLocker and Evil Twin (T1557.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7e89998e-a053-4135-8fc0-9d2fa74e8166", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49", "confidence": 55, "description": "Co-occurrence: VolkLocker and Wi-Fi Discovery (T1016.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--56ee5dc5-40f1-4877-a7c1-6f59d40db9a1", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81", "confidence": 55, "description": "Co-occurrence: VolkLocker and Wi-Fi Networks (T1669) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--da00f1b9-a8b7-4f6d-93fb-8c35738a01d3", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "confidence": 55, "description": "Co-occurrence: VolkLocker and DNS (T1071.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a3f2b56e-7832-4142-b96f-7f26076d711c", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--1731bb02-f47b-4ea6-b4b5-8310407414cd", "confidence": 55, "description": "Co-occurrence: VolkLocker and DNS Server (T1583.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--625f3124-79a6-4c16-90f9-b22b480e563a", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "confidence": 55, "description": "Co-occurrence: VolkLocker and DNS (T1590.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--089b5991-4f8c-4450-aeb3-e45de4f1c8aa", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "confidence": 55, "description": "Co-occurrence: VolkLocker and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6f37292b-8335-45b4-ab9e-86370eff4715", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "confidence": 55, "description": "Co-occurrence: VolkLocker and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0122897a-f803-4881-8437-2c433f227657", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "confidence": 55, "description": "Co-occurrence: VolkLocker and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c03ae7df-5cd2-4552-b541-2a731a7ad7d9", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "confidence": 55, "description": "Co-occurrence: VolkLocker and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e20d0aea-c950-45ed-bdb0-a35e30bd25ce", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "confidence": 55, "description": "Co-occurrence: VolkLocker and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bd7d383c-f27d-442a-8ac5-4ef4b93ee9a9", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "confidence": 55, "description": "Co-occurrence: VolkLocker and Boot or Logon Initialization Scripts (T1037) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--03b66472-40b8-4248-a90b-d9a9c3555a5b", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "confidence": 55, "description": "Co-occurrence: VolkLocker and Exploits (T1588.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c1a93e7a-af10-4ecc-a02a-1891bc4398ee", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8", "confidence": 55, "description": "Co-occurrence: VolkLocker and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cbc082c4-c136-4598-883a-8f8b074f61eb", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "confidence": 55, "description": "Co-occurrence: VolkLocker and Fast Flux DNS (T1568.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--25b53de3-fd9f-42af-ad78-2291d80f9e03", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "confidence": 55, "description": "Co-occurrence: Beelzebub and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ef820422-7092-4d44-b79a-5a5fb0653b2f", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "confidence": 55, "description": "Co-occurrence: Beelzebub and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--691befd2-7a29-4e15-bc0f-b640c2a4fd9b", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "confidence": 55, "description": "Co-occurrence: Beelzebub and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0524ef9e-8703-46fa-83d6-098968fc7267", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "confidence": 55, "description": "Co-occurrence: Beelzebub and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--095bedae-deac-4d78-9c8b-804a23495260", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "confidence": 55, "description": "Co-occurrence: Beelzebub and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ac4206f3-adf4-4745-b8a4-8e0e0b5485e7", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581", "confidence": 55, "description": "Co-occurrence: Beelzebub and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--51953c80-fa15-42d1-8528-5c81a308644f", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1", "confidence": 55, "description": "Co-occurrence: Beelzebub and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e7c95282-a00f-4a4b-9152-268e4b21e587", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f", "confidence": 55, "description": "Co-occurrence: Beelzebub and Browser Extensions (T1176.