{
    "type": "bundle",
    "id": "bundle--d83b7df9-258a-4043-a522-f77461838a68",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.337919Z",
            "modified": "2026-07-03T22:54:36.337919Z",
            "name": "The Hunters Ledger",
            "identity_class": "organization"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--3d790e8d-67e1-5b55-ad95-a33d6bd0f109",
            "value": "144.172.103.98"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--46b7e506-045a-5849-bf54-0e519b3e0f41",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.340712Z",
            "modified": "2026-07-03T22:54:36.340712Z",
            "name": "ipv4: 144.172.103.98",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[ipv4-addr:value = '144.172.103.98']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 95
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--0cc954d0-ab7e-5403-b760-ecce89342889",
            "value": "144.172.109.203"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--bb14b624-d5e8-5f37-bd0e-c6226f7c9cf4",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.347623Z",
            "modified": "2026-07-03T22:54:36.347623Z",
            "name": "ipv4: 144.172.109.203",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[ipv4-addr:value = '144.172.109.203']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--73f24759-34fb-55a8-9082-527356702c28",
            "value": "198.1.195.207"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--8f63ccdb-688d-54d9-8abd-bc25cf65d8fd",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.348461Z",
            "modified": "2026-07-03T22:54:36.348461Z",
            "name": "ipv4: 198.1.195.207",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[ipv4-addr:value = '198.1.195.207']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 80,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 80
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--c5efe09e-80e4-5b8c-9d58-d0868a2ae828",
            "value": "198.1.195.210"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--956b16bd-2868-5b75-a188-d4aa82f16bd8",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.349047Z",
            "modified": "2026-07-03T22:54:36.349047Z",
            "name": "ipv4: 198.1.195.210",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[ipv4-addr:value = '198.1.195.210']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--9987ebe4-0759-52d4-b134-98abaa18b54d",
            "value": "198.89.99.163"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--fbbe1eb6-7aa4-50fb-8a5d-6ddf9ca8196f",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.349549Z",
            "modified": "2026-07-03T22:54:36.349549Z",
            "name": "ipv4: 198.89.99.163",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[ipv4-addr:value = '198.89.99.163']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 60,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 60
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--23b2f09e-cec0-5eb7-afe8-88f3d5f79d8a",
            "value": "179.43.150.50"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--98fc5b94-ab86-5d56-8310-f18fce62bda3",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.350387Z",
            "modified": "2026-07-03T22:54:36.350387Z",
            "name": "ipv4: 179.43.150.50",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[ipv4-addr:value = '179.43.150.50']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 60,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 60
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--6f3b0478-0aba-5066-a1ea-2b5921c39d20",
            "value": "http://evilsoul.cc/socket.io/?EIO=4&transport=polling"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d5ab16b9-949e-5aae-b1c3-e66c32b648b4",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.351858Z",
            "modified": "2026-07-03T22:54:36.351858Z",
            "name": "url: http://evilsoul.cc/socket.io/?EIO=4&transport=polling",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[url:value = 'http://evilsoul.cc/socket.io/?EIO=4&transport=polling']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--be8aa977-a7ec-586a-be3a-b5f7db8fac47",
            "value": "http://198.1.195.210:3000/tralalero"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--61e25531-4098-560f-94c8-fc8348e38fed",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.35449Z",
            "modified": "2026-07-03T22:54:36.35449Z",
            "name": "url: http://198.1.195.210:3000/tralalero",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[url:value = 'http://198.1.195.210:3000/tralalero']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--2a449c37-117c-53d5-8a17-99669927f4b6",
            "value": "https://github.com/sqlban/configs/raw/refs/heads/main/chromelevator.exe"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--b0aba044-09e1-5f37-81f9-0d3102877d55",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.355089Z",
            "modified": "2026-07-03T22:54:36.355089Z",
            "name": "url: https://github.com/sqlban/configs/raw/refs/heads/main/chromelevator.exe",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[url:value = 'https://github.com/sqlban/configs/raw/refs/heads/main/chromelevator.exe']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--4842c4fb-587a-55f6-9fb1-871bf623ec78",
            "value": "https://github.com/sqlban/configs/raw/refs/heads/main/chrome_decrypt.dll"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--125571e3-db6a-5a86-8b53-13422a34b715",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.355893Z",
            "modified": "2026-07-03T22:54:36.355893Z",
            "name": "url: https://github.com/sqlban/configs/raw/refs/heads/main/chrome_decrypt.dll",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[url:value = 'https://github.com/sqlban/configs/raw/refs/heads/main/chrome_decrypt.dll']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--74756ddf-261c-5b39-9ce8-bfed75793359",
            "value": "http://evilsoul.xyz/download/decrypter/chrome_inject.exe"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--1087c29b-b9b4-5cc5-a14f-f05641aaab07",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.356826Z",
            "modified": "2026-07-03T22:54:36.356826Z",
            "name": "url: http://evilsoul.xyz/download/decrypter/chrome_inject.exe",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[url:value = 'http://evilsoul.xyz/download/decrypter/chrome_inject.exe']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 80,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 80
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--c10f3cc2-0cbb-587a-8a04-07032876b6cb",
            "value": "https://store8.gofile.io/uploadFile"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--b7fa97ff-0977-5334-8f3d-1d290e5a141d",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.35782Z",
            "modified": "2026-07-03T22:54:36.35782Z",
            "name": "url: https://store8.gofile.io/uploadFile",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[url:value = 'https://store8.gofile.io/uploadFile']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 95
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--33c78969-2d62-5f9e-a3c8-14e42455bd70",
            "value": "https://acf02ac96211.ngrok-free.app"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--697def34-d9ed-5244-8717-5c3e2140b1aa",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.358866Z",
            "modified": "2026-07-03T22:54:36.358866Z",
            "name": "url: https://acf02ac96211.ngrok-free.app",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[url:value = 'https://acf02ac96211.ngrok-free.app']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 95
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--ed0f5ce9-4850-50bd-a64e-1a7c3617c5cf",
            "value": "kaidoo.com.br"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f728748b-968a-5d9d-998e-e1967686ca2e",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.359918Z",
            "modified": "2026-07-03T22:54:36.359918Z",
            "name": "domain: kaidoo.com.br",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[domain-name:value = 'kaidoo.com.br']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--afca77a1-8e44-570b-9584-63d3356769d3",
            "value": "c2.kaidoo.com.br"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--e7cc84a5-aa27-5a54-a7cf-38dc1dfa5d40",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.361414Z",
            "modified": "2026-07-03T22:54:36.361414Z",
            "name": "domain: c2.kaidoo.com.br",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[domain-name:value = 'c2.kaidoo.com.br']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--4dea3ea7-6c0e-54b4-8e89-05dcbc4dc641",
            "value": "www.kaidoo.com.br"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--6907b9eb-f4b5-5b94-83a6-6543590c8b03",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.362403Z",
            "modified": "2026-07-03T22:54:36.362403Z",
            "name": "domain: www.kaidoo.com.br",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[domain-name:value = 'www.kaidoo.com.br']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 80,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 80
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--0fc12c42-c1db-542c-8c8e-19e19784f2da",
            "value": "evilsoul.cc"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--314ef298-f608-5c92-8c57-fe5a93a11da3",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.363661Z",
            "modified": "2026-07-03T22:54:36.363661Z",
            "name": "domain: evilsoul.cc",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[domain-name:value = 'evilsoul.cc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--11956e8f-7958-5e4d-ad6f-21f43f9f006b",
            "value": "evilsoul.xyz"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5ba0936a-572c-5afb-8f14-098cf4458169",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.364999Z",
            "modified": "2026-07-03T22:54:36.364999Z",
            "name": "domain: evilsoul.xyz",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[domain-name:value = 'evilsoul.xyz']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--9ea827e8-2129-5237-89c3-bbad62dc4eab",
            "value": "evilsoul1337.xyz"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--603fbed9-f0f3-5e2e-895a-e67ecffa041d",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.366167Z",
            "modified": "2026-07-03T22:54:36.366167Z",
            "name": "domain: evilsoul1337.xyz",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[domain-name:value = 'evilsoul1337.xyz']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 60,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 60
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--7f9bae1e-544b-55cc-91c4-ccf5885895eb",
            "value": "x4m1k.com"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--699fd09a-14e8-5b34-9a19-642042da338b",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.366744Z",
            "modified": "2026-07-03T22:54:36.366744Z",
            "name": "domain: x4m1k.com",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[domain-name:value = 'x4m1k.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 80,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 80
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--4eecb7d0-2ae7-5da5-a50e-c2c42f64f6b4",
            "value": "pay.x4m1k.com"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--64f68ffd-5598-5e75-a8e6-108679f2ff53",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.36727Z",
            "modified": "2026-07-03T22:54:36.36727Z",
            "name": "domain: pay.x4m1k.com",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[domain-name:value = 'pay.x4m1k.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 80,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 80
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--d2f6c00a-5f40-55f7-abd0-fad84b210151",
            "value": "systemtools.dev"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--fa541fcc-cf72-5c01-a6a3-2955fecb96b8",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.367761Z",
            "modified": "2026-07-03T22:54:36.367761Z",
            "name": "domain: systemtools.dev",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[domain-name:value = 'systemtools.dev']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 60,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 60
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--ea881463-6ef4-55f6-90e3-f31fef1715e8",
            "value": "choix-relay.com"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--06a03fd5-b55a-56cd-b60f-8355d15ecbd5",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.368518Z",
            "modified": "2026-07-03T22:54:36.368518Z",
            "name": "domain: choix-relay.com",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[domain-name:value = 'choix-relay.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 40,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 40
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--20b2c0f9-0698-505b-9dd3-8c86e68b44f0",
            "hashes": {
                "SHA-256": "c7542e8265f70d6c1dbf2e3cf6e81a90198cd157d3d6693c6d2a8a49d99a5b8d"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f6a4ebb0-f9e8-5832-8f9f-cb0159f65675",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.369295Z",
            "modified": "2026-07-03T22:54:36.369295Z",
            "name": "sha256: c7542e8265f70d6c1dbf2e3cf6e81a90198cd157d3d6693c6d2a8a49d99a5b8d",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.'SHA-256' = 'c7542e8265f70d6c1dbf2e3cf6e81a90198cd157d3d6693c6d2a8a49d99a5b8d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--82831ab5-8d90-5114-9366-1e6684c24502",
            "hashes": {
                "SHA-256": "385d20ca574976e3ba3f4f3079420f8a1c3935c0ab4a3f87063beea27d41e254"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--595e7e26-9368-5b2b-8adf-87b418b18f01",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.372539Z",
            "modified": "2026-07-03T22:54:36.372539Z",
            "name": "sha256: 385d20ca574976e3ba3f4f3079420f8a1c3935c0ab4a3f87063beea27d41e254",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.'SHA-256' = '385d20ca574976e3ba3f4f3079420f8a1c3935c0ab4a3f87063beea27d41e254']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--2d19688b-470b-5e10-95ec-c25d8259ae59",
