{ "type": "bundle", "id": "bundle--ee4f27bf-c17b-48d4-926a-4475f2d2597f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.471411Z", "modified": "2026-06-14T11:56:36.471411Z", "name": "The Hunters Ledger", "identity_class": "organization" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--39440d9f-8c09-5af9-81c6-d656524b413e", "value": "216.126.227.49" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--08c1b8ac-2e83-5fae-b1d2-be70a9bf99d4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.472025Z", "modified": "2026-06-14T11:56:36.472025Z", "name": "ipv4: 216.126.227.49", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '216.126.227.49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--91d62c51-5f13-5773-aa03-82a5986c120a", "value": "144.172.103.253" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7e4b100-be84-5725-8140-ff376eb37970", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.473337Z", "modified": "2026-06-14T11:56:36.473337Z", "name": "ipv4: 144.172.103.253", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '144.172.103.253']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--34657fd1-8b00-571f-93e4-64ac27535b40", "value": "216.126.224.181" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--094176b9-77a0-56e0-a12b-197de8bc94e2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.473887Z", "modified": "2026-06-14T11:56:36.473887Z", "name": "ipv4: 216.126.224.181", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '216.126.224.181']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 80 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5ede154f-68b3-5ca4-9806-704d50b5bfee", "value": "144.172.105.176" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ab82cd0-1805-52e2-a125-0ab03f6892be", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.474427Z", "modified": "2026-06-14T11:56:36.474427Z", "name": "ipv4: 144.172.105.176", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '144.172.105.176']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--e48c5b4d-9ca0-5d7b-93a2-54c90af1082c", "value": "144.172.97.151" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d7c0d657-0845-5ed9-b87c-cd4a867ee127", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.47516Z", "modified": "2026-06-14T11:56:36.47516Z", "name": "ipv4: 144.172.97.151", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '144.172.97.151']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--742a1be7-0f60-53a2-9498-82c289d62d89", "value": "45.61.128.128" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--820fc49e-c2b1-552c-9292-37c0c31c0744", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.475895Z", "modified": "2026-06-14T11:56:36.475895Z", "name": "ipv4: 45.61.128.128", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '45.61.128.128']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--10b90211-5553-5edc-be00-92c38eb0b74e", "value": "144.172.122.226" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e61a6f86-45c6-5f40-b649-f7d80b1b97ef", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.47673Z", "modified": "2026-06-14T11:56:36.47673Z", "name": "ipv4: 144.172.122.226", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '144.172.122.226']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--be3f6419-b2ae-528e-8349-1156e4fe6124", "value": "144.172.116.74" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df35430c-1703-5776-88a0-315f41f5f96a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.477406Z", "modified": "2026-06-14T11:56:36.477406Z", "name": "ipv4: 144.172.116.74", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '144.172.116.74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--8fd0d63f-4f51-5daf-a349-cb2f65660ffd", "value": "216.126.227.148" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85246ce1-36ab-59d7-868d-d62366b27cec", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.477941Z", "modified": "2026-06-14T11:56:36.477941Z", "name": "ipv4: 216.126.227.148", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '216.126.227.148']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--aa9a13f9-dd33-52da-ab7c-01666a27c336", "value": "38.143.66.193" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c353ad7d-45dd-5347-a2f0-bb331dea61ae", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.478455Z", "modified": "2026-06-14T11:56:36.478455Z", "name": "ipv4: 38.143.66.193", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '38.143.66.193']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--cee16e0c-ac77-52b4-99b1-12c3edc9d031", "value": "172.237.149.231" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d57fffb7-bec3-5620-8b56-d85f688a3baf", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.479026Z", "modified": "2026-06-14T11:56:36.479026Z", "name": "ipv4: 172.237.149.231", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '172.237.149.231']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--842de2e4-8bf6-5552-8bb4-bd3928a012e4", "value": "172.234.24.120" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec271e13-31e3-5ea4-b8eb-19652aa80811", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.47951Z", "modified": "2026-06-14T11:56:36.47951Z", "name": "ipv4: 172.234.24.120", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '172.234.24.120']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "url", "spec_version": "2.1", "id": "url--a054c52e-939c-5cb5-9307-9232735d000e", "value": "https://officebyt.e56sutx.eps-soltec.cloud/f/d6aba322369c" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--36f092e1-4ae1-5bc8-bed9-64aa977301e9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.480006Z", "modified": "2026-06-14T11:56:36.480006Z", "name": "url: https://officebyt.e56sutx.eps-soltec.cloud/f/d6aba322369c", "indicator_types": [ "malicious-activity" ], "pattern": "[url:value = 'https://officebyt.e56sutx.eps-soltec.cloud/f/d6aba322369c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "url", "spec_version": "2.1", "id": "url--d500f117-27a1-57a9-b429-19daaa00fbc3", "value": "https://216.126.224.181/24/mkaingbestchoiceforme.hta" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9119671d-1b52-5692-95b5-9e57d6165067", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.480613Z", "modified": "2026-06-14T11:56:36.480613Z", "name": "url: https://216.126.224.181/24/mkaingbestchoiceforme.hta", "indicator_types": [ "malicious-activity" ], "pattern": "[url:value = 'https://216.126.224.181/24/mkaingbestchoiceforme.hta']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 60 }, { "type": "url", "spec_version": "2.1", "id": "url--badce799-4abf-520f-b214-f6e92dccd939", "value": "http://216.126.224.181/23/goodpersonforbetterthings.hta" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--164998fa-9657-5f09-9c48-5369d5030e25", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.481358Z", "modified": "2026-06-14T11:56:36.481358Z", "name": "url: http://216.126.224.181/23/goodpersonforbetterthings.hta", "indicator_types": [ "malicious-activity" ], "pattern": "[url:value = 'http://216.126.224.181/23/goodpersonforbetterthings.hta']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 60 }, { "type": "url", "spec_version": "2.1", "id": "url--5d82fdb5-aa90-54c7-a2fe-2cb1bfd5e860", "value": "http://216.126.224.181/22/evc/goodpeopleswellmeans.hta" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86bb51a8-8b0b-5d27-8e43-ed219c2a3bd1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.482191Z", "modified": "2026-06-14T11:56:36.482191Z", "name": "url: http://216.126.224.181/22/evc/goodpeopleswellmeans.hta", "indicator_types": [ "malicious-activity" ], "pattern": "[url:value = 'http://216.126.224.181/22/evc/goodpeopleswellmeans.hta']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 60 }, { "type": "url", "spec_version": "2.1", "id": "url--bd050364-f7f3-5325-a37e-ca6324ff119f", "value": "http://216.126.224.181/wem/img_191738.png" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6650cbc9-f8e3-59af-926b-923affe7c76d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.483019Z", "modified": "2026-06-14T11:56:36.483019Z", "name": "url: http://216.126.224.181/wem/img_191738.png", "indicator_types": [ "malicious-activity" ], "pattern": "[url:value = 'http://216.126.224.181/wem/img_191738.png']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "url", "spec_version": "2.1", "id": "url--6d2af35c-1cc9-5056-9b31-49adcdb5544a", "value": "https://mgcountyks.invoicerequests.net/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0039cba3-2762-5f8e-9c6e-e0d2f417648c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.483848Z", "modified": "2026-06-14T11:56:36.483848Z", "name": "url: https://mgcountyks.invoicerequests.net/", "indicator_types": [ "malicious-activity" ], "pattern": "[url:value = 'https://mgcountyks.invoicerequests.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--314da1c9-af58-5d8a-920e-44eae28a5095", "value": "pernex.online" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6fe0f274-e5c7-57c3-b9c4-2ca20325601d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.484743Z", "modified": "2026-06-14T11:56:36.484743Z", "name": "domain: pernex.online", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'pernex.online']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--fd882686-29e7-555a-a90a-02412d9834d7", "value": "eps-soltec.cloud" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b7d47b8-7cd9-5b1f-8763-b869aa81edc4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.485741Z", "modified": "2026-06-14T11:56:36.485741Z", "name": "domain: eps-soltec.cloud", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'eps-soltec.cloud']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--0ca179df-0dc2-57e7-8586-d98dd0e9df47", "value": "checkwithsec.online" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6aa7720-b2cb-564e-99d0-0bac0d8c922d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.486232Z", "modified": "2026-06-14T11:56:36.486232Z", "name": "domain: checkwithsec.online", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'checkwithsec.online']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--a4db3618-cf63-57c3-ad05-cfc29405272c", "value": "tesaco.sbs" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e650a17f-3d8c-5250-80b8-e462c5bb5584", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.48691Z", "modified": "2026-06-14T11:56:36.48691Z", "name": "domain: tesaco.sbs", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'tesaco.sbs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--9b3bf7d6-18c4-5be6-aafa-c399226328c9", "value": "mailmanagement.cfd" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--050aebf0-cc3e-5ee3-88ea-e2345e5cd048", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.487447Z", "modified": "2026-06-14T11:56:36.487447Z", "name": "domain: mailmanagement.cfd", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'mailmanagement.cfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--9a93d6ea-d92c-5313-ae2f-7f1a64f032ac", "value": "supportsite.info" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--30d8c295-c2d3-5325-a416-81cf16df6209", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.488176Z", "modified": "2026-06-14T11:56:36.488176Z", "name": "domain: supportsite.info", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'supportsite.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--109378e4-6cca-5dc6-9055-434232351ed0", "value": "kwpbby.in" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d90dec93-1266-5d0c-a781-24ea1bec7d3c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.489025Z", "modified": "2026-06-14T11:56:36.489025Z", "name": "domain: kwpbby.in", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'kwpbby.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--7d012d2f-a5fe-5b3c-9ef8-057ec5de166d", "value": "plingest.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57596c9e-28d4-5ea8-9988-6311a9fab472", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.489758Z", "modified": "2026-06-14T11:56:36.489758Z", "name": "domain: plingest.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'plingest.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--b6f246f6-db69-582f-9e1e-b024d642a6a0", "value": "mx.plingest.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c3c48b66-3af7-5b41-b6ba-129514add9c0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.490322Z", "modified": "2026-06-14T11:56:36.490322Z", "name": "domain: mx.plingest.