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f1eeb2d9-2d2a-4b91-bb2d-83ecef5dbc7e", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef", "confidence": 55, "description": "Co-occurrence: Beelzebub and Evil Twin (T1557.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c716e074-bd19-43c8-8ec8-c1f6ab8f57db", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49", "confidence": 55, "description": "Co-occurrence: Beelzebub and Wi-Fi Discovery (T1016.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d09d6050-10ea-47e0-a20a-f3c1091e7abe", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81", "confidence": 55, "description": "Co-occurrence: Beelzebub and Wi-Fi Networks (T1669) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a9986794-799c-4fa3-b680-3bca5c0922fd", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "confidence": 55, "description": "Co-occurrence: Beelzebub and DNS (T1071.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--18909b6e-365f-401c-b7b6-76a300b18498", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--1731bb02-f47b-4ea6-b4b5-8310407414cd", "confidence": 55, "description": "Co-occurrence: Beelzebub and DNS Server (T1583.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a6dd7762-54de-4429-b2f6-98f62707d5b1", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "confidence": 55, "description": "Co-occurrence: Beelzebub and DNS (T1590.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--51b48100-8d4b-4eb1-a7b0-595aac5fe30d", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "confidence": 55, "description": "Co-occurrence: Beelzebub and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c644958-1f5d-493f-8e12-fda992c610fc", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "confidence": 55, "description": "Co-occurrence: Beelzebub and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--719b960b-f293-4739-8931-142833aa23e2", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "confidence": 55, "description": "Co-occurrence: Beelzebub and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a5d5319a-a445-4a41-9266-a90f3cfc3a79", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "confidence": 55, "description": "Co-occurrence: Beelzebub and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9eae8b59-17e8-4f78-89e8-cd74ef42fa2c", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "confidence": 55, "description": "Co-occurrence: Beelzebub and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--037cdd3d-b6fd-41a8-9637-faf1fa131f86", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "confidence": 55, "description": "Co-occurrence: Beelzebub and Boot or Logon Initialization Scripts (T1037) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6cd148fd-8485-42bc-aae9-65b63d935cab", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "confidence": 55, "description": "Co-occurrence: Beelzebub and Exploits (T1588.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--35c2ec80-8348-4dc4-8165-d222c8bfb0cf", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8", "confidence": 55, "description": "Co-occurrence: Beelzebub and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fe6b8844-be9d-4d93-80c3-8d6eb90c5b7a", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651", "target_ref": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "confidence": 55, "description": "Co-occurrence: Beelzebub and Fast Flux DNS (T1568.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b4c4fd8-cabb-4363-83d3-2483f018ce31", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78", "confidence": 55, "description": "Co-occurrence: ClayRat and Exploit Public-Facing Application (T1190) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a6053a28-ef2d-4519-a5f7-980355da2a3a", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778", "confidence": 55, "description": "Co-occurrence: ClayRat and Exploitation for Client Execution (T1203) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c8020b68-38e7-47b6-aed3-8e8a03549fde", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9", "confidence": 55, "description": "Co-occurrence: ClayRat and Spearphishing Attachment (T1566.