Threat activity elevated due to React2Shell and FreePBX vulnerabilities
Key threat: Remote Code Execution in React Server Components and PBX systems
Action: Review React2Shell (CVE-2025-55182), FreePBX RCE, and Identity Risk Alerts
Healthcare (HIPAA)ELEVATED
Legacy encryption retirement and supply chain risks
Key threat: Exploitation of Apache Tika in medical record systems
Action: Review Apache Tika XXE (CVE-2025-66516), Microsoft Cipher Retirement, and Ink Dragon Activity
CyberSecurity Latest Rundown
Heroes, the React2Shell continues to be of utmost importantance. It's been a lead headline heresince December 4, 2025 (before it was even dubbed 'React2Shell') ahead of the publications efforts of most cyber vendors. Here's a detailed look at the current cybersecurity landscape for December 16, 2025.
Microsoft has disclosed a maximum-severity vulnerability (CVSS 10.0) dubbed "React2Shell" affecting React Server Components and Next.js, which allows attackers to execute code remotely without authentication. This flaw is actively being targeted and includes the merged vulnerability CVE-2025-66478.
Business impact
This is a "drop everything" event for web infrastructure; successful exploitation allows total server takeover, meaning attackers can steal all customer data, modify applications, or deploy ransomware, leading to catastrophic operational and reputational damage.
Recommended action
Ask your IT team: "Have we identified all public-facing applications using React or Next.js, and have we applied the patch for CVE-2025-55182 immediately?"
Atlassian has released urgent updates to address a critical XML External Entity (XXE) vulnerability in Apache Tika, a toolkit used for detecting and extracting metadata from files. This flaw allows attackers to interfere with an application's processing of XML data, potentially leading to server compromise.
Business impact
If your organization uses Atlassian products or software relying on Apache Tika, attackers could access sensitive internal files or execute remote requests, triggering severe HIPAA and SOX compliance violations.
Recommended action
Ask your Security Operations team: "Have we scanned our Atlassian instances for CVE-2025-66516 and applied the latest security updates?"
Microsoft is permanently disabling a legacy encryption cipher in Windows that has been supported for 26 years, following sustained criticism and exploitation. This move forces the retirement of weak encryption standards that have historically allowed attackers to decrypt sensitive traffic.
Business impact
While this improves security, it poses a continuity risk; legacy applications relying on this obsolete encryption will stop working, potentially disrupting older billing or patient record systems.
Recommended action
Ask your CIO: "Do we have any legacy applications that rely on pre-TLS 1.2 encryption or the deprecated Windows cipher, and do we have a migration plan before they break?"
Researchers have demonstrated a "God Mode" attack on electric vehicle head unit modems, allowing them to remotely take over the multimedia display and run arbitrary software (demonstrated with Doom). This highlights a critical convergence of physical safety and cybersecurity in modern fleets.
Business impact
For automotive and logistics companies, this represents a direct safety liability and potential recall nightmare; attackers could distract drivers or potentially bridge into vehicle control systems.
Recommended action
Ask your Fleet Manager: "Are our connected vehicle systems segmented from critical control units, and are we monitoring for unauthorized firmware modifications?"
Multiple critical vulnerabilities, including SQL injection and authentication bypass, have been disclosed in FreePBX, the world's most popular open-source PBX platform. These flaws allow attackers to execute remote code and take full control of phone systems.
Business impact
Compromise of the phone system can lead to massive toll fraud costs, eavesdropping on confidential executive calls, and use of the PBX as a pivot point into the corporate network.
Recommended action
Ask your Network Admin: "Is our FreePBX instance exposed to the internet, and have we applied the patches for the SQLi and Auth Bypass flaws immediately?"
AWS has published a report attributing a multi-year campaign targeting cloud services in the energy sector to Russia's GRU. The attacks aim to compromise critical infrastructure in North America and Europe.
Business impact
Energy and utility companies face heightened risk of state-sponsored disruption; reliance on cloud infrastructure requires rigorous identity and access management to prevent state-level intrusion.
Recommended action
Ask your Cloud Security Lead: "Have we reviewed our AWS access logs for the indicators of compromise listed in the Amazon Threat Intelligence report?"
A new phishing campaign dubbed "Operation MoneyMount-ISO" is targeting the finance sector with malicious ISO files that deploy Phantom Stealer. The malware is designed to harvest credentials and financial data from compromised endpoints.
Business impact
Successful infection leads to immediate credential theft, allowing attackers to access banking portals and authorize fraudulent transfers.
Recommended action
Ask your Email Security team: "Are we blocking .ISO file attachments at the gateway, and have we alerted finance staff to this specific phishing tactic?"
Check Point Research has identified a new wave of attacks by the Chinese threat actor "Ink Dragon," utilizing a complex relay network to mask their operations. This group overlaps with previously known clusters like Earth Alux and targets sensitive data.
Business impact
This is a high-level espionage threat; organizations with intellectual property or government contracts are at risk of long-term, undetected data exfiltration.
Recommended action
Ask your SOC: "Do our threat intelligence feeds include the latest IoCs for Ink Dragon and Earth Alux?"
Opexus admitted to missing background check red flags when hiring twins previously convicted of hacking the State Department. This underscores the critical failure of standard background checks in identifying sophisticated insider threats.
Bellingcat investigation revealed the operator behind major deepfake pornography sites, highlighting the growing reputational and legal risks associated with AI-generated non-consensual imagery.
A summary of the week's threats including Apple zero-days and WinRAR exploits. While patches are available, the breadth of software affected requires broad update management.
Analysis indicates that most enterprise breaches now stem from exposed identities rather than firewall failures. Executives must pivot focus from perimeter defense to identity protection and digital risk monitoring.
Bruce Schneier argues against the proposed federal moratorium on state AI regulations, suggesting it creates a regulatory vacuum that could leave organizations vulnerable to unchecked AI risks.
Spotlight Rationale: With the emergence of CVSS 10.0 vulnerabilities like CVE-2025-55182 (React2Shell) and CVE-2025-66516 (Apache Tika), security teams are drowning in critical alerts. Traditional triage is too slow for these pre-authentication RCEs.
Bugcrowd has unveiled its AI Triage Assistant to specifically accelerate vulnerability analysis. By automating the validation of critical submissions, it allows defenders to react to "drop everything" bugs like React2Shell hours or days faster than manual review, directly reducing the Mean Time To Remediation (MTTR) for high-risk exposures.
Actionable Platform Guidance: Configure the AI Triage Assistant to prioritize submissions tagged with "RCE" and "Pre-Auth" to automatically flag potential React2Shell instances for immediate human verification.
â ď¸ Disclaimer: Test all detection logic in non-production environments before deployment.
1. Vendor Platform Configuration - Bugcrowd AI Triage
1. Login to Bugcrowd Platform > Settings > Triage Preferences.
2. Enable "AI Triage Assistant" for the "Critical" severity bucket.
3. In "Keyword Prioritization", add the following terms derived from today's threat intel:
- "React2Shell"
- "CVE-2025-55182"
- "CVE-2025-66516"
- "Apache Tika"
4. Set "Auto-Escalation" to "On" for submissions matching these keywords with a confidence score > 90%.
5. Save configuration and verify with a test submission if environment permits.
2. YARA Rule for React2Shell & Associated Malware
rule React2Shell_Malware_Indicators {
meta:
description = "Detects artifacts associated with React2Shell exploitation and Microsoft identified malware"
author = "Threat Rundown"
date = "2025-12-16"
reference = "https://www.microsoft.com/en-us/security/blog/?p=144502"
severity = "high"
tlp = "white"
strings:
$s1 = "csfalconservice.exe" ascii wide
$s2 = "taniumclient.exe" ascii wide
$s3 = "hxxps://i.stack.imgur.com/NDTUM.png" ascii wide
$s4 = "hxxps://mantis.jancom.pl/bluemantis/image/addon/addin.php" ascii wide
$s5 = "Diamond" ascii wide
$s6 = "LambLoad" ascii wide
$h1 = { 16 6d 1a 6d dc de 4e 85 9a 89 c2 c8 25 cd 3c 8c 95 3a 86 bf a9 2b 34 3d e7 e5 bf bf b5 af b8 be }
condition:
any of ($s*) or $h1
}
This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!
Cookie Notice
We use essential cookies to provide our cybersecurity newsletter service and analytics cookies to improve your experience. We respect your privacy and comply with GDPR requirements.
About STIX 2.1: Structured Threat Information eXpression (STIX) is the machine language of cybersecurity. This bundle contains validated threat objects, indicators, and relationships that can be directly imported into your SIEM, TIP, or security orchestration platform.
Usage: Download or copy the JSON below and import it directly into your threat intelligence platform, SIEM, or security orchestration tools for automated threat detection and response.