            "hashes": {
                "SHA-256": "022944768c4326d611fa3edb100eb8277228717a220580e7ffce143341aa39fa"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d487abaa-2f25-5cb8-99d3-61c096417f12",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.373322Z",
            "modified": "2026-07-03T22:54:36.373322Z",
            "name": "sha256: 022944768c4326d611fa3edb100eb8277228717a220580e7ffce143341aa39fa",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.'SHA-256' = '022944768c4326d611fa3edb100eb8277228717a220580e7ffce143341aa39fa']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--04828ab9-acbe-5647-9089-fbb8b0cce223",
            "hashes": {
                "SHA-256": "b90100d58b5807139eec66ed4e414bfcecdc369ddd5307e8d0fe2be90dcccde5"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--be28ff7e-3d67-52b7-9f08-d4e4132d19be",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.373962Z",
            "modified": "2026-07-03T22:54:36.373962Z",
            "name": "sha256: b90100d58b5807139eec66ed4e414bfcecdc369ddd5307e8d0fe2be90dcccde5",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.'SHA-256' = 'b90100d58b5807139eec66ed4e414bfcecdc369ddd5307e8d0fe2be90dcccde5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 95
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--2d5de675-6a31-5287-a80e-8da1d8bf7ddc",
            "hashes": {
                "SHA-256": "19e970052401aa72aa3d5a1145fbef9ac57a6d3a39f47e618b575ff88283797a"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5607a0be-1a3e-57da-894f-cf291eed3b54",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.374664Z",
            "modified": "2026-07-03T22:54:36.374664Z",
            "name": "sha256: 19e970052401aa72aa3d5a1145fbef9ac57a6d3a39f47e618b575ff88283797a",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.'SHA-256' = '19e970052401aa72aa3d5a1145fbef9ac57a6d3a39f47e618b575ff88283797a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 95
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--d46575fb-77ca-5c7a-9f5a-abeb14eecba4",
            "hashes": {
                "SHA-256": "940bdf8421ace41cd9a93957122feed9faf0db02016c4b9daf4aeac7c0c794ed"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--0e4ece88-fc55-526f-9584-72c0fdad8fbe",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.37538Z",
            "modified": "2026-07-03T22:54:36.37538Z",
            "name": "sha256: 940bdf8421ace41cd9a93957122feed9faf0db02016c4b9daf4aeac7c0c794ed",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.'SHA-256' = '940bdf8421ace41cd9a93957122feed9faf0db02016c4b9daf4aeac7c0c794ed']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 95
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--0a3d4b6c-aab7-5faa-bc4a-b88c74c39f5e",
            "hashes": {
                "SHA-256": "2b23eed25f5885ca2652fde9f277b295de6ef0dbcdcce0826c4fd734b34dc0b8"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--dd61191b-3130-5b3f-9dab-5eeb93e23d04",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.376716Z",
            "modified": "2026-07-03T22:54:36.376716Z",
            "name": "sha256: 2b23eed25f5885ca2652fde9f277b295de6ef0dbcdcce0826c4fd734b34dc0b8",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.'SHA-256' = '2b23eed25f5885ca2652fde9f277b295de6ef0dbcdcce0826c4fd734b34dc0b8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 95
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--36a0fce0-dcf2-5e16-840b-349852d017e4",
            "hashes": {
                "SHA-256": "dd08fe79932b83890eb7811b59fe8bed37423384194cd9537ef4d8ab27b99b99"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--62129313-651a-540e-92c8-cf60ed76ced6",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.37841Z",
            "modified": "2026-07-03T22:54:36.37841Z",
            "name": "sha256: dd08fe79932b83890eb7811b59fe8bed37423384194cd9537ef4d8ab27b99b99",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.'SHA-256' = 'dd08fe79932b83890eb7811b59fe8bed37423384194cd9537ef4d8ab27b99b99']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": false,
            "x_opencti_score": 95
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--6bd7f850-8a40-5da6-ad61-66e5882f8223",
            "hashes": {
                "SHA-256": "299a2e7fa8a69c495ec19fecf55d93bb766addaa78e89a4e1ad78a9cea59b31c"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--cfb90865-9bc0-53ac-ab5e-20b3e1331a41",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.379359Z",
            "modified": "2026-07-03T22:54:36.379359Z",
            "name": "sha256: 299a2e7fa8a69c495ec19fecf55d93bb766addaa78e89a4e1ad78a9cea59b31c",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.'SHA-256' = '299a2e7fa8a69c495ec19fecf55d93bb766addaa78e89a4e1ad78a9cea59b31c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--2762220b-ffc6-5085-a1d5-e9ee6ddec12f",
            "hashes": {
                "SHA-256": "763303b69ad589bef248b66d1db93d5e567d9d60f95511806289289ff42a548e"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56e648c4-f76f-5b8f-ab45-313fd3b3457f",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.379953Z",
            "modified": "2026-07-03T22:54:36.379953Z",
            "name": "sha256: 763303b69ad589bef248b66d1db93d5e567d9d60f95511806289289ff42a548e",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.'SHA-256' = '763303b69ad589bef248b66d1db93d5e567d9d60f95511806289289ff42a548e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--c9a4fb0d-da5e-5701-aad2-83f61c76e61f",
            "hashes": {
                "SHA-256": "fe55908030318879f08b185b9c5b6e6f9d6f691154c361d60cce80162d844212"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d491a50-d8d8-545c-a4e5-bfa2eb5b66f3",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.380893Z",
            "modified": "2026-07-03T22:54:36.380893Z",
            "name": "sha256: fe55908030318879f08b185b9c5b6e6f9d6f691154c361d60cce80162d844212",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.'SHA-256' = 'fe55908030318879f08b185b9c5b6e6f9d6f691154c361d60cce80162d844212']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2026-07-03T00:00:00Z",
            "confidence": 95,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_opencti_detection": true,
            "x_opencti_score": 95
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--70020f4e-d0a7-5051-baf3-a91adf1b5385",
            "hashes": {
                "SHA-256": "9e26f198ba185fcda834d3c7b7ae074baf6cea65a3261dfc85a7cc9295e5a9d2"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--9ebd87da-8486-5612-b890-edb22c10e90e",
            "hashes": {
                "SHA-256": "2b1eb8470193d40c6b9f9844e4bba958103c4a629aa7d214658ce0199bf9373c"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--34ec8840-df42-5236-87a3-f9c85c1a6755",
            "hashes": {
                "SHA-256": "934185683e2294f063bcb60b883b7cd518a2ec468597441adfbadc679c0112c8"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--29e6b330-8a25-5756-a600-9d430add4afa",
            "hashes": {
                "SHA-256": "bfd3fe4ff947e29d3d33bf36c54be271bfec5885378990b3799570b402ab38bd"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--17b6f01f-1ee7-540c-83f7-e40387ab9e45",
            "hashes": {
                "SHA-256": "68f438ac293c749ebf9f71001ce5f976a34465c44c58f7b98bd3e2d1618c3366"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--9b02a63f-39be-59ed-8d17-cff69556940c",
            "hashes": {
                "SHA-256": "7eb134384e6afbaa910f5670d29f32305aff4f5ec0fdbb3b34fec848a4ea24da"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--ce9e2382-3cbe-5063-aac1-c663dc3f931f",
            "hashes": {
                "SHA-256": "dd97278cc64d0a8fbdb66f177367c29d2557dd445b306e922e9ad5660ea233e2"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--b5a6f4bb-b6c4-5cf8-b082-a4b3e7588f60",
            "hashes": {
                "SHA-256": "fc53e32f7aec1789b26a0c4c46397306f9ba332ccf9babb657bc41eef868ff0e"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--030bae2d-cded-514c-8e0f-5d867d291a74",
            "hashes": {
                "SHA-256": "cb679a4f6381f366d89c237cf07fcb09580b2e3c10c1e03a813a538e6e574c70"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--56a34f85-8e23-5d22-9a77-df8b41df6dcd",
            "hashes": {
                "SHA-256": "ce357b006e2c8df3a093332242d90832b023456eae272ce2c8610363107152dd"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--2e8f5bf6-9acc-58d8-82aa-b890cd99cdeb",
            "hashes": {
                "SHA-256": "787624b4414a7553a50dc65e037cef8cdd5bb8ea4d79a26b9e6aee5ebb6cf8a6"
            }
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--93558544-aa91-52fd-a95d-2d6fc7c4de44",
            "hashes": {
                "SHA-256": "0e7d6bade5a05e7b021683eba1a61f4aecbce2bd3cf3bee70cf12e995304c3a0"
            }
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5c601fee-ef41-52ff-b6e2-d26bb274d903",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.384526Z",
            "modified": "2026-07-03T22:54:36.384526Z",
            "name": "EvilSoul_Engine_Obfuscator_XOR_Key",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "/*\n   Yara Rule Set\n   Identifier: EvilSoul-Engine Stealer-Builder MaaS - Kit-Wide Obfuscator Anchors\n   Author: The Hunters Ledger\n   Source: https://the-hunters-ledger.com/\n   License: CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\n*/\n\nrule EvilSoul_Engine_Obfuscator_XOR_Key {\n   meta:\n      description = \"Detects EvilSoul-Engine stealer-builder MaaS output via the operator's hardcoded obfuscator XOR key constant and catchphrase comment, which survive js-confuser because they reside in the loader stage rather than the packed payload\"\n      license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n      author = \"The Hunters Ledger\"\n      reference = \"https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/\"\n      date = \"2026-07-03\"\n      hash1 = \"940bdf8421ace41cd9a93957122feed9faf0db02016c4b9daf4aeac7c0c794ed\"\n      family = \"EvilSoul-Engine\"\n      malware_type = \"Stealer-Builder\"\n      campaign = \"EvilSoul-Engine-Stealer-MaaS-144.172.103.98\"\n      id = \"5dddfdb6-6a13-54aa-83ed-65e27f52ac3b\"\n   strings:\n      $xor_key = \"see-you-in-the-hellwizard-1082@239$328927bA\" ascii wide\n      $catchphrase = \"wizard see you in the hell\" ascii wide\n      $debug_file = \"kaido_debug.txt\" ascii wide fullword\n      $token_decoder = \"D2VGTBwNZh8zV2A=\" ascii wide\n   condition:\n      filesize < 200MB and\n      ($xor_key or ($catchphrase and 1 of ($debug_file, $token_decoder)))\n}\n\nrule EvilSoul_Engine_SplitDomain_AntiGrep {\n   meta:\n      description = \"Detects EvilSoul-Engine's split-string anti-grep evasion of its own backend domain, where 'evilsoul.xyz' is constructed at runtime as the concatenation 'evilso' + 'ul.xyz' to defeat static string-grep hunting for the plaintext domain\"\n      license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n      author = \"The Hunters Ledger\"\n      reference = \"https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/\"\n      date = \"2026-07-03\"\n      hash1 = \"763303b69ad589bef248b66d1db93d5e567d9d60f95511806289289ff42a548e\"\n      family = \"EvilSoul-Engine\"\n      malware_type = \"Stealer-Builder\"\n      campaign = \"EvilSoul-Engine-Stealer-MaaS-144.172.103.98\"\n      id = \"b840f5f4-2278-5334-9567-825b5491553c\"\n   strings:\n      $split1 = \"'evilso'+'ul.xyz'\" ascii wide\n      $split2 = \"\\\"evilso\\\"+\\\"ul.xyz\\\"\" ascii wide\n      $split3 = \"'evilso' + 'ul.xyz'\" ascii wide\n      $split4 = \"\\\"evilso\\\" + \\\"ul.xyz\\\"\" ascii wide\n   condition:\n      filesize < 200MB and\n      1 of them\n}",
            "pattern_type": "yara",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--8eb1f406-6c2e-5e24-9e82-0f764aa3a4af",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.384814Z",
            "modified": "2026-07-03T22:54:36.384814Z",
            "name": "EvilSoul_Engine_Maploot_Tinarox_Embed_Titles",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "/*\n   Yara Rule Set\n   Identifier: EvilSoul-Engine Stealer-Builder MaaS - Maploot/Tinarox Electron Builds\n   Author: The Hunters Ledger\n   Source: https://the-hunters-ledger.com/\n   License: CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\n*/\n\nrule EvilSoul_Engine_Maploot_Tinarox_Embed_Titles {\n   meta:\n      description = \"Detects EvilSoul-Engine Maploot/Tinarox Electron stealer builds via their branded Discord-embed exfil title strings, confirmed byte-for-byte shared across both game-masquerade builds after webcrack de-obfuscation\"\n      license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n      author = \"The Hunters Ledger\"\n      reference = \"https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/\"\n      date = \"2026-07-03\"\n      hash1 = \"763303b69ad589bef248b66d1db93d5e567d9d60f95511806289289ff42a548e\"\n      hash2 = \"fe55908030318879f08b185b9c5b6e6f9d6f691154c361d60cce80162d844212\"\n      family = \"EvilSoul-Engine\"\n      malware_type = \"Stealer (Electron)\"\n      campaign = \"EvilSoul-Engine-Stealer-MaaS-144.172.103.98\"\n      id = \"7c0ba54a-cfe9-5363-b03c-52a5b183535e\"\n   strings:\n      $embed1 = \"EvilSoul Stealer - (Discord ~\" ascii wide\n      $embed2 = \"EvilSoul Stealer - (BrowserData ~\" ascii wide\n      $embed3 = \"EvilSoul (Exodus Session and BruteForce)\" ascii wide\n      $embed4 = \"EvilSoul (Steam Session)\" ascii wide\n      $embed5 = \"EvilSoul (Minecraft Session)\" ascii wide\n      $masquerade = \"Unreal Game Inc.\" ascii wide\n      $endpoint1 = \"dcinjection-send\" ascii wide\n      $endpoint2 = \"upload-txts\" ascii wide\n   condition:\n      filesize < 250MB and\n      (2 of ($embed*) or (1 of ($embed*) and ($masquerade or 1 of ($endpoint*))))\n}",
            "pattern_type": "yara",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d9213b19-02af-5913-831c-73018b12b053",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.38499Z",
            "modified": "2026-07-03T22:54:36.38499Z",