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3b2fb00d-eaf7-45e2-ab91-7c0b9d392275", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3", "confidence": 55, "description": "Co-occurrence: ClayRat and Spearphishing Link (T1566.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3f46c81a-d13b-4f5e-9fce-619d1db839f4", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb", "confidence": 55, "description": "Co-occurrence: ClayRat and Spearphishing via Service (T1566.003) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--31c8b688-b4fc-4c43-97b8-15bcca365ad1", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581", "confidence": 55, "description": "Co-occurrence: ClayRat and Application Layer Protocol (T1071) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f23f8879-b7cd-4e7b-9dd7-913f510041b4", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1", "confidence": 55, "description": "Co-occurrence: ClayRat and Non-Application Layer Protocol (T1095) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5bdefc26-551f-43fc-bc1b-1e5311706a30", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f", "confidence": 55, "description": "Co-occurrence: ClayRat and Browser Extensions (T1176.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--433a4bac-2103-4b71-b908-27a981c538b5", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef", "confidence": 55, "description": "Co-occurrence: ClayRat and Evil Twin (T1557.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--541c1abc-73a8-4a60-9af5-d802188f1024", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49", "confidence": 55, "description": "Co-occurrence: ClayRat and Wi-Fi Discovery (T1016.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--73923e26-74af-4850-8c40-d96e4932b362", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81", "confidence": 55, "description": "Co-occurrence: ClayRat and Wi-Fi Networks (T1669) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f9a8b09c-2ce2-41b7-bb72-5e4cbd23bd6e", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "confidence": 55, "description": "Co-occurrence: ClayRat and DNS (T1071.004) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0d0b6556-ddad-4ff3-a4e0-1ac337a19cfa", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--1731bb02-f47b-4ea6-b4b5-8310407414cd", "confidence": 55, "description": "Co-occurrence: ClayRat and DNS Server (T1583.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c3ecf7f4-4a50-4298-90de-e41233850b78", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--22a685ba-7f96-4eb1-9ee7-efbb2db9acc3", "confidence": 55, "description": "Co-occurrence: ClayRat and DNS (T1590.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dd9a9e51-df06-431a-adf4-63f629d0392d", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf", "confidence": 55, "description": "Co-occurrence: ClayRat and Archive via Utility (T1560.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fae7e86e-dbce-4364-9d3d-aaafc856c347", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946", "confidence": 55, "description": "Co-occurrence: ClayRat and Screen Capture (T1113) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eb817974-39f7-45eb-afe4-dc49db5ef9b9", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255", "confidence": 55, "description": "Co-occurrence: ClayRat and Adversary-in-the-Middle (T1557) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--915d15b6-84d5-4a43-852e-0ace5f246ad1", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e", "confidence": 55, "description": "Co-occurrence: ClayRat and Scheduled Task (T1053.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--39161fc1-e94e-4a8b-b89c-600a4b9428b3", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f", "confidence": 55, "description": "Co-occurrence: ClayRat and Socket Filters (T1205.002) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--54d8197a-2bf4-416a-88ae-27ccab7bd7e9", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa", "confidence": 55, "description": "Co-occurrence: ClayRat and Boot or Logon Initialization Scripts (T1037) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--95788fcd-f467-459e-ab09-a8812801a287", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980", "confidence": 55, "description": "Co-occurrence: ClayRat and Exploits (T1588.005) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--89156f41-2c8b-4b35-8cbd-b58b903b4eeb", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8", "confidence": 