{
"type": "bundle",
"id": "bundle--06cf2fae-5f0c-4584-b01e-d68e5d90e20f",
"objects": [
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487",
"created": "2022-10-01T00:00:00.000Z",
"definition_type": "tlp:2.0",
"name": "TLP:CLEAR",
"definition": {
"tlp": "clear"
}
},
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--63c56b2c-16dc-43f3-b6cd-def1c1364eb7",
"created": "2025-12-16T14:24:05.671Z",
"modified": "2025-12-16T14:24:05.672Z",
"name": "MikeGPT Intelligence Platform",
"description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds",
"identity_class": "organization",
"sectors": [
"technology",
"defense"
],
"contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--6e1e174c-f1c5-41ef-b8fe-132e0574eb04",
"created": "2025-12-16T14:24:05.672Z",
"modified": "2025-12-16T14:24:05.672Z",
"name": "Threat Intelligence Report - 2025-12-16",
"description": "Threat Intelligence Report - 2025-12-16\n\nThis report consolidates actionable cybersecurity intelligence from 87 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n⢠God Mode On: how we attacked a vehicleâs head unit modem (Score: 100)\n⢠Microsoft will finally kill obsolete cipher that has wreaked decades of havoc (Score: 100)\n⢠Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components (Score: 100)\n⢠Additional React and Next.js RSC Vulnerabilities Lead to Denial-of-Service and Source Code Disclosur (Score: 100)\n⢠Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense (Score: 100)\n\nEXTRACTED ENTITIES:\n⢠23 Attack Pattern(s)\n⢠20 Domain Name(s)\n⢠2 File:Hashes.Md5(s)\n⢠2 File:Hashes.Sha 1(s)\n⢠2 File:Hashes.Sha 256(s)\n⢠20 Indicator(s)\n⢠2 Malware(s)\n⢠1 Marking Definition(s)\n⢠228 Relationship(s)\n⢠6 Threat Actor(s)\n⢠1 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n",
"published": "2025-12-16T14:24:05.672Z",
"object_refs": [
"identity--63c56b2c-16dc-43f3-b6cd-def1c1364eb7",
"identity--ae4d5f46-29c5-40ae-842b-378abf057c12",
"vulnerability--d95868d7-4f07-4d84-b742-07ee4cf4adbf",
"identity--8a19e390-163a-470f-8639-8db73c6956c4",
"identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396",
"identity--4e9b4c49-e9d4-4528-94d2-741592f6960c",
"threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"identity--eb449072-6fe1-43ce-9cf5-8d0f26ccf9bc",
"identity--ed0928f3-94b8-4cc6-86cd-cb3392f0d55f",
"identity--beae82dc-13c6-4539-99b4-c1819dec64c6",
"threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"identity--8f1e3305-e3b7-4b11-800f-40c1312cea4a",
"identity--ebfc3051-5239-4244-87c8-b6d1701b12bc",
"malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"identity--5ccdf7bc-6dc4-4348-ac05-2f7e1ccfb271",
"identity--4a0ea356-910b-4135-8390-c178705bb54c",
"identity--986da1de-6f62-48bd-89ef-df3c1ef74e42",
"identity--efad92fb-f14c-437f-b832-a1c584f5d435",
"threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"identity--f2fac531-1c28-48cc-be9c-0c24f8184465",
"threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78",
"attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778",
"attack-pattern--d5f68c3e-3583-497a-8fd3-6fe32b38bf5f",
"attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9",
"attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3",
"attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb",
"attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581",
"attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1",
"attack-pattern--aa1845f4-913c-40c6-96ac-d19b1dd58616",
"attack-pattern--b3ae94a2-b47a-4b30-9d9a-5c3a1d8717fe",
"attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f",
"attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef",
"attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49",
"attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81",
"attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e",
"attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f",
"attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa",
"attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf",
"attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946",
"attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255",
"attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980",
"attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8",
"attack-pattern--39e179f7-eb33-4dba-86f0-c13dbcbd2a1b",
"relationship--e7d0db54-4e9d-42e0-a990-6781e87955c7",
"relationship--9f0e8b48-8622-4da6-949a-b6435d3825e8",
"relationship--e3505c0a-2802-47f7-bd65-5006e304deff",
"relationship--9fa68305-8c83-4279-bea9-492d5864e823",
"relationship--3f2007fa-a5d8-47c6-985e-e27beb12c8ee",
"relationship--efc98c98-34c4-4ba0-bad6-e6d7de471fae",
"relationship--5a779fb4-4c0e-4c67-8c9d-86071d243558",
"relationship--f94963a2-08ef-4f7e-8101-5abbaf68c49a",
"relationship--9c5df766-3629-4a01-86e7-3f81b8a78fde",
"relationship--dee364c1-d32a-4a34-9173-9da763f03ca4",
"relationship--127f894c-52ac-4381-891a-5f6cf49a73a5",
"relationship--11482b5c-4e03-430b-baf4-0c2e24371344",
"relationship--37ffb3b9-32f8-47a5-b45f-ae9729efdbeb",
"relationship--47e40829-0129-4c3b-b246-c57a04eefaff",
"relationship--3027869d-2446-4bd8-b59d-3c257a57033e",
"relationship--eef507cd-5abf-4e3f-8c0d-263f96ad3525",
"relationship--8f79dee7-af46-48cd-b731-b30046a24ec6",
"relationship--2c75ac62-e60b-4c4b-b43f-231ac890493a",
"relationship--f5b1687a-3be8-4a77-bd6c-d606b19bb85f",
"relationship--42b9c7d3-16a8-4a10-8705-ebf39acf0685",
"relationship--48a25329-3dac-4727-bb31-d3a00b32b8f8",
"relationship--ebf62055-cc19-414f-8b87-1ab680af68b8",
"relationship--16781aae-8ee8-4db6-ac0a-76147bcb23db",
"relationship--f4db423d-65ec-4199-9912-a4712fa82c3a",
"relationship--4c8af498-298f-4fc7-a7fc-98191da99e64",
"relationship--783f0b6b-8b0d-46c0-81dc-6cfebe176275",
"relationship--2d5d264a-e448-47d5-8d02-3c50754da268",
"relationship--2f13b8ea-ebdc-4076-8a5f-6dcca47b0879",
"relationship--1f6b0190-2af6-42df-99c2-5de25db91dfc",
"relationship--104c1b23-1b64-4c26-a5db-00eb81fb9d41",
"relationship--5f11bf76-14e6-4314-b96c-5d29b31ab684",
"relationship--7e644e04-6f46-4fbc-acc3-ff4210bc0f05",
"relationship--8a5de806-4766-425d-a5cf-47244988cbab",
"relationship--53ce5408-4863-4e8e-8ad6-c41c6db41865",
"relationship--b2b82570-c30c-4953-83fc-50e63e94d8b7",
"relationship--27b13727-508d-45af-a1ff-4f91ea408394",
"relationship--f3192533-c6f9-49ba-9afa-a9305283a3ee",
"relationship--07bbe94a-cfcb-4118-a809-0212a7d026bc",
"relationship--69cb3206-bf05-43c7-8ab8-35fd6f03535f",
"relationship--3cc579ff-2725-4f22-a322-55323c44c6ee",
"relationship--f7a9d8be-8335-4e91-9bf9-eb49d3877268",
"relationship--aeda7819-9e0d-4bd3-b9ed-2dddce70a958",
"relationship--5bf8f906-f554-4842-bc44-cf7758dbcc29",
"relationship--1afa91be-0417-4cc9-8047-0d6e96fcb69c",
"relationship--bb31edb3-fa4d-4d27-9102-42177c56fd6b",
"relationship--3cc160aa-25fb-423d-93f0-a8b116754b74",
"relationship--85078355-9f16-41d9-85d3-db3dedc1bed9",
"relationship--6ba27f85-a0b7-4482-83cd-24e1ac9a1bb5",
"relationship--45a4bfc8-8d6e-4174-8491-6197a753107c",
"relationship--a6c76882-a8e7-4d13-b88f-b5cba9cec560",
"relationship--7c5c9e3e-73eb-4ae5-a4e2-74d7461b1698",
"relationship--73bf6910-f8f9-413a-9ec3-4e55dafc9ccd",
"relationship--8ecb25f2-165b-4767-be64-3b3c1e69cc3b",
"relationship--ba2c97b0-eaad-4981-ab59-ffa183ae2883",
"relationship--def20c9d-1274-4d11-9da9-89533c571d85",
"relationship--3f0abe55-5731-4287-84d5-cbf2604e1e7b",
"relationship--ece28330-0232-49db-9de6-1ce3859390e4",
"relationship--01954d28-576a-489c-b114-d622bf752f08",
"relationship--da46a62d-3e7c-48bc-aeac-7b5997214234",
"relationship--1b938520-5d03-4d9c-bd2c-619e28faabcf",
"relationship--7c2230e6-ee0a-488b-bc36-1fa5656e8f9d",
"relationship--63328e51-f1c8-4c13-96f4-73018087a9ce",
"relationship--0d9daa10-4242-4015-9752-5b00c32ebd6b",
"relationship--e915bb58-b1c1-457b-a2d2-9a63a2577aed",
"relationship--f40f1422-003a-4a5d-9771-d3db58e374eb",
"relationship--f712fd6e-f366-413a-a361-cee7082c1de8",
"relationship--45f8c142-3492-4594-a45c-9c10f827237c",
"relationship--0e3b436d-2e83-4f82-9a03-d4ebdc074fc9",
"relationship--84c02c38-1a4c-4c26-bcff-1ec20afd1ce8",
"relationship--c714765c-f993-4dac-92e1-d767331b0237",
"relationship--e37610ed-ee4a-400d-bfd4-dbdb654646b9",
"relationship--5c80c564-4f06-4017-9157-533ed53a0040",
"relationship--14426e30-358e-4c5d-b800-3b671947ede8",
"relationship--2c43271c-ca78-4b99-a64b-aae0ccda5fa2",
"relationship--48896934-8c1c-4d23-bc9a-b04d6bcfa766",
"relationship--fdbc2690-b582-4309-8512-12054997c818",
"relationship--0256ca5f-60fb-47ee-a515-c6108246d65e",
"relationship--48e33caf-742b-4914-bb7e-97a269db1b8a",
"relationship--21465319-3e49-4ff8-b0e1-6dc5f93a6d41",
"relationship--70ed6826-31f4-4c48-8963-4a01eea8c150",
"relationship--e382c0fa-4b76-4f95-9194-d8866650692c",
"relationship--ad116039-10f9-49b4-81f1-c853eb62f4c8",
"relationship--fb73c172-5e8a-4291-bee3-1ac5e23c435d",
"relationship--a338b2ee-f0ff-47ec-9ca6-9877b7de5b42",
"relationship--a9978250-0126-4a3e-87a1-9c7de94cb964",
"relationship--00f2de89-4b33-4976-82a9-de4b840754e1",
"relationship--5ad0d8eb-fd39-40eb-ae44-f30dad3d6127",
"relationship--8a6066c2-7079-49e9-98e3-57bd186cbab3",
"relationship--4372f90d-4bf7-49d0-87ec-1af5a7006463",
"relationship--01dd3313-2e83-4d8a-b9c0-6c55830e6dc6",
"relationship--4f3d1e88-4d70-4a66-bf72-e712b25e640f",
"relationship--3cc2ebdb-af1b-4d7f-a3a4-82c1577c8a6b",
"relationship--7eab8a51-19ff-489b-983f-dfe328484c95",
"relationship--a6ee78c5-7c15-4767-8a0e-d86933cc034e",
"relationship--2e824d3b-af11-4848-9ad4-248eb67b2d7c",
"relationship--49626735-4f14-488f-af7c-96367069d12b",
"relationship--1fdbb0fb-7853-4389-9f04-f5a1900bdf9d",
"relationship--555365ff-3896-4f99-a8fc-b7206c26e449",
"relationship--a5df8e8d-267b-4f9e-8b9e-39cd12dcfdf2",
"relationship--b189b474-a2b7-411d-8c40-4a613e95e8e7",
"relationship--3aa22564-97da-4f6a-b532-d6c49d1a025a",
"relationship--eec12355-643e-495b-9ed5-a30850ee55db",
"relationship--4e48831f-74e9-47b4-8a22-1dbf2eb27e94",
"relationship--5464f416-1c13-4906-a8a1-2e35e333cc75",
"relationship--f2b9b9ec-776f-4ece-a89f-397c7a263cad",
"relationship--ed56750b-4883-44fa-a64f-ba29b3440377",
"relationship--350982d1-d074-4946-b412-1fe7f413638c",
"relationship--731160eb-46ab-463f-8a53-1f62cf54fd3a",
"relationship--d273f141-201e-48c4-9ddc-79c46a42afed",
"relationship--667e1dda-5b3b-460d-a3f2-b02c704678dc",
"relationship--778f2a4f-6f2e-4ec7-b965-6547f8a3bd45",
"relationship--d84ecd08-ed5d-4242-8dac-1e2e07ba54b2",
"relationship--93d2f492-1d10-49e2-9984-a4cba74069e3",
"relationship--a4a1a3cf-64b4-46ac-b6aa-cdff27b28f86",
"relationship--92b297fd-9399-4b12-a24a-3edad925abce",
"relationship--1ca6d5d7-a93e-44ea-afa8-d9860fffd47b",
"relationship--756bec3a-0347-4eb1-b462-86e4b33e92dd",
"relationship--7ba160b8-5894-4071-becc-f6d9cffe7fe7",
"relationship--c5411cc3-e154-4e10-a21f-5e1b8c68069b",
"relationship--64f41770-8a9d-4293-9d5d-24b2c08e2004",
"relationship--bf73d350-f4ce-40a9-8bc7-a35b9e52846c",
"relationship--ab83d7d4-b1d1-44ae-a663-40c98facd144",
"relationship--aa957956-9e56-40f6-b0b6-3c1337cff919",
"relationship--25223db0-e8a9-4c39-a175-b3da76295eaf",
"relationship--63cca229-0112-496e-919f-e985894e9e82",
"relationship--e93a7c7b-7b2d-4849-acda-fa4182c7dfd5",
"relationship--c1018e1d-a2db-453f-bb5f-56d03365686b",
"relationship--10632031-f36e-46a7-9232-e27d97a75b43",
"relationship--e625afa8-8038-4be4-b52d-a3a283ee1fb2",
"relationship--85d5ec89-f86b-47bc-9f92-2d1627371112",
"relationship--7a67c34d-b70b-41dc-ae80-96b1f150c7de",
"relationship--4a8a7b0b-7d90-4522-945b-3251b0a262f8",
"relationship--5002e713-a79b-4f10-b99c-9d7ff986611a",
"relationship--ca816749-a06c-4948-9819-acd61f507612",
"relationship--ba894484-5fa7-4622-9956-262d8ba2d0a1",
"relationship--d6d370ae-7ed4-49bd-bdc2-7026423094bc",
"relationship--a2be562f-b852-4ad4-a189-eaa99f59226f",
"relationship--5016077b-9bd7-4cad-9b0d-8f1a26b11727",
"relationship--d6ba1917-ba02-4546-a0e8-85c9b8925d80",
"relationship--4b330b38-41e5-4805-b15d-6abc7d2269e8",
"relationship--a9c750d4-0802-433c-a5d4-c1d955fcac0f",
"relationship--f79bec06-ee90-4a9a-af6c-3f9050ac59c0",
"relationship--f1cdd4e8-bb9b-4738-9854-01378ba332ad",
"relationship--82c85b34-debf-4043-a015-0482d88bf5ec",
"relationship--97127c6b-10d2-43c0-a478-23046c9d6a8c",
"relationship--1d8a35c7-2c25-46cd-beee-d562473dbe4a",
"relationship--ff4c6168-d47c-47ce-9cc6-339a018fb787",
"relationship--8f65679f-fa54-4c05-9d83-c947bae6e58b",
"relationship--097c1c98-c860-440b-9e9b-03ab3634bb73",
"relationship--60f3506d-5dd0-4719-aa56-ae0d493f4760",
"relationship--2e6411a7-d007-4d20-af6e-0d5242d03422",
"relationship--db1fd10e-521c-4f4d-af14-ab07a3def98e",
"relationship--d32bfd27-67fd-4c24-acc9-8f7ec33ed255",
"relationship--7d418c33-74e6-497e-b1a4-20874e96e92b",
"relationship--3a8b331a-3ea3-48a9-acc0-d7e6ea403df5",
"relationship--35e3ffb2-2d28-4706-8378-31ece11a96a8",
"relationship--2a6e9786-c688-4c94-8b38-a8457ca92a7c",
"relationship--650db487-c9e3-419d-93c1-2fcd0321c642",
"relationship--b436b95a-305a-4a1a-8227-c9351520c0a5",
"relationship--06303384-6c15-4779-9cce-e0e8cdc6cf43",
"relationship--385d4a76-806a-4f80-a8d1-9f777363d4eb",
"relationship--f70da8f7-2777-47d2-b46a-3017a741d010",
"relationship--312b5a24-cc92-4f50-8309-94e31f09b7b9",
"relationship--a51f91ad-8054-4ce0-91a4-3cc2b13c76c6",
"relationship--98e5d8e6-3e27-47f8-b5c7-81491e874e89",
"relationship--076af918-5f51-4eae-8cb6-0c4d1d10eb4e",
"relationship--d2b1096e-cf7a-42b3-88e0-31d65b1ef877",
"relationship--466616c9-6eb5-4158-8cb6-518b07def84a",
"relationship--260e938e-d0b6-4bca-98ef-75736313e8d2",
"relationship--835c8332-41c9-48a6-8b8b-ca0b63da0688",
"relationship--e9f03686-5e5b-4992-8adc-5771a219902f",
"relationship--87c16852-7639-422b-8d7f-2bb93b999de0",
"relationship--619858b1-19a2-4a93-bce9-f6b75a2787ee",
"relationship--240da1eb-d05f-4e64-86b8-92bddae8facd",
"relationship--c8eb0fc7-a2d4-4412-8f98-13fd7e7bf412",
"relationship--815650e4-a561-47cd-b999-59f58765f40b",
"relationship--529537ee-f3bd-4d9a-90a6-0a824d08d041",
"relationship--96c7623c-99fa-4d87-be90-4e8e37394447",
"relationship--66bb62d8-063b-4eeb-bca3-c2120b3c8007",
"relationship--91249ca5-497a-4bd2-926a-eb918d9dc628",
"relationship--e386c68c-d01c-4a57-8e7a-697af68480cc",
"relationship--eaf08b54-d724-45be-bb3c-17e01f3c797e",
"relationship--47a2c660-7634-4d05-8890-26e3cde1e55e",
"relationship--bcc53010-2843-4295-adbe-546c4b0f7570",
"relationship--711ad946-c0da-4b40-b90b-42537fd3791d",
"relationship--4cd84446-42de-4652-8720-13686835938f",
"relationship--6a4de111-3e94-471b-84b3-74cf77b2f5a0",
"relationship--33187e40-e705-44cc-8a88-c990d21db2c5",
"relationship--1116e044-e9d0-4383-af23-dfb2cc2fe206",
"relationship--5183e15d-7100-4f90-be7f-700d651ae353",
"relationship--70b2bf53-8808-44dd-9d42-9c932ac8f221",
"relationship--ac3f05ea-8e06-4bb4-9c4d-15f179c5fede",
"relationship--5af36e2a-3b3e-4c1f-bf80-d788c855d10f",
"relationship--383e4c49-b1b6-490b-aab9-957ac03b209a",
"relationship--103cab88-83b1-4495-b42e-c29e5186ab1f",