            "name": "EvilSoul_Engine_299a2e7f_SocketIO_WebPanel",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "/*\n   Yara Rule Set\n   Identifier: EvilSoul-Engine Stealer-Builder MaaS - 299a2e7f Socket.IO WebPanel Variant\n   Author: The Hunters Ledger\n   Source: https://the-hunters-ledger.com/\n   License: CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\n*/\n\nrule EvilSoul_Engine_299a2e7f_SocketIO_WebPanel {\n   meta:\n      description = \"Detects the EvilSoul-Engine 299a2e7f Socket.IO WebPanel RAT build via its distinctive args-file suffix, WebPanel embed title, and webhook-resolution relay endpoint string, all recovered from process memory during contained detonation\"\n      license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n      author = \"The Hunters Ledger\"\n      reference = \"https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/\"\n      date = \"2026-07-03\"\n      hash1 = \"299a2e7fa8a69c495ec19fecf55d93bb766addaa78e89a4e1ad78a9cea59b31c\"\n      family = \"EvilSoul-Engine\"\n      malware_type = \"Stealer + Interactive RAT (Socket.IO)\"\n      campaign = \"EvilSoul-Engine-Stealer-MaaS-144.172.103.98\"\n      id = \"3e7ee8e6-dfb5-5e12-a5c4-60d1db53ee2b\"\n   strings:\n      $argsfile = \"evilsoulblockkstarjkjaksghjhsjkahjskjak81929ijsahsjkj\" ascii wide fullword\n      $panel = \"EvilSoul ~ (WebPanel)\" ascii wide\n      $handle = \"@evilsoulstealer\" ascii wide\n      $relay = \"198.1.195.210:3000/tralalero\" ascii wide\n      $fallback_key = \"6D479A7E665F\" ascii wide fullword\n      $update_cmd = \"updatesystem.cmd\" ascii wide fullword\n   condition:\n      filesize < 100MB and\n      ($argsfile or $relay or (2 of ($panel, $handle, $fallback_key, $update_cmd)))\n}",
            "pattern_type": "yara",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d4900748-7a4d-5bb6-b797-bcba720f22d9",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.385129Z",
            "modified": "2026-07-03T22:54:36.385129Z",
            "name": "Tool_xaitax_ChromElevator_EvilSoul_Fork",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "/*\n   Yara Rule Set\n   Identifier: EvilSoul-Engine Supply Chain - xaitax ChromElevator ABE-Bypass Fork\n   Author: The Hunters Ledger\n   Source: https://the-hunters-ledger.com/\n   License: CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\n*/\n\nrule Tool_xaitax_ChromElevator_EvilSoul_Fork {\n   meta:\n      description = \"Detects the @breakingupslow-forked build of the public xaitax Chrome-App-Bound-Encryption-Decryption (ChromElevator) tool pair, adopted by the EvilSoul-Engine operator as a runtime-fetched ABE-bypass supply-chain component; anchors on fork-specific attribution strings rather than the stock upstream tool's generic decryption logic\"\n      license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n      author = \"The Hunters Ledger\"\n      reference = \"https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/\"\n      date = \"2026-07-03\"\n      hash1 = \"dd97278cc64d0a8fbdb66f177367c29d2557dd445b306e922e9ad5660ea233e2\"\n      hash2 = \"928f2ffa7fc84b74941fb714455d7bc14847b3af\"\n      hash3 = \"a567eab759a390a00b4605ea7d161b26\"\n      family = \"EvilSoul-Engine (xaitax ChromElevator fork)\"\n      malware_type = \"HackTool (ABE Bypass)\"\n      campaign = \"EvilSoul-Engine-Stealer-MaaS-144.172.103.98\"\n      id = \"69fc6b2f-9058-5fb8-802a-5e0559c9d881\"\n   strings:\n      $banner = \" by @xaitax / @breakingupslow\" ascii wide\n      $hollow_str = \" Direct Syscall-Based Reflective Hollowing\" ascii wide\n      $pipe = \"__DLL_PIPE_COMPLETION_SIGNAL__\" ascii wide fullword\n      $key_str = \"\\\"app_bound_encrypted_key\\\":\\\"\" ascii\n      $gcm = \"ChainingModeGCM\" ascii wide fullword\n      $copyright = \"# Copyright (https://t.me/evilsoulstealer/)\" ascii wide\n      $resource = \"PAYLOAD_DLL\" ascii fullword\n   condition:\n      uint16(0) == 0x5A4D and\n      filesize < 5MB and\n      ($banner or $copyright or 2 of ($hollow_str, $pipe, $key_str, $gcm, $resource))\n}",
            "pattern_type": "yara",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--b08cecb2-9f3d-5b76-9936-d78d4b75942d",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.385263Z",
            "modified": "2026-07-03T22:54:36.385263Z",
            "name": "Browser Relaunched with Remote Debugging and Headless Flags by Non-Browser Parent",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "title: Browser Relaunched with Remote Debugging and Headless Flags by Non-Browser Parent\nid: b788a75b-a966-47d5-b91b-5fb92b2e9571\nstatus: test\ndescription: >-\n  Detects a Chromium-based browser process launched with --remote-debugging-port,\n  --headless, and --user-data-dir simultaneously by a parent process that is not a\n  known browser or developer-automation binary. This flag combination is used by the\n  EvilSoul-Engine stealer-builder MaaS and its bundled xaitax ChromElevator tool to\n  relaunch the victim's own browser under CDP control and pull already-decrypted\n  cookies via Network.getAllCookies, bypassing Chrome App-Bound Encryption without\n  administrator rights.\nreferences:\n    - https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/\n    - https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption\nauthor: The Hunters Ledger\ndate: 2026-07-03\ntags:\n    - attack.credential-access\n    - attack.t1539\n    - attack.collection\n    - attack.t1185\nlogsource:\n    category: process_creation\n    product: windows\ndetection:\n    selection_flags:\n        CommandLine|contains|all:\n            - '--remote-debugging-port'\n            - '--headless'\n            - '--user-data-dir'\n    filter_main_browser_parent:\n        ParentImage|endswith:\n            - '\\chrome.exe'\n            - '\\msedge.exe'\n            - '\\brave.exe'\n            - '\\explorer.exe'\n    filter_dev_tooling_parent:\n        ParentImage|endswith:\n            - '\\node.exe'\n            - '\\python.exe'\n            - '\\pythonw.exe'\n    condition: selection_flags and not 1 of filter_*\nfalsepositives:\n    - Legitimate browser automation frameworks (Selenium, Puppeteer, Playwright) launched from a known developer-tooling parent process\n    - QA/CI pipelines that headlessly drive a browser for testing\nlevel: high",
            "pattern_type": "sigma",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--dfc91214-50db-502b-89fb-b7bbef92fe61",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.385388Z",
            "modified": "2026-07-03T22:54:36.385388Z",
            "name": "Python Process Opens LSASS Handle After Stdin Execution (ABE Decryptor Pattern)",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "title: Python Process Opens LSASS Handle After Stdin Execution (ABE Decryptor Pattern)\nid: e2ccff6f-eec8-4a34-a78e-4ac4bf5d50f3\nstatus: test\ndescription: >-\n  Detects a python.exe or pythonw.exe process that opens a handle to lsass.exe\n  shortly after being launched with the -u - stdin-execution flag combination\n  (no script file argument). This is the EvilSoul-Engine stealer.js build's\n  LSASS-impersonation App-Bound-Encryption decryptor, which enables SeDebugPrivilege\n  and impersonates the lsass.exe token to decrypt Chrome's app-bound key via\n  Windows CNG, leaving no decryptor script on disk.\nreferences:\n    - https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/\nauthor: The Hunters Ledger\ndate: 2026-07-03\ntags:\n    - attack.credential-access\n    - attack.t1003.001\n    - attack.t1539\nlogsource:\n    category: process_access\n    product: windows\ndetection:\n    selection_access:\n        TargetImage|endswith: '\\lsass.exe'\n        SourceImage|endswith:\n            - '\\python.exe'\n            - '\\pythonw.exe'\n    condition: selection_access\nfalsepositives:\n    - EDR or security-research tooling written in Python that legitimately inspects LSASS\n    - Authorized credential-recovery or forensic tooling in incident-response workflows\nlevel: high",
            "pattern_type": "sigma",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--84faab27-93c6-5e86-a657-8b522a23e976",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.385516Z",
            "modified": "2026-07-03T22:54:36.385516Z",
            "name": "Whole-Drive Windows Defender Exclusion Combined with Real-Time Monitoring Disable",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "title: Whole-Drive Windows Defender Exclusion Combined with Real-Time Monitoring Disable\nid: fde077ad-0afc-4158-bff6-f4c80604d461\nstatus: test\ndescription: >-\n  Detects PowerShell script block content that both adds a whole-drive\n  (C:\\) Windows Defender exclusion path and disables real-time monitoring in\n  the same execution context. This is the AV/Defender-suppression chain used\n  by the EvilSoul-Engine 299a2e7f Socket.IO WebPanel build's DisableProtections\n  function, which also disables behavior monitoring and the Windows Firewall\n  before running noisy credential-theft operations.\nreferences:\n    - https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/\nauthor: The Hunters Ledger\ndate: 2026-07-03\ntags:\n    - attack.defense-evasion\n    - attack.t1562.001\nlogsource:\n    category: ps_script\n    product: windows\ndetection:\n    selection_exclusion:\n        ScriptBlockText|contains:\n            - \"Add-MpPreference -ExclusionPath 'C:\\\\'\"\n            - 'Add-MpPreference -ExclusionPath \"C:\\\\\"'\n    selection_disable:\n        ScriptBlockText|contains:\n            - 'Set-MpPreference -DisableRealtimeMonitoring $true'\n            - 'Set-MpPreference -DisableBehaviorMonitoring $true'\n    condition: selection_exclusion and selection_disable\nfalsepositives:\n    - IT-administration deployment scripts that legitimately exclude C:\\ during imaging or migration (uncommon but not impossible)\nlevel: high",
            "pattern_type": "sigma",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--1560c96b-28fd-5b01-927a-e1ba59ed568a",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.385641Z",
            "modified": "2026-07-03T22:54:36.385641Z",
            "name": "Scheduled Task Created with Microsoft Corporation Author and Hidden Flag",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "title: Scheduled Task Created with Microsoft Corporation Author and Hidden Flag\nid: c69291c1-70a6-4aa1-835f-bc26d4afcc2f\nstatus: test\ndescription: >-\n  Detects creation of a new scheduled task whose Task XML Author field is set\n  to the literal string \"Microsoft Corporation\" combined with the hidden\n  flag enabled. This is the EvilSoul-Engine stealer.js build's persistence\n  masquerade, designed to blend into Task Scheduler listings next to genuine\n  Microsoft-authored tasks; legitimate Microsoft tasks are installed by the\n  OS image or Windows Update rather than created at runtime.\nreferences:\n    - https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/\nauthor: The Hunters Ledger\ndate: 2026-07-03\ntags:\n    - attack.persistence\n    - attack.t1053.005\n    - attack.defense-evasion\n    - attack.t1036.004\nlogsource:\n    product: windows\n    service: security\n    definition: 'Requires Task Scheduler operational logging or Security auditing of Task Scheduler object creation (Event ID 4698) with TaskContent captured'\ndetection:\n    selection:\n        EventID: 4698\n        TaskContent|contains:\n            - '<Author>Microsoft Corporation</Author>'\n            - '<Hidden>true</Hidden>'\n    condition: selection\nfalsepositives:\n    - None expected \u2014 genuine Microsoft Corporation-authored tasks are pre-installed by the OS, not created via runtime Event ID 4698 registration by a user-context process\nlevel: high",
            "pattern_type": "sigma",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--8fc5d48b-d42b-5667-bed2-a11d9fba74de",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.385765Z",
            "modified": "2026-07-03T22:54:36.385765Z",
            "name": "ChromElevator ABE-Bypass Tool Dropped to TEMP Executor Directory",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "title: ChromElevator ABE-Bypass Tool Dropped to TEMP Executor Directory\nid: 2d54e3fa-a90b-4709-9521-b7a4ab95e76a\nstatus: test\ndescription: >-\n  Detects file creation of chromelevator.exe or chrome_decrypt.dll under a\n  TEMP\\executor\\ path, matching the staging location used by the EvilSoul-Engine\n  299a2e7f Socket.IO WebPanel build when it downloads the xaitax\n  Chrome-App-Bound-Encryption-Decryption tool pair from a GitHub supply-chain\n  mirror at runtime.\nreferences:\n    - https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/\n    - https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption\nauthor: The Hunters Ledger\ndate: 2026-07-03\ntags:\n    - attack.command-and-control\n    - attack.t1105\n    - attack.credential-access\n    - attack.t1555.003\nlogsource:\n    category: file_event\n    product: windows\ndetection:\n    selection:\n        TargetFilename|contains: '\\executor\\'\n        TargetFilename|endswith:\n            - '\\chromelevator.exe'\n            - '\\chrome_decrypt.dll'\n    condition: selection\nfalsepositives:\n    - Extremely unlikely \u2014 these are operator-chosen filenames with no legitimate software collision\nlevel: high",
            "pattern_type": "sigma",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5ea43a2a-c278-5f95-9406-c5748b5c3029",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.385891Z",
            "modified": "2026-07-03T22:54:36.385891Z",
            "name": "EvilSoul-Engine Watchdog Persistence Files Created in TEMP or Startup",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "title: EvilSoul-Engine Watchdog Persistence Files Created in TEMP or Startup\nid: 5f925688-77fd-410a-9c8a-83ca801a5013\nstatus: test\ndescription: >-\n  Detects file creation of the specific watchdog and persistence-chain\n  filenames used by the EvilSoul-Engine 299a2e7f build's redundant\n  persistence-of-persistence mechanism, including updatesystem.cmd,\n  watcher.vbs, and update.bat, which are subsequently attribute-flagged\n  hidden to survive casual folder inspection.\nreferences:\n    - https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/\nauthor: The Hunters Ledger\ndate: 2026-07-03\ntags:\n    - attack.defense-evasion\n    - attack.t1564.001\n    - attack.persistence\n    - attack.t1053.005\nlogsource:\n    category: file_event\n    product: windows\ndetection:\n    selection:\n        TargetFilename|endswith:\n            - '\\updatesystem.cmd'\n            - '\\watcher.vbs'\n            - '\\update.bat'\n    filter_common_update_paths:\n        TargetFilename|contains:\n            - '\\Windows\\System32\\'\n            - '\\Program Files\\'\n    condition: selection and not filter_common_update_paths\nfalsepositives:\n    - Legitimate software update scripts that happen to share these generic filenames outside protected system directories\n    - Custom internal IT automation using similarly named watchdog scripts\nlevel: medium",