55, "description": "Co-occurrence: ClayRat and Artificial Intelligence (T1588.007) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--42c5c384-cdc1-4185-b6b4-09b6681480a3", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "uses", "source_ref": "malware--35ae3338-5764-412f-bfaa-9e399a68beb6", "target_ref": "attack-pattern--633dd307-2eaa-4b5a-aba7-9cb842ded143", "confidence": 55, "description": "Co-occurrence: ClayRat and Fast Flux DNS (T1568.001) in same intelligence", "x_validation_method": "mitre-cooccurrence" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3e3d911c-02da-42dd-9cc3-279e779e71c9", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "attributed-to", "source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "target_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "confidence": 85, "description": "VolkLocker is a ransomware-as-a-service (RaaS) offering associated with the pro-Russian hacktivist group CyberVolk", "x_validation_method": "llm-semantic-discovery" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1c86e3b8-a1a3-41a9-b49b-b987f0d94322", "created": "2025-12-15T14:44:50.451Z", "modified": "2025-12-15T14:44:50.451Z", "relationship_type": "related-to", "source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2", "target_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea", "confidence": 85, "description": "CyberVolk, also known as GLORIAMIST, is a pro-Russian hacktivist group that has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker", "x_validation_method": "llm-semantic-discovery" }, { "type": "file:hashes.MD5", "value": "48ea05548fa01cb85ebb2fd58663bedf", "source": "OTX", "malware_families": [ "VolkLocker" ], "pulse_names": [ "CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains" ], "id": "file:hashes.MD5--15e0f130-881e-40da-9863-ecd6282a7924" }, { "type": "file:hashes.MD5", "value": "d396525d713050aeaea527c4125fe3da", "source": "OTX", "malware_families": [ "VolkLocker" ], "pulse_names": [ "CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains" ], "id": "file:hashes.MD5--a895259c-b030-43a2-baad-434299cc8b08" }, { "type": "file:hashes.SHA-1", "value": "0948e75c94046f0893844e3b891556ea48188608", "source": "OTX", "malware_families": [ "VolkLocker" ], "pulse_names": [ "CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains" ], "id": "file:hashes.SHA-1--e49e6ad0-f41f-41d4-bccf-f02f8b8d7750" }, { "type": "file:hashes.SHA-1", "value": "dcd859e5b14657b733dfb0c22272b82623466321", "source": "OTX", "malware_families": [ "VolkLocker" ], "pulse_names": [ "CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains" ], "id": "file:hashes.SHA-1--0c97d439-1524-4bdb-bb52-e6cd9bcd4414" }, { "type": "file:hashes.SHA-256", "value": "0c0837744202ff2d0fc920219229d00043a8d1d881f5fdd918fa6ee8282c0077", "source": "OTX", "malware_families": [ "VolkLocker" ], "pulse_names": [ "CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains" ], "id": "file:hashes.SHA-256--eb08593e-ea36-46a0-bdce-9b83534a6907" }, { "type": "file:hashes.SHA-256", "value": "b00af0dedb5c4d8f62ca0baf941e18a93e868881bd2c37dadda4815e07ca2117", "source": "OTX", "malware_families": [ "VolkLocker" ], "pulse_names": [ "CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains" ], "id": "file:hashes.SHA-256--4398b0b9-dbe4-46b7-970d-6dae48a336ba" }, { "type": "domain-name", "value": "0pel.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--413f4f81-5bb5-4776-93f7-08bed426993e" }, { "type": "domain-name", "value": "0range.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--f1b2150f-8ef8-480a-85dd-7b7d0c4f7e54" }, { "type": "domain-name", "value": "10001.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--37ea6898-3226-470a-af5e-2a998d67f987" }, { "type": "domain-name", "value": "10001jeux.fr", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--65892283-4861-4d33-80ee-96c2dab1e236" }, { "type": "domain-name", "value": "1000pa.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--24f77506-1cae-4f7a-919f-e1bd66505e52" }, { "type": "domain-name", "value": "1015.fr", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--4723bafb-5ac7-47e2-a900-074f93a4be28" }, { "type": "domain-name", "value": "1031.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--ce4fddac-6f3a-4ce5-a243-4511970ec450" }, { "type": "domain-name", "value": "10sport.fr", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--32fd0b91-68d8-4b76-a2ef-be26faccc68d" }, { "type": "domain-name", "value": "11teamsport.