"relationship--950bc187-a0fd-4a25-812c-048473e30993",
"relationship--3621cd4f-cc82-49bd-b897-47a9d5f8cff6",
"relationship--68670670-c5d3-4d54-b5dd-1f0ea512d43b",
"relationship--59dfe458-1282-47a4-9ebb-3aa981a382aa",
"relationship--ed891a0c-59ae-4163-9cb6-6682b06bcde4",
"relationship--fe59327a-cb92-4622-8fdb-c78799762b3d",
"relationship--d1ccc1e7-1403-47b3-b9b2-6b824d713933",
"relationship--11bbd310-7f07-48d5-a451-4480bfbc90fb",
"relationship--b5b84690-ad19-4323-af7b-559f8ac1edd0",
"relationship--5d2ae806-f723-4621-838b-82480d425b3a",
"relationship--9bac4bec-de07-47e0-9277-f785b1033c3d",
"relationship--8d2c5f7f-dc25-4fbc-a8f6-0e9ed9d3798c",
"relationship--a49cd902-4c5a-462f-8a00-be59b2d5f730",
"file:hashes.MD5--3a340b85-15ca-4faa-941f-5670f2469318",
"file:hashes.MD5--5228f56f-6f26-469d-8491-75e8438df624",
"file:hashes.SHA-1--2f3cd1df-df00-461b-bd96-c125675f74af",
"file:hashes.SHA-1--8b001358-30f0-452d-9969-593cf075a1e1",
"file:hashes.SHA-256--74bc2b9f-f07a-4fa5-95fe-d06f4ec2335f",
"file:hashes.SHA-256--befaf8a5-1954-4ea0-a2db-17c109a62fe9",
"domain-name--12c8382e-85cb-489a-84ce-292ec8657775",
"domain-name--75e30ef3-41d5-4397-9b01-08eaab2583bb",
"domain-name--f0184481-cec9-4718-a4ff-e66d7992cfae",
"domain-name--8f298139-e6ff-414e-94a1-67ced854bcb5",
"domain-name--a8679d99-4d04-4767-bc99-c0297e533022",
"domain-name--bd1e3aa8-0758-48f4-a042-8632e59b9852",
"domain-name--6a3df62a-89f6-41a4-a949-0e341360f99a",
"domain-name--f368f3f4-569e-4be9-9421-cd8ab38de931",
"domain-name--a2ceec21-587b-4073-9800-b2d0f37caf6b",
"domain-name--1ab2fc1a-cd52-4bc4-a0de-57cd46c61bb4",
"domain-name--5314b095-330d-44bb-abc8-43c11878d4da",
"domain-name--42f04971-210e-4044-b53d-178cdf2e99dd",
"domain-name--0588cfb4-0dfe-4463-aafc-e7cdcd0385f6",
"domain-name--aca33560-0b8a-4c88-9984-0443da855709",
"domain-name--a9b926a4-9629-4c05-8c84-6944ed404a5d",
"domain-name--65317e6e-e96b-476d-92b2-3c06bec4a51e",
"domain-name--00e1e359-52e9-48af-aedf-c5fcfb222981",
"domain-name--1d054cc2-d4ff-4852-ad4d-f510ccbfc339",
"domain-name--2dc10eac-6f46-4574-b946-f90b46a960c7",
"domain-name--9eb5e2fb-06d3-4f47-aead-4a14f44d0e6f",
"indicator--bc602d24-e7b3-491b-9a9e-083ca99791c0",
"relationship--49077742-8b22-4c21-aab2-906a3e06244c",
"indicator--12aca9d4-b6fd-4f12-94b4-1922d75fa52e",
"relationship--1accbde1-2e23-4a10-9270-7d761a91e565",
"indicator--b7f54c3f-f4f3-4e6a-badc-61ac367b2cae",
"relationship--72edd68a-fa81-4a34-8eff-801536f9b184",
"indicator--5b45d7fd-0a23-41fc-b934-1ff0ccd9dfd9",
"relationship--1a82731d-85f7-4b70-99a7-6a30c9b6c894",
"indicator--3cd7e965-c54c-4ff4-8fac-de9c318f4804",
"relationship--14d8368b-7422-4b5b-a65b-ca17192b5711",
"indicator--9184d4ca-ac0e-4681-85bb-fba1b95cb183",
"relationship--3cbdac8a-5e27-4c95-99bf-b7c103a90096",
"indicator--28308a2e-c31c-4a22-a911-43f378aea536",
"relationship--bf7f09f6-98d1-4adb-be32-aed6bde3c7a1",
"indicator--107064cf-5786-4bd3-9da7-62831c1b26e9",
"relationship--b7e14d86-fa23-4a9b-91ac-18070a0bce20",
"indicator--8865c0a9-ce7c-4322-8d81-d1dd9c1bcf3a",
"relationship--445afa00-e4b8-4a6f-a068-23993a99d82a",
"indicator--4550b4b0-cb2a-4fcf-8cac-1c07ce100d47",
"relationship--4942ee01-7afe-4213-9d02-935cfbc71fa9",
"indicator--9c86b5ec-63be-476d-b5f1-991f4e5f6450",
"relationship--2d602465-f36e-46f5-968f-4be2bb4a9f5e",
"indicator--d7e0cf90-e156-4e37-b3f2-36f791426a2c",
"relationship--fc4fb829-3dc4-42c8-9d80-fd4d8a253b98",
"indicator--cceb9ded-1e70-41ed-a0f2-3aa384ebdedd",
"relationship--94a323d2-716a-4e2d-bd66-d26c3e84dc30",
"indicator--689f78f3-b7a4-416b-8ad0-24ec1fb9b1cb",
"relationship--d90166ab-f16b-4cb7-83b5-e827f4d202f8",
"indicator--9d1d519e-f9a3-4f5b-904a-bbe118051fb1",
"relationship--3b95b752-4515-456f-b339-a60021ccf376",
"indicator--3a7d4a86-e331-4451-89a1-d80ebe9abeee",
"relationship--a4694323-9265-4be6-8498-f60e6c157b51",
"indicator--e38a6d7e-3675-4d62-9bbf-deeedca4fca3",
"relationship--c59337fe-31fc-4eb3-a0fb-94f5df84375c",
"indicator--b4dd3be9-1173-484e-b78e-1e9157b6b0c5",
"relationship--5a779e82-779a-4bd9-8d24-9aed35342188",
"indicator--f2ae8a3d-9932-4985-86bb-17a1a36cde41",
"relationship--5e0d442b-b260-494d-bb98-87b9c6b9d8af",
"indicator--28a2eed8-c0af-41e7-9464-212f8aa05d31",
"relationship--be70a77e-b319-4c73-b887-1c0f2c4bd80c"
],
"labels": [
"threat-report",
"threat-intelligence"
],
"created_by_ref": "identity--63c56b2c-16dc-43f3-b6cd-def1c1364eb7",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.656Z",
"modified": "2025-12-16T14:24:05.656Z",
"confidence": 95,
"type": "identity",
"id": "identity--ae4d5f46-29c5-40ae-842b-378abf057c12",
"name": "Microsoft",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Microsoft is a multinational technology company that develops, manufactures, licenses, and supports a wide range of software products, services, and devices. As a prominent technology company, Microsoft is frequently targeted by threat actors and is a common victim of cyber attacks. The company's products and services are widely used, making it a significant player in the technology industry.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--d95868d7-4f07-4d84-b742-07ee4cf4adbf",
"name": "React2Shell",
"description": "React2Shell (CVE-2025-55182) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components, Next.js, and related frameworks. This vulnerability allows attackers to execute arbitrary code on vulnerable systems without authentication, posing a significant threat to web applications. React2Shell is also referred to as CVE-2025-66478, which was merged into CVE-2025-55182. The vulnerability was disclosed in December 2025 and is considered critical due to its potential impact on web application security.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "identity",
"id": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"name": "React Server Components",
"identity_class": "software",
"labels": [
"identity"
],
"description": "React Server Components is a specific software framework for building server-side rendered React applications. It is a target of the critical pre-authentication remote code execution (RCE) vulnerability CVE-2025-55182, also referred to as React2Shell. This vulnerability affects React Server Components, Next.js, and related frameworks, allowing for mass exploitation by nation-state hackers. As a result, React Server Components is a valid entity in the context of cybersecurity threats.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "identity",
"id": "identity--8a7ca088-fae7-4645-8f55-5f28dd9b1396",
"name": "Google",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Google is a multinational technology company headquartered in Mountain View, California. It specializes in a wide range of Internet-related services and products, including the popular search engine Google Search, cloud computing services through Google Cloud, and online advertising technologies. Google also develops and markets hardware such as smartphones through the Pixel line, smart home devices, and wearable technology. Additionally, Google is known for its software products, including the Android mobile operating system and the Chrome web browser.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "identity",
"id": "identity--4e9b4c49-e9d4-4528-94d2-741592f6960c",
"name": "Infrastructure Security Agency",
"identity_class": "government",
"labels": [
"identity"
],
"description": "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is a federal agency responsible for protecting the United States' critical infrastructure from cyber threats. As part of the U.S. Department of Homeland Security, CISA plays a crucial role in coordinating national efforts to prevent and respond to cyber incidents. By adding vulnerabilities to its Known Exploited Vulnerabilities catalog, CISA helps organizations prioritize patching and mitigation efforts to reduce the risk of cyber attacks.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"name": "Ink Dragon.",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"description": "Ink Dragon is a Chinese threat actor group identified by Check Point Research as being responsible for a new wave of attacks. The group's capabilities and targets are not explicitly stated in the context, but their attribution as a threat actor is clear. As a threat actor, Ink Dragon is likely to be involved in various malicious activities, including cyber espionage, data theft, and system compromise. Their activities pose a significant threat to organizations and individuals, highlighting the need for robust cybersecurity measures to prevent and detect their attacks.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"name": "REF7707 , ",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"description": "REF7707 is a threat cluster that has been publicly reported to overlap with other known threat groups, including Earth Alux and Jewelbug. The cluster's activities and targets are not explicitly stated in the provided context, but its mention alongside other known threat groups suggests that it is a notable player in the threat landscape. Further research is needed to determine the full scope of REF7707's capabilities and motivations.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "identity",
"id": "identity--eb449072-6fe1-43ce-9cf5-8d0f26ccf9bc",
"name": "Opexus",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Opexus is a private company that was a victim of a hiring failure, where it missed key red flags when hiring twins Muneeb and Sohaib Akhter, who had previously pleaded guilty to crimes including wire fraud and conspiring to hack into the State Department. This incident highlights the importance of thorough background checks and due diligence in the hiring process, especially for companies handling sensitive information or working with federal agencies.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "identity",
"id": "identity--ed0928f3-94b8-4cc6-86cd-cb3392f0d55f",
"name": "the State Department",
"identity_class": "government",
"labels": [
"identity"
],
"description": "The United States Department of State, commonly referred to as the State Department, is a federal executive department responsible for carrying out U.S. foreign policy and international relations. As a prominent government agency, it is a potential target for cyber attacks and hacking attempts, as evident in the context where the twins Muneeb and Sohaib Akhter pleaded guilty to conspiring to hack into the State Department.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "identity",
"id": "identity--beae82dc-13c6-4539-99b4-c1819dec64c6",
"name": "ServiceNow Inc.",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "ServiceNow Inc. is a leading cloud-based software company specializing in digital workflow solutions. Their platform is designed to streamline IT, customer service, and security operations management, enhancing operational efficiency and security. ServiceNow Inc. is also actively expanding its cybersecurity capabilities through strategic acquisitions, such as the potential purchase of Armis, a cybersecurity startup.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"name": "Main Intelligence Directorate",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"description": "The Main Intelligence Directorate (GRU) is a Russian military intelligence agency responsible for collecting and analyzing military intelligence, as well as conducting cyber operations. The GRU has been linked to various high-profile cyberattacks, including those targeting the energy sector in North America, Europe, and the Middle East. As a threat actor, the GRU is known for its sophisticated tactics, techniques, and procedures (TTPs), which include exploiting vulnerabilities in software and hardware, as well as using social engineering tactics to gain access to sensitive information.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "identity",
"id": "identity--8f1e3305-e3b7-4b11-800f-40c1312cea4a",
"name": "The American Bar Association",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "The American Bar Association (ABA) is a voluntary professional organization of lawyers and law students in the United States. The ABA's mission is to serve the public and the legal profession by promoting justice, professional excellence, and respect for the law. As a prominent organization in the legal sector, the ABA's views on the use of artificial intelligence in the legal sector are significant and influential.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "identity",
"id": "identity--ebfc3051-5239-4244-87c8-b6d1701b12bc",
"name": "Carnegie Mellon University",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Carnegie Mellon University is a private research university based in Pittsburgh, Pennsylvania. It is a renowned institution for computer science and artificial intelligence research. In the context of cybersecurity, Carnegie Mellon University is often involved in research and development of new technologies and techniques to improve security and privacy. The university's faculty and students frequently publish papers and participate in conferences related to cybersecurity, making it a relevant entity in the field.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "malware",
"id": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"name": "VolkLocker",
"is_family": true,
"malware_types": [
"ransomware"
],
"labels": [
"malicious-activity"
],
"description": "VolkLocker is a ransomware-as-a-service (RaaS) offering used by the pro-Russian hacktivist group CyberVolk (aka GLORIAMIST). It has been observed to have implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee. Despite some key enhancements in newer versions, VolkLocker remains a notable ransomware threat due to its association with a known threat group and its potential for widespread exploitation.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "malware",
"id": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"name": "Beelzebub",
"is_family": true,
"malware_types": [
"stealer"
],
"labels": [
"malicious-activity"
],
"description": "Beelzebub is a malware family involved in large-scale credential theft campaigns, as observed in the 'Operation PCPcat' attacks. It is likely used by threat actors to compromise systems and steal sensitive information. The malware's capabilities and targets are not fully understood, but its involvement in credential theft campaigns makes it a notable threat in the cybersecurity landscape.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.657Z",