            "pattern_type": "sigma",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--dadea9a5-b814-506e-8c88-75f599861351",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.386015Z",
            "modified": "2026-07-03T22:54:36.386015Z",
            "name": "THL EvilSoul-Engine DNS Query for evilsoul.cc or evilsoul.xyz Backend",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "alert dns $HOME_NET any -> any any (msg:\"THL EvilSoul-Engine DNS Query for evilsoul.cc or evilsoul.xyz Backend\"; dns_query; content:\"evilsoul.\"; nocase; threshold:type limit,track by_src,count 1,seconds 3600; classtype:trojan-activity; sid:1000006; rev:1; metadata:author The_Hunters_Ledger, date 2026-07-03, reference https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/;)",
            "pattern_type": "suricata",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--0c737e48-622b-501a-87bc-8aefb14f45a8",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.386174Z",
            "modified": "2026-07-03T22:54:36.386174Z",
            "name": "THL EvilSoul-Engine Socket.IO C2 Handshake to evilsoul.cc (299a2e7f WebPanel RAT)",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "alert http $HOME_NET any -> any any (msg:\"THL EvilSoul-Engine Socket.IO C2 Handshake to evilsoul.cc (299a2e7f WebPanel RAT)\"; flow:established,to_server; http.host; content:\"evilsoul.cc\"; nocase; http.uri; content:\"/socket.io/\"; nocase; content:\"transport=polling\"; nocase; threshold:type limit,track by_src,count 1,seconds 3600; classtype:trojan-activity; sid:1000001; rev:1; metadata:author The_Hunters_Ledger, date 2026-07-03, reference https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/;)",
            "pattern_type": "suricata",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--a62c9fd8-cfbc-588e-b190-eb5cca5021fe",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.386402Z",
            "modified": "2026-07-03T22:54:36.386402Z",
            "name": "THL EvilSoul-Engine Webhook-Resolution Relay POST /tralalero (299a2e7f License-Gated C2)",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "alert http $HOME_NET any -> 198.1.195.210 any (msg:\"THL EvilSoul-Engine Webhook-Resolution Relay POST /tralalero (299a2e7f License-Gated C2)\"; flow:established,to_server; http.method; content:\"POST\"; http.uri; content:\"/tralalero\"; nocase; threshold:type limit,track by_src,count 1,seconds 3600; classtype:trojan-activity; sid:1000002; rev:1; metadata:author The_Hunters_Ledger, date 2026-07-03, reference https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/;)",
            "pattern_type": "suricata",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--6e909c87-ae8f-538b-a41f-a4a49e4b266a",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.386616Z",
            "modified": "2026-07-03T22:54:36.386616Z",
            "name": "THL EvilSoul-Engine Discord Webhook Exfiltration POST Primary Sink (Maploot/Tinarox)",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "alert http $HOME_NET any -> any any (msg:\"THL EvilSoul-Engine Discord Webhook Exfiltration POST Primary Sink (Maploot/Tinarox)\"; flow:established,to_server; http.host; content:\"discord.com\"; nocase; http.uri; content:\"/api/webhooks/1391195207508295750\"; threshold:type limit,track by_src,count 1,seconds 3600; classtype:trojan-activity; sid:1000003; rev:1; metadata:author The_Hunters_Ledger, date 2026-07-03, reference https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/;)",
            "pattern_type": "suricata",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--9ca8c69a-8050-5f31-b2fd-6ceb2fb10f22",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.38676Z",
            "modified": "2026-07-03T22:54:36.38676Z",
            "name": "THL EvilSoul-Engine Discord Webhook Exfiltration POST Secondary Sink (Maploot/Tinarox)",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "alert http $HOME_NET any -> any any (msg:\"THL EvilSoul-Engine Discord Webhook Exfiltration POST Secondary Sink (Maploot/Tinarox)\"; flow:established,to_server; http.host; content:\"discord.com\"; nocase; http.uri; content:\"/api/webhooks/1401355074235793458\"; threshold:type limit,track by_src,count 1,seconds 3600; classtype:trojan-activity; sid:1000004; rev:1; metadata:author The_Hunters_Ledger, date 2026-07-03, reference https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/;)",
            "pattern_type": "suricata",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f199f3e0-fdd1-5bcb-8244-130a88efee92",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.386886Z",
            "modified": "2026-07-03T22:54:36.386886Z",
            "name": "THL EvilSoul-Engine Operator ngrok Tunnel Panel-Delivery Endpoint (acf02ac96211)",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "alert http $HOME_NET any -> any any (msg:\"THL EvilSoul-Engine Operator ngrok Tunnel Panel-Delivery Endpoint (acf02ac96211)\"; flow:established,to_server; http.host; content:\"acf02ac96211.ngrok-free.app\"; nocase; threshold:type limit,track by_src,count 1,seconds 3600; classtype:trojan-activity; sid:1000005; rev:1; metadata:author The_Hunters_Ledger, date 2026-07-03, reference https://the-hunters-ledger.com/hunting-detections/evilsoul-engine-stealer-maas-detections/;)",
            "pattern_type": "suricata",
            "valid_from": "2026-07-03T00:00:00Z",
            "labels": [
                "detection-rule"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "malware",
            "spec_version": "2.1",
            "id": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.387041Z",
            "modified": "2026-07-03T22:54:36.387041Z",
            "name": "KAIDO (Quasar RAT fork)",
            "is_family": true,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "malware",
            "spec_version": "2.1",
            "id": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.387183Z",
            "modified": "2026-07-03T22:54:36.387183Z",
            "name": "EvilSoul-Engine (Node/Electron stealer-builder)",
            "is_family": true,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "malware",
            "spec_version": "2.1",
            "id": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.387324Z",
            "modified": "2026-07-03T22:54:36.387324Z",
            "name": "",
            "description": "KAIDO Quasar RAT, tag 'breach', C2 kaidoo.com.br:4782 (PART A)",
            "malware_types": [
                "backdoor"
            ],
            "is_family": false,
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "tool",
            "spec_version": "2.1",
            "id": "tool--f74c71fe-d8db-5a4f-a72e-64ed43a00e9a",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.3895Z",
            "modified": "2026-07-03T22:54:36.3895Z",
            "name": "TinaroxGamesFree.exe",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "tool",
            "spec_version": "2.1",
            "id": "tool--4b957a0e-efed-5e07-9309-2a437bad6185",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.389669Z",
            "modified": "2026-07-03T22:54:36.389669Z",
            "name": "Tinarox app.asar",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "tool",
            "spec_version": "2.1",
            "id": "tool--88b9ffbc-1231-54a9-a4b2-0a445fca156e",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.389791Z",
            "modified": "2026-07-03T22:54:36.389791Z",
            "name": "Sibling EvilSoul node.exe build",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "tool",
            "spec_version": "2.1",
            "id": "tool--cd5a7079-76ac-53be-8bbf-3c36716bb485",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.390049Z",
            "modified": "2026-07-03T22:54:36.390049Z",
            "name": "evilsoul.cc node.exe build",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "tool",
            "spec_version": "2.1",
            "id": "tool--b424037b-6635-5714-9b59-e3b10f697087",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.390316Z",
            "modified": "2026-07-03T22:54:36.390316Z",
            "name": "chromelevator.exe \u2014 xaitax ChromElevator ABE-bypass tool",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "tool",
            "spec_version": "2.1",
            "id": "tool--62d971f9-d831-58f0-b968-69b59f90ec95",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.390429Z",
            "modified": "2026-07-03T22:54:36.390429Z",
            "name": "chrome_decrypt.dll \u2014 xaitax ABE-bypass companion DLL; commodity",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "tool",
            "spec_version": "2.1",
            "id": "tool--9cd10700-d2cb-56eb-83b2-73588c847ea0",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.39058Z",
            "modified": "2026-07-03T22:54:36.39058Z",
            "name": "static/sv2.exe \u2014 unrecovered EvilSoul builder output",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "tool",
            "spec_version": "2.1",
            "id": "tool--5138b37f-09cf-5434-8f40-7cdd8570bbe0",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.390698Z",
            "modified": "2026-07-03T22:54:36.390698Z",
            "name": "static/snew.exe \u2014 unrecovered EvilSoul builder output",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "tool",
            "spec_version": "2.1",
            "id": "tool--456c717b-9006-567b-8e1e-aa953c8e9c91",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.390804Z",
            "modified": "2026-07-03T22:54:36.390804Z",
            "name": "static/sfix.exe \u2014 unrecovered EvilSoul builder output",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "tool",
            "spec_version": "2.1",
            "id": "tool--428c62e8-7fba-520a-8e51-795790f2cdab",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.390909Z",
            "modified": "2026-07-03T22:54:36.390909Z",
            "name": "static/tpkg.exe \u2014 unrecovered EvilSoul builder output",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.391031Z",
            "modified": "2026-07-03T22:54:36.391031Z",
            "name": "Remote Access Software",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1219",
                    "external_id": "T1219"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--aa8b0690-c505-5342-9b08-0e02886a69bc",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.391211Z",
            "modified": "2026-07-03T22:54:36.391211Z",
            "name": "Mark-of-the-Web Bypass",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1553/005",
                    "external_id": "T1553.005"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.391353Z",
            "modified": "2026-07-03T22:54:36.391353Z",
            "name": "Execution Guardrails",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1480",
                    "external_id": "T1480"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.391493Z",
            "modified": "2026-07-03T22:54:36.391493Z",
            "name": "Non-Application Layer Protocol",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1095",
                    "external_id": "T1095"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--519ad548-2612-50a9-b36f-4c734818a1e0",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.391624Z",
            "modified": "2026-07-03T22:54:36.391624Z",
            "name": "Screen Capture",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1113",
                    "external_id": "T1113"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--a08f8085-d76d-5961-9cc5-38087943d6db",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.391753Z",
            "modified": "2026-07-03T22:54:36.391753Z",
            "name": "Audio Capture",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1123",
                    "external_id": "T1123"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--70904fdb-eb8c-5a21-a92c-b360b1e3ac6b",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.391881Z",
            "modified": "2026-07-03T22:54:36.391881Z",
            "name": "Video Capture",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1125",
                    "external_id": "T1125"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--80b14c50-a83e-5710-bab3-dcfeb4e392e8",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.392034Z",
            "modified": "2026-07-03T22:54:36.392034Z",
            "name": "Keylogging",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1056/001",
                    "external_id": "T1056.001"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--b41e6891-97a9-552c-8eb3-afaa1f79e9d4",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.392179Z",
            "modified": "2026-07-03T22:54:36.392179Z",
            "name": "Credentials from Web Browsers",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1555/003",
                    "external_id": "T1555.003"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--16d93383-9cd3-53c0-94a2-a75a3a9e3a9e",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.392329Z",
            "modified": "2026-07-03T22:54:36.392329Z",
            "name": "Steal Web Session Cookie",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1539",
                    "external_id": "T1539"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--f04532fb-150d-5d27-99b3-5392af504899",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.392536Z",
            "modified": "2026-07-03T22:54:36.392536Z",
            "name": "Steal Application Access Token",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1528",
                    "external_id": "T1528"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--8e7236ae-f640-50d6-b963-93fae62071c7",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.392894Z",
            "modified": "2026-07-03T22:54:36.392894Z",
            "name": "Impair Defenses: Disable or Modify Tools",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1562/001",
                    "external_id": "T1562.001"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--75390216-c11c-5124-96a6-9e2e4abd3eac",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.393127Z",