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--89a1b56a-5d03-48ff-801e-ad72b8911744" }, { "type": "domain-name", "value": "123gebrauchwagen.de", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--ce70843e-e4f1-4705-856c-94e2b3066e4b" }, { "type": "domain-name", "value": "123skin.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--030c23df-a60e-42bb-a836-b7e48ef43db8" }, { "type": "domain-name", "value": "12gebrauchwagen.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--95aa85c2-900e-46f0-a66b-bfa495be33db" }, { "type": "domain-name", "value": "12people.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--7129e929-74b7-42d5-ad4d-70f5d7ca2958" }, { "type": "domain-name", "value": "14tagewetter.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--15668218-725d-4099-81ef-48fc85372b70" }, { "type": "domain-name", "value": "1600.dk", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--ffa9b246-5f1e-4274-8d34-338bf499ccbf" }, { "type": "domain-name", "value": "1and1webmail.fr", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--3befafa3-a1c5-453a-a21a-56747619819d" }, { "type": "domain-name", "value": "1google.de", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--47c550f8-41bb-46cf-8473-2e25a71fa4ee" }, { "type": "domain-name", "value": "1stvideo.fr", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--0f3338d1-3af5-4113-9f4a-e303a2dc8446" }, { "type": "domain-name", "value": "24auto.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--080ebe6e-c6d6-4d17-93a0-66c7740deb13" }, { "type": "domain-name", "value": "24scout.at", "source": "OTX", "malware_families": [ "Beelzebub" ], "pulse_names": [ "List of cybersquatting domains managed by Malkhaz Kapanadze/მალხაზი კაპანაძე aka dom@singleplan.com aka Telox/ ELKO LLC" ], "id": "domain-name--ef672049-3446-49e7-8fe4-62302ff037c9" }, { "type": "file:hashes.MD5", "value": "03780e103bfcbaa59fc2f04afd49b3f7", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--f0d81abb-6a3d-4746-9e44-b854d98997e8" }, { "type": "file:hashes.MD5", "value": "05746cc75bd317e4af72f42d2894658f", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--43e95749-eb79-4cdc-8c7d-e449090fd149" }, { "type": "file:hashes.MD5", "value": "065b3f2fd2e169fac0ce9cf0d76debe7", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--12e072fb-0ab7-49bd-ae7f-7bdac874196c" }, { "type": "file:hashes.MD5", "value": "207f0233c4a5b63e7a936fc6c5542e80", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--42c0e53b-b6c1-4816-9bb2-1e0ad7e8812b" }, { "type": "file:hashes.MD5", "value": "2c0cb3fe9134e2196bcb64c9db7413ab", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--1fc9df82-2fbd-431b-a7b6-557ce4ce3ae0" }, { "type": "file:hashes.MD5", "value": "32b6ea356d53f027b99d79396da9935d", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--3ac4136d-f7fd-42fa-94df-197b6bea1565" }, { "type": "file:hashes.MD5", "value": "3f57b781cb3ef114dd0b665151571b7b", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--79f68313-fdd7-4232-80ea-6bf17cc9d8b3" }, { "type": "file:hashes.MD5", "value": "5a34cb996293fde2cb7a4ac89587393a", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--a3b250d8-e616-49d0-b733-615860f7dd15" }, { "type": "file:hashes.MD5", "value": "5e3a541a89fe44eb748f3081a5b5b30e", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--65bc979e-7914-43ab-882b-f5ed3e9e37a7" }, { "type": "file:hashes.MD5", "value": "68568e081c194d7187bbdbff83023950", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--3a629597-31c7-4ae0-9f59-cc5cc78819e9" }, { "type": "file:hashes.MD5", "value": "69a121cd0627eae79f653c746031957e", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--070b9133-ecbd-48bf-a235-4c1def34fd19" }, { "type": "file:hashes.MD5", "value": "6b26ecfa58e37d4b5ec861fcdd3f04fa", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--5f7d8630-0bc8-48ae-82c6-5e39237259cd" }, { "type": "file:hashes.MD5", "value": "73c70b34b5f8f158d38a94b9d7766515", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--19fbaa43-6f7f-4996-ae46-38ea4dad09fc" }, { "type": "file:hashes.MD5", "value": "82d635a94148b00841ad8fb91b967f1f", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--0af15c0a-dac7-4a9a-bf14-17b595d8b4d1" }, { "type": "file:hashes.MD5", "value": "8b94261b42db76861d1d1454c2822519", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--776f73a6-0183-48db-bd4c-8600cad3b1a5" }, { "type": "file:hashes.MD5", "value": "8ea43f3d496ca5c3ad6957e22c65b2d5", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--ec7e3201-4fcd-47b4-a1c9-f75696dc8dd3" }, { "type": "file:hashes.MD5", "value": "9c5051064c0151150e37487aff67f5a0", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--7ce07401-a63e-416f-b481-154e066065c1" }, { "type": "file:hashes.MD5", "value": "b3984143149ce1d33ab7a7c71a24c101", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--f486f62a-491a-4de5-b450-a034d1f6dbf0" }, { "type": "file:hashes.MD5", "value": "b4ec80f79a969face8cbece2b64ce1e3", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--95524c26-fc21-425c-8f1a-71192e2447c1" }, { "type": "file:hashes.MD5", "value": "bdd9803d5ed64de9f02e2072a95e5026", "source": "OTX", "malware_families": [ "ClayRat" ], "pulse_names": [ "Unix.Trojan.Mirai-6981158-0 | Win32/1ms0rry CoinMiner Botnet affects android user" ], "id": "file:hashes.MD5--1e5e806d-fccb-45ad-a373-1a0545e10d7a" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2034e073-9e78-4fa1-94e1-0d779d3bbc52", "created": "2025-12-15T14:43:03.679Z", "modified": "2025-12-15T14:43:03.682Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0pel.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:03.682Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b6aaf8c9-8959-4dfe-8a2d-517e532287f9", "created": "2025-12-15T14:43:03.683Z", "modified": "2025-12-15T14:43:03.683Z", "relationship_type": "based-on", "source_ref": "indicator--2034e073-9e78-4fa1-94e1-0d779d3bbc52", "target_ref": "domain-name--413f4f81-5bb5-4776-93f7-08bed426993e" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1d79897-18a0-47f7-bb4e-78a85339ae05", "created": "2025-12-15T14:43:03.718Z", "modified": "2025-12-15T14:43:03.718Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '0range.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:03.718Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ae49c5f8-dc29-4861-be04-2abc8056cba9", "created": "2025-12-15T14:43:03.718Z", "modified": "2025-12-15T14:43:03.718Z", "relationship_type": "based-on", "source_ref": "indicator--a1d79897-18a0-47f7-bb4e-78a85339ae05", "target_ref": "domain-name--f1b2150f-8ef8-480a-85dd-7b7d0c4f7e54" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ce46670-e766-44c2-9cf9-490d5dfb37eb", "created": "2025-12-15T14:43:03.758Z", "modified": "2025-12-15T14:43:03.758Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '10001.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:03.758Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--21b3aafb-4229-45e9-ba43-d60e633f332a", "created": "2025-12-15T14:43:03.758Z", "modified": "2025-12-15T14:43:03.758Z", "relationship_type": "based-on", "source_ref": "indicator--9ce46670-e766-44c2-9cf9-490d5dfb37eb", "target_ref": "domain-name--37ea6898-3226-470a-af5e-2a998d67f987" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f5989867-1183-4d6f-ba36-cb1b859f6d9c", "created": "2025-12-15T14:43:03.779Z", "modified": "2025-12-15T14:43:03.779Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '10001jeux.fr']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:03.779Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3cbb0d3c-5872-41c3-ae69-ecda2b29ea34", "created": "2025-12-15T14:43:03.779Z", "modified": "2025-12-15T14:43:03.779Z", "relationship_type": "based-on", "source_ref": "indicator--f5989867-1183-4d6f-ba36-cb1b859f6d9c", "target_ref": "domain-name--65892283-4861-4d33-80ee-96c2dab1e236" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec3235c6-6061-43ce-bba6-99d4f16267df", "created": "2025-12-15T14:43:03.804Z", "modified": "2025-12-15T14:43:03.804Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '1000pa.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:03.804Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cba20242-d795-409c-a826-287f634f7c14", "created": "2025-12-15T14:43:03.804Z", "modified": "2025-12-15T14:43:03.804Z", "relationship_type": "based-on", "source_ref": "indicator--ec3235c6-6061-43ce-bba6-99d4f16267df", "target_ref": "domain-name--24f77506-1cae-4f7a-919f-e1bd66505e52" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37bcb173-8e61-4bef-a580-373387b71de1", "created": "2025-12-15T14:43:03.871Z", "modified": "2025-12-15T14:43:03.871Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '1015.fr']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:03.871Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--35808fc5-fd6c-4cdb-a31b-9708ea8d3758", "created": "2025-12-15T14:43:03.872Z", "modified": "2025-12-15T14:43:03.872Z", "relationship_type": "based-on", "source_ref": "indicator--37bcb173-8e61-4bef-a580-373387b71de1", "target_ref": "domain-name--4723bafb-5ac7-47e2-a900-074f93a4be28" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--09969101-58e7-4a04-8d63-a7fe613f0b0d", "created": "2025-12-15T14:43:03.907Z", "modified": "2025-12-15T14:43:03.907Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '1031.