"modified": "2025-12-16T14:24:05.657Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"name": "ShadyPanda",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"description": "ShadyPanda is a threat group that has been operating for at least seven years, using a strategy of publishing or acquiring harmless extensions and letting them run for extended periods before exploiting them for malicious purposes. This group's tactics, techniques, and procedures (TTPs) demonstrate a high level of sophistication and patience, indicating a well-resourced and experienced threat actor. ShadyPanda's activities pose a significant risk to organizations that use compromised extensions, highlighting the need for robust security measures to detect and prevent such threats.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.658Z",
"modified": "2025-12-16T14:24:05.658Z",
"confidence": 95,
"type": "identity",
"id": "identity--5ccdf7bc-6dc4-4348-ac05-2f7e1ccfb271",
"name": "Cloudflare",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Cloudflare is a prominent content delivery network (CDN) and cybersecurity company that specializes in protecting and optimizing the performance of websites, applications, and other digital properties. Cloudflare offers a range of services including DDoS mitigation, web application firewall (WAF), and DNS services, ensuring that online services remain secure, fast, and reliable. The company provides insights into internet trends and security through reports like the 'Top Internet Services of 2025,' highlighting its role in monitoring and enhancing the digital landscape.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.658Z",
"modified": "2025-12-16T14:24:05.658Z",
"confidence": 95,
"type": "identity",
"id": "identity--4a0ea356-910b-4135-8390-c178705bb54c",
"name": "LinkedIn",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "LinkedIn is a social networking platform for professionals, with over 700 million users worldwide. As a major online platform, LinkedIn's data is a valuable target for cyber attackers, and breaches of its data can have significant consequences for users. In this context, LinkedIn is mentioned as the source of exposed data, indicating that it is a victim of a cybersecurity incident.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.658Z",
"modified": "2025-12-16T14:24:05.658Z",
"confidence": 95,
"type": "identity",
"id": "identity--986da1de-6f62-48bd-89ef-df3c1ef74e42",
"name": "CERT-FR",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "CERT-FR (French Computer Emergency Response Team) is a national cybersecurity organization responsible for monitoring, analyzing, and responding to cybersecurity threats in France. As part of its mission, CERT-FR provides guidance and recommendations to individuals and organizations on how to reduce their exposure to cyber threats. In this context, CERT-FR is advising iPhone and Android users to fully disable Wi-Fi to reduce risk, citing multiple vulnerabilities across wireless interfaces, apps, OSs, and even hardware. As a trusted source of cybersecurity information, CERT-FR plays a critical role in helping to protect individuals and organizations from cyber threats.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.658Z",
"modified": "2025-12-16T14:24:05.658Z",
"confidence": 95,
"type": "identity",
"id": "identity--efad92fb-f14c-437f-b832-a1c584f5d435",
"name": "the Identity Theft Resource Center",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "The Identity Theft Resource Center (ITRC) is a nonprofit organization that provides victim assistance and consumer education to help individuals and communities prevent and recover from identity theft and other cyber-enabled crimes. The ITRC's work is crucial in raising awareness about the evolving nature of identity crimes and their financial and emotional impacts on Americans.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.658Z",
"modified": "2025-12-16T14:24:05.658Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"name": "REF7707",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"description": "REF7707 is a threat cluster that has been publicly reported in conjunction with other clusters such as Earth Alux and Jewelbug. The exact nature and capabilities of REF7707 are not well-documented, but its association with other known threat clusters suggests that it may be involved in malicious cyber activity. Further research is needed to fully understand the scope and impact of REF7707.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.658Z",
"modified": "2025-12-16T14:24:05.658Z",
"confidence": 95,
"type": "identity",
"id": "identity--f2fac531-1c28-48cc-be9c-0c24f8184465",
"name": "Horizon3.ai",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Horizon3.ai is a cybersecurity firm specializing in identifying and reporting security vulnerabilities in software. They are known for discovering and disclosing critical flaws in open-source platforms, such as the private branch exchange (PBX) platform FreePBX, which can lead to significant security risks like authentication bypasses. Their work is crucial in enhancing the security posture of various software systems.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.658Z",
"modified": "2025-12-16T14:24:05.658Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"name": "CyberVolk",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"description": "CyberVolk, also known as GLORIAMIST, is a pro-Russian hacktivist group that has been involved in various malicious activities, including ransomware attacks. The group has recently resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker, which has been found to have implementation lapses. CyberVolk's activities are notable for their brazen nature and potential impact on global cybersecurity. As a threat actor, CyberVolk's capabilities and intentions are of significant interest to security researchers and defenders.",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.658Z",
"modified": "2025-12-16T14:24:05.658Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78",
"name": "Exploit Public-Facing Application",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1190",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1190/",
"external_id": "T1190"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.658Z",
"modified": "2025-12-16T14:24:05.658Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778",
"name": "Exploitation for Client Execution",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"x_mitre_id": "T1203",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1203/",
"external_id": "T1203"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.658Z",
"modified": "2025-12-16T14:24:05.658Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--d5f68c3e-3583-497a-8fd3-6fe32b38bf5f",
"name": "Command and Scripting Interpreter",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"x_mitre_id": "T1059",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1059/",
"external_id": "T1059"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.658Z",
"modified": "2025-12-16T14:24:05.658Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9",
"name": "Spearphishing Attachment",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1566.001",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/001/",
"external_id": "T1566.001"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3",
"name": "Spearphishing Link",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1566.002",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/002/",
"external_id": "T1566.002"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb",
"name": "Spearphishing via Service",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1566.003",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/003/",
"external_id": "T1566.003"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581",
"name": "Application Layer Protocol",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control"
}
],
"x_mitre_id": "T1071",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1071/",
"external_id": "T1071"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1",
"name": "Non-Application Layer Protocol",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control"
}
],
"x_mitre_id": "T1095",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1095/",
"external_id": "T1095"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--aa1845f4-913c-40c6-96ac-d19b1dd58616",
"name": "Abuse Elevation Control Mechanism",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense-evasion"
}
],
"x_mitre_id": "T1548",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1548/",
"external_id": "T1548"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--b3ae94a2-b47a-4b30-9d9a-5c3a1d8717fe",
"name": "Access Token Manipulation",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense-evasion"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1134",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1134/",
"external_id": "T1134"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 85,
"type": "attack-pattern",
"id": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f",
"name": "Browser Extensions",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"x_mitre_id": "T1176.001",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1176/001/",
"external_id": "T1176.001"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 85,
"type": "attack-pattern",
"id": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef",
"name": "Evil Twin",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "credential-access"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1557.004",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1557/004/",
"external_id": "T1557.004"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 85,
"type": "attack-pattern",
"id": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49",
"name": "Wi-Fi Discovery",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "discovery"
}
],
"x_mitre_id": "T1016.002",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1016/002/",
"external_id": "T1016.002"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 85,
"type": "attack-pattern",
"id": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81",
"name": "Wi-Fi Networks",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1669",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1669/",
"external_id": "T1669"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e",
"name": "Scheduled Task",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1053.005",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1053/005/",
"external_id": "T1053.005"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.659Z",
"modified": "2025-12-16T14:24:05.659Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f",
"name": "Socket Filters",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense-evasion"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control"
}
],
"x_mitre_id": "T1205.002",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1205/002/",
"external_id": "T1205.002"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa",
"name": "Boot or Logon Initialization Scripts",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1037",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1037/",
"external_id": "T1037"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf",
"name": "Archive via Utility",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1560.001",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1560/001/",
"external_id": "T1560.001"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946",
"name": "Screen Capture",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1113",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1113/",
"external_id": "T1113"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255",
"name": "Adversary-in-the-Middle",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "credential-access"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1557",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1557/",
"external_id": "T1557"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"confidence": 69,
"type": "attack-pattern",
"id": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980",
"name": "Exploits",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource-development"
}
],
"x_mitre_id": "T1588.005",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1588/005/",
"external_id": "T1588.005"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"confidence": 68,
"type": "attack-pattern",
"id": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8",
"name": "Artificial Intelligence",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource-development"
}
],
"x_mitre_id": "T1588.007",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1588/007/",
"external_id": "T1588.007"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"confidence": 68,
"type": "attack-pattern",
"id": "attack-pattern--39e179f7-eb33-4dba-86f0-c13dbcbd2a1b",
"name": "Vulnerabilities",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource-development"
}
],
"x_mitre_id": "T1588.006",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1588/006/",
"external_id": "T1588.006"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e7d0db54-4e9d-42e0-a990-6781e87955c7",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Exploit Public-Facing Application (T1190) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9f0e8b48-8622-4da6-949a-b6435d3825e8",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Exploitation for Client Execution (T1203) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e3505c0a-2802-47f7-bd65-5006e304deff",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--d5f68c3e-3583-497a-8fd3-6fe32b38bf5f",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Command and Scripting Interpreter (T1059) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9fa68305-8c83-4279-bea9-492d5864e823",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Spearphishing Attachment (T1566.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3f2007fa-a5d8-47c6-985e-e27beb12c8ee",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Spearphishing Link (T1566.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--efc98c98-34c4-4ba0-bad6-e6d7de471fae",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Spearphishing via Service (T1566.003) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5a779fb4-4c0e-4c67-8c9d-86071d243558",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Application Layer Protocol (T1071) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f94963a2-08ef-4f7e-8101-5abbaf68c49a",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Non-Application Layer Protocol (T1095) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9c5df766-3629-4a01-86e7-3f81b8a78fde",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--aa1845f4-913c-40c6-96ac-d19b1dd58616",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Abuse Elevation Control Mechanism (T1548) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--dee364c1-d32a-4a34-9173-9da763f03ca4",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--b3ae94a2-b47a-4b30-9d9a-5c3a1d8717fe",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Access Token Manipulation (T1134) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--127f894c-52ac-4381-891a-5f6cf49a73a5",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Browser Extensions (T1176.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--11482b5c-4e03-430b-baf4-0c2e24371344",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Evil Twin (T1557.004) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--37ffb3b9-32f8-47a5-b45f-ae9729efdbeb",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Wi-Fi Discovery (T1016.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--47e40829-0129-4c3b-b246-c57a04eefaff",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Wi-Fi Networks (T1669) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3027869d-2446-4bd8-b59d-3c257a57033e",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Scheduled Task (T1053.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--eef507cd-5abf-4e3f-8c0d-263f96ad3525",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Socket Filters (T1205.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8f79dee7-af46-48cd-b731-b30046a24ec6",