            "modified": "2026-07-03T22:54:36.393127Z",
            "name": "Virtualization/Sandbox Evasion",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1497",
                    "external_id": "T1497"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--6658900e-2ea1-58c9-8299-3af19b543ee6",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.393357Z",
            "modified": "2026-07-03T22:54:36.393357Z",
            "name": "Process Hollowing",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1055/012",
                    "external_id": "T1055.012"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--c9653036-cc40-5cbd-a547-4af6331fb026",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.393688Z",
            "modified": "2026-07-03T22:54:36.393688Z",
            "name": "Registry Run Keys / Startup Folder",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1547/001",
                    "external_id": "T1547.001"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--c6920460-6697-5d18-8569-ca30c39598fa",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.393945Z",
            "modified": "2026-07-03T22:54:36.393945Z",
            "name": "Scheduled Task",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1053/005",
                    "external_id": "T1053.005"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.39418Z",
            "modified": "2026-07-03T22:54:36.39418Z",
            "name": "Masquerade Task or Service",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1036/004",
                    "external_id": "T1036.004"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--ed69c65f-7bc6-5a49-accd-759abe8c1c1b",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.394414Z",
            "modified": "2026-07-03T22:54:36.394414Z",
            "name": "Exfiltration to Cloud Storage",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1567/002",
                    "external_id": "T1567.002"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.394665Z",
            "modified": "2026-07-03T22:54:36.394665Z",
            "name": "Exfiltration Over C2 Channel",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1041",
                    "external_id": "T1041"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "attack-pattern",
            "spec_version": "2.1",
            "id": "attack-pattern--852a0723-27b9-50f5-a408-61944e14a1bc",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.394966Z",
            "modified": "2026-07-03T22:54:36.394966Z",
            "name": "Obtain Capabilities: Tool",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1588/002",
                    "external_id": "T1588.002"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "infrastructure",
            "spec_version": "2.1",
            "id": "infrastructure--3be33cba-83f9-587b-8666-6ead4b3fb949",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.395248Z",
            "modified": "2026-07-03T22:54:36.395248Z",
            "name": "evilsoul-engine-stealer-maas-144-172-103-98 infrastructure",
            "infrastructure_types": [
                "command-and-control",
                "hosting"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--a86cfbf2-5840-524b-a953-9cf6fa0442dc",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.396738Z",
            "modified": "2026-07-03T22:54:36.396738Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--46b7e506-045a-5849-bf54-0e519b3e0f41",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--0b70327e-122f-5b0f-b01a-ee661c5870ab",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.397071Z",
            "modified": "2026-07-03T22:54:36.397071Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--bb14b624-d5e8-5f37-bd0e-c6226f7c9cf4",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--82942da3-835b-598c-bc9e-47f4dbbb6b07",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.397214Z",
            "modified": "2026-07-03T22:54:36.397214Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--8f63ccdb-688d-54d9-8abd-bc25cf65d8fd",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--65ce8278-02f8-5793-a3ef-1da35f8de06c",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.397329Z",
            "modified": "2026-07-03T22:54:36.397329Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--956b16bd-2868-5b75-a188-d4aa82f16bd8",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--dc366754-fb43-5129-ab9e-8990e4a5e78d",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.397443Z",
            "modified": "2026-07-03T22:54:36.397443Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--fbbe1eb6-7aa4-50fb-8a5d-6ddf9ca8196f",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--e8b6f6df-37ea-5d28-aa15-b71b1e3a0011",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.397551Z",
            "modified": "2026-07-03T22:54:36.397551Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--98fc5b94-ab86-5d56-8310-f18fce62bda3",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--96a11935-a401-512a-b587-b3ae92f36ab5",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.397658Z",
            "modified": "2026-07-03T22:54:36.397658Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--d5ab16b9-949e-5aae-b1c3-e66c32b648b4",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--5c8dba26-1b61-59be-8f74-bf64810cf0dc",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.397765Z",
            "modified": "2026-07-03T22:54:36.397765Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--61e25531-4098-560f-94c8-fc8348e38fed",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--f7c86f3b-d650-55ed-ac8a-42e06058cacc",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.397873Z",
            "modified": "2026-07-03T22:54:36.397873Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--b0aba044-09e1-5f37-81f9-0d3102877d55",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--e92f382f-877a-5691-a73a-ea8316742bf7",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.39798Z",
            "modified": "2026-07-03T22:54:36.39798Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--125571e3-db6a-5a86-8b53-13422a34b715",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--d7bbf42b-c6b4-596c-a4b5-c485fe76902f",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.398083Z",
            "modified": "2026-07-03T22:54:36.398083Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--1087c29b-b9b4-5cc5-a14f-f05641aaab07",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--9583520d-cdf2-562e-afd6-6e5242fc454d",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.398187Z",
            "modified": "2026-07-03T22:54:36.398187Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--b7fa97ff-0977-5334-8f3d-1d290e5a141d",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--55cf78ca-1401-5ca0-bd90-22fd0f4bc973",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.39831Z",
            "modified": "2026-07-03T22:54:36.39831Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--697def34-d9ed-5244-8717-5c3e2140b1aa",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--940238b4-daf7-5da7-b9c0-2246ee5ff34f",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.398481Z",
            "modified": "2026-07-03T22:54:36.398481Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--f728748b-968a-5d9d-998e-e1967686ca2e",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--bf7c9553-c716-570b-b8c0-5f81c6c06bdf",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.398731Z",
            "modified": "2026-07-03T22:54:36.398731Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--e7cc84a5-aa27-5a54-a7cf-38dc1dfa5d40",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--426abf06-cdac-5e80-9610-75047360f8cc",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.398849Z",
            "modified": "2026-07-03T22:54:36.398849Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--6907b9eb-f4b5-5b94-83a6-6543590c8b03",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--64f4057c-6196-5da1-8f7b-58b3cbd23603",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.398955Z",
            "modified": "2026-07-03T22:54:36.398955Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--314ef298-f608-5c92-8c57-fe5a93a11da3",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--b5c66c49-a35a-52be-8ef1-23ca451d037c",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.399066Z",
            "modified": "2026-07-03T22:54:36.399066Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--5ba0936a-572c-5afb-8f14-098cf4458169",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--acc29f3d-e29b-5fec-ab7b-3e56fbebf669",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.399179Z",
            "modified": "2026-07-03T22:54:36.399179Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--603fbed9-f0f3-5e2e-895a-e67ecffa041d",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--07f5b56b-1264-5a6c-8430-10172fce1e70",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.3993Z",
            "modified": "2026-07-03T22:54:36.3993Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--699fd09a-14e8-5b34-9a19-642042da338b",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--7423c58f-04a6-516c-980c-b0f9dbbafa00",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.39943Z",
            "modified": "2026-07-03T22:54:36.39943Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--64f68ffd-5598-5e75-a8e6-108679f2ff53",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--ca18f0c5-eff7-5c1a-9857-6ee452755711",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.39955Z",
            "modified": "2026-07-03T22:54:36.39955Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--fa541fcc-cf72-5c01-a6a3-2955fecb96b8",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--14051a21-e9d2-5cd3-8b97-c35b864471f5",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.399666Z",
            "modified": "2026-07-03T22:54:36.399666Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--06a03fd5-b55a-56cd-b60f-8355d15ecbd5",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--d03baaa8-1531-55ba-8304-219969dc84b1",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.399779Z",
            "modified": "2026-07-03T22:54:36.399779Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--f6a4ebb0-f9e8-5832-8f9f-cb0159f65675",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--7bbd250a-aa81-570e-b9fa-af554bb34e6b",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.399893Z",
            "modified": "2026-07-03T22:54:36.399893Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--595e7e26-9368-5b2b-8adf-87b418b18f01",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--3ca5b110-0541-55bb-b6f3-4e213f915825",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.400011Z",
            "modified": "2026-07-03T22:54:36.400011Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--d487abaa-2f25-5cb8-99d3-61c096417f12",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--e103f2d7-1fc0-5c69-8e25-5a2c979f3b99",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.400136Z",
            "modified": "2026-07-03T22:54:36.400136Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--be28ff7e-3d67-52b7-9f08-d4e4132d19be",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--637586ae-7085-5129-a983-1c6e84e68705",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.400263Z",
            "modified": "2026-07-03T22:54:36.400263Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--5607a0be-1a3e-57da-894f-cf291eed3b54",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--3496392c-d634-55bf-a1a7-f8d897a53f23",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.4004Z",
            "modified": "2026-07-03T22:54:36.4004Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--0e4ece88-fc55-526f-9584-72c0fdad8fbe",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--fcd745f7-6d37-510b-a0e4-79090f89947e",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.400533Z",
            "modified": "2026-07-03T22:54:36.400533Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--dd61191b-3130-5b3f-9dab-5eeb93e23d04",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--e7464b24-554c-5de8-8cf9-940ffe5cf2f1",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.400657Z",
            "modified": "2026-07-03T22:54:36.400657Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--62129313-651a-540e-92c8-cf60ed76ced6",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--28085b12-0ba9-5854-9995-8d9e7eb230d3",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.400812Z",
            "modified": "2026-07-03T22:54:36.400812Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--cfb90865-9bc0-53ac-ab5e-20b3e1331a41",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--e7a29130-2aad-5543-8779-96e365aac335",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.400998Z",
            "modified": "2026-07-03T22:54:36.400998Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--56e648c4-f76f-5b8f-ab45-313fd3b3457f",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--5beb8ca0-541f-533d-9602-6b4651ece948",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.401184Z",
            "modified": "2026-07-03T22:54:36.401184Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--5d491a50-d8d8-545c-a4e5-bfa2eb5b66f3",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--1e79128f-4f94-5c21-a0ab-ba34f2270e2e",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.40135Z",
            "modified": "2026-07-03T22:54:36.40135Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--5c601fee-ef41-52ff-b6e2-d26bb274d903",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--57f4b1c0-3452-5c26-985f-248d21414945",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.401465Z",
            "modified": "2026-07-03T22:54:36.401465Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--8eb1f406-6c2e-5e24-9e82-0f764aa3a4af",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--7d205096-473a-57df-b35a-ae0a9931f362",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.401587Z",
            "modified": "2026-07-03T22:54:36.401587Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--d9213b19-02af-5913-831c-73018b12b053",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--5f6dc1e7-d19f-5a0b-a4fa-87131bf27096",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.401705Z",