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:03.907Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3d2f07b9-57fc-4e5d-9689-990e40512104", "created": "2025-12-15T14:43:03.907Z", "modified": "2025-12-15T14:43:03.907Z", "relationship_type": "based-on", "source_ref": "indicator--09969101-58e7-4a04-8d63-a7fe613f0b0d", "target_ref": "domain-name--ce4fddac-6f3a-4ce5-a243-4511970ec450" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e32d7c7-6b8a-417a-91bd-10a0663ca4d9", "created": "2025-12-15T14:43:03.936Z", "modified": "2025-12-15T14:43:03.936Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '10sport.fr']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:03.936Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--623cc084-3fce-4b97-b1f7-7db065cd009e", "created": "2025-12-15T14:43:03.936Z", "modified": "2025-12-15T14:43:03.936Z", "relationship_type": "based-on", "source_ref": "indicator--9e32d7c7-6b8a-417a-91bd-10a0663ca4d9", "target_ref": "domain-name--32fd0b91-68d8-4b76-a2ef-be26faccc68d" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7850875-a5f5-4617-96df-35cad0edc544", "created": "2025-12-15T14:43:03.971Z", "modified": "2025-12-15T14:43:03.971Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '11teamsport.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:03.971Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4cb6a97e-3252-4924-b3f6-66cc7f1ee4ee", "created": "2025-12-15T14:43:03.971Z", "modified": "2025-12-15T14:43:03.971Z", "relationship_type": "based-on", "source_ref": "indicator--f7850875-a5f5-4617-96df-35cad0edc544", "target_ref": "domain-name--89a1b56a-5d03-48ff-801e-ad72b8911744" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca31aaa2-a7fd-4791-a057-c0fbe8fc7dcc", "created": "2025-12-15T14:43:04.047Z", "modified": "2025-12-15T14:43:04.047Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '123gebrauchwagen.de']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:04.047Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ba74f4e6-cce9-4419-aee3-92b3393c0f81", "created": "2025-12-15T14:43:04.047Z", "modified": "2025-12-15T14:43:04.047Z", "relationship_type": "based-on", "source_ref": "indicator--ca31aaa2-a7fd-4791-a057-c0fbe8fc7dcc", "target_ref": "domain-name--ce70843e-e4f1-4705-856c-94e2b3066e4b" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb83989b-4dec-4bd7-a11d-a9553aee8b3e", "created": "2025-12-15T14:43:04.064Z", "modified": "2025-12-15T14:43:04.064Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '123skin.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:04.064Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6a394159-1961-45fd-8368-8cb1f3ce8725", "created": "2025-12-15T14:43:04.064Z", "modified": "2025-12-15T14:43:04.064Z", "relationship_type": "based-on", "source_ref": "indicator--bb83989b-4dec-4bd7-a11d-a9553aee8b3e", "target_ref": "domain-name--030c23df-a60e-42bb-a836-b7e48ef43db8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--84de44a7-e97e-46e3-9070-7676d79fdaa1", "created": "2025-12-15T14:43:04.099Z", "modified": "2025-12-15T14:43:04.099Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '12gebrauchwagen.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:04.099Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--31c561db-f1af-40a4-a496-27aa0bad7ac4", "created": "2025-12-15T14:43:04.099Z", "modified": "2025-12-15T14:43:04.099Z", "relationship_type": "based-on", "source_ref": "indicator--84de44a7-e97e-46e3-9070-7676d79fdaa1", "target_ref": "domain-name--95aa85c2-900e-46f0-a66b-bfa495be33db" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b853741-2d80-4c8d-8eb6-98607bd59a16", "created": "2025-12-15T14:43:04.116Z", "modified": "2025-12-15T14:43:04.116Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '12people.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:04.116Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--13bbfae2-d419-4123-ada1-efd4e1727870", "created": "2025-12-15T14:43:04.116Z", "modified": "2025-12-15T14:43:04.116Z", "relationship_type": "based-on", "source_ref": "indicator--7b853741-2d80-4c8d-8eb6-98607bd59a16", "target_ref": "domain-name--7129e929-74b7-42d5-ad4d-70f5d7ca2958" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e03353f2-8abd-46b1-95b8-10786ba17a0c", "created": "2025-12-15T14:43:04.140Z", "modified": "2025-12-15T14:43:04.140Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '14tagewetter.