"created": "2025-12-16T14:24:05.660Z",
"modified": "2025-12-16T14:24:05.660Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Boot or Logon Initialization Scripts (T1037) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2c75ac62-e60b-4c4b-b43f-231ac890493a",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Archive via Utility (T1560.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f5b1687a-3be8-4a77-bd6c-d606b19bb85f",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Screen Capture (T1113) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--42b9c7d3-16a8-4a10-8705-ebf39acf0685",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Adversary-in-the-Middle (T1557) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--48a25329-3dac-4727-bb31-d3a00b32b8f8",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Exploits (T1588.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ebf62055-cc19-414f-8b87-1ab680af68b8",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Artificial Intelligence (T1588.007) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--16781aae-8ee8-4db6-ac0a-76147bcb23db",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "identity--8a19e390-163a-470f-8639-8db73c6956c4",
"target_ref": "attack-pattern--39e179f7-eb33-4dba-86f0-c13dbcbd2a1b",
"confidence": 60,
"description": "Co-occurrence: React Server Components and Vulnerabilities (T1588.006) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f4db423d-65ec-4199-9912-a4712fa82c3a",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Exploit Public-Facing Application (T1190) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4c8af498-298f-4fc7-a7fc-98191da99e64",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Exploitation for Client Execution (T1203) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--783f0b6b-8b0d-46c0-81dc-6cfebe176275",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--d5f68c3e-3583-497a-8fd3-6fe32b38bf5f",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Command and Scripting Interpreter (T1059) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2d5d264a-e448-47d5-8d02-3c50754da268",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Spearphishing Attachment (T1566.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2f13b8ea-ebdc-4076-8a5f-6dcca47b0879",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Spearphishing Link (T1566.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1f6b0190-2af6-42df-99c2-5de25db91dfc",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Spearphishing via Service (T1566.003) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--104c1b23-1b64-4c26-a5db-00eb81fb9d41",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Application Layer Protocol (T1071) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5f11bf76-14e6-4314-b96c-5d29b31ab684",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Non-Application Layer Protocol (T1095) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7e644e04-6f46-4fbc-acc3-ff4210bc0f05",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--aa1845f4-913c-40c6-96ac-d19b1dd58616",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Abuse Elevation Control Mechanism (T1548) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8a5de806-4766-425d-a5cf-47244988cbab",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--b3ae94a2-b47a-4b30-9d9a-5c3a1d8717fe",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Access Token Manipulation (T1134) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--53ce5408-4863-4e8e-8ad6-c41c6db41865",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Browser Extensions (T1176.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b2b82570-c30c-4953-83fc-50e63e94d8b7",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Evil Twin (T1557.004) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--27b13727-508d-45af-a1ff-4f91ea408394",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.661Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Wi-Fi Discovery (T1016.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f3192533-c6f9-49ba-9afa-a9305283a3ee",
"created": "2025-12-16T14:24:05.661Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Wi-Fi Networks (T1669) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--07bbe94a-cfcb-4118-a809-0212a7d026bc",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Scheduled Task (T1053.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--69cb3206-bf05-43c7-8ab8-35fd6f03535f",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Socket Filters (T1205.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3cc579ff-2725-4f22-a322-55323c44c6ee",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Boot or Logon Initialization Scripts (T1037) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f7a9d8be-8335-4e91-9bf9-eb49d3877268",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Archive via Utility (T1560.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aeda7819-9e0d-4bd3-b9ed-2dddce70a958",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Screen Capture (T1113) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5bf8f906-f554-4842-bc44-cf7758dbcc29",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Adversary-in-the-Middle (T1557) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1afa91be-0417-4cc9-8047-0d6e96fcb69c",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Exploits (T1588.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bb31edb3-fa4d-4d27-9102-42177c56fd6b",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Artificial Intelligence (T1588.007) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3cc160aa-25fb-423d-93f0-a8b116754b74",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--408800c8-3e44-48d7-9c31-565f570ba45e",
"target_ref": "attack-pattern--39e179f7-eb33-4dba-86f0-c13dbcbd2a1b",
"confidence": 60,
"description": "Co-occurrence: Ink Dragon. and Vulnerabilities (T1588.006) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--85078355-9f16-41d9-85d3-db3dedc1bed9",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Exploit Public-Facing Application (T1190) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6ba27f85-a0b7-4482-83cd-24e1ac9a1bb5",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Exploitation for Client Execution (T1203) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--45a4bfc8-8d6e-4174-8491-6197a753107c",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--d5f68c3e-3583-497a-8fd3-6fe32b38bf5f",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Command and Scripting Interpreter (T1059) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a6c76882-a8e7-4d13-b88f-b5cba9cec560",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Spearphishing Attachment (T1566.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7c5c9e3e-73eb-4ae5-a4e2-74d7461b1698",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Spearphishing Link (T1566.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--73bf6910-f8f9-413a-9ec3-4e55dafc9ccd",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Spearphishing via Service (T1566.003) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8ecb25f2-165b-4767-be64-3b3c1e69cc3b",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Application Layer Protocol (T1071) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ba2c97b0-eaad-4981-ab59-ffa183ae2883",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Non-Application Layer Protocol (T1095) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--def20c9d-1274-4d11-9da9-89533c571d85",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--aa1845f4-913c-40c6-96ac-d19b1dd58616",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Abuse Elevation Control Mechanism (T1548) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3f0abe55-5731-4287-84d5-cbf2604e1e7b",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--b3ae94a2-b47a-4b30-9d9a-5c3a1d8717fe",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Access Token Manipulation (T1134) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ece28330-0232-49db-9de6-1ce3859390e4",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Browser Extensions (T1176.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--01954d28-576a-489c-b114-d622bf752f08",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Evil Twin (T1557.004) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--da46a62d-3e7c-48bc-aeac-7b5997214234",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Wi-Fi Discovery (T1016.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1b938520-5d03-4d9c-bd2c-619e28faabcf",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Wi-Fi Networks (T1669) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7c2230e6-ee0a-488b-bc36-1fa5656e8f9d",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Scheduled Task (T1053.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--63328e51-f1c8-4c13-96f4-73018087a9ce",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Socket Filters (T1205.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0d9daa10-4242-4015-9752-5b00c32ebd6b",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Boot or Logon Initialization Scripts (T1037) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e915bb58-b1c1-457b-a2d2-9a63a2577aed",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Archive via Utility (T1560.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f40f1422-003a-4a5d-9771-d3db58e374eb",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Screen Capture (T1113) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f712fd6e-f366-413a-a361-cee7082c1de8",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Adversary-in-the-Middle (T1557) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--45f8c142-3492-4594-a45c-9c10f827237c",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Exploits (T1588.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0e3b436d-2e83-4f82-9a03-d4ebdc074fc9",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Artificial Intelligence (T1588.007) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--84c02c38-1a4c-4c26-bcff-1ec20afd1ce8",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--6384a209-1706-4b3a-9708-e4eef2c6beff",
"target_ref": "attack-pattern--39e179f7-eb33-4dba-86f0-c13dbcbd2a1b",
"confidence": 60,
"description": "Co-occurrence: REF7707 ,  and Vulnerabilities (T1588.006) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c714765c-f993-4dac-92e1-d767331b0237",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Exploit Public-Facing Application (T1190) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e37610ed-ee4a-400d-bfd4-dbdb654646b9",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Exploitation for Client Execution (T1203) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5c80c564-4f06-4017-9157-533ed53a0040",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--d5f68c3e-3583-497a-8fd3-6fe32b38bf5f",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Command and Scripting Interpreter (T1059) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--14426e30-358e-4c5d-b800-3b671947ede8",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Spearphishing Attachment (T1566.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2c43271c-ca78-4b99-a64b-aae0ccda5fa2",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Spearphishing Link (T1566.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--48896934-8c1c-4d23-bc9a-b04d6bcfa766",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Spearphishing via Service (T1566.003) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fdbc2690-b582-4309-8512-12054997c818",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Application Layer Protocol (T1071) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0256ca5f-60fb-47ee-a515-c6108246d65e",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Non-Application Layer Protocol (T1095) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--48e33caf-742b-4914-bb7e-97a269db1b8a",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--aa1845f4-913c-40c6-96ac-d19b1dd58616",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Abuse Elevation Control Mechanism (T1548) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--21465319-3e49-4ff8-b0e1-6dc5f93a6d41",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--b3ae94a2-b47a-4b30-9d9a-5c3a1d8717fe",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Access Token Manipulation (T1134) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--70ed6826-31f4-4c48-8963-4a01eea8c150",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Browser Extensions (T1176.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e382c0fa-4b76-4f95-9194-d8866650692c",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Evil Twin (T1557.004) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ad116039-10f9-49b4-81f1-c853eb62f4c8",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Wi-Fi Discovery (T1016.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fb73c172-5e8a-4291-bee3-1ac5e23c435d",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Wi-Fi Networks (T1669) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a338b2ee-f0ff-47ec-9ca6-9877b7de5b42",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Scheduled Task (T1053.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a9978250-0126-4a3e-87a1-9c7de94cb964",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Socket Filters (T1205.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--00f2de89-4b33-4976-82a9-de4b840754e1",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Boot or Logon Initialization Scripts (T1037) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5ad0d8eb-fd39-40eb-ae44-f30dad3d6127",