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'mx.plingest.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--a893c685-db6e-5011-9582-c4dbff0f9a31", "value": "mrrbno.shop" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb160ad4-e1c2-5a74-b685-e14a1ac66cd0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.490927Z", "modified": "2026-06-14T11:56:36.490927Z", "name": "domain: mrrbno.shop", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'mrrbno.shop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--e44c588c-ab4f-510a-ac5b-fdead3decb40", "value": "ltamaeropromoweb-ecuador-travel.shop" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61f6bbd4-bbf9-53e3-9cae-4d5f18103a3b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.49152Z", "modified": "2026-06-14T11:56:36.49152Z", "name": "domain: ltamaeropromoweb-ecuador-travel.shop", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'ltamaeropromoweb-ecuador-travel.shop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--2e12438e-3de5-5740-831f-653f584c4bab", "value": "quick-barber.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4681e435-2a16-53ca-9619-e26f3feec768", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.492019Z", "modified": "2026-06-14T11:56:36.492019Z", "name": "domain: quick-barber.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'quick-barber.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--32e2fc38-fbfc-5fdc-b9aa-d5faf8bb41d2", "value": "coinbase-co.cc" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97ea13d2-8833-5d3f-9727-6412cc3d0fbb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.492592Z", "modified": "2026-06-14T11:56:36.492592Z", "name": "domain: coinbase-co.cc", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'coinbase-co.cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--eeae0bb1-f566-5528-8d4f-00015814efb7", "value": "receita-federal.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06c5db73-5ad1-59b4-a0e3-712f7444cc30", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.493309Z", "modified": "2026-06-14T11:56:36.493309Z", "name": "domain: receita-federal.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'receita-federal.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--15a71a2f-067f-518b-af17-0629d519baad", "value": "gocomper.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5fa96943-633d-51d3-a3b6-e4358b51f4e9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.493842Z", "modified": "2026-06-14T11:56:36.493842Z", "name": "domain: gocomper.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'gocomper.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--4eb5c703-fb78-57ff-96d6-87bc38885005", "value": "adorarama.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d0e377a-69ea-5f41-8f62-9da97346c11f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.494369Z", "modified": "2026-06-14T11:56:36.494369Z", "name": "domain: adorarama.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'adorarama.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5bb3ebbd-f3cd-53fc-b79e-70dfe1406b0a", "value": "runwaylander.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e150f5af-6a7e-5ca8-a47e-2df986a9c744", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.494865Z", "modified": "2026-06-14T11:56:36.494865Z", "name": "domain: runwaylander.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'runwaylander.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--bbdde2bd-d7a9-53c0-8354-c63cbb9905f2", "value": "runwaylanderplace.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cbb90-1500-5a93-8d01-2296c71dbd6a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.495359Z", "modified": "2026-06-14T11:56:36.495359Z", "name": "domain: runwaylanderplace.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'runwaylanderplace.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5ea3ba5b-4575-5533-b3ca-db8beb08a1cd", "value": "runwaylanderhome.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--402683cb-6f7d-54ce-831b-27f1a9650a5c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.49581Z", "modified": "2026-06-14T11:56:36.49581Z", "name": "domain: runwaylanderhome.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'runwaylanderhome.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--59982a06-96f9-56fd-b095-ab670a03d807", "value": "runwaylanderspot.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c8228fd-a501-589b-afb6-0ec6b4487ec4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.496298Z", "modified": "2026-06-14T11:56:36.496298Z", "name": "domain: runwaylanderspot.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'runwaylanderspot.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--711cbcd7-1bf6-59cc-bbf6-b1e940fc1a73", "value": "runwaylanderlights.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9d792fe-dbac-5567-850d-9afed229fd1e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.496804Z", "modified": "2026-06-14T11:56:36.496804Z", "name": "domain: runwaylanderlights.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'runwaylanderlights.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--6d67f299-d4a4-54a4-8ecc-02562047bd8b", "value": "runwayparking.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7a5fc13-6800-5966-95b3-3c67a953872d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.497714Z", "modified": "2026-06-14T11:56:36.497714Z", "name": "domain: runwayparking.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'runwayparking.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5c7cc284-0d65-534b-bd35-2ac0220da54f", "value": "runwaylanderstreet.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0f112fbd-d52a-534f-b532-87b39f6b3391", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.498182Z", "modified": "2026-06-14T11:56:36.498182Z", "name": "domain: runwaylanderstreet.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'runwaylanderstreet.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--4d7dff65-80a0-5e33-b0a4-213b82aeb003", "value": "kucoinsgem.xyz" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a3df6c0e-69b9-5eab-83f3-4b7fd160de30", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.498668Z", "modified": "2026-06-14T11:56:36.498668Z", "name": "domain: kucoinsgem.xyz", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'kucoinsgem.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--49738c73-9d3f-57fd-a441-d1343aad518a", "value": "yahoohelp.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d1012354-b4fa-56c4-b2d4-a4d97ded3c02", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.499156Z", "modified": "2026-06-14T11:56:36.499156Z", "name": "domain: yahoohelp.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'yahoohelp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--31a9a37b-8b1b-5e80-b97a-06e26b09d89d", "value": "promo-de-natal-livelo.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d99b8b9a-4323-595f-82ab-5716898e7a94", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.499699Z", "modified": "2026-06-14T11:56:36.499699Z", "name": "domain: promo-de-natal-livelo.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'promo-de-natal-livelo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--85f51f95-0c41-53e3-a7db-e960ae1cafbb", "value": "groundsstudio.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de0faab0-20d0-5ecd-a028-bdee9d6c832c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.500374Z", "modified": "2026-06-14T11:56:36.500374Z", "name": "domain: groundsstudio.com", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'groundsstudio.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--c273a91e-5aaa-5b2d-9b7f-a4b25ee61310", "value": "officebyt.e56sutx.eps-soltec.cloud" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--82cec78b-2c43-53f3-a5f8-fadb3f63e33a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.50094Z", "modified": "2026-06-14T11:56:36.50094Z", "name": "domain: officebyt.e56sutx.eps-soltec.cloud", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'officebyt.e56sutx.eps-soltec.cloud']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--fff560ab-4d55-5f1e-8474-3c76eb1f6928", "value": "mmnsdvrt8.eps-soltec.cloud" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8eaefa43-92db-5f06-89a3-c038182c70c4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.501459Z", "modified": "2026-06-14T11:56:36.501459Z", "name": "domain: mmnsdvrt8.eps-soltec.cloud", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'mmnsdvrt8.eps-soltec.cloud']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--32e1d571-8d53-5e65-bd74-05b06fe0378b", "value": "mail.hcjs2.jlengineering.se" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83f6e59b-a843-599f-8f5a-ac1ce64aa57a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.502198Z", "modified": "2026-06-14T11:56:36.502198Z", "name": "domain: mail.hcjs2.jlengineering.se", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'mail.hcjs2.jlengineering.se']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-17T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": true, "x_opencti_score": 80 }, { "type": "file", "spec_version": "2.1", "id": "file--a21afb7f-cf76-5e79-ae19-32315b93c162", "hashes": { "SHA-256": "4b054892b4a5d7811f57562552d1ea0e8ea5bfbf705ceb71e91126482b650a47" } }, { "type": "file", "spec_version": "2.1", "id": "file--80efcdc7-a4d0-5af6-bcb2-b91f34fd1f13", "hashes": { "SHA-256": "16855dfbb2a8ec40ffa98c5777e598f353e84c4793a0691fa2cb26384e2c23d8" } }, { "type": "file", "spec_version": "2.1", "id": "file--e33815ab-16ae-5a15-b7de-ebcc66b65a67", "hashes": { "SHA-256": "0442691db9f9aa7cfdc8f04036f74b4b042dce0101325dd30f5ef4d27aa99d2e" } }, { "type": "file", "spec_version": "2.1", "id": "file--f1511e81-80c9-58c8-ae8d-39c31b640c05", "hashes": { "SHA-256": "0e566c38bf4046a92dbbec97e27711ec8691006362869fe6aa3c875e3f5b86c4" } }, { "type": "file", "spec_version": "2.1", "id": "file--a7c1bca8-5060-5a91-9e6d-745a875eef22", "hashes": { "SHA-256": "32b9b9a82913dae5e40842f68791cc639fe690603ccc1d85fe1ae2e99b7bf26b" } }, { "type": "file", "spec_version": "2.1", "id": "file--8437092e-8fc9-5706-8f78-5ff2c4aa31f6", "hashes": { "SHA-256": "96babe4f65d33dafcdb2425039012d5b2cf8c01b04d0680c5551482ccea27b64" } }, { "type": "file", "spec_version": "2.1", "id": "file--c5b339b7-0269-5a65-ba7e-8f7d1a5740a2", "hashes": { "SHA-256": "97cd91ad5e65c72e5a92be26477eb55e28fc89ecd8540ca62855effea34feefc" } }, { "type": "file", "spec_version": "2.1", "id": "file--b18345d2-a426-58b0-ace4-48aa28a3d1a9", "hashes": { "SHA-256": "38f10f41e22192c4f342632f7997e18006eead2610af94712cba3e4220f6bd36" } }, { "type": "file", "spec_version": "2.1", "id": "file--19b38e72-f91c-5238-bd8d-16e3d25706e3", "hashes": { "SHA-256": "2f0eafed073d01a909006f18136e46af5b7fb688814cbbed1dad024968d426fa" } }, { "type": "file", "spec_version": "2.1", "id": "file--4413678c-b30e-577d-915a-492f1497efc7", "hashes": { "SHA-256": "c8fe86a54d7fffc0ec89afd9b0988d69bf5b2177f23ddb5ac8940f364c03d766" } }, { "type": "file", "spec_version": "2.1", "id": "file--03c1fea3-9efe-57c1-b88f-78fac964e22b", "hashes": { "SHA-256": "9df3c0792e2a460825619999f87c0c19d34a74ca6bc4a7dfd80a64e94c68cc76" } }, { "type": "file", "spec_version": "2.1", "id": "file--6456e434-5aee-5de8-ad4d-98fe3c9d5878", "hashes": { "SHA-256": "8132130bb306fc933d5ac92d6cf45024df92c4d9ee424e6a9774fbac9432cfb4" } }, { "type": "file", "spec_version": "2.1", "id": "file--b40862dc-ff3f-5965-8615-2fa44902c918", "hashes": { "SHA-256": "f1d3ac3c111c7684868a2e95b70630221b8287c6db68776b13867bd57b495106" } }, { "type": "file", "spec_version": "2.1", "id": "file--d72a0b47-4f70-5fbb-a24b-74adae2a2043", "hashes": { "SHA-256": "972f5025f2675c20824d395271121205ce2b6e1054887845b9c28d62b989a3b6" } }, { "type": "file", "spec_version": "2.1", "id": "file--cadbfc95-215d-527b-ac39-ce14b03672fe", "hashes": { "SHA-256": "e7e5da0cdbeea894ea00db07d72da8ab2954b84867acf4a79ee612a57e8bdd49" } }, { "type": "file", "spec_version": "2.1", "id": "file--b8d41a55-72db-5dd5-b0e7-5101dfdf22b3", "hashes": { "SHA-256": "e58ba18209f8fdbfb2a04f283dc2111cbc45fd1534068f2da20fb56c3e0313f4" } }, { "type": "file", "spec_version": "2.1", "id": "file--e5c65a47-cce3-5562-9e6c-8f542f9c373d", "hashes": { "SHA-256": "9df8d0da0dce17d061a870024f65f066c668c49c3b468727d6badbdd776a5880" } }, { "type": "file", "spec_version": "2.1", "id": "file--ad8a007a-b376-5f38-ab4d-6720