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:04.140Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3aa9fe2b-cd31-4d42-963f-641d0472e13f", "created": "2025-12-15T14:43:04.140Z", "modified": "2025-12-15T14:43:04.140Z", "relationship_type": "based-on", "source_ref": "indicator--e03353f2-8abd-46b1-95b8-10786ba17a0c", "target_ref": "domain-name--15668218-725d-4099-81ef-48fc85372b70" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c40a25b9-7599-4348-87e7-7d247e5a350f", "created": "2025-12-15T14:43:04.165Z", "modified": "2025-12-15T14:43:04.165Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '1600.dk']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:04.165Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d4a90523-a001-4247-9857-ab6cf8b7d59f", "created": "2025-12-15T14:43:04.165Z", "modified": "2025-12-15T14:43:04.165Z", "relationship_type": "based-on", "source_ref": "indicator--c40a25b9-7599-4348-87e7-7d247e5a350f", "target_ref": "domain-name--ffa9b246-5f1e-4274-8d34-338bf499ccbf" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92c7e549-c90b-4d05-88ec-0687ba4649ca", "created": "2025-12-15T14:43:04.191Z", "modified": "2025-12-15T14:43:04.191Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '1and1webmail.fr']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:04.191Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--50cf236f-90fd-4835-bdc3-9eced2c6e3b5", "created": "2025-12-15T14:43:04.191Z", "modified": "2025-12-15T14:43:04.191Z", "relationship_type": "based-on", "source_ref": "indicator--92c7e549-c90b-4d05-88ec-0687ba4649ca", "target_ref": "domain-name--3befafa3-a1c5-453a-a21a-56747619819d" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7330f953-f38c-4d8e-ae39-5f9984c83b16", "created": "2025-12-15T14:43:04.231Z", "modified": "2025-12-15T14:43:04.231Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '1google.de']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:04.231Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--323cc066-2bcf-47a2-9700-e2a80f39e76a", "created": "2025-12-15T14:43:04.231Z", "modified": "2025-12-15T14:43:04.231Z", "relationship_type": "based-on", "source_ref": "indicator--7330f953-f38c-4d8e-ae39-5f9984c83b16", "target_ref": "domain-name--47c550f8-41bb-46cf-8473-2e25a71fa4ee" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0fa677e-b555-46cd-be59-977e5cb68c7f", "created": "2025-12-15T14:43:04.359Z", "modified": "2025-12-15T14:43:04.359Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '1stvideo.fr']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:04.359Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--60bed425-43cb-4a9d-9543-1317c091cd10", "created": "2025-12-15T14:43:04.359Z", "modified": "2025-12-15T14:43:04.359Z", "relationship_type": "based-on", "source_ref": "indicator--c0fa677e-b555-46cd-be59-977e5cb68c7f", "target_ref": "domain-name--0f3338d1-3af5-4113-9f4a-e303a2dc8446" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef5e262b-727a-4526-ad21-e770ab394a1c", "created": "2025-12-15T14:43:04.380Z", "modified": "2025-12-15T14:43:04.380Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '24auto.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:04.380Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a4aec1dd-3e32-4852-bea1-013a68dd4b16", "created": "2025-12-15T14:43:04.380Z", "modified": "2025-12-15T14:43:04.380Z", "relationship_type": "based-on", "source_ref": "indicator--ef5e262b-727a-4526-ad21-e770ab394a1c", "target_ref": "domain-name--080ebe6e-c6d6-4d17-93a0-66c7740deb13" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cdb224f7-4af9-41b7-a756-9965e514a2f3", "created": "2025-12-15T14:43:04.455Z", "modified": "2025-12-15T14:43:04.455Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = '24scout.at']", "pattern_type": "stix", "valid_from": "2025-12-15T14:43:04.455Z", "labels": [ "malicious-activity" ], "confidence": 75 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c1ca12f1-1572-4730-836e-ceef8b26acef", "created": "2025-12-15T14:43:04.455Z", "modified": "2025-12-15T14:43:04.455Z", "relationship_type": "based-on", "source_ref": "indicator--cdb224f7-4af9-41b7-a756-9965e514a2f3", "target_ref": "domain-name--ef672049-3446-49e7-8fe4-62302ff037c9" } ] }