"created": "2025-12-16T14:24:05.662Z",
"modified": "2025-12-16T14:24:05.662Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Archive via Utility (T1560.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8a6066c2-7079-49e9-98e3-57bd186cbab3",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Screen Capture (T1113) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4372f90d-4bf7-49d0-87ec-1af5a7006463",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Adversary-in-the-Middle (T1557) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--01dd3313-2e83-4d8a-b9c0-6c55830e6dc6",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Exploits (T1588.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4f3d1e88-4d70-4a66-bf72-e712b25e640f",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Artificial Intelligence (T1588.007) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3cc2ebdb-af1b-4d7f-a3a4-82c1577c8a6b",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c3a6a31-ae65-45aa-936e-7e624d4ecec0",
"target_ref": "attack-pattern--39e179f7-eb33-4dba-86f0-c13dbcbd2a1b",
"confidence": 60,
"description": "Co-occurrence: Main Intelligence Directorate and Vulnerabilities (T1588.006) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7eab8a51-19ff-489b-983f-dfe328484c95",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Exploit Public-Facing Application (T1190) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a6ee78c5-7c15-4767-8a0e-d86933cc034e",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Exploitation for Client Execution (T1203) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2e824d3b-af11-4848-9ad4-248eb67b2d7c",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--d5f68c3e-3583-497a-8fd3-6fe32b38bf5f",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Command and Scripting Interpreter (T1059) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--49626735-4f14-488f-af7c-96367069d12b",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Spearphishing Attachment (T1566.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1fdbb0fb-7853-4389-9f04-f5a1900bdf9d",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Spearphishing Link (T1566.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--555365ff-3896-4f99-a8fc-b7206c26e449",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Spearphishing via Service (T1566.003) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a5df8e8d-267b-4f9e-8b9e-39cd12dcfdf2",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Application Layer Protocol (T1071) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b189b474-a2b7-411d-8c40-4a613e95e8e7",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Non-Application Layer Protocol (T1095) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3aa22564-97da-4f6a-b532-d6c49d1a025a",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--aa1845f4-913c-40c6-96ac-d19b1dd58616",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Abuse Elevation Control Mechanism (T1548) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--eec12355-643e-495b-9ed5-a30850ee55db",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--b3ae94a2-b47a-4b30-9d9a-5c3a1d8717fe",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Access Token Manipulation (T1134) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4e48831f-74e9-47b4-8a22-1dbf2eb27e94",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Browser Extensions (T1176.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5464f416-1c13-4906-a8a1-2e35e333cc75",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Evil Twin (T1557.004) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f2b9b9ec-776f-4ece-a89f-397c7a263cad",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Wi-Fi Discovery (T1016.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ed56750b-4883-44fa-a64f-ba29b3440377",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Wi-Fi Networks (T1669) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--350982d1-d074-4946-b412-1fe7f413638c",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Scheduled Task (T1053.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--731160eb-46ab-463f-8a53-1f62cf54fd3a",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Socket Filters (T1205.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d273f141-201e-48c4-9ddc-79c46a42afed",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Boot or Logon Initialization Scripts (T1037) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--667e1dda-5b3b-460d-a3f2-b02c704678dc",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Archive via Utility (T1560.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--778f2a4f-6f2e-4ec7-b965-6547f8a3bd45",
"created": "2025-12-16T14:24:05.663Z",
"modified": "2025-12-16T14:24:05.663Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Screen Capture (T1113) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d84ecd08-ed5d-4242-8dac-1e2e07ba54b2",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Adversary-in-the-Middle (T1557) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--93d2f492-1d10-49e2-9984-a4cba74069e3",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Exploits (T1588.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a4a1a3cf-64b4-46ac-b6aa-cdff27b28f86",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Artificial Intelligence (T1588.007) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--92b297fd-9399-4b12-a24a-3edad925abce",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ed70a1ea-0748-4318-9623-4105653cb15f",
"target_ref": "attack-pattern--39e179f7-eb33-4dba-86f0-c13dbcbd2a1b",
"confidence": 60,
"description": "Co-occurrence: ShadyPanda and Vulnerabilities (T1588.006) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1ca6d5d7-a93e-44ea-afa8-d9860fffd47b",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Exploit Public-Facing Application (T1190) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--756bec3a-0347-4eb1-b462-86e4b33e92dd",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Exploitation for Client Execution (T1203) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7ba160b8-5894-4071-becc-f6d9cffe7fe7",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--d5f68c3e-3583-497a-8fd3-6fe32b38bf5f",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Command and Scripting Interpreter (T1059) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c5411cc3-e154-4e10-a21f-5e1b8c68069b",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Spearphishing Attachment (T1566.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--64f41770-8a9d-4293-9d5d-24b2c08e2004",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Spearphishing Link (T1566.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bf73d350-f4ce-40a9-8bc7-a35b9e52846c",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Spearphishing via Service (T1566.003) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ab83d7d4-b1d1-44ae-a663-40c98facd144",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Application Layer Protocol (T1071) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aa957956-9e56-40f6-b0b6-3c1337cff919",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Non-Application Layer Protocol (T1095) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--25223db0-e8a9-4c39-a175-b3da76295eaf",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--aa1845f4-913c-40c6-96ac-d19b1dd58616",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Abuse Elevation Control Mechanism (T1548) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--63cca229-0112-496e-919f-e985894e9e82",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--b3ae94a2-b47a-4b30-9d9a-5c3a1d8717fe",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Access Token Manipulation (T1134) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e93a7c7b-7b2d-4849-acda-fa4182c7dfd5",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Browser Extensions (T1176.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c1018e1d-a2db-453f-bb5f-56d03365686b",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Evil Twin (T1557.004) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--10632031-f36e-46a7-9232-e27d97a75b43",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Wi-Fi Discovery (T1016.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e625afa8-8038-4be4-b52d-a3a283ee1fb2",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Wi-Fi Networks (T1669) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--85d5ec89-f86b-47bc-9f92-2d1627371112",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Scheduled Task (T1053.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7a67c34d-b70b-41dc-ae80-96b1f150c7de",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Socket Filters (T1205.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4a8a7b0b-7d90-4522-945b-3251b0a262f8",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Boot or Logon Initialization Scripts (T1037) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5002e713-a79b-4f10-b99c-9d7ff986611a",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Archive via Utility (T1560.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ca816749-a06c-4948-9819-acd61f507612",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Screen Capture (T1113) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ba894484-5fa7-4622-9956-262d8ba2d0a1",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Adversary-in-the-Middle (T1557) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d6d370ae-7ed4-49bd-bdc2-7026423094bc",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Exploits (T1588.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a2be562f-b852-4ad4-a189-eaa99f59226f",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Artificial Intelligence (T1588.007) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5016077b-9bd7-4cad-9b0d-8f1a26b11727",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--cd14e27f-418f-43db-9469-4ab988a619f0",
"target_ref": "attack-pattern--39e179f7-eb33-4dba-86f0-c13dbcbd2a1b",
"confidence": 60,
"description": "Co-occurrence: REF7707 and Vulnerabilities (T1588.006) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d6ba1917-ba02-4546-a0e8-85c9b8925d80",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Exploit Public-Facing Application (T1190) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4b330b38-41e5-4805-b15d-6abc7d2269e8",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Exploitation for Client Execution (T1203) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a9c750d4-0802-433c-a5d4-c1d955fcac0f",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--d5f68c3e-3583-497a-8fd3-6fe32b38bf5f",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Command and Scripting Interpreter (T1059) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f79bec06-ee90-4a9a-af6c-3f9050ac59c0",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Spearphishing Attachment (T1566.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f1cdd4e8-bb9b-4738-9854-01378ba332ad",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Spearphishing Link (T1566.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--82c85b34-debf-4043-a015-0482d88bf5ec",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Spearphishing via Service (T1566.003) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--97127c6b-10d2-43c0-a478-23046c9d6a8c",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Application Layer Protocol (T1071) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1d8a35c7-2c25-46cd-beee-d562473dbe4a",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Non-Application Layer Protocol (T1095) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ff4c6168-d47c-47ce-9cc6-339a018fb787",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--aa1845f4-913c-40c6-96ac-d19b1dd58616",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Abuse Elevation Control Mechanism (T1548) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8f65679f-fa54-4c05-9d83-c947bae6e58b",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--b3ae94a2-b47a-4b30-9d9a-5c3a1d8717fe",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Access Token Manipulation (T1134) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--097c1c98-c860-440b-9e9b-03ab3634bb73",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Browser Extensions (T1176.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--60f3506d-5dd0-4719-aa56-ae0d493f4760",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Evil Twin (T1557.004) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2e6411a7-d007-4d20-af6e-0d5242d03422",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Wi-Fi Discovery (T1016.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--db1fd10e-521c-4f4d-af14-ab07a3def98e",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Wi-Fi Networks (T1669) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d32bfd27-67fd-4c24-acc9-8f7ec33ed255",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Scheduled Task (T1053.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7d418c33-74e6-497e-b1a4-20874e96e92b",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Socket Filters (T1205.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3a8b331a-3ea3-48a9-acc0-d7e6ea403df5",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Boot or Logon Initialization Scripts (T1037) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--35e3ffb2-2d28-4706-8378-31ece11a96a8",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Archive via Utility (T1560.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2a6e9786-c688-4c94-8b38-a8457ca92a7c",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Screen Capture (T1113) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--650db487-c9e3-419d-93c1-2fcd0321c642",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Adversary-in-the-Middle (T1557) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b436b95a-305a-4a1a-8227-c9351520c0a5",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Exploits (T1588.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--06303384-6c15-4779-9cce-e0e8cdc6cf43",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Artificial Intelligence (T1588.007) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--385d4a76-806a-4f80-a8d1-9f777363d4eb",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"target_ref": "attack-pattern--39e179f7-eb33-4dba-86f0-c13dbcbd2a1b",