            "modified": "2026-07-03T22:54:36.401705Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--d4900748-7a4d-5bb6-b797-bcba720f22d9",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--47a83c9c-6871-504f-a7f7-13fbf0e87432",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.401815Z",
            "modified": "2026-07-03T22:54:36.401815Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--b08cecb2-9f3d-5b76-9936-d78d4b75942d",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--48dbb9f3-428a-5fb1-9f84-e88c1fb4db12",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.401929Z",
            "modified": "2026-07-03T22:54:36.401929Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--dfc91214-50db-502b-89fb-b7bbef92fe61",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--9bd5ff2f-decd-56be-bb21-51e11b52f0dd",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.402046Z",
            "modified": "2026-07-03T22:54:36.402046Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--84faab27-93c6-5e86-a657-8b522a23e976",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--a94f5307-969a-5428-8712-4694c97de6f3",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.402194Z",
            "modified": "2026-07-03T22:54:36.402194Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--1560c96b-28fd-5b01-927a-e1ba59ed568a",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--ac848e0f-fa03-5103-a462-636c8561cfdc",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.40239Z",
            "modified": "2026-07-03T22:54:36.40239Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--8fc5d48b-d42b-5667-bed2-a11d9fba74de",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--de6f5a1d-bb24-59e2-86ce-22a2b72a0c35",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.402506Z",
            "modified": "2026-07-03T22:54:36.402506Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--5ea43a2a-c278-5f95-9406-c5748b5c3029",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--1561f6bf-be48-5308-84b4-8e1331526a84",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.402614Z",
            "modified": "2026-07-03T22:54:36.402614Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--dadea9a5-b814-506e-8c88-75f599861351",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--5ae589de-0993-5dd8-ade7-3f49fd717752",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.40272Z",
            "modified": "2026-07-03T22:54:36.40272Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--0c737e48-622b-501a-87bc-8aefb14f45a8",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--ea4d5bbe-5858-5998-89df-60bdbc289bbd",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.402829Z",
            "modified": "2026-07-03T22:54:36.402829Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--a62c9fd8-cfbc-588e-b190-eb5cca5021fe",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--b90ffd15-bfed-5016-9a99-eb27d713d5a4",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.402934Z",
            "modified": "2026-07-03T22:54:36.402934Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--6e909c87-ae8f-538b-a41f-a4a49e4b266a",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--b92d6295-074b-55a6-973b-e2396027dade",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.403066Z",
            "modified": "2026-07-03T22:54:36.403066Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--9ca8c69a-8050-5f31-b2fd-6ceb2fb10f22",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--f40e00a4-39b8-5dc8-9e85-00a5b374ac77",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.403177Z",
            "modified": "2026-07-03T22:54:36.403177Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--f199f3e0-fdd1-5bcb-8244-130a88efee92",
            "target_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--06bb6bea-bc3b-5049-9d63-a59af68b8523",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.40329Z",
            "modified": "2026-07-03T22:54:36.40329Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--c573fe45-8daa-5ff3-9688-9cdd5e8c2308",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.403408Z",
            "modified": "2026-07-03T22:54:36.403408Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--aa8b0690-c505-5342-9b08-0e02886a69bc",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--4b3d8a6d-de03-556e-b3e5-0c55624fb41f",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.403513Z",
            "modified": "2026-07-03T22:54:36.403513Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--92e4919c-ce8e-5572-b3e8-221ca46dce37",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.403617Z",
            "modified": "2026-07-03T22:54:36.403617Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--9529d192-6f71-5990-84dc-85b81a6eb3f5",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.40372Z",
            "modified": "2026-07-03T22:54:36.40372Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--519ad548-2612-50a9-b36f-4c734818a1e0",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--f1bf3c2d-03dd-53bb-ae87-3e00b4036b6b",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.403824Z",
            "modified": "2026-07-03T22:54:36.403824Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--a08f8085-d76d-5961-9cc5-38087943d6db",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--aa8cca20-7807-5599-9943-4ff1ea531d96",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.403927Z",
            "modified": "2026-07-03T22:54:36.403927Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--70904fdb-eb8c-5a21-a92c-b360b1e3ac6b",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--f7d8fb36-0d65-5b81-9a50-4e56a66ef79c",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.404028Z",
            "modified": "2026-07-03T22:54:36.404028Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--80b14c50-a83e-5710-bab3-dcfeb4e392e8",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--47158991-70f7-5425-91a4-9fd298bc587e",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.40413Z",
            "modified": "2026-07-03T22:54:36.40413Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--b41e6891-97a9-552c-8eb3-afaa1f79e9d4",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--f84b9818-f3a5-5b25-ac26-26b1817df399",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.404233Z",
            "modified": "2026-07-03T22:54:36.404233Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--16d93383-9cd3-53c0-94a2-a75a3a9e3a9e",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--537b36e2-adba-504d-b9c8-7a4adb1ef320",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.404341Z",
            "modified": "2026-07-03T22:54:36.404341Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--f04532fb-150d-5d27-99b3-5392af504899",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--d08ee7be-8377-5bc2-86b4-c3da97c872b3",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.40448Z",
            "modified": "2026-07-03T22:54:36.40448Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--8e7236ae-f640-50d6-b963-93fae62071c7",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--315cb67e-c412-5f0a-b971-0be74c03e50c",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.404794Z",
            "modified": "2026-07-03T22:54:36.404794Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--75390216-c11c-5124-96a6-9e2e4abd3eac",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--7903a1bb-9c76-512c-b259-a0da8acb0909",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.405014Z",
            "modified": "2026-07-03T22:54:36.405014Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--6658900e-2ea1-58c9-8299-3af19b543ee6",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--10c09d94-2f0a-5bf9-825a-b9a4abf42614",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.405223Z",
            "modified": "2026-07-03T22:54:36.405223Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--c9653036-cc40-5cbd-a547-4af6331fb026",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--4cf9902f-4159-5fd4-9b56-c436448585d3",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.405432Z",
            "modified": "2026-07-03T22:54:36.405432Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--c6920460-6697-5d18-8569-ca30c39598fa",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--8b32a194-b3ec-54f6-8974-08793b6ec22b",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.40563Z",
            "modified": "2026-07-03T22:54:36.40563Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--a06795fc-3876-5d5a-bdd3-a62836326589",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.405842Z",
            "modified": "2026-07-03T22:54:36.405842Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--ed69c65f-7bc6-5a49-accd-759abe8c1c1b",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--a9e9d845-e050-510d-ba3b-77fdfabf92ad",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.406083Z",
            "modified": "2026-07-03T22:54:36.406083Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--c6821465-fa79-506e-801c-18207b157015",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.406362Z",
            "modified": "2026-07-03T22:54:36.406362Z",
            "relationship_type": "uses",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "attack-pattern--852a0723-27b9-50f5-a408-61944e14a1bc",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--19adb11a-cd53-5a96-ab9b-d1e3e20184a2",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.406592Z",
            "modified": "2026-07-03T22:54:36.406592Z",
            "relationship_type": "communicates-with",
            "source_ref": "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
            "target_ref": "infrastructure--3be33cba-83f9-587b-8666-6ead4b3fb949",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--8574b44c-60c5-5eb1-91a0-a155b68f80ec",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.406796Z",
            "modified": "2026-07-03T22:54:36.406796Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--6a6815a5-940e-5cdf-aa5a-137c4dba1b1d",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.406995Z",
            "modified": "2026-07-03T22:54:36.406995Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--aa8b0690-c505-5342-9b08-0e02886a69bc",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--69d40ddc-fc5f-5ee8-ba09-1a71c2e13b22",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.407198Z",
            "modified": "2026-07-03T22:54:36.407198Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--47f026d1-109a-5367-bf22-7d9eed19ac78",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.40744Z",
            "modified": "2026-07-03T22:54:36.40744Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--904a7634-dd16-5526-b3b6-c3efd1bcf3ed",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.407655Z",
            "modified": "2026-07-03T22:54:36.407655Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--519ad548-2612-50a9-b36f-4c734818a1e0",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--8c0562f6-a8eb-5093-b8a2-3188db7cdc09",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.407854Z",
            "modified": "2026-07-03T22:54:36.407854Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--a08f8085-d76d-5961-9cc5-38087943d6db",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--c5bc85e1-f65b-5451-b36e-508905c49af8",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.40805Z",
            "modified": "2026-07-03T22:54:36.40805Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--70904fdb-eb8c-5a21-a92c-b360b1e3ac6b",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--55eed95e-693b-598d-8e3c-ad7c51baa30d",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.408253Z",
            "modified": "2026-07-03T22:54:36.408253Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--80b14c50-a83e-5710-bab3-dcfeb4e392e8",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--08cfbc15-aa09-58f6-99db-ec83d6b63359",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.408487Z",
            "modified": "2026-07-03T22:54:36.408487Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--b41e6891-97a9-552c-8eb3-afaa1f79e9d4",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--170bb3a9-d577-53c8-b464-bd04d81c5db3",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.408622Z",
            "modified": "2026-07-03T22:54:36.408622Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--16d93383-9cd3-53c0-94a2-a75a3a9e3a9e",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--77ecce8b-6334-56ba-b543-cbbb59648792",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.408732Z",
            "modified": "2026-07-03T22:54:36.408732Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--f04532fb-150d-5d27-99b3-5392af504899",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--f03e7d23-6284-5b03-9881-443d48506130",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.408843Z",
            "modified": "2026-07-03T22:54:36.408843Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--8e7236ae-f640-50d6-b963-93fae62071c7",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--7337bc5d-a721-5dfb-a23a-17e5e94faa6f",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.408952Z",
            "modified": "2026-07-03T22:54:36.408952Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--75390216-c11c-5124-96a6-9e2e4abd3eac",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--0a69aea5-e808-5630-a903-da5eb20c81c2",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.409059Z",
            "modified": "2026-07-03T22:54:36.409059Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--6658900e-2ea1-58c9-8299-3af19b543ee6",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--b18cc6d2-3c8c-5583-b237-b2a6f8dcefb3",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.409163Z",
            "modified": "2026-07-03T22:54:36.409163Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--c9653036-cc40-5cbd-a547-4af6331fb026",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--b61a6042-4900-5a58-b500-1098dface44c",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.409265Z",
            "modified": "2026-07-03T22:54:36.409265Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--c6920460-6697-5d18-8569-ca30c39598fa",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--800e60d9-8a3c-5ba3-a81d-823e6e30b8c4",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.409371Z",