a374ebe8", "hashes": { "SHA-256": "d0c714b71006ebb87ad3948cbe8b8d8713b7265651c7a64e619c19f5049bdf79" } }, { "type": "file", "spec_version": "2.1", "id": "file--954c8733-8865-549b-aa6d-f0243f033fcf", "hashes": { "SHA-256": "1bede88ae4cddbaa413b4940485604863cb2bb72ece110d9c9394ad377e96622" } }, { "type": "file", "spec_version": "2.1", "id": "file--37bedc08-5aaa-5bae-9144-493a9ff5b86e", "hashes": { "SHA-256": "27316a2efb0fa2be4e1ba965f948a8816df75acfe0f30b53b0aaf8624694e098" } }, { "type": "file", "spec_version": "2.1", "id": "file--44010cf6-211f-5d97-aa32-e284ffd35b42", "hashes": { "SHA-256": "47e095505fefdcd5268575186a8355bdeb8846787b95c11148aaa27c35d47dac" } }, { "type": "file", "spec_version": "2.1", "id": "file--0dbeb7b1-e32f-570b-8cb3-c645fb782900", "hashes": { "SHA-256": "2c92c6d466f33204278d586bcbb4d341bd58362f2c5c904e3164aadf63a236c2" } }, { "type": "file", "spec_version": "2.1", "id": "file--476f84b3-77cc-5df3-a34d-149f023f201b", "hashes": { "SHA-256": "4829505f75518154d01ad16d658e4f95be4446d35f10497937197714cb471e1f" } }, { "type": "file", "spec_version": "2.1", "id": "file--9498f3ee-72fd-5278-ace6-91f300a3c94d", "hashes": { "SHA-256": "f6972b49f717274862cbef73bd91554726f1e0cae61ed72c5b6acda43c8aa128" } }, { "type": "file", "spec_version": "2.1", "id": "file--2ab4bf92-b98e-5235-972e-e0bfffdef259", "hashes": { "SHA-256": "29cfacedeec7112df7ac4796484afdd0507536d4377233d5580234b065f75b56" } }, { "type": "file", "spec_version": "2.1", "id": "file--19629ba0-5c56-5951-9ffc-c7cb65887e52", "hashes": { "SHA-256": "c635f3d808953584614e5128e9039f7644ad51cd903e32015f1cfdbaafea122d" } }, { "type": "file", "spec_version": "2.1", "id": "file--e235a54a-0df2-5374-b665-2d09850a41e9", "hashes": { "SHA-256": "a892d7ea50d09f209c8a31439d4c6309143d465cd88ffcf23fb557f22dac5ec6" } }, { "type": "file", "spec_version": "2.1", "id": "file--de240e20-1c15-5bdc-9bfd-d7f532be8c58", "hashes": { "SHA-256": "6bf4e5e3f377c4ba6efabe2cb003479369e7347bf15d7de139b40bb259ad69ff" } }, { "type": "file", "spec_version": "2.1", "id": "file--3dc6926b-ef3a-5bb1-92cd-9917fb886f7f", "hashes": { "SHA-256": "57abe6de4ecf88da092f22966d0caeda8266dc97d8c64cfaa157d301d917e95f" } }, { "type": "file", "spec_version": "2.1", "id": "file--654dd12a-3bfa-5cbd-a982-66767c6b85d8", "hashes": { "SHA-256": "94eb05de232d361bd8fd13a2f27b14602e1b47252ca1e67d4e8a8ac4bd6b113f" } }, { "type": "file", "spec_version": "2.1", "id": "file--b88d8a7b-151f-5417-974c-92457a5f3741", "hashes": { "SHA-256": "217236a47ac38db476671b42382fe022d11665e07f42160df0f38cbb9b7e54a5" } }, { "type": "file", "spec_version": "2.1", "id": "file--125fe58c-69a1-5a43-8429-9d2557c72831", "hashes": { "SHA-256": "51ca6ee17451cd860ddf2f32ef5de86f178d15f479bfe75d256ca92c1ba0d217" } }, { "type": "file", "spec_version": "2.1", "id": "file--fa9a8807-4981-59f6-a855-38f6d244affb", "hashes": { "SHA-256": "f06598ef96511ee4e478759241d2902c1233ff46f4dca59ece6ce4f22e9be865" } }, { "type": "file", "spec_version": "2.1", "id": "file--8841b3da-2638-5dca-b055-78d0971b4f2a", "hashes": { "SHA-256": "99087c222ba3f8122fe122be1241f0aecbddfb8ecd783fd76cca99df33af4a8b" } }, { "type": "file", "spec_version": "2.1", "id": "file--c434af98-ca2b-5b91-be81-27a8f0a92116", "hashes": { "SHA-256": "8360ffe84d85ebce7082e69b05fca351796256de77430e90cd02c89487d33120" } }, { "type": "file", "spec_version": "2.1", "id": "file--fb39e1ff-e8ae-5246-87d2-7dcfdb8e2878", "hashes": { "SHA-256": "0330a32ad6cce29a15e238ae1382dc590ff7b2675eef4bdb5b2844c7228bc684" } }, { "type": "file", "spec_version": "2.1", "id": "file--259104d8-e648-567a-a84f-93f1c4c8af3d", "hashes": { "SHA-256": "664022b84b1ec4bd0bda55fc277bdc232e627be090c37c0266e2505386a5b179" } }, { "type": "file", "spec_version": "2.1", "id": "file--b79392d5-6297-5a43-95fb-f05d927a7e85", "hashes": { "SHA-256": "9f4a96af8c27371bbae17a4f270e29fc4c1b852c83b5625607d123fc0b59802a" } }, { "type": "file", "spec_version": "2.1", "id": "file--3b8f3a89-d72b-55c3-91f0-ddb6ce1443bb", "hashes": { "SHA-256": "b08d31df351d1249adcae302db3bd5aea1f5e44255d40c2203ef0a2dd37e2f65" } }, { "type": "file", "spec_version": "2.1", "id": "file--78dab4ea-a6be-5c4e-875e-0a2dce589197", "hashes": { "SHA-256": "c0323da18895064aa7b5097885d2e71457e5928bc4ae00f367a28bd40859a7f0" } }, { "type": "file", "spec_version": "2.1", "id": "file--aa6e770c-d120-5bf3-8221-0e7132bb2c53", "hashes": { "SHA-256": "dea988c96b02dbbcb36ed3edd096d9c7cf50b28feff461e16c9651fe0dd7c474" } }, { "type": "file", "spec_version": "2.1", "id": "file--8fb64655-2aaa-5706-9282-cd46af7d5eac", "hashes": { "SHA-256": "526bd8c749afe3d281da4e65ec38c96e55748227ed8193e9a20e458381c68278" } }, { "type": "file", "spec_version": "2.1", "id": "file--c16249bb-c888-5304-8ede-8e501b42368b", "hashes": { "SHA-256": "6a43ae28b6e6298b7b8f3a7a2afabfc260af20563591a416ab5a04865b5799c5" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--777322cb-c9df-5902-9b4f-527888ffc35d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.509353Z", "modified": "2026-06-14T11:56:36.509353Z", "name": "TOOLKIT_CpanelHarvester41940_KnownFiles", "indicator_types": [ "malicious-activity" ], "pattern": "/*\n Name: cPanel Harvester Toolkit \u2014 CVE-2026-41940 Operator Files\n Author: The Hunters Ledger\n Date: 2026-05-17\n Identifier: cPanel-Harvester-Toolkit-CVE-2026-41940-216.126.227.49\n Reference: https://the-hunters-ledger.com/hunting-detections/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517-detections/\n License: https://creativecommons.org/licenses/by-nc/4.0/\n*/\n\nrule TOOLKIT_CpanelHarvester41940_KnownFiles\n{\n meta:\n description = \"Detects operator-built cPanel/WHM credential harvester toolkit files associated with CVE-2026-41940 exploitation cluster at 216.126.227.49 (AS14956 RouterHosting). Matches eight highest-value toolkit components by exact SHA256 hash. All hashes are zero-hit on VirusTotal \u2014 operator-bespoke tooling with no public coverage.\"\n author = \"The Hunters Ledger\"\n date = \"2026-05-17\"\n reference = \"https://the-hunters-ledger.com/hunting-detections/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517-detections/\"\n hash_sha256_pipeline41940 = \"4b054892b4a5d7811f57562552d1ea0e8ea5bfbf705ceb71e91126482b650a47\"\n hash_sha256_livedashboard = \"16855dfbb2a8ec40ffa98c5777e598f353e84c4793a0691fa2cb26384e2c23d8\"\n hash_sha256_beastdashboard = \"0442691db9f9aa7cfdc8f04036f74b4b042dce0101325dd30f5ef4d27aa99d2e\"\n hash_sha256_whmhunter = \"96babe4f65d33dafcdb2425039012d5b2cf8c01b04d0680c5551482ccea27b64\"\n hash_sha256_genbeaastpage = \"0330a32ad6cce29a15e238ae1382dc590ff7b2675eef4bdb5b2844c7228bc684\"\n hash_sha256_massv8 = \"2c92c6d466f33204278d586bcbb4d341bd58362f2c5c904e3164aadf63a236c2\"\n hash_sha256_megahuntfast = \"c635f3d808953584614e5128e9039f7644ad51cd903e32015f1cfdbaafea122d\"\n hash_sha256_harvestwhmv2 = \"38f10f41e22192c4f342632f7997e18006eead2610af94712cba3e4220f6bd36\"\n family = \"cPanel-Harvester-Toolkit-CVE-2026-41940\"\n\n strings:\n /* pipeline-41940.sh \u2014 CVE-2026-41940 weaponization orchestrator (10219 bytes) */\n $hash_pipeline = \"4b054892b4a5d7811f57562552d1ea0e8ea5bfbf705ceb71e91126482b650a47\"\n /* live-dashboard-v10.py \u2014 Flask C2 dashboard (34294 bytes) */\n $hash_dashboard = \"16855dfbb2a8ec40ffa98c5777e598f353e84c4793a0691fa2cb26384e2c23d8\"\n /* beast-dashboard.py \u2014 alternate dashboard (14812 bytes) */\n $hash_beast_dash = \"0442691db9f9aa7cfdc8f04036f74b4b042dce0101325dd30f5ef4d27aa99d2e\"\n /* whm-hunter.py \u2014 primary WHM credential harvester (20531 bytes) */\n $hash_whmhunter = \"96babe4f65d33dafcdb2425039012d5b2cf8c01b04d0680c5551482ccea27b64\"\n /* gen-beast-page.py \u2014 phishing page generator (23650 bytes) */\n $hash_genpage = \"0330a32ad6cce29a15e238ae1382dc590ff7b2675eef4bdb5b2844c7228bc684\"\n /* mass_v8.py \u2014 mass scanner v8 (10286 bytes) */\n $hash_massv8 = \"2c92c6d466f33204278d586bcbb4d341bd58362f2c5c904e3164aadf63a236c2\"\n /* megahunt-fast.sh \u2014 mass-hunt orchestration shell (4287 bytes) */\n $hash_megahunt = \"c635f3d808953584614e5128e9039f7644ad51cd903e32015f1cfdbaafea122d\"\n /* harvest_whm_v2.py \u2014 WHM credential harvester v2 (7239 bytes) */\n $hash_harvestv2 = \"38f10f41e22192c4f342632f7997e18006eead2610af94712cba3e4220f6bd36\"\n\n /* Operator-distinctive filename strings \u2014 for filesystem scan / open-directory hunting */\n $fn_pipeline = \"pipeline-41940\" ascii wide\n $fn_live_dash = \"live-dashboard-v10\" ascii wide\n $fn_whm_hunter = \"whm-hunter\" ascii wide\n $fn_beast_dash = \"beast-dashboard\" ascii wide\n $fn_beast_page = \"gen-beast-page\" ascii wide\n $fn_megahunt = \"megahunt-fast\" ascii wide\n $fn_toolkit_dir = \"cpanel-toolkit-export\" ascii wide\n\n condition:\n /* Hash-match branch: any single hash match is definitive */\n (\n $hash_pipeline or $hash_dashboard or $hash_beast_dash or\n $hash_whmhunter or $hash_genpage or $hash_massv8 or\n $hash_megahunt or $hash_harvestv2\n )\n or\n /* Filename-string branch: at least 2 distinctive operator filenames together\n (reduces FP in case someone names a legitimate file similarly \u2014 requires 2 of 7) */\n (\n filesize < 50KB and\n 2 of ($fn_pipeline, $fn_live_dash, $fn_whm_hunter, $fn_beast_dash,\n $fn_beast_page, $fn_megahunt, $fn_toolkit_dir)\n )\n}", "pattern_type": "yara", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5453b9ff-a922-5b10-8a54-5088c34af41e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.509567Z", "modified": "2026-06-14T11:56:36.509567Z", "name": "CVE-2026-41940 cPanel WHM CRLF Auth Bypass Attempt - Null Byte in Authorization Header", "indicator_types": [ "malicious-activity" ], "pattern": "title: CVE-2026-41940 cPanel WHM CRLF Auth Bypass Attempt - Null Byte in Authorization Header\nid: 7f3a2c91-e8d4-4b5a-9c1f-3e6d7a2b0f84\nstatus: test\ndescription: >-\n Detects exploitation attempts targeting CVE-2026-41940, a CVSS 9.8 pre-authentication CRLF\n injection vulnerability in cPanel and WHM (disclosed 2026-04-28). Attackers inject null\n bytes or CRLF sequences into the Authorization Basic header to bypass session validation\n and obtain a forged cpsessXXXX WHM-root token without valid credentials. The operator\n toolkit file pipeline-41940.sh at 216.126.227.49 directly encodes this CVE.\nreferences:\n - https://the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/\n - https://nvd.nist.gov/vuln/detail/CVE-2026-41940\n - cve.2026.41940\nauthor: The Hunters Ledger\ndate: 2026/05/17\ntags:\n - attack.initial-access\n - attack.credential-access\n - cve.2026.41940\nlogsource:\n category: webserver\ndetection:\n selection_auth_null:\n cs-uri-stem|contains:\n - '/___proxy_subdomain_whm'\n - '/___proxy_subdomain_cpanel'\n selection_auth_header:\n cs-headers|re: 'Authorization:\\s*Basic\\s+[A-Za-z0-9+/=]*(%00|%0[aAdD]|\\x00|\\x0a|\\x0d)'\n condition: selection_auth_null or selection_auth_header\nfalsepositives:\n - Authorized penetration testing or security scanning tools (Burp Suite, Nuclei, Metasploit) running assessments against cPanel infrastructure\n - Security researchers probing CVE-2026-41940 in controlled environments\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b2f6571-8f96-5179-893f-7ba5b3d4ebbd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.509708Z", "modified": "2026-06-14T11:56:36.509708Z", "name": "CVE-2026-41940 cPanel WHM CRLF Auth Bypass - Expired Session Token in Authorization Header", "indicator_types": [ "malicious-activity" ], "pattern": "title: CVE-2026-41940 cPanel WHM CRLF Auth Bypass - Expired Session Token in Authorization Header\nid: a4c8e17b-3f92-4d6e-b08a-5c2d9e4f1a73\nstatus: test\ndescription: >-\n Detects the CVE-2026-41940 PoC-exact exploitation pattern where the string 'expired=1'\n is injected into the Authorization: Basic header credential portion. The cPanel/WHM CRLF\n injection vulnerability interprets this crafted token as an indication of a legitimate\n but expired session, bypassing authentication and issuing a WHM-root cpsessXXXX token.\n This indicator matches the canonical public PoC (assetnote/cpanel2shell-scanner,\n ynsmroztas/cPanelSniper) as well as the operator toolkit at 216.126.227.49.