"confidence": 60,
"description": "Co-occurrence: CyberVolk and Vulnerabilities (T1588.006) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f70da8f7-2777-47d2-b46a-3017a741d010",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Exploit Public-Facing Application (T1190) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--312b5a24-cc92-4f50-8309-94e31f09b7b9",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Exploitation for Client Execution (T1203) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a51f91ad-8054-4ce0-91a4-3cc2b13c76c6",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--d5f68c3e-3583-497a-8fd3-6fe32b38bf5f",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Command and Scripting Interpreter (T1059) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--98e5d8e6-3e27-47f8-b5c7-81491e874e89",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Spearphishing Attachment (T1566.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--076af918-5f51-4eae-8cb6-0c4d1d10eb4e",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Spearphishing Link (T1566.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d2b1096e-cf7a-42b3-88e0-31d65b1ef877",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Spearphishing via Service (T1566.003) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--466616c9-6eb5-4158-8cb6-518b07def84a",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Application Layer Protocol (T1071) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--260e938e-d0b6-4bca-98ef-75736313e8d2",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Non-Application Layer Protocol (T1095) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--835c8332-41c9-48a6-8b8b-ca0b63da0688",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--aa1845f4-913c-40c6-96ac-d19b1dd58616",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Abuse Elevation Control Mechanism (T1548) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e9f03686-5e5b-4992-8adc-5771a219902f",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--b3ae94a2-b47a-4b30-9d9a-5c3a1d8717fe",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Access Token Manipulation (T1134) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--87c16852-7639-422b-8d7f-2bb93b999de0",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Browser Extensions (T1176.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--619858b1-19a2-4a93-bce9-f6b75a2787ee",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Evil Twin (T1557.004) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--240da1eb-d05f-4e64-86b8-92bddae8facd",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Wi-Fi Discovery (T1016.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c8eb0fc7-a2d4-4412-8f98-13fd7e7bf412",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Wi-Fi Networks (T1669) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--815650e4-a561-47cd-b999-59f58765f40b",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Scheduled Task (T1053.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--529537ee-f3bd-4d9a-90a6-0a824d08d041",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Socket Filters (T1205.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--96c7623c-99fa-4d87-be90-4e8e37394447",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Boot or Logon Initialization Scripts (T1037) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--66bb62d8-063b-4eeb-bca3-c2120b3c8007",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Archive via Utility (T1560.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--91249ca5-497a-4bd2-926a-eb918d9dc628",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Screen Capture (T1113) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e386c68c-d01c-4a57-8e7a-697af68480cc",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Adversary-in-the-Middle (T1557) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--eaf08b54-d724-45be-bb3c-17e01f3c797e",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Exploits (T1588.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--47a2c660-7634-4d05-8890-26e3cde1e55e",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.664Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Artificial Intelligence (T1588.007) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bcc53010-2843-4295-adbe-546c4b0f7570",
"created": "2025-12-16T14:24:05.664Z",
"modified": "2025-12-16T14:24:05.665Z",
"relationship_type": "uses",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "attack-pattern--39e179f7-eb33-4dba-86f0-c13dbcbd2a1b",
"confidence": 55,
"description": "Co-occurrence: VolkLocker and Vulnerabilities (T1588.006) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--711ad946-c0da-4b40-b90b-42537fd3791d",
"created": "2025-12-16T14:24:05.665Z",
"modified": "2025-12-16T14:24:05.665Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--c99b8707-1226-4372-9f66-73b5d45b3f78",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Exploit Public-Facing Application (T1190) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4cd84446-42de-4652-8720-13686835938f",
"created": "2025-12-16T14:24:05.665Z",
"modified": "2025-12-16T14:24:05.665Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--f826e543-c895-41dc-bac3-389ef1a14778",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Exploitation for Client Execution (T1203) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6a4de111-3e94-471b-84b3-74cf77b2f5a0",
"created": "2025-12-16T14:24:05.665Z",
"modified": "2025-12-16T14:24:05.665Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--d5f68c3e-3583-497a-8fd3-6fe32b38bf5f",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Command and Scripting Interpreter (T1059) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--33187e40-e705-44cc-8a88-c990d21db2c5",
"created": "2025-12-16T14:24:05.666Z",
"modified": "2025-12-16T14:24:05.666Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--4aa52e9f-03db-4ed5-95a5-13ee3d59c0c9",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Spearphishing Attachment (T1566.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1116e044-e9d0-4383-af23-dfb2cc2fe206",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--0f708337-bf93-4058-bd1e-02de7daccae3",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Spearphishing Link (T1566.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5183e15d-7100-4f90-be7f-700d651ae353",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--25e754f9-fb2d-471d-9dff-3828bb7ea3bb",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Spearphishing via Service (T1566.003) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--70b2bf53-8808-44dd-9d42-9c932ac8f221",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--c33dd9cf-88cc-4541-ad0d-7cb0b3568581",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Application Layer Protocol (T1071) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ac3f05ea-8e06-4bb4-9c4d-15f179c5fede",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--85c280bd-77ac-4193-89a6-22f3258889e1",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Non-Application Layer Protocol (T1095) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5af36e2a-3b3e-4c1f-bf80-d788c855d10f",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--aa1845f4-913c-40c6-96ac-d19b1dd58616",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Abuse Elevation Control Mechanism (T1548) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--383e4c49-b1b6-490b-aab9-957ac03b209a",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--b3ae94a2-b47a-4b30-9d9a-5c3a1d8717fe",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Access Token Manipulation (T1134) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--103cab88-83b1-4495-b42e-c29e5186ab1f",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--d123f673-06c3-45e4-a800-7bb58177799f",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Browser Extensions (T1176.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--950bc187-a0fd-4a25-812c-048473e30993",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--5af4609d-601b-4e59-a0e4-99b26e8778ef",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Evil Twin (T1557.004) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3621cd4f-cc82-49bd-b897-47a9d5f8cff6",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--cd75b0f2-59e6-479f-9a4a-19cc3fa49a49",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Wi-Fi Discovery (T1016.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--68670670-c5d3-4d54-b5dd-1f0ea512d43b",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--8372481f-22a4-405e-a351-3da95f01fd81",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Wi-Fi Networks (T1669) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--59dfe458-1282-47a4-9ebb-3aa981a382aa",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--e57f3d8f-db5e-465c-9294-c7831e03227e",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Scheduled Task (T1053.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ed891a0c-59ae-4163-9cb6-6682b06bcde4",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--5391a1ff-d556-4631-ba60-8905f720bf7f",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Socket Filters (T1205.002) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fe59327a-cb92-4622-8fdb-c78799762b3d",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--66e614e6-1ec5-41d9-ba44-34ed358d91aa",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Boot or Logon Initialization Scripts (T1037) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d1ccc1e7-1403-47b3-b9b2-6b824d713933",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--cc16d880-ad7c-42bb-98e3-ec0ea5e864bf",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Archive via Utility (T1560.001) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--11bbd310-7f07-48d5-a451-4480bfbc90fb",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--cc98d5fb-a57e-47af-845c-7805ee3a7946",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Screen Capture (T1113) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b5b84690-ad19-4323-af7b-559f8ac1edd0",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--f25aeb02-492b-4d84-ba74-953779e3c255",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Adversary-in-the-Middle (T1557) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5d2ae806-f723-4621-838b-82480d425b3a",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--dc9ec90e-4c28-4e91-8f8a-c2aa3f432980",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Exploits (T1588.005) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9bac4bec-de07-47e0-9277-f785b1033c3d",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--54547eb0-ddb8-487e-8cf8-2daf078ef6b8",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Artificial Intelligence (T1588.007) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8d2c5f7f-dc25-4fbc-a8f6-0e9ed9d3798c",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "uses",
"source_ref": "malware--5fe3b669-ebe1-4a64-829d-9f5c3766f651",
"target_ref": "attack-pattern--39e179f7-eb33-4dba-86f0-c13dbcbd2a1b",
"confidence": 55,
"description": "Co-occurrence: Beelzebub and Vulnerabilities (T1588.006) in same intelligence",
"x_validation_method": "mitre-cooccurrence"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a49cd902-4c5a-462f-8a00-be59b2d5f730",
"created": "2025-12-16T14:24:05.667Z",
"modified": "2025-12-16T14:24:05.667Z",
"relationship_type": "attributed-to",
"source_ref": "malware--ff7aa917-0a90-480c-af10-fc05ec1b7cea",
"target_ref": "threat-actor--3a3ee56c-dfc4-4539-b443-3b3d77236ea2",
"confidence": 85,
"description": "VolkLocker is a ransomware-as-a-service (RaaS) offering used by the pro-Russian hacktivist group CyberVolk",
"x_validation_method": "llm-semantic-discovery"
},
{
"type": "file:hashes.MD5",
"value": "48ea05548fa01cb85ebb2fd58663bedf",
"source": "OTX",
"malware_families": [
"VolkLocker"
],
"pulse_names": [
"CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains"
],
"id": "file:hashes.MD5--3a340b85-15ca-4faa-941f-5670f2469318"
},
{
"type": "file:hashes.MD5",
"value": "d396525d713050aeaea527c4125fe3da",
"source": "OTX",
"malware_families": [
"VolkLocker"
],
"pulse_names": [
"CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains"
],
"id": "file:hashes.MD5--5228f56f-6f26-469d-8491-75e8438df624"
},
{
"type": "file:hashes.SHA-1",
"value": "0948e75c94046f0893844e3b891556ea48188608",
"source": "OTX",
"malware_families": [
"VolkLocker"
],
"pulse_names": [
"CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains"
],
"id": "file:hashes.SHA-1--2f3cd1df-df00-461b-bd96-c125675f74af"
},
{
"type": "file:hashes.SHA-1",
"value": "dcd859e5b14657b733dfb0c22272b82623466321",
"source": "OTX",
"malware_families": [
"VolkLocker"
],
"pulse_names": [
"CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains"
],
"id": "file:hashes.SHA-1--8b001358-30f0-452d-9969-593cf075a1e1"
},
{
"type": "file:hashes.SHA-256",
"value": "0c0837744202ff2d0fc920219229d00043a8d1d881f5fdd918fa6ee8282c0077",
"source": "OTX",
"malware_families": [
"VolkLocker"
],
"pulse_names": [
"CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains"
],
"id": "file:hashes.SHA-256--74bc2b9f-f07a-4fa5-95fe-d06f4ec2335f"
},
{
"type": "file:hashes.SHA-256",
"value": "b00af0dedb5c4d8f62ca0baf941e18a93e868881bd2c37dadda4815e07ca2117",
"source": "OTX",
"malware_families": [
"VolkLocker"
],
"pulse_names": [
"CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains"
],
"id": "file:hashes.SHA-256--befaf8a5-1954-4ea0-a2db-17c109a62fe9"
},
{
"type": "domain-name",
"value": "0pel.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--12c8382e-85cb-489a-84ce-292ec8657775"
},
{
"type": "domain-name",
"value": "0range.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--75e30ef3-41d5-4397-9b01-08eaab2583bb"
},
{
"type": "domain-name",
"value": "10001.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--f0184481-cec9-4718-a4ff-e66d7992cfae"
},
{
"type": "domain-name",
"value": "10001jeux.fr",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--8f298139-e6ff-414e-94a1-67ced854bcb5"
},
{
"type": "domain-name",
"value": "1000pa.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--a8679d99-4d04-4767-bc99-c0297e533022"
},
{
"type": "domain-name",
"value": "1015.fr",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--bd1e3aa8-0758-48f4-a042-8632e59b9852"
},
{
"type": "domain-name",
"value": "1031.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--6a3df62a-89f6-41a4-a949-0e341360f99a"