            "modified": "2026-07-03T22:54:36.409371Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--e03e8d7d-e4b6-51f2-a06e-e83789b30749",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.409476Z",
            "modified": "2026-07-03T22:54:36.409476Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--ed69c65f-7bc6-5a49-accd-759abe8c1c1b",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--3c11d08e-59e9-576c-b990-11ea124cac57",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.409578Z",
            "modified": "2026-07-03T22:54:36.409578Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--44e0e69d-463c-5cca-bcb2-f68929f05b33",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.409679Z",
            "modified": "2026-07-03T22:54:36.409679Z",
            "relationship_type": "uses",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "attack-pattern--852a0723-27b9-50f5-a408-61944e14a1bc",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--7ca189a8-44e7-50b2-9bee-5ce6678f11f5",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.409785Z",
            "modified": "2026-07-03T22:54:36.409785Z",
            "relationship_type": "communicates-with",
            "source_ref": "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
            "target_ref": "infrastructure--3be33cba-83f9-587b-8666-6ead4b3fb949",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--1b7c4edb-e9ed-521c-b91f-60f0351488af",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.40989Z",
            "modified": "2026-07-03T22:54:36.40989Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--92fd759c-80bd-561b-aeea-dc44e0d4cef0",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.409997Z",
            "modified": "2026-07-03T22:54:36.409997Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--aa8b0690-c505-5342-9b08-0e02886a69bc",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--db203448-7615-5cbe-8363-bcf5d183ad62",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.4101Z",
            "modified": "2026-07-03T22:54:36.4101Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--52441072-989c-5f53-a4e6-71831877765e",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.410203Z",
            "modified": "2026-07-03T22:54:36.410203Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--bfadb654-e8c6-5bca-a33b-612101721dbb",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.410313Z",
            "modified": "2026-07-03T22:54:36.410313Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--519ad548-2612-50a9-b36f-4c734818a1e0",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--535d7ec6-10f5-53e2-9d5e-25fafdfe9b2e",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.410427Z",
            "modified": "2026-07-03T22:54:36.410427Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--a08f8085-d76d-5961-9cc5-38087943d6db",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--05192df1-95bc-5d07-beb8-e9e8d18af516",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.410692Z",
            "modified": "2026-07-03T22:54:36.410692Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--70904fdb-eb8c-5a21-a92c-b360b1e3ac6b",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--be8ff0ad-4878-559f-a55e-9a1df51d4566",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.410895Z",
            "modified": "2026-07-03T22:54:36.410895Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--80b14c50-a83e-5710-bab3-dcfeb4e392e8",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--74206158-b53c-577a-8523-2d015924415f",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.41107Z",
            "modified": "2026-07-03T22:54:36.41107Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--b41e6891-97a9-552c-8eb3-afaa1f79e9d4",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--85734fc8-349d-59ec-b789-10b5848769e4",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.41125Z",
            "modified": "2026-07-03T22:54:36.41125Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--16d93383-9cd3-53c0-94a2-a75a3a9e3a9e",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--24b4b869-d020-5ad8-9847-fbe29c6686ba",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.411463Z",
            "modified": "2026-07-03T22:54:36.411463Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--f04532fb-150d-5d27-99b3-5392af504899",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--35e0b58c-1d52-50b5-98b1-875ae186a99a",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.411653Z",
            "modified": "2026-07-03T22:54:36.411653Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--8e7236ae-f640-50d6-b963-93fae62071c7",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--e12367d3-d576-5e19-86f7-525ad4e8da12",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.411846Z",
            "modified": "2026-07-03T22:54:36.411846Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--75390216-c11c-5124-96a6-9e2e4abd3eac",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--af46aa74-1508-52fd-8421-7d7c5ce00445",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.412025Z",
            "modified": "2026-07-03T22:54:36.412025Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--6658900e-2ea1-58c9-8299-3af19b543ee6",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--a46da882-a085-593b-9e5f-b626daaf1ef2",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.412224Z",
            "modified": "2026-07-03T22:54:36.412224Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--c9653036-cc40-5cbd-a547-4af6331fb026",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--3f1c7de6-7cf9-5cfe-8d9f-6871332a2349",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.41241Z",
            "modified": "2026-07-03T22:54:36.41241Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--c6920460-6697-5d18-8569-ca30c39598fa",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--e7fda828-fd66-59c4-ad3f-b2f4e7b6a7c7",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.4126Z",
            "modified": "2026-07-03T22:54:36.4126Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--7f7f6459-eca4-5502-913a-006684f3966b",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.412792Z",
            "modified": "2026-07-03T22:54:36.412792Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--ed69c65f-7bc6-5a49-accd-759abe8c1c1b",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--41679b0b-213e-54f5-afc6-6be28fbebae9",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.412969Z",
            "modified": "2026-07-03T22:54:36.412969Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--62a3615c-a574-587a-b5a6-f446d69f26fa",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.413165Z",
            "modified": "2026-07-03T22:54:36.413165Z",
            "relationship_type": "uses",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "attack-pattern--852a0723-27b9-50f5-a408-61944e14a1bc",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--94597b60-28de-5fc7-baf5-5e6fe1eae0e3",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.413342Z",
            "modified": "2026-07-03T22:54:36.413342Z",
            "relationship_type": "communicates-with",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "infrastructure--3be33cba-83f9-587b-8666-6ead4b3fb949",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--b3c7fe7c-4e62-5fb6-8db9-361289a9c8a2",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.445307Z",
            "modified": "2026-07-03T22:54:36.445307Z",
            "relationship_type": "related-to",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "tool--f74c71fe-d8db-5a4f-a72e-64ed43a00e9a",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--8dcc4f71-fd49-582c-a3c6-8b23be761fc1",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.44543Z",
            "modified": "2026-07-03T22:54:36.44543Z",
            "relationship_type": "related-to",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "tool--4b957a0e-efed-5e07-9309-2a437bad6185",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--2029d3e3-ec70-514c-863e-f350d812628e",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.445553Z",
            "modified": "2026-07-03T22:54:36.445553Z",
            "relationship_type": "related-to",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "tool--88b9ffbc-1231-54a9-a4b2-0a445fca156e",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--cc413e8d-46e2-5708-bfa3-ec4b17df1c7e",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.445778Z",
            "modified": "2026-07-03T22:54:36.445778Z",
            "relationship_type": "related-to",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "tool--cd5a7079-76ac-53be-8bbf-3c36716bb485",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--80e98849-f646-5b5f-93c3-375b68a97cd1",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.445983Z",
            "modified": "2026-07-03T22:54:36.445983Z",
            "relationship_type": "related-to",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "tool--b424037b-6635-5714-9b59-e3b10f697087",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--2258d81b-cd58-578a-a5ec-859496aadb3c",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.446085Z",
            "modified": "2026-07-03T22:54:36.446085Z",
            "relationship_type": "related-to",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "tool--62d971f9-d831-58f0-b968-69b59f90ec95",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--cc892f7f-01a7-5816-a010-4b64d3e234d5",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.446189Z",
            "modified": "2026-07-03T22:54:36.446189Z",
            "relationship_type": "related-to",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "tool--9cd10700-d2cb-56eb-83b2-73588c847ea0",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--185d8bfd-5db3-55db-a905-55ecc9a31468",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.446293Z",
            "modified": "2026-07-03T22:54:36.446293Z",
            "relationship_type": "related-to",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "tool--5138b37f-09cf-5434-8f40-7cdd8570bbe0",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--cf792016-60a7-5b18-9610-2bbf44a10ac7",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.446394Z",
            "modified": "2026-07-03T22:54:36.446394Z",
            "relationship_type": "related-to",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "tool--456c717b-9006-567b-8e1e-aa953c8e9c91",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--8b8e83c8-f53d-55e9-b1e9-2b231719bdd6",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.446495Z",
            "modified": "2026-07-03T22:54:36.446495Z",
            "relationship_type": "related-to",
            "source_ref": "malware--eec689f1-6aff-57fd-8192-0be437d52672",
            "target_ref": "tool--428c62e8-7fba-520a-8e51-795790f2cdab",
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--a9f4eae3-2bc4-5503-9477-2a7eaafb1dbf",
            "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d",
            "created": "2026-07-03T22:54:36.446802Z",
            "modified": "2026-07-03T22:54:36.446802Z",
            "name": "EvilSoul-Engine: A Brazilian Stealer-Builder Malware-as-a-Service",
            "report_types": [
                "threat-report"
            ],
            "published": "2026-07-03T00:00:00Z",
            "object_refs": [
                "ipv4-addr--3d790e8d-67e1-5b55-ad95-a33d6bd0f109",
                "indicator--46b7e506-045a-5849-bf54-0e519b3e0f41",
                "ipv4-addr--0cc954d0-ab7e-5403-b760-ecce89342889",
                "indicator--bb14b624-d5e8-5f37-bd0e-c6226f7c9cf4",
                "ipv4-addr--73f24759-34fb-55a8-9082-527356702c28",
                "indicator--8f63ccdb-688d-54d9-8abd-bc25cf65d8fd",
                "ipv4-addr--c5efe09e-80e4-5b8c-9d58-d0868a2ae828",
                "indicator--956b16bd-2868-5b75-a188-d4aa82f16bd8",
                "ipv4-addr--9987ebe4-0759-52d4-b134-98abaa18b54d",
                "indicator--fbbe1eb6-7aa4-50fb-8a5d-6ddf9ca8196f",
                "ipv4-addr--23b2f09e-cec0-5eb7-afe8-88f3d5f79d8a",
                "indicator--98fc5b94-ab86-5d56-8310-f18fce62bda3",
                "url--6f3b0478-0aba-5066-a1ea-2b5921c39d20",
                "indicator--d5ab16b9-949e-5aae-b1c3-e66c32b648b4",
                "url--be8aa977-a7ec-586a-be3a-b5f7db8fac47",
                "indicator--61e25531-4098-560f-94c8-fc8348e38fed",
                "url--2a449c37-117c-53d5-8a17-99669927f4b6",
                "indicator--b0aba044-09e1-5f37-81f9-0d3102877d55",
                "url--4842c4fb-587a-55f6-9fb1-871bf623ec78",
                "indicator--125571e3-db6a-5a86-8b53-13422a34b715",
                "url--74756ddf-261c-5b39-9ce8-bfed75793359",
                "indicator--1087c29b-b9b4-5cc5-a14f-f05641aaab07",
                "url--c10f3cc2-0cbb-587a-8a04-07032876b6cb",
                "indicator--b7fa97ff-0977-5334-8f3d-1d290e5a141d",
                "url--33c78969-2d62-5f9e-a3c8-14e42455bd70",
                "indicator--697def34-d9ed-5244-8717-5c3e2140b1aa",
                "domain-name--ed0f5ce9-4850-50bd-a64e-1a7c3617c5cf",
                "indicator--f728748b-968a-5d9d-998e-e1967686ca2e",
                "domain-name--afca77a1-8e44-570b-9584-63d3356769d3",
                "indicator--e7cc84a5-aa27-5a54-a7cf-38dc1dfa5d40",
                "domain-name--4dea3ea7-6c0e-54b4-8e89-05dcbc4dc641",
                "indicator--6907b9eb-f4b5-5b94-83a6-6543590c8b03",
                "domain-name--0fc12c42-c1db-542c-8c8e-19e19784f2da",
                "indicator--314ef298-f608-5c92-8c57-fe5a93a11da3",
                "domain-name--11956e8f-7958-5e4d-ad6f-21f43f9f006b",
                "indicator--5ba0936a-572c-5afb-8f14-098cf4458169",
                "domain-name--9ea827e8-2129-5237-89c3-bbad62dc4eab",
                "indicator--603fbed9-f0f3-5e2e-895a-e67ecffa041d",
                "domain-name--7f9bae1e-544b-55cc-91c4-ccf5885895eb",
                "indicator--699fd09a-14e8-5b34-9a19-642042da338b",
                "domain-name--4eecb7d0-2ae7-5da5-a50e-c2c42f64f6b4",
                "indicator--64f68ffd-5598-5e75-a8e6-108679f2ff53",
                "domain-name--d2f6c00a-5f40-55f7-abd0-fad84b210151",
                "indicator--fa541fcc-cf72-5c01-a6a3-2955fecb96b8",
                "domain-name--ea881463-6ef4-55f6-90e3-f31fef1715e8",
                "indicator--06a03fd5-b55a-56cd-b60f-8355d15ecbd5",