\nreferences:\n - https://the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/\n - https://nvd.nist.gov/vuln/detail/CVE-2026-41940\n - cve.2026.41940\nauthor: The Hunters Ledger\ndate: 2026/05/17\ntags:\n - attack.initial-access\n - attack.credential-access\n - cve.2026.41940\nlogsource:\n category: webserver\ndetection:\n selection_expired_token:\n cs-headers|contains: 'expired=1'\n filter_legitimate_params:\n cs-uri-query|contains: 'expired=1'\n condition: selection_expired_token and not filter_legitimate_params\nfalsepositives:\n - URL query parameters containing 'expired=1' in legitimate web applications (filtered out by condition)\n - Authorized security scanning tools probing cPanel installations\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2906fb49-3d2a-57f1-85fa-2206899289a9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.50984Z", "modified": "2026-06-14T11:56:36.50984Z", "name": "CVE-2026-41940 cPanel WHM CRLF Auth Bypass - Successful Exploitation Confirmation Response", "indicator_types": [ "malicious-activity" ], "pattern": "title: CVE-2026-41940 cPanel WHM CRLF Auth Bypass - Successful Exploitation Confirmation Response\nid: 2e8b5d9f-71a3-4c8e-a25b-6f0d3c7e9b12\nstatus: test\ndescription: >-\n Detects the server-side confirmation string 'msg_code:[expired_session]' returned by\n cPanel/WHM after a successful CVE-2026-41940 CRLF authentication bypass. This string\n appears in the HTTP response body when the injected expired-session token is accepted,\n confirming that exploitation succeeded and a forged WHM-root cpsessXXXX token was issued.\n Monitoring this response pattern catches successful exploitation after the initial attempt.\nreferences:\n - https://the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/\n - https://nvd.nist.gov/vuln/detail/CVE-2026-41940\n - cve.2026.41940\nauthor: The Hunters Ledger\ndate: 2026/05/17\ntags:\n - attack.initial-access\n - attack.credential-access\n - cve.2026.41940\nlogsource:\n category: webserver\ndetection:\n selection_success_body:\n cs-response-body|contains: 'msg_code:[expired_session]'\n condition: selection_success_body\nfalsepositives:\n - Legitimate cPanel session-expiry responses to real users (distinguish by source IP and request pattern \u2014 real users have valid sessions, attackers send forged headers)\n - Security testing in authorized cPanel lab environments\nlevel: critical", "pattern_type": "sigma", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1a3bc208-100f-5d0c-93e1-57f214f6d063", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.509967Z", "modified": "2026-06-14T11:56:36.509967Z", "name": "Operator Flask C2 Dashboard - Werkzeug 3.1.8 Banner with /login-2fa Redirect", "indicator_types": [ "malicious-activity" ], "pattern": "title: Operator Flask C2 Dashboard - Werkzeug 3.1.8 Banner with /login-2fa Redirect\nid: 5c7d1e4a-9b83-4f2c-8e67-1a3f5c8d2b90\nstatus: test\ndescription: >-\n Detects the Flask C2 dashboard operated by the CVE-2026-41940 cPanel harvester cluster\n (216.126.227.49). The server presents HTTP/Server: Werkzeug/3.1.8 Python/3.13.12 with a\n 302 redirect to /login-2fa on the initial unauthenticated request. This combination is\n the operator's live credential-harvesting command-and-control infrastructure. The Werkzeug\n development server on an internet-facing port combined with the /login-2fa custom path\n fingerprints this specific operator's deployment pattern. Use for Shodan/Censys hunting\n to identify peer C2 instances with the same deployment template.\nreferences:\n - https://the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/\nauthor: The Hunters Ledger\ndate: 2026/05/17\ntags:\n - attack.command-and-control\nlogsource:\n category: proxy\ndetection:\n selection_werkzeug_banner:\n cs-response-header-server|contains: 'Werkzeug/3.1.8'\n selection_login2fa_redirect:\n cs-response-header-location|contains: '/login-2fa'\n condition: selection_werkzeug_banner and selection_login2fa_redirect\nfalsepositives:\n - Legitimate Flask developers running Werkzeug 3.1.8 who happened to name their login route /login-2fa (extremely unlikely on internet-exposed port 8888)\n - Security researchers replicating the operator's C2 in a lab environment\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8df99916-3fc0-53ed-a654-7c0415e8a974", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.510092Z", "modified": "2026-06-14T11:56:36.510092Z", "name": "Operator Parklogic TDS - CVE-2026-41940 cPanel Harvester Affiliate ID in URL", "indicator_types": [ "malicious-activity" ], "pattern": "title: Operator Parklogic TDS - CVE-2026-41940 cPanel Harvester Affiliate ID in URL\nid: 8b2f4e9c-5d17-4a3b-b19e-7c6e2f8a4d51\nstatus: test\ndescription: >-\n Detects outbound web requests containing the Parklogic TDS affiliate account ID\n pkAId=2143526812, which is the monetization account number for the CVE-2026-41940 cPanel\n harvester operator at 216.126.227.49. This parameter appears in every URL within the\n operator's traffic distribution system (TDS) that routes users from spoof landing pages\n through to phishing destinations (Office 365, multi-brand consumer phishing). A hit\n indicates a user or system reached a URL within the operator's phishing distribution chain.\nreferences:\n - https://the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/\nauthor: The Hunters Ledger\ndate: 2026/05/17\ntags:\n - attack.initial-access\n - attack.command-and-control\nlogsource:\n category: proxy\ndetection:\n selection_tds_id:\n cs-uri-query|contains: 'pkAId=2143526812'\n condition: selection_tds_id\nfalsepositives:\n - None expected \u2014 this is a unique operator-specific account identifier in the Parklogic TDS platform\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--47066d0a-a9a6-5923-bcfb-02f222328017", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.510217Z", "modified": "2026-06-14T11:56:36.510217Z", "name": "Operator TDS Landing URL Pattern - Parklogic Source-Referer Shape with Campaign Hash", "indicator_types": [ "malicious-activity" ], "pattern": "title: Operator TDS Landing URL Pattern - Parklogic Source-Referer Shape with Campaign Hash\nid: 3d6c9a7e-2f41-4b8d-c53e-9a1b7f3e5d28\nstatus: test\ndescription: >-\n Detects the URL pattern used by the CVE-2026-41940 cPanel harvester operator's Parklogic\n TDS traffic distribution system. The shape is /?d=&a=2143526812&s=<64-hex-chars>\n where d= is the source/referrer domain, a= is the operator's Parklogic affiliate ID\n (constant: 2143526812), and s= is a per-source-domain campaign hash (64 hex characters).\n This shape routes victims from compromised or spoof landing pages through to phishing\n destinations. The 64-char hex s= parameter distinguishes operator-controlled TDS flows\n from generic Parklogic traffic.\nreferences:\n - https://the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/\nauthor: The Hunters Ledger\ndate: 2026/05/17\ntags:\n - attack.initial-access\n - attack.command-and-control\nlogsource:\n category: proxy\ndetection:\n selection_tds_shape:\n cs-uri-query|contains|all:\n - 'a=2143526812'\n - '&s='\n selection_s_param_length:\n cs-uri-query|re: '[?&]s=[a-f0-9]{64}(&|$)'\n condition: selection_tds_shape and selection_s_param_length\nfalsepositives:\n - Other Parklogic customers using the same platform with different a= values (filtered by the a=2143526812 requirement)\n - Security researchers reproducing the operator's TDS chain in testing environments\nlevel: medium", "pattern_type": "sigma", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--00ab52ba-4462-5d02-8a30-4edb78296af5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.510341Z", "modified": "2026-06-14T11:56:36.510341Z", "name": "Operator Phishing Kit Payload-Fetch URL - /f/[12-hex] Path Pattern", "indicator_types": [ "malicious-activity" ], "pattern": "title: Operator Phishing Kit Payload-Fetch URL - /f/[12-hex] Path Pattern\nid: 9e1a5f2d-4c73-4b8f-d92e-0b5a3c7f8e64\nstatus: test\ndescription: >-\n Detects access to the operator's phishing kit payload-fetch URLs which follow the\n pattern /f/<12-hex-chars> on operator-controlled Cloudflare-fronted domains. This URL\n shape was directly observed in the CVE-2026-41940 cPanel harvester campaign at\n officebyt.e56sutx.eps-soltec.cloud/f/d6aba322369c and represents the per-victim\n kit-generated token used by the gen-beast-page.py phishing page generator to serve\n individualized phishing clones. The 12-character hex token distinguishes individual\n victim sessions and is generated by the operator's toolkit infrastructure.\nreferences:\n - https://the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/\nauthor: The Hunters Ledger\ndate: 2026/05/17\ntags:\n - attack.initial-access\n - attack.command-and-control\nlogsource:\n category: proxy\ndetection:\n selection_payload_path:\n cs-uri-stem|re: '^/f/[a-f0-9]{12}$'\n selection_operator_domains:\n cs-host|contains:\n - 'eps-soltec.cloud'\n - 'tesaco.sbs'\n - 'checkwithsec.online'\n - 'pernex.online'\n - 'supportsite.info'\n - 'adorarama.com'\n - 'gocomper.com'\n - 'coinbase-co.cc'\n - 'receita-federal.com'\n - 'runwaylander'\n - 'mailmanagement.cfd'\n - 'kwpbby.in'\n - 'mrrbno.shop'\n condition: selection_payload_path and selection_operator_domains\nfalsepositives:\n - Legitimate web applications on these domains using /f/ file-serve paths (these domains are confirmed operator-controlled phishing infrastructure with no known legitimate use)\n - Security researchers accessing operator phishing pages for analysis\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa69daf6-8114-544c-98a1-1f8d1f301747", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.510479Z", "modified": "2026-06-14T11:56:36.510479Z", "name": "Post-CVE-2026-41940 Exploitation - Unauthorized SSH Authorized Keys Modification on cPanel Host", "indicator_types": [ "malicious-activity" ], "pattern": "title: Post-CVE-2026-41940 Exploitation - Unauthorized SSH Authorized Keys Modification on cPanel Host\nid: 6a4f8e2b-1c95-4d7a-f38d-2e9b0c6a5f17\nstatus: test\ndescription: >-\n Detects modifications to SSH authorized_keys files on Linux cPanel/WHM hosts, which is\n a documented post-exploitation persistence technique following CVE-2026-41940 CRLF auth\n bypass. After obtaining a forged WHM-root cpsessXXXX session token, the operator's\n tradecraft includes adding SSH public keys to maintain persistent access independent of\n the cPanel credential store. This rule is most actionable when correlated with prior\n CVE-2026-41940 exploitation attempts in web access logs.\nreferences:\n - https://the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/\n - https://nvd.nist.gov/vuln/detail/CVE-2026-41940\n - cve.2026.41940\nauthor: The Hunters Ledger\ndate: 2026/05/17\ntags:\n - attack.persistence\n - attack.credential-access\n - cve.2026.41940\nlogsource:\n category: file_event\n product: linux\ndetection:\n selection_ssh_keys:\n TargetFilename|endswith: '/.ssh/authorized_keys'\n filter_admin_tools:\n Image|contains:\n - '/usr/sbin/sshd'\n - '/usr/bin/ssh-copy-id'\n condition: selection_ssh_keys and not filter_admin_tools\nfalsepositives:\n - Legitimate administrator key management via ssh-copy-id or direct authorized_keys editing (use change-management correlation to exclude)\n - Automated configuration management tools (Ansible, Puppet, Chef) managing SSH keys\n - CI/CD pipeline deployment keys being rotated\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c03c7a1-6cf2-56a1-be40-9854aee5abc8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.510611Z", "modified": "2026-06-14T11:56:36.510611Z", "name": "Post-CVE-2026-41940 Exploitation - New cPanel Account Created Outside Admin Session", "indicator_types": [ "malicious-activity" ], "pattern": "title: Post-CVE-2026-41940 Exploitation - New cPanel Account Created Outside Admin Session\nid: 1b7e3f8a-5c4d-4e9b-a17c-8f2b6e4d0c39\nstatus: test\ndescription: >-\n Detects creation of new cPanel/WHM user account files in /var/cpanel/users/ which is a\n documented post-exploitation persistence and monetization action following CVE-2026-41940\n CRLF auth bypass. The attacker uses a forged WHM-root session token to provision new\n cPanel accounts for persistent access or to add email accounts for phishing infrastructure.\n The operator toolkit at 216.126.227.49 includes gen-cpanel-access.py (6070 bytes) which\n is inferred to generate cPanel access artifacts post-compromise.