},
{
"type": "domain-name",
"value": "10sport.fr",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--f368f3f4-569e-4be9-9421-cd8ab38de931"
},
{
"type": "domain-name",
"value": "11teamsport.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--a2ceec21-587b-4073-9800-b2d0f37caf6b"
},
{
"type": "domain-name",
"value": "123gebrauchwagen.de",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--1ab2fc1a-cd52-4bc4-a0de-57cd46c61bb4"
},
{
"type": "domain-name",
"value": "123skin.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--5314b095-330d-44bb-abc8-43c11878d4da"
},
{
"type": "domain-name",
"value": "12gebrauchwagen.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--42f04971-210e-4044-b53d-178cdf2e99dd"
},
{
"type": "domain-name",
"value": "12people.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--0588cfb4-0dfe-4463-aafc-e7cdcd0385f6"
},
{
"type": "domain-name",
"value": "14tagewetter.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--aca33560-0b8a-4c88-9984-0443da855709"
},
{
"type": "domain-name",
"value": "1600.dk",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--a9b926a4-9629-4c05-8c84-6944ed404a5d"
},
{
"type": "domain-name",
"value": "1and1webmail.fr",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--65317e6e-e96b-476d-92b2-3c06bec4a51e"
},
{
"type": "domain-name",
"value": "1google.de",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--00e1e359-52e9-48af-aedf-c5fcfb222981"
},
{
"type": "domain-name",
"value": "1stvideo.fr",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--1d054cc2-d4ff-4852-ad4d-f510ccbfc339"
},
{
"type": "domain-name",
"value": "24auto.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--2dc10eac-6f46-4574-b946-f90b46a960c7"
},
{
"type": "domain-name",
"value": "24scout.at",
"source": "OTX",
"malware_families": [
"Beelzebub"
],
"pulse_names": [
"List of cybersquatting domains managed by Malkhaz Kapanadze/ááááŽááá áááááááŤá aka dom@singleplan.com aka Telox/ ELKO LLC"
],
"id": "domain-name--9eb5e2fb-06d3-4f47-aead-4a14f44d0e6f"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bc602d24-e7b3-491b-9a9e-083ca99791c0",
"created": "2025-12-16T14:21:04.952Z",
"modified": "2025-12-16T14:21:04.952Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '0pel.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:04.952Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--49077742-8b22-4c21-aab2-906a3e06244c",
"created": "2025-12-16T14:21:04.952Z",
"modified": "2025-12-16T14:21:04.952Z",
"relationship_type": "based-on",
"source_ref": "indicator--bc602d24-e7b3-491b-9a9e-083ca99791c0",
"target_ref": "domain-name--12c8382e-85cb-489a-84ce-292ec8657775"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--12aca9d4-b6fd-4f12-94b4-1922d75fa52e",
"created": "2025-12-16T14:21:05.046Z",
"modified": "2025-12-16T14:21:05.046Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '0range.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.046Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1accbde1-2e23-4a10-9270-7d761a91e565",
"created": "2025-12-16T14:21:05.046Z",
"modified": "2025-12-16T14:21:05.047Z",
"relationship_type": "based-on",
"source_ref": "indicator--12aca9d4-b6fd-4f12-94b4-1922d75fa52e",
"target_ref": "domain-name--75e30ef3-41d5-4397-9b01-08eaab2583bb"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b7f54c3f-f4f3-4e6a-badc-61ac367b2cae",
"created": "2025-12-16T14:21:05.100Z",
"modified": "2025-12-16T14:21:05.100Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '10001.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.100Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--72edd68a-fa81-4a34-8eff-801536f9b184",
"created": "2025-12-16T14:21:05.100Z",
"modified": "2025-12-16T14:21:05.100Z",
"relationship_type": "based-on",
"source_ref": "indicator--b7f54c3f-f4f3-4e6a-badc-61ac367b2cae",
"target_ref": "domain-name--f0184481-cec9-4718-a4ff-e66d7992cfae"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b45d7fd-0a23-41fc-b934-1ff0ccd9dfd9",
"created": "2025-12-16T14:21:05.136Z",
"modified": "2025-12-16T14:21:05.136Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '10001jeux.fr']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.136Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1a82731d-85f7-4b70-99a7-6a30c9b6c894",
"created": "2025-12-16T14:21:05.136Z",
"modified": "2025-12-16T14:21:05.136Z",
"relationship_type": "based-on",
"source_ref": "indicator--5b45d7fd-0a23-41fc-b934-1ff0ccd9dfd9",
"target_ref": "domain-name--8f298139-e6ff-414e-94a1-67ced854bcb5"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3cd7e965-c54c-4ff4-8fac-de9c318f4804",
"created": "2025-12-16T14:21:05.163Z",
"modified": "2025-12-16T14:21:05.163Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '1000pa.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.163Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--14d8368b-7422-4b5b-a65b-ca17192b5711",
"created": "2025-12-16T14:21:05.163Z",
"modified": "2025-12-16T14:21:05.163Z",
"relationship_type": "based-on",
"source_ref": "indicator--3cd7e965-c54c-4ff4-8fac-de9c318f4804",
"target_ref": "domain-name--a8679d99-4d04-4767-bc99-c0297e533022"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9184d4ca-ac0e-4681-85bb-fba1b95cb183",
"created": "2025-12-16T14:21:05.190Z",
"modified": "2025-12-16T14:21:05.190Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '1015.fr']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.190Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3cbdac8a-5e27-4c95-99bf-b7c103a90096",
"created": "2025-12-16T14:21:05.190Z",
"modified": "2025-12-16T14:21:05.191Z",
"relationship_type": "based-on",
"source_ref": "indicator--9184d4ca-ac0e-4681-85bb-fba1b95cb183",
"target_ref": "domain-name--bd1e3aa8-0758-48f4-a042-8632e59b9852"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--28308a2e-c31c-4a22-a911-43f378aea536",
"created": "2025-12-16T14:21:05.230Z",
"modified": "2025-12-16T14:21:05.230Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '1031.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.230Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bf7f09f6-98d1-4adb-be32-aed6bde3c7a1",
"created": "2025-12-16T14:21:05.230Z",
"modified": "2025-12-16T14:21:05.230Z",
"relationship_type": "based-on",
"source_ref": "indicator--28308a2e-c31c-4a22-a911-43f378aea536",
"target_ref": "domain-name--6a3df62a-89f6-41a4-a949-0e341360f99a"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--107064cf-5786-4bd3-9da7-62831c1b26e9",
"created": "2025-12-16T14:21:05.249Z",
"modified": "2025-12-16T14:21:05.249Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '10sport.fr']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.249Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b7e14d86-fa23-4a9b-91ac-18070a0bce20",
"created": "2025-12-16T14:21:05.249Z",
"modified": "2025-12-16T14:21:05.249Z",
"relationship_type": "based-on",
"source_ref": "indicator--107064cf-5786-4bd3-9da7-62831c1b26e9",
"target_ref": "domain-name--f368f3f4-569e-4be9-9421-cd8ab38de931"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8865c0a9-ce7c-4322-8d81-d1dd9c1bcf3a",
"created": "2025-12-16T14:21:05.280Z",
"modified": "2025-12-16T14:21:05.280Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '11teamsport.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.280Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--445afa00-e4b8-4a6f-a068-23993a99d82a",
"created": "2025-12-16T14:21:05.280Z",
"modified": "2025-12-16T14:21:05.280Z",
"relationship_type": "based-on",
"source_ref": "indicator--8865c0a9-ce7c-4322-8d81-d1dd9c1bcf3a",
"target_ref": "domain-name--a2ceec21-587b-4073-9800-b2d0f37caf6b"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4550b4b0-cb2a-4fcf-8cac-1c07ce100d47",
"created": "2025-12-16T14:21:05.313Z",
"modified": "2025-12-16T14:21:05.313Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '123gebrauchwagen.de']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.313Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4942ee01-7afe-4213-9d02-935cfbc71fa9",
"created": "2025-12-16T14:21:05.313Z",
"modified": "2025-12-16T14:21:05.313Z",
"relationship_type": "based-on",
"source_ref": "indicator--4550b4b0-cb2a-4fcf-8cac-1c07ce100d47",
"target_ref": "domain-name--1ab2fc1a-cd52-4bc4-a0de-57cd46c61bb4"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9c86b5ec-63be-476d-b5f1-991f4e5f6450",
"created": "2025-12-16T14:21:05.348Z",
"modified": "2025-12-16T14:21:05.348Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '123skin.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.348Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2d602465-f36e-46f5-968f-4be2bb4a9f5e",
"created": "2025-12-16T14:21:05.348Z",
"modified": "2025-12-16T14:21:05.348Z",
"relationship_type": "based-on",
"source_ref": "indicator--9c86b5ec-63be-476d-b5f1-991f4e5f6450",
"target_ref": "domain-name--5314b095-330d-44bb-abc8-43c11878d4da"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d7e0cf90-e156-4e37-b3f2-36f791426a2c",
"created": "2025-12-16T14:21:05.415Z",
"modified": "2025-12-16T14:21:05.415Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '12gebrauchwagen.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.415Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fc4fb829-3dc4-42c8-9d80-fd4d8a253b98",
"created": "2025-12-16T14:21:05.415Z",
"modified": "2025-12-16T14:21:05.415Z",
"relationship_type": "based-on",
"source_ref": "indicator--d7e0cf90-e156-4e37-b3f2-36f791426a2c",
"target_ref": "domain-name--42f04971-210e-4044-b53d-178cdf2e99dd"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cceb9ded-1e70-41ed-a0f2-3aa384ebdedd",
"created": "2025-12-16T14:21:05.442Z",
"modified": "2025-12-16T14:21:05.442Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '12people.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.442Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--94a323d2-716a-4e2d-bd66-d26c3e84dc30",
"created": "2025-12-16T14:21:05.442Z",
"modified": "2025-12-16T14:21:05.442Z",
"relationship_type": "based-on",
"source_ref": "indicator--cceb9ded-1e70-41ed-a0f2-3aa384ebdedd",
"target_ref": "domain-name--0588cfb4-0dfe-4463-aafc-e7cdcd0385f6"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--689f78f3-b7a4-416b-8ad0-24ec1fb9b1cb",
"created": "2025-12-16T14:21:05.464Z",
"modified": "2025-12-16T14:21:05.464Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '14tagewetter.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.464Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d90166ab-f16b-4cb7-83b5-e827f4d202f8",
"created": "2025-12-16T14:21:05.464Z",
"modified": "2025-12-16T14:21:05.464Z",
"relationship_type": "based-on",
"source_ref": "indicator--689f78f3-b7a4-416b-8ad0-24ec1fb9b1cb",
"target_ref": "domain-name--aca33560-0b8a-4c88-9984-0443da855709"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9d1d519e-f9a3-4f5b-904a-bbe118051fb1",
"created": "2025-12-16T14:21:05.489Z",
"modified": "2025-12-16T14:21:05.489Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '1600.dk']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.490Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3b95b752-4515-456f-b339-a60021ccf376",
"created": "2025-12-16T14:21:05.490Z",
"modified": "2025-12-16T14:21:05.490Z",
"relationship_type": "based-on",
"source_ref": "indicator--9d1d519e-f9a3-4f5b-904a-bbe118051fb1",
"target_ref": "domain-name--a9b926a4-9629-4c05-8c84-6944ed404a5d"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3a7d4a86-e331-4451-89a1-d80ebe9abeee",
"created": "2025-12-16T14:21:05.564Z",
"modified": "2025-12-16T14:21:05.564Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '1and1webmail.fr']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.564Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a4694323-9265-4be6-8498-f60e6c157b51",
"created": "2025-12-16T14:21:05.564Z",
"modified": "2025-12-16T14:21:05.564Z",
"relationship_type": "based-on",
"source_ref": "indicator--3a7d4a86-e331-4451-89a1-d80ebe9abeee",
"target_ref": "domain-name--65317e6e-e96b-476d-92b2-3c06bec4a51e"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e38a6d7e-3675-4d62-9bbf-deeedca4fca3",
"created": "2025-12-16T14:21:05.585Z",
"modified": "2025-12-16T14:21:05.585Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '1google.de']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.585Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c59337fe-31fc-4eb3-a0fb-94f5df84375c",
"created": "2025-12-16T14:21:05.585Z",
"modified": "2025-12-16T14:21:05.585Z",
"relationship_type": "based-on",
"source_ref": "indicator--e38a6d7e-3675-4d62-9bbf-deeedca4fca3",
"target_ref": "domain-name--00e1e359-52e9-48af-aedf-c5fcfb222981"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b4dd3be9-1173-484e-b78e-1e9157b6b0c5",
"created": "2025-12-16T14:21:05.634Z",
"modified": "2025-12-16T14:21:05.634Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '1stvideo.fr']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.634Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5a779e82-779a-4bd9-8d24-9aed35342188",
"created": "2025-12-16T14:21:05.634Z",
"modified": "2025-12-16T14:21:05.634Z",
"relationship_type": "based-on",
"source_ref": "indicator--b4dd3be9-1173-484e-b78e-1e9157b6b0c5",
"target_ref": "domain-name--1d054cc2-d4ff-4852-ad4d-f510ccbfc339"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f2ae8a3d-9932-4985-86bb-17a1a36cde41",
"created": "2025-12-16T14:21:05.650Z",
"modified": "2025-12-16T14:21:05.650Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '24auto.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.650Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5e0d442b-b260-494d-bb98-87b9c6b9d8af",
"created": "2025-12-16T14:21:05.650Z",
"modified": "2025-12-16T14:21:05.650Z",
"relationship_type": "based-on",
"source_ref": "indicator--f2ae8a3d-9932-4985-86bb-17a1a36cde41",
"target_ref": "domain-name--2dc10eac-6f46-4574-b946-f90b46a960c7"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--28a2eed8-c0af-41e7-9464-212f8aa05d31",
"created": "2025-12-16T14:21:05.669Z",
"modified": "2025-12-16T14:21:05.670Z",
"name": "Malicious domain-name indicator",
"description": "Malicious domain-name identified in threat intelligence",
"pattern": "[domain-name:value = '24scout.at']",
"pattern_type": "stix",
"valid_from": "2025-12-16T14:21:05.670Z",
"labels": [
"malicious-activity"
],
"confidence": 75
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--be70a77e-b319-4c73-b887-1c0f2c4bd80c",
"created": "2025-12-16T14:21:05.670Z",
"modified": "2025-12-16T14:21:05.670Z",
"relationship_type": "based-on",
"source_ref": "indicator--28a2eed8-c0af-41e7-9464-212f8aa05d31",
"target_ref": "domain-name--9eb5e2fb-06d3-4f47-aead-4a14f44d0e6f"
}
]
}
Healthcare (HIPAA)
ELEVATED
CRITICAL ITEMS
HIGH SEVERITY ITEMS
MEDIUM SEVERITY ITEMS
EXECUTIVE INSIGHTS
DETECTION & RESPONSE KIT