                "file--20b2c0f9-0698-505b-9dd3-8c86e68b44f0",
                "indicator--f6a4ebb0-f9e8-5832-8f9f-cb0159f65675",
                "file--82831ab5-8d90-5114-9366-1e6684c24502",
                "indicator--595e7e26-9368-5b2b-8adf-87b418b18f01",
                "file--2d19688b-470b-5e10-95ec-c25d8259ae59",
                "indicator--d487abaa-2f25-5cb8-99d3-61c096417f12",
                "file--04828ab9-acbe-5647-9089-fbb8b0cce223",
                "indicator--be28ff7e-3d67-52b7-9f08-d4e4132d19be",
                "file--2d5de675-6a31-5287-a80e-8da1d8bf7ddc",
                "indicator--5607a0be-1a3e-57da-894f-cf291eed3b54",
                "file--d46575fb-77ca-5c7a-9f5a-abeb14eecba4",
                "indicator--0e4ece88-fc55-526f-9584-72c0fdad8fbe",
                "file--0a3d4b6c-aab7-5faa-bc4a-b88c74c39f5e",
                "indicator--dd61191b-3130-5b3f-9dab-5eeb93e23d04",
                "file--36a0fce0-dcf2-5e16-840b-349852d017e4",
                "indicator--62129313-651a-540e-92c8-cf60ed76ced6",
                "file--6bd7f850-8a40-5da6-ad61-66e5882f8223",
                "indicator--cfb90865-9bc0-53ac-ab5e-20b3e1331a41",
                "file--2762220b-ffc6-5085-a1d5-e9ee6ddec12f",
                "indicator--56e648c4-f76f-5b8f-ab45-313fd3b3457f",
                "file--c9a4fb0d-da5e-5701-aad2-83f61c76e61f",
                "indicator--5d491a50-d8d8-545c-a4e5-bfa2eb5b66f3",
                "file--70020f4e-d0a7-5051-baf3-a91adf1b5385",
                "file--9ebd87da-8486-5612-b890-edb22c10e90e",
                "file--34ec8840-df42-5236-87a3-f9c85c1a6755",
                "file--29e6b330-8a25-5756-a600-9d430add4afa",
                "file--17b6f01f-1ee7-540c-83f7-e40387ab9e45",
                "file--9b02a63f-39be-59ed-8d17-cff69556940c",
                "file--ce9e2382-3cbe-5063-aac1-c663dc3f931f",
                "file--b5a6f4bb-b6c4-5cf8-b082-a4b3e7588f60",
                "file--030bae2d-cded-514c-8e0f-5d867d291a74",
                "file--56a34f85-8e23-5d22-9a77-df8b41df6dcd",
                "file--2e8f5bf6-9acc-58d8-82aa-b890cd99cdeb",
                "file--93558544-aa91-52fd-a95d-2d6fc7c4de44",
                "indicator--5c601fee-ef41-52ff-b6e2-d26bb274d903",
                "indicator--8eb1f406-6c2e-5e24-9e82-0f764aa3a4af",
                "indicator--d9213b19-02af-5913-831c-73018b12b053",
                "indicator--d4900748-7a4d-5bb6-b797-bcba720f22d9",
                "indicator--b08cecb2-9f3d-5b76-9936-d78d4b75942d",
                "indicator--dfc91214-50db-502b-89fb-b7bbef92fe61",
                "indicator--84faab27-93c6-5e86-a657-8b522a23e976",
                "indicator--1560c96b-28fd-5b01-927a-e1ba59ed568a",
                "indicator--8fc5d48b-d42b-5667-bed2-a11d9fba74de",
                "indicator--5ea43a2a-c278-5f95-9406-c5748b5c3029",
                "indicator--dadea9a5-b814-506e-8c88-75f599861351",
                "indicator--0c737e48-622b-501a-87bc-8aefb14f45a8",
                "indicator--a62c9fd8-cfbc-588e-b190-eb5cca5021fe",
                "indicator--6e909c87-ae8f-538b-a41f-a4a49e4b266a",
                "indicator--9ca8c69a-8050-5f31-b2fd-6ceb2fb10f22",
                "indicator--f199f3e0-fdd1-5bcb-8244-130a88efee92",
                "malware--281ac773-d08e-5cee-89f5-9a11e1fd1233",
                "malware--4f57ff13-4fbb-5d8b-8d11-f8880547f577",
                "malware--eec689f1-6aff-57fd-8192-0be437d52672",
                "tool--f74c71fe-d8db-5a4f-a72e-64ed43a00e9a",
                "tool--4b957a0e-efed-5e07-9309-2a437bad6185",
                "tool--88b9ffbc-1231-54a9-a4b2-0a445fca156e",
                "tool--cd5a7079-76ac-53be-8bbf-3c36716bb485",
                "tool--b424037b-6635-5714-9b59-e3b10f697087",
                "tool--62d971f9-d831-58f0-b968-69b59f90ec95",
                "tool--9cd10700-d2cb-56eb-83b2-73588c847ea0",
                "tool--5138b37f-09cf-5434-8f40-7cdd8570bbe0",
                "tool--456c717b-9006-567b-8e1e-aa953c8e9c91",
                "tool--428c62e8-7fba-520a-8e51-795790f2cdab",
                "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713",
                "attack-pattern--aa8b0690-c505-5342-9b08-0e02886a69bc",
                "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb",
                "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06",
                "attack-pattern--519ad548-2612-50a9-b36f-4c734818a1e0",
                "attack-pattern--a08f8085-d76d-5961-9cc5-38087943d6db",
                "attack-pattern--70904fdb-eb8c-5a21-a92c-b360b1e3ac6b",
                "attack-pattern--80b14c50-a83e-5710-bab3-dcfeb4e392e8",
                "attack-pattern--b41e6891-97a9-552c-8eb3-afaa1f79e9d4",
                "attack-pattern--16d93383-9cd3-53c0-94a2-a75a3a9e3a9e",
                "attack-pattern--f04532fb-150d-5d27-99b3-5392af504899",
                "attack-pattern--8e7236ae-f640-50d6-b963-93fae62071c7",
                "attack-pattern--75390216-c11c-5124-96a6-9e2e4abd3eac",
                "attack-pattern--6658900e-2ea1-58c9-8299-3af19b543ee6",
                "attack-pattern--c9653036-cc40-5cbd-a547-4af6331fb026",
                "attack-pattern--c6920460-6697-5d18-8569-ca30c39598fa",
                "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314",
                "attack-pattern--ed69c65f-7bc6-5a49-accd-759abe8c1c1b",
                "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374",
                "attack-pattern--852a0723-27b9-50f5-a408-61944e14a1bc",
                "infrastructure--3be33cba-83f9-587b-8666-6ead4b3fb949",
                "relationship--a86cfbf2-5840-524b-a953-9cf6fa0442dc",
                "relationship--0b70327e-122f-5b0f-b01a-ee661c5870ab",
                "relationship--82942da3-835b-598c-bc9e-47f4dbbb6b07",
                "relationship--65ce8278-02f8-5793-a3ef-1da35f8de06c",
                "relationship--dc366754-fb43-5129-ab9e-8990e4a5e78d",
                "relationship--e8b6f6df-37ea-5d28-aa15-b71b1e3a0011",
                "relationship--96a11935-a401-512a-b587-b3ae92f36ab5",
                "relationship--5c8dba26-1b61-59be-8f74-bf64810cf0dc",
                "relationship--f7c86f3b-d650-55ed-ac8a-42e06058cacc",
                "relationship--e92f382f-877a-5691-a73a-ea8316742bf7",
                "relationship--d7bbf42b-c6b4-596c-a4b5-c485fe76902f",
                "relationship--9583520d-cdf2-562e-afd6-6e5242fc454d",
                "relationship--55cf78ca-1401-5ca0-bd90-22fd0f4bc973",
                "relationship--940238b4-daf7-5da7-b9c0-2246ee5ff34f",
                "relationship--bf7c9553-c716-570b-b8c0-5f81c6c06bdf",
                "relationship--426abf06-cdac-5e80-9610-75047360f8cc",
                "relationship--64f4057c-6196-5da1-8f7b-58b3cbd23603",
                "relationship--b5c66c49-a35a-52be-8ef1-23ca451d037c",
                "relationship--acc29f3d-e29b-5fec-ab7b-3e56fbebf669",
                "relationship--07f5b56b-1264-5a6c-8430-10172fce1e70",
                "relationship--7423c58f-04a6-516c-980c-b0f9dbbafa00",
                "relationship--ca18f0c5-eff7-5c1a-9857-6ee452755711",
                "relationship--14051a21-e9d2-5cd3-8b97-c35b864471f5",
                "relationship--d03baaa8-1531-55ba-8304-219969dc84b1",
                "relationship--7bbd250a-aa81-570e-b9fa-af554bb34e6b",
                "relationship--3ca5b110-0541-55bb-b6f3-4e213f915825",
                "relationship--e103f2d7-1fc0-5c69-8e25-5a2c979f3b99",
                "relationship--637586ae-7085-5129-a983-1c6e84e68705",
                "relationship--3496392c-d634-55bf-a1a7-f8d897a53f23",
                "relationship--fcd745f7-6d37-510b-a0e4-79090f89947e",
                "relationship--e7464b24-554c-5de8-8cf9-940ffe5cf2f1",
                "relationship--28085b12-0ba9-5854-9995-8d9e7eb230d3",
                "relationship--e7a29130-2aad-5543-8779-96e365aac335",
                "relationship--5beb8ca0-541f-533d-9602-6b4651ece948",
                "relationship--1e79128f-4f94-5c21-a0ab-ba34f2270e2e",
                "relationship--57f4b1c0-3452-5c26-985f-248d21414945",
                "relationship--7d205096-473a-57df-b35a-ae0a9931f362",
                "relationship--5f6dc1e7-d19f-5a0b-a4fa-87131bf27096",
                "relationship--47a83c9c-6871-504f-a7f7-13fbf0e87432",
                "relationship--48dbb9f3-428a-5fb1-9f84-e88c1fb4db12",
                "relationship--9bd5ff2f-decd-56be-bb21-51e11b52f0dd",
                "relationship--a94f5307-969a-5428-8712-4694c97de6f3",
                "relationship--ac848e0f-fa03-5103-a462-636c8561cfdc",
                "relationship--de6f5a1d-bb24-59e2-86ce-22a2b72a0c35",
                "relationship--1561f6bf-be48-5308-84b4-8e1331526a84",
                "relationship--5ae589de-0993-5dd8-ade7-3f49fd717752",
                "relationship--ea4d5bbe-5858-5998-89df-60bdbc289bbd",
                "relationship--b90ffd15-bfed-5016-9a99-eb27d713d5a4",
                "relationship--b92d6295-074b-55a6-973b-e2396027dade",
                "relationship--f40e00a4-39b8-5dc8-9e85-00a5b374ac77",
                "relationship--06bb6bea-bc3b-5049-9d63-a59af68b8523",
                "relationship--c573fe45-8daa-5ff3-9688-9cdd5e8c2308",
                "relationship--4b3d8a6d-de03-556e-b3e5-0c55624fb41f",
                "relationship--92e4919c-ce8e-5572-b3e8-221ca46dce37",
                "relationship--9529d192-6f71-5990-84dc-85b81a6eb3f5",
                "relationship--f1bf3c2d-03dd-53bb-ae87-3e00b4036b6b",
                "relationship--aa8cca20-7807-5599-9943-4ff1ea531d96",
                "relationship--f7d8fb36-0d65-5b81-9a50-4e56a66ef79c",
                "relationship--47158991-70f7-5425-91a4-9fd298bc587e",
                "relationship--f84b9818-f3a5-5b25-ac26-26b1817df399",
                "relationship--537b36e2-adba-504d-b9c8-7a4adb1ef320",
                "relationship--d08ee7be-8377-5bc2-86b4-c3da97c872b3",
                "relationship--315cb67e-c412-5f0a-b971-0be74c03e50c",
                "relationship--7903a1bb-9c76-512c-b259-a0da8acb0909",
                "relationship--10c09d94-2f0a-5bf9-825a-b9a4abf42614",
                "relationship--4cf9902f-4159-5fd4-9b56-c436448585d3",
                "relationship--8b32a194-b3ec-54f6-8974-08793b6ec22b",
                "relationship--a06795fc-3876-5d5a-bdd3-a62836326589",
                "relationship--a9e9d845-e050-510d-ba3b-77fdfabf92ad",
                "relationship--c6821465-fa79-506e-801c-18207b157015",
                "relationship--19adb11a-cd53-5a96-ab9b-d1e3e20184a2",
                "relationship--8574b44c-60c5-5eb1-91a0-a155b68f80ec",
                "relationship--6a6815a5-940e-5cdf-aa5a-137c4dba1b1d",
                "relationship--69d40ddc-fc5f-5ee8-ba09-1a71c2e13b22",
                "relationship--47f026d1-109a-5367-bf22-7d9eed19ac78",
                "relationship--904a7634-dd16-5526-b3b6-c3efd1bcf3ed",
                "relationship--8c0562f6-a8eb-5093-b8a2-3188db7cdc09",
                "relationship--c5bc85e1-f65b-5451-b36e-508905c49af8",
                "relationship--55eed95e-693b-598d-8e3c-ad7c51baa30d",
                "relationship--08cfbc15-aa09-58f6-99db-ec83d6b63359",
                "relationship--170bb3a9-d577-53c8-b464-bd04d81c5db3",
                "relationship--77ecce8b-6334-56ba-b543-cbbb59648792",
                "relationship--f03e7d23-6284-5b03-9881-443d48506130",
                "relationship--7337bc5d-a721-5dfb-a23a-17e5e94faa6f",
                "relationship--0a69aea5-e808-5630-a903-da5eb20c81c2",
                "relationship--b18cc6d2-3c8c-5583-b237-b2a6f8dcefb3",
                "relationship--b61a6042-4900-5a58-b500-1098dface44c",
                "relationship--800e60d9-8a3c-5ba3-a81d-823e6e30b8c4",
                "relationship--e03e8d7d-e4b6-51f2-a06e-e83789b30749",
                "relationship--3c11d08e-59e9-576c-b990-11ea124cac57",
                "relationship--44e0e69d-463c-5cca-bcb2-f68929f05b33",
                "relationship--7ca189a8-44e7-50b2-9bee-5ce6678f11f5",
                "relationship--1b7c4edb-e9ed-521c-b91f-60f0351488af",
                "relationship--92fd759c-80bd-561b-aeea-dc44e0d4cef0",
                "relationship--db203448-7615-5cbe-8363-bcf5d183ad62",
                "relationship--52441072-989c-5f53-a4e6-71831877765e",
                "relationship--bfadb654-e8c6-5bca-a33b-612101721dbb",
                "relationship--535d7ec6-10f5-53e2-9d5e-25fafdfe9b2e",
                "relationship--05192df1-95bc-5d07-beb8-e9e8d18af516",
                "relationship--be8ff0ad-4878-559f-a55e-9a1df51d4566",
                "relationship--74206158-b53c-577a-8523-2d015924415f",
                "relationship--85734fc8-349d-59ec-b789-10b5848769e4",
                "relationship--24b4b869-d020-5ad8-9847-fbe29c6686ba",
                "relationship--35e0b58c-1d52-50b5-98b1-875ae186a99a",
                "relationship--e12367d3-d576-5e19-86f7-525ad4e8da12",
                "relationship--af46aa74-1508-52fd-8421-7d7c5ce00445",
                "relationship--a46da882-a085-593b-9e5f-b626daaf1ef2",
                "relationship--3f1c7de6-7cf9-5cfe-8d9f-6871332a2349",
                "relationship--e7fda828-fd66-59c4-ad3f-b2f4e7b6a7c7",
                "relationship--7f7f6459-eca4-5502-913a-006684f3966b",
                "relationship--41679b0b-213e-54f5-afc6-6be28fbebae9",
                "relationship--62a3615c-a574-587a-b5a6-f446d69f26fa",
                "relationship--94597b60-28de-5fc7-baf5-5e6fe1eae0e3",
                "relationship--b3c7fe7c-4e62-5fb6-8db9-361289a9c8a2",
                "relationship--8dcc4f71-fd49-582c-a3c6-8b23be761fc1",
                "relationship--2029d3e3-ec70-514c-863e-f350d812628e",
                "relationship--cc413e8d-46e2-5708-bfa3-ec4b17df1c7e",
                "relationship--80e98849-f646-5b5f-93c3-375b68a97cd1",
                "relationship--2258d81b-cd58-578a-a5ec-859496aadb3c",
                "relationship--cc892f7f-01a7-5816-a010-4b64d3e234d5",
                "relationship--185d8bfd-5db3-55db-a905-55ecc9a31468",
                "relationship--cf792016-60a7-5b18-9610-2bbf44a10ac7",
                "relationship--8b8e83c8-f53d-55e9-b1e9-2b231719bdd6"
            ],
            "external_references": [
                {
                    "source_name": "The Hunters Ledger",
                    "url": "https://the-hunters-ledger.com/reports/evilsoul-engine-stealer-maas-144-172-103-98/"
                }
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        }
    ]
}