\nreferences:\n - https://the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/\n - https://nvd.nist.gov/vuln/detail/CVE-2026-41940\n - cve.2026.41940\nauthor: The Hunters Ledger\ndate: 2026/05/17\ntags:\n - attack.persistence\n - attack.credential-access\n - cve.2026.41940\nlogsource:\n category: file_event\n product: linux\ndetection:\n selection_cpanel_user_create:\n TargetFilename|startswith: '/var/cpanel/users/'\n EventType: 'FileCreate'\n filter_whm_admin:\n Image|contains:\n - '/usr/local/cpanel/'\n - '/usr/local/whm/'\n condition: selection_cpanel_user_create and not filter_whm_admin\nfalsepositives:\n - Legitimate new customer account creation by authorized resellers (correlate against reseller activity logs and customer signup records)\n - cPanel automated processes creating internal system accounts\n - cPanel upgrades creating new system user files\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7c015bb-5476-50cf-bda8-05019758b6af", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.510769Z", "modified": "2026-06-14T11:56:36.510769Z", "name": "THL CVE-2026-41940 cPanel WHM CRLF Auth Bypass Attempt - Control Char in Authorization Basic", "indicator_types": [ "malicious-activity" ], "pattern": "alert http any any -> any any (\n msg:\"THL CVE-2026-41940 cPanel WHM CRLF Auth Bypass Attempt - Control Char in Authorization Basic\";\n flow:established,to_server;\n content:\"Authorization|3a 20|Basic \";\n http_header;\n pcre:\"/Authorization:\\s*Basic\\s+[A-Za-z0-9+\\/=]*(?:\\x00|\\x0a|\\x0d|%00|%0a|%0d|%0A|%0D)/Hi\";\n reference:cve,2026-41940;\n reference:url,the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/;\n classtype:web-application-attack;\n sid:9100101; rev:1;\n)", "pattern_type": "suricata", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--deed8470-8b0c-5407-8443-088739132f13", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.510939Z", "modified": "2026-06-14T11:56:36.510939Z", "name": "THL CVE-2026-41940 Operator Flask C2 Dashboard - Werkzeug/3.1.8 Banner with /login-2fa Redirect", "indicator_types": [ "malicious-activity" ], "pattern": "alert http any any -> any any (\n msg:\"THL CVE-2026-41940 Operator Flask C2 Dashboard - Werkzeug/3.1.8 Banner with /login-2fa Redirect\";\n flow:established,to_client;\n http.server;\n content:\"Werkzeug/3.1.8 Python/3.13.12\";\n endswith;\n nocase;\n http_header;\n content:\"Location|3a 20|/login-2fa\";\n nocase;\n reference:url,the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/;\n classtype:trojan-activity;\n sid:9100102; rev:1;\n)", "pattern_type": "suricata", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3fd1fbd6-473d-5eeb-9a03-9dbee911a19f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.511135Z", "modified": "2026-06-14T11:56:36.511135Z", "name": "THL CVE-2026-41940 Operator Parklogic TDS Affiliate ID in Outbound Request", "indicator_types": [ "malicious-activity" ], "pattern": "alert http $HOME_NET any -> any any (\n msg:\"THL CVE-2026-41940 Operator Parklogic TDS Affiliate ID in Outbound Request\";\n flow:established,to_server;\n http.uri;\n content:\"pkAId=2143526812\";\n nocase;\n reference:url,the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/;\n classtype:social-engineering;\n sid:9100103; rev:1;\n)", "pattern_type": "suricata", "valid_from": "2026-05-17T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.511359Z", "modified": "2026-06-14T11:56:36.511359Z", "name": "Operator-built credential harvester toolkit", "is_family": true, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.51156Z", "modified": "2026-06-14T11:56:36.51156Z", "name": "Urcbadur (LOW-MODERATE operator-attribution on .181)", "is_family": true, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.51173Z", "modified": "2026-06-14T11:56:36.51173Z", "name": "Alien InfoStealer (LOW-MODERATE on .181)", "is_family": true, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.511849Z", "modified": "2026-06-14T11:56:36.511849Z", "name": "ADKP downloader (LOW-MODERATE on .181)", "is_family": true, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--32c62850-84cf-5541-83c6-89525bcae1e7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.511985Z", "modified": "2026-06-14T11:56:36.511985Z", "name": "CVE-2026-41940 weaponization orchestrator", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--deab939d-0a36-554d-b964-127ac64c3a17", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.512109Z", "modified": "2026-06-14T11:56:36.512109Z", "name": "Operator main Flask C2 dashboard", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--8dca8286-6b6e-5b73-ba5b-77f83e5b85c5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.512218Z", "modified": "2026-06-14T11:56:36.512218Z", "name": "Earlier or alternate dashboard variant", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--8a622e9d-cd2d-5aea-94f9-ff25ae23a8eb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.512331Z", "modified": "2026-06-14T11:56:36.512331Z", "name": "Dashboard hotfix utility", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--ed690641-45a9-57e6-b706-51e0723ae92c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.512462Z", "modified": "2026-06-14T11:56:36.512462Z", "name": "Notification dispatcher", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--18ad69ab-557d-5cfd-b9af-0ed91ca5a64f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.512582Z", "modified": "2026-06-14T11:56:36.512582Z", "name": "Primary WHM credential harvester", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--bcd329be-f4ec-5130-a460-b16f33590ebb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.512695Z", "modified": "2026-06-14T11:56:36.512695Z", "name": "WHM credential harvester v1", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--3e7ace09-7206-55b8-affe-a65f9051f530", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.512801Z", "modified": "2026-06-14T11:56:36.512801Z", "name": "WHM credential harvester v2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--8fc029e1-bcda-56d4-be44-7f777fd64263", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.512913Z", "modified": "2026-06-14T11:56:36.512913Z", "name": "Generic credential harvester v3", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--212af0dc-6cd0-5a44-8f21-50450f62c104", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.513015Z", "modified": "2026-06-14T11:56:36.513015Z", "name": "cPanel high-throughput aggressive variant", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--5f9dbdbe-e53b-5636-937e-bbccfccb5d95", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.513118Z", "modified": "2026-06-14T11:56:36.513118Z", "name": "cPanel scan wrapper", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--e785b088-d38a-5c24-9da3-b89885517496", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.513227Z", "modified": "2026-06-14T11:56:36.513227Z", "name": "Plesk control-panel scanner", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--14adc7d0-bb3e-59be-ae72-4b90a0028122", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.51334Z", "modified": "2026-06-14T11:56:36.51334Z", "name": "DirectAdmin Webmail scanner", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--aeae1b33-b111-56d4-82b7-ad0eaff30a17", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.513454Z", "modified": "2026-06-14T11:56:36.513454Z", "name": "DirectAdmin fast-mode scanner", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--51bec880-c3d5-5373-b08b-1d6dbd130e79", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.513593Z", "modified": "2026-06-14T11:56:36.513593Z", "name": "SSH credential / banner scanner", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--28677ad3-1b66-5776-815e-4f1223d86335", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.513777Z", "modified": "2026-06-14T11:56:36.513777Z", "name": "Mass scanner v2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--9cd49410-4e6b-537d-9996-618ed2a93f1b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.513943Z", "modified": "2026-06-14T11:56:36.513943Z", "name": "Mass scanner v3", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--f4da35c3-06c8-5979-9906-931bf4e535c9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.514136Z", "modified": "2026-06-14T11:56:36.514136Z", "name": "Mass scanner v4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--0fc6a567-2eba-5d2e-873e-95dd3df4a973", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.514314Z", "modified": "2026-06-14T11:56:36.514314Z", "name": "Mass scanner v5", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--9171996c-04d4-5a0a-8fe5-39fc3fb04f33", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.51452Z", "modified": "2026-06-14T11:56:36.51452Z", "name": "Mass scanner v6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--43e0e08f-3b3d-586c-b147-2ec5bd4b8a17", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.514655Z", "modified": "2026-06-14T11:56:36.514655Z", "name": "Mass scanner v7", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--92aea28a-cb6e-56cb-9b2c-d5966d6dfa8d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.514766Z", "modified": "2026-06-14T11:56:36.514766Z", "name": "Mass scanner v8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--91aa5fda-d052-53af-abe8-9ea121496ff9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.514874Z", "modified": "2026-06-14T11:56:36.514874Z", "name": "Lighter probe variant v3", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--51cebff5-208a-5dbf-bc7f-0849b403a182", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.515Z", "modified": "2026-06-14T11:56:36.515Z", "name": "Lighter probe variant v4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--828d9d86-7b23-5fec-8c55-bbfdbb49da01", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.515113Z", "modified": "2026-06-14T11:56:36.515113Z", "name": "Wrapper around masscan SYN scanner", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--241320d2-9716-500c-a074-40473cac12ed", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.515232Z", "modified": "2026-06-14T11:56:36.515232Z", "name": "Mass-hunt orchestration bash glue", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--3e4c79e6-c27d-5d0e-922a-36b700116835", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.515349Z", "modified": "2026-06-14T11:56:36.515349Z", "name": "Multi-target scanner orchestrator", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--fb490788-7052-5895-920d-f3e9f6ddda01", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.515463Z", "modified": "2026-06-14T11:56:36.515463Z", "name": "Deeper / more thorough probing", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--42f250f2-4e7a-5cdb-84d8-1b2c8db827db", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.515566Z", "modified": "2026-06-14T11:56:36.515566Z", "name": "Long-running state-persistent / restart-safe scanner", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--5fb816c0-3278-5857-8ace-11f27a2b9460", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.515688Z", "modified": "2026-06-14T11:56:36.515688Z", "name": "Lightweight fast scanner", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--81a85062-00c8-5ada-b2ca-420fcf695016", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.515788Z", "modified": "2026-06-14T11:56:36.515788Z", "name": "Operator-patched public PoC", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--550d221f-54f6-5cf9-ae95-64bed04563dd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.515886Z", "modified": "2026-06-14T11:56:36.515886Z", "name": "Tracing utility", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--9022c575-10e7-548f-a79b-cc6fde25bec7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.515984Z", "modified": "2026-06-14T11:56:36.515984Z", "name": "Tracing utility v2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--11586296-d611-5271-99ee-0653e87f30ed", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.516081Z", "modified": "2026-06-14T11:56:36.516081Z", "name": "Auth-flow tracing", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--6e0f17e4-5129-5619-a768-addca2433910", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.516178Z", "modified": "2026-06-14T11:56:36.516178Z", "name": "Session-cookie generator / forger", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--5fe46e3c-36bb-56c1-8892-e500fcbbbc8a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.516384Z", "modified": "2026-06-14T11:56:36.516384Z", "name": "Phishing-page generator", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--095b64be-68db-55b7-a069-c6a5507febc4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.516498Z", "modified": "2026-06-14T11:56:36.516498Z", "name": "Quick login-URL/page generator", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--4822bcdb-87a9-502b-b221-980c43699884", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.516611Z", "modified": "2026-06-14T11:56:36.516611Z", "name": "Urcbadur InfoStealer via CVE-2017-0199 on 216.126.224.181 in April 2026. LOW-MODERATE operator-attribution \u2014 most likely different RouterHosting tenant after operator vacated.", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--e104770d-57d1-5f3e-ad6c-1d3daa50c61a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.51673Z", "modified": "2026-06-14T11:56:36.51673Z", "name": "Urcbadur via CVE-2017-0199; multilingual aliases include Romanian and Bulgarian variants. LOW-MODERATE operator-attribution on .181", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--ea512644-88b4-527c-95de-f7ff69abe2f2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.516867Z", "modified": "2026-06-14T11:56:36.516867Z", "name": "Alien InfoStealer via CVE-2017-0199 on .181. LOW-MODERATE operator-attribution.", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--ee672558-132d-5f09-95bd-03c54dfcd4fd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.517022Z", "modified": "2026-06-14T11:56:36.517022Z", "name": "Urcbadur via CVE-2017-0199 on .181", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--336d851c-4e86-56b6-a2a9-41edb9e22a24", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.517187Z", "modified": "2026-06-14T11:56:36.517187Z", "name": "ADKP downloader", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--5070ad4c-72db-5bbc-8ac7-d37d22a384a3", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.517349Z", "modified": "2026-06-14T11:56:36.517349Z", "name": "HTA dropper on .181", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--d81b46ce-ef63-5c04-a945-180b77ff6da7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.517517Z", "modified": "2026-06-14T11:56:36.517517Z", "name": "Acquire Infrastructure: Domains", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1583/001", "external_id": "T1583.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--01f77abf-3c19-5651-8fcf-9341ee825e47", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.517957Z", "modified": "2026-06-14T11:56:36.517957Z", "name": "Acquire Infrastructure: Server", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1583/004", "external_id": "T1583.004" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--5b0b768b-2d00-57d7-a937-e3c0ebe626dc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.518145Z", "modified": "2026-06-14T11:56:36.518145Z", "name": "Acquire Infrastructure: Malvertising", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1583/008", "external_id": "T1583.008" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.518289Z", "modified": "2026-06-14T11:56:36.518289Z", "name": "Develop Capabilities: Malware", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1587/001", "external_id": "T1587.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.518426Z", "modified": "2026-06-14T11:56:36.518426Z", "name": "Obtain Capabilities: Exploits", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1588/005", "external_id": "T1588.005" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--62bdf9f9-e2c4-5b72-929c-a912687a4418", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.518568Z", "modified": "2026-06-14T11:56:36.518568Z", "name": "Active Scanning: Scanning IP Blocks", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1595/001", "external_id": "T1595.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--4f83db55-e9f1-5071-aef3-ab98216b533a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.518715Z", "modified": "2026-06-14T11:56:36.518715Z", "name": "Active Scanning: Vulnerability Scanning", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1595/002", "external_id": "T1595.002" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.518855Z", "modified": "2026-06-14T11:56:36.518855Z", "name": "Exploit Public-Facing Application", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1190", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--856a360d-8aca-55ff-949d-fee64905d0a8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.519012Z", "modified": "2026-06-14T11:56:36.519012Z", "name": "Valid Accounts", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1078", "external_id": "T1078" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.51915Z", "modified": "2026-06-14T11:56:36.51915Z", "name": "Command and Scripting Interpreter: Python", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1059/006", "external_id": "T1059.006" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.519286Z", "modified": "2026-06-14T11:56:36.519286Z", "name": "Command and Scripting Interpreter: Unix Shell", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1059/004", "external_id": "T1059.004" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--7373eec5-e966-5e5e-8010-488ee0ec6942", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.51942Z", "modified": "2026-06-14T11:56:36.51942Z", "name": "Create Account: Local Account", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1136/001", "external_id": "T1136.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--fd8dd968-9ef8-5d44-9278-54e070789645", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.519571Z", "modified": "2026-06-14T11:56:36.519571Z", "name": "Server Software Component: Web Shell", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1505/003", "external_id": "T1505.003" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--5fe616ae-31a6-5f69-82d6-bd3747d20616", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.519709Z", "modified": "2026-06-14T11:56:36.519709Z", "name": "Account Manipulation: Device Registration", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1098/005", "external_id": "T1098.005" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.519868Z", "modified": "2026-06-14T11:56:36.519868Z", "name": "Proxy: Internal Proxy (Cloudflare fronting)", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1090/001", "external_id": "T1090.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--0876da5f-998d-56c9-bcbe-39e02e92a674", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.520022Z", "modified": "2026-06-14T11:56:36.520022Z", "name": "Acquire Infrastructure: Web Services (afraid.org FreeDNS abuse)", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1583/006", "external_id": "T1583.006" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.520173Z", "modified": "2026-06-14T11:56:36.520173Z", "name": "Obfuscated Files or Information", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1027", "external_id": "T1027" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.520321Z", "modified": "2026-06-14T11:56:36.520321Z", "name": "Execution Guardrails (TDS rickroll filter)", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1480", "external_id": "T1480" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--c7e354f8-164e-59ee-b61a-886c0fbf0163", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.520482Z", "modified": "2026-06-14T11:56:36.520482Z", "name": "Brute Force", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1110", "external_id": "T1110" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--dbdc0ff5-a0c3-52de-8a5b-d39dc834a1f9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.520637Z", "modified": "2026-06-14T11:56:36.520637Z", "name": "Brute Force: Password Spraying", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1110/003", "external_id": "T1110.003" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--90f7d8d5-4e0b-5ef7-9d27-9a8b66f273f9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.520799Z", "modified": "2026-06-14T11:56:36.520799Z", "name": "Exploitation for Credential Access (CVE-2026-41940 mechanic)", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1212", "external_id": "T1212" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--8f085a7a-7d79-590d-bc12-dc9504ef8580", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.520982Z", "modified": "2026-06-14T11:56:36.520982Z", "name": "Input Capture: Web Portal Capture", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1056/003", "external_id": "T1056.003" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--7aaed457-e65a-5fce-9e83-3b3f1fcd78ce", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.521185Z", "modified": "2026-06-14T11:56:36.521185Z", "name": "File and Directory Discovery", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1083", "external_id": "T1083" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--8ed1ed7b-e352-5aff-aed4-519d09134d5c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.521332Z", "modified": "2026-06-14T11:56:36.521332Z", "name": "Remote System Discovery", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1018", "external_id": "T1018" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.521469Z", "modified": "2026-06-14T11:56:36.521469Z", "name": "System Information Discovery", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1082", "external_id": "T1082" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.521607Z", "modified": "2026-06-14T11:56:36.521607Z", "name": "Data from Information Repositories", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1213", "external_id": "T1213" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.521754Z", "modified": "2026-06-14T11:56:36.521754Z", "name": "Application Layer Protocol: Web Protocols (Flask C2)", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1071/001", "external_id": "T1071.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--655489a2-5d78-575d-adcf-cc303e355763", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.521885Z", "modified": "2026-06-14T11:56:36.521885Z", "name": "Proxy: External Proxy (Cloudflare)", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1090/002", "external_id": "T1090.002" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--1cd60ab4-39fa-5340-8faf-bdf057228647", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.522014Z", "modified": "2026-06-14T11:56:36.522014Z", "name": "Dynamic Resolution: Domain Generation Algorithms (kit-generated subdomain tokens)", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1568/002", "external_id": "T1568.002" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.522143Z", "modified": "2026-06-14T11:56:36.522143Z", "name": "Remote Access Software (OpenClaw AI platform installed)", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1219", "external_id": "T1219" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.522272Z", "modified": "2026-06-14T11:56:36.522272Z", "name": "Exfiltration Over C2 Channel", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1041", "external_id": "T1041" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--8e773df3-b3cc-54bd-83db-4028fe946d79", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.522401Z", "modified": "2026-06-14T11:56:36.522401Z", "name": "Financial Theft", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1657", "external_id": "T1657" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "intrusion-set", "spec_version": "2.1", "id": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.522543Z", "modified": "2026-06-14T11:56:36.522543Z", "name": "UTA-2026-011", "description": "UTA-2026-011", "confidence": 87, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "infrastructure", "spec_version": "2.1", "id": "infrastructure--1f3facda-2ee5-5b55-bbc9-3fa32ac7c3e3", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.52268Z", "modified": "2026-06-14T11:56:36.52268Z", "name": "opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517 infrastructure", "infrastructure_types": [ "command-and-control", "hosting" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--e345f6a3-73b6-5129-8a42-a32282179b79", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.523258Z", "modified": "2026-06-14T11:56:36.523258Z", "name": "CVE-2017-0199", "external_references": [ { "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0199", "external_id": "CVE-2017-0199" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--a2742e4a-4311-5bc1-a0e8-374a9f3bbb50", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.523458Z", "modified": "2026-06-14T11:56:36.523458Z", "name": "CVE-2026-41940", "external_references": [ { "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41940", "external_id": "CVE-2026-41940" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0a3b3446-2685-50c1-9d1b-b0d08a39f2b8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.524716Z", "modified": "2026-06-14T11:56:36.524716Z", "relationship_type": "indicates", "source_ref": "indicator--08c1b8ac-2e83-5fae-b1d2-be70a9bf99d4", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--de0a161d-14c8-55b2-aacd-7c45993af75f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.52493Z", "modified": "2026-06-14T11:56:36.52493Z", "relationship_type": "indicates", "source_ref": "indicator--b7e4b100-be84-5725-8140-ff376eb37970", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ccd76c4c-21e3-5a96-abc2-2155710c47aa", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.525065Z", "modified": "2026-06-14T11:56:36.525065Z", "relationship_type": "indicates", "source_ref": "indicator--094176b9-77a0-56e0-a12b-197de8bc94e2", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--377ce123-f814-5cd7-b497-8c9d3223a5e4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.525184Z", "modified": "2026-06-14T11:56:36.525184Z", "relationship_type": "indicates", "source_ref": "indicator--6ab82cd0-1805-52e2-a125-0ab03f6892be", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--776eb69b-b3ad-5bb8-b207-997d3c3c9ab9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.525297Z", "modified": "2026-06-14T11:56:36.525297Z", "relationship_type": "indicates", "source_ref": "indicator--d7c0d657-0845-5ed9-b87c-cd4a867ee127", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--53869ee3-2cf6-5941-8138-260425953480", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.525405Z", "modified": "2026-06-14T11:56:36.525405Z", "relationship_type": "indicates", "source_ref": "indicator--820fc49e-c2b1-552c-9292-37c0c31c0744", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a6e3f2bf-da79-5aa2-b1f6-bcd360f59938", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.525516Z", "modified": "2026-06-14T11:56:36.525516Z", "relationship_type": "indicates", "source_ref": "indicator--e61a6f86-45c6-5f40-b649-f7d80b1b97ef", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ac430802-89dd-5993-94d2-d07206062def", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.525628Z", "modified": "2026-06-14T11:56:36.525628Z", "relationship_type": "indicates", "source_ref": "indicator--df35430c-1703-5776-88a0-315f41f5f96a", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0af9751d-9723-531f-a80e-01ccc63e1105", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.525739Z", "modified": "2026-06-14T11:56:36.525739Z", "relationship_type": "indicates", "source_ref": "indicator--85246ce1-36ab-59d7-868d-d62366b27cec", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--785f437e-0143-5dca-bd5c-2cd546fe4c21", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.525854Z", "modified": "2026-06-14T11:56:36.525854Z", "relationship_type": "indicates", "source_ref": "indicator--c353ad7d-45dd-5347-a2f0-bb331dea61ae", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c50d6d86-34ef-5e86-8d28-7ad406a1ce99", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.525967Z", "modified": "2026-06-14T11:56:36.525967Z", "relationship_type": "indicates", "source_ref": "indicator--d57fffb7-bec3-5620-8b56-d85f688a3baf", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eb740101-8232-506a-bda3-e2da9e1b5573", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.526081Z", "modified": "2026-06-14T11:56:36.526081Z", "relationship_type": "indicates", "source_ref": "indicator--ec271e13-31e3-5ea4-b8eb-19652aa80811", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c1bfdcc-70f1-508c-bcf1-beb103576a94", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.526197Z", "modified": "2026-06-14T11:56:36.526197Z", "relationship_type": "indicates", "source_ref": "indicator--36f092e1-4ae1-5bc8-bed9-64aa977301e9", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5bcfa29b-c873-5b71-8fc2-97b6f69fe798", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.526313Z", "modified": "2026-06-14T11:56:36.526313Z", "relationship_type": "indicates", "source_ref": "indicator--9119671d-1b52-5692-95b5-9e57d6165067", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2d3f85c6-c5a3-5c6a-99ad-4508408cf5b0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.526425Z", "modified": "2026-06-14T11:56:36.526425Z", "relationship_type": "indicates", "source_ref": "indicator--164998fa-9657-5f09-9c48-5369d5030e25", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--382f2120-2f04-548a-8d90-cc7b2f69d4d4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.526547Z", "modified": "2026-06-14T11:56:36.526547Z", "relationship_type": "indicates", "source_ref": "indicator--86bb51a8-8b0b-5d27-8e43-ed219c2a3bd1", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--81dea4e7-9909-514c-85e1-72a2717eeed4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.526694Z", "modified": "2026-06-14T11:56:36.526694Z", "relationship_type": "indicates", "source_ref": "indicator--6650cbc9-f8e3-59af-926b-923affe7c76d", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf6ddb92-a003-53fa-a04a-27e61ec1aa2f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.526832Z", "modified": "2026-06-14T11:56:36.526832Z", "relationship_type": "indicates", "source_ref": "indicator--0039cba3-2762-5f8e-9c6e-e0d2f417648c", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c5a6cb32-5d40-5676-b439-8d70e4215ec7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.526951Z", "modified": "2026-06-14T11:56:36.526951Z", "relationship_type": "indicates", "source_ref": "indicator--6fe0f274-e5c7-57c3-b9c4-2ca20325601d", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c6b8080c-51ca-545c-bf67-54a7a85d21b3", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.527105Z", "modified": "2026-06-14T11:56:36.527105Z", "relationship_type": "indicates", "source_ref": "indicator--0b7d47b8-7cd9-5b1f-8763-b869aa81edc4", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0afbd8a-d899-5d8a-a8eb-5dbf4ffdcefe", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.52728Z", "modified": "2026-06-14T11:56:36.52728Z", "relationship_type": "indicates", "source_ref": "indicator--e6aa7720-b2cb-564e-99d0-0bac0d8c922d", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0f7b8850-8bb7-536a-a153-2b8ff227df50", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.527411Z", "modified": "2026-06-14T11:56:36.527411Z", "relationship_type": "indicates", "source_ref": "indicator--e650a17f-3d8c-5250-80b8-e462c5bb5584", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--54d71d16-56e5-5902-9ac6-7b0333f42c68", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.527537Z", "modified": "2026-06-14T11:56:36.527537Z", "relationship_type": "indicates", "source_ref": "indicator--050aebf0-cc3e-5ee3-88ea-e2345e5cd048", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1bee6e7c-644d-5b4c-a7dd-8e952d2b147e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.527912Z", "modified": "2026-06-14T11:56:36.527912Z", "relationship_type": "indicates", "source_ref": "indicator--30d8c295-c2d3-5325-a416-81cf16df6209", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d65d71d2-addd-5e82-be3a-7a0fb0f8965e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.528026Z", "modified": "2026-06-14T11:56:36.528026Z", "relationship_type": "indicates", "source_ref": "indicator--d90dec93-1266-5d0c-a781-24ea1bec7d3c", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ebc04110-77f7-5920-8976-ecb531ddb49f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.528132Z", "modified": "2026-06-14T11:56:36.528132Z", "relationship_type": "indicates", "source_ref": "indicator--57596c9e-28d4-5ea8-9988-6311a9fab472", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--25f1fee4-f72b-54b2-967b-d57878edab02", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.528237Z", "modified": "2026-06-14T11:56:36.528237Z", "relationship_type": "indicates", "source_ref": "indicator--c3c48b66-3af7-5b41-b6ba-129514add9c0", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--855282ab-ce20-5930-9da0-6e6e854101c5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.528341Z", "modified": "2026-06-14T11:56:36.528341Z", "relationship_type": "indicates", "source_ref": "indicator--eb160ad4-e1c2-5a74-b685-e14a1ac66cd0", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a8c4014a-04b0-532b-a072-b6fd4549473e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.528448Z", "modified": "2026-06-14T11:56:36.528448Z", "relationship_type": "indicates", "source_ref": "indicator--61f6bbd4-bbf9-53e3-9cae-4d5f18103a3b", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0074088-549a-5d2c-9053-2551c610e199", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.528554Z", "modified": "2026-06-14T11:56:36.528554Z", "relationship_type": "indicates", "source_ref": "indicator--4681e435-2a16-53ca-9619-e26f3feec768", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--37bbbaa3-00c9-52e5-8d8d-81282283a643", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.528659Z", "modified": "2026-06-14T11:56:36.528659Z", "relationship_type": "indicates", "source_ref": "indicator--97ea13d2-8833-5d3f-9727-6412cc3d0fbb", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--15942174-ac2a-5749-8d35-34a6416c4950", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.528762Z", "modified": "2026-06-14T11:56:36.528762Z", "relationship_type": "indicates", "source_ref": "indicator--06c5db73-5ad1-59b4-a0e3-712f7444cc30", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--71196a05-06b4-5738-91c6-d90273bbb5d0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.528869Z", "modified": "2026-06-14T11:56:36.528869Z", "relationship_type": "indicates", "source_ref": "indicator--5fa96943-633d-51d3-a3b6-e4358b51f4e9", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3b5cad8d-8649-529d-a468-7bf6a6e22ac4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.528977Z", "modified": "2026-06-14T11:56:36.528977Z", "relationship_type": "indicates", "source_ref": "indicator--0d0e377a-69ea-5f41-8f62-9da97346c11f", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf89dc42-ef15-5502-ab87-06603ffab444", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.529228Z", "modified": "2026-06-14T11:56:36.529228Z", "relationship_type": "indicates", "source_ref": "indicator--e150f5af-6a7e-5ca8-a47e-2df986a9c744", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24be7006-bb1a-55c2-9f38-5b74923d5274", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.529479Z", "modified": "2026-06-14T11:56:36.529479Z", "relationship_type": "indicates", "source_ref": "indicator--5d2cbb90-1500-5a93-8d01-2296c71dbd6a", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4dd24fc9-0d6b-59d5-9d91-52f4b38bb20d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.529681Z", "modified": "2026-06-14T11:56:36.529681Z", "relationship_type": "indicates", "source_ref": "indicator--402683cb-6f7d-54ce-831b-27f1a9650a5c", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f0f26931-ba77-5be5-a756-e56624d3a435", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.52988Z", "modified": "2026-06-14T11:56:36.52988Z", "relationship_type": "indicates", "source_ref": "indicator--2c8228fd-a501-589b-afb6-0ec6b4487ec4", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9eb79a7-a1d5-569e-89aa-cb0baaf7bd87", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.530084Z", "modified": "2026-06-14T11:56:36.530084Z", "relationship_type": "indicates", "source_ref": "indicator--f9d792fe-dbac-5567-850d-9afed229fd1e", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2e4269f7-388a-5324-b35a-d1fe1aca7dcc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.530271Z", "modified": "2026-06-14T11:56:36.530271Z", "relationship_type": "indicates", "source_ref": "indicator--e7a5fc13-6800-5966-95b3-3c67a953872d", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e2fc61ee-112e-509f-a7d3-9a071418fc4a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.530456Z", "modified": "2026-06-14T11:56:36.530456Z", "relationship_type": "indicates", "source_ref": "indicator--0f112fbd-d52a-534f-b532-87b39f6b3391", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--646e5c18-6c02-5755-b543-d55f61a6272d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.530645Z", "modified": "2026-06-14T11:56:36.530645Z", "relationship_type": "indicates", "source_ref": "indicator--a3df6c0e-69b9-5eab-83f3-4b7fd160de30", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1cae3ba8-3eea-57bc-97d7-984e9047c359", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.530836Z", "modified": "2026-06-14T11:56:36.530836Z", "relationship_type": "indicates", "source_ref": "indicator--d1012354-b4fa-56c4-b2d4-a4d97ded3c02", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0a54606d-8f59-56ea-80f8-bd59a69c3a2e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.53106Z", "modified": "2026-06-14T11:56:36.53106Z", "relationship_type": "indicates", "source_ref": "indicator--d99b8b9a-4323-595f-82ab-5716898e7a94", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d659cfe2-b399-556e-ac0e-bbefe22a1fc8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.531266Z", "modified": "2026-06-14T11:56:36.531266Z", "relationship_type": "indicates", "source_ref": "indicator--de0faab0-20d0-5ecd-a028-bdee9d6c832c", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--35a5c623-bd82-5906-a170-e5ce62259d9c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.531463Z", "modified": "2026-06-14T11:56:36.531463Z", "relationship_type": "indicates", "source_ref": "indicator--82cec78b-2c43-53f3-a5f8-fadb3f63e33a", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d55c019-7188-54df-a881-3cdfee17a195", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.531668Z", "modified": "2026-06-14T11:56:36.531668Z", "relationship_type": "indicates", "source_ref": "indicator--8eaefa43-92db-5f06-89a3-c038182c70c4", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--92e4a119-7c26-50eb-9d52-5df0cfe1e1c7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.531873Z", "modified": "2026-06-14T11:56:36.531873Z", "relationship_type": "indicates", "source_ref": "indicator--83f6e59b-a843-599f-8f5a-ac1ce64aa57a", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4ce56d63-5b94-5fba-99b1-595da4465b79", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.532072Z", "modified": "2026-06-14T11:56:36.532072Z", "relationship_type": "indicates", "source_ref": "indicator--777322cb-c9df-5902-9b4f-527888ffc35d", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--224a3c22-3d2b-5522-aeab-4b29c40f2753", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.532261Z", "modified": "2026-06-14T11:56:36.532261Z", "relationship_type": "indicates", "source_ref": "indicator--5453b9ff-a922-5b10-8a54-5088c34af41e", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4f851517-35f5-5bd4-8de7-28cfd9d7164a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.532443Z", "modified": "2026-06-14T11:56:36.532443Z", "relationship_type": "indicates", "source_ref": "indicator--0b2f6571-8f96-5179-893f-7ba5b3d4ebbd", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a95580b6-d2f1-58da-8f50-17198dc2e383", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.532633Z", "modified": "2026-06-14T11:56:36.532633Z", "relationship_type": "indicates", "source_ref": "indicator--2906fb49-3d2a-57f1-85fa-2206899289a9", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3cb04e53-26ad-5ecd-b5ae-27349631f3ac", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.532842Z", "modified": "2026-06-14T11:56:36.532842Z", "relationship_type": "indicates", "source_ref": "indicator--1a3bc208-100f-5d0c-93e1-57f214f6d063", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--af20382e-c987-5898-b393-093231279246", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.533172Z", "modified": "2026-06-14T11:56:36.533172Z", "relationship_type": "indicates", "source_ref": "indicator--8df99916-3fc0-53ed-a654-7c0415e8a974", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f36a9ed6-b5a3-50db-b1d2-b4f3619c69e4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.533405Z", "modified": "2026-06-14T11:56:36.533405Z", "relationship_type": "indicates", "source_ref": "indicator--47066d0a-a9a6-5923-bcfb-02f222328017", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b9fce01d-9cea-50e0-a36d-3d9408575f22", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.533598Z", "modified": "2026-06-14T11:56:36.533598Z", "relationship_type": "indicates", "source_ref": "indicator--00ab52ba-4462-5d02-8a30-4edb78296af5", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0024e58-a922-54c4-9b8e-5187c569cd92", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.533731Z", "modified": "2026-06-14T11:56:36.533731Z", "relationship_type": "indicates", "source_ref": "indicator--aa69daf6-8114-544c-98a1-1f8d1f301747", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6dab9c05-b896-57c1-9e3e-d82d7b13dc53", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.53387Z", "modified": "2026-06-14T11:56:36.53387Z", "relationship_type": "indicates", "source_ref": "indicator--9c03c7a1-6cf2-56a1-be40-9854aee5abc8", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77e0a107-94ee-515f-8abf-350d4eca87df", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.534006Z", "modified": "2026-06-14T11:56:36.534006Z", "relationship_type": "indicates", "source_ref": "indicator--e7c015bb-5476-50cf-bda8-05019758b6af", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--031a0bc6-b588-5f3d-a1ae-0ce33616a0ae", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.534139Z", "modified": "2026-06-14T11:56:36.534139Z", "relationship_type": "indicates", "source_ref": "indicator--deed8470-8b0c-5407-8443-088739132f13", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9ce86648-1072-5016-aefb-bc4e692467c9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.534265Z", "modified": "2026-06-14T11:56:36.534265Z", "relationship_type": "indicates", "source_ref": "indicator--3fd1fbd6-473d-5eeb-9a03-9dbee911a19f", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ec7cbc4f-6780-57a4-9ed0-f21d675c2d40", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.534382Z", "modified": "2026-06-14T11:56:36.534382Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0df283af-baa6-5157-8f43-f35b52cbcfd2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.534506Z", "modified": "2026-06-14T11:56:36.534506Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c1aa4a1-19eb-5432-9b19-7f9c4142e657", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.534616Z", "modified": "2026-06-14T11:56:36.534616Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a32a2677-d8f9-5ac8-92cb-bcf1b3e4673d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.534781Z", "modified": "2026-06-14T11:56:36.534781Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bd3377d7-e7ca-52d0-8f98-77e1061d5262", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.534916Z", "modified": "2026-06-14T11:56:36.534916Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--32c62850-84cf-5541-83c6-89525bcae1e7", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a1281572-699f-549c-a59a-7f558e7b28ee", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.535043Z", "modified": "2026-06-14T11:56:36.535043Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--deab939d-0a36-554d-b964-127ac64c3a17", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4a8455ae-239d-5c50-adfb-594ad7eeeec9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.535165Z", "modified": "2026-06-14T11:56:36.535165Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--8dca8286-6b6e-5b73-ba5b-77f83e5b85c5", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--09ccb03f-9ba6-5e56-89d5-ca4384d920ba", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.535306Z", "modified": "2026-06-14T11:56:36.535306Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--8a622e9d-cd2d-5aea-94f9-ff25ae23a8eb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--373810b4-b04e-5346-b13a-4897faec180e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.535478Z", "modified": "2026-06-14T11:56:36.535478Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--ed690641-45a9-57e6-b706-51e0723ae92c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b20286d5-93db-525e-8bf4-41a473868dfa", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.535653Z", "modified": "2026-06-14T11:56:36.535653Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--18ad69ab-557d-5cfd-b9af-0ed91ca5a64f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--429bc874-e1f7-5635-9d62-23e625ac01e1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.535818Z", "modified": "2026-06-14T11:56:36.535818Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--bcd329be-f4ec-5130-a460-b16f33590ebb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8e912b58-2d58-59e7-9431-9dc29ca54bb0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.53599Z", "modified": "2026-06-14T11:56:36.53599Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--3e7ace09-7206-55b8-affe-a65f9051f530", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7ddedd57-6b9c-59a1-b14c-9829ede0990e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.53616Z", "modified": "2026-06-14T11:56:36.53616Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--8fc029e1-bcda-56d4-be44-7f777fd64263", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--95c099c0-235c-509b-a816-37b17d971672", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.536338Z", "modified": "2026-06-14T11:56:36.536338Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--212af0dc-6cd0-5a44-8f21-50450f62c104", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ec4c6724-04cd-5cc4-9e2c-43fb52c6702d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.536505Z", "modified": "2026-06-14T11:56:36.536505Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--5f9dbdbe-e53b-5636-937e-bbccfccb5d95", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--03b3367a-6a0d-5c45-83ec-1163b55e292f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.536697Z", "modified": "2026-06-14T11:56:36.536697Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--e785b088-d38a-5c24-9da3-b89885517496", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2a6a8e42-815c-54ab-acea-4d1688093780", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.536882Z", "modified": "2026-06-14T11:56:36.536882Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--14adc7d0-bb3e-59be-ae72-4b90a0028122", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--228e030f-e4f1-5def-90ac-07362c3b652e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.537079Z", "modified": "2026-06-14T11:56:36.537079Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--aeae1b33-b111-56d4-82b7-ad0eaff30a17", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3e009be3-e895-5157-872b-86617c610452", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.537247Z", "modified": "2026-06-14T11:56:36.537247Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--51bec880-c3d5-5373-b08b-1d6dbd130e79", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--49269c7f-af47-5077-b54c-ce07e9a4d04b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.53741Z", "modified": "2026-06-14T11:56:36.53741Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--28677ad3-1b66-5776-815e-4f1223d86335", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--08c6b15b-d1d5-502e-a159-c30363e08cc0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.537572Z", "modified": "2026-06-14T11:56:36.537572Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--9cd49410-4e6b-537d-9996-618ed2a93f1b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eabae2e7-fa29-59d4-a1f4-80267f3c64d7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.53774Z", "modified": "2026-06-14T11:56:36.53774Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--f4da35c3-06c8-5979-9906-931bf4e535c9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fb3a595e-3784-55ca-b2de-8220094f36e7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.537905Z", "modified": "2026-06-14T11:56:36.537905Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--0fc6a567-2eba-5d2e-873e-95dd3df4a973", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--31cb0737-d8e4-58d1-8dfd-914c6159dcd6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.538059Z", "modified": "2026-06-14T11:56:36.538059Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--9171996c-04d4-5a0a-8fe5-39fc3fb04f33", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--23c4c81b-744b-5320-a829-36765ced9173", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.538171Z", "modified": "2026-06-14T11:56:36.538171Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--43e0e08f-3b3d-586c-b147-2ec5bd4b8a17", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0f2b4ca6-d4bd-5e95-89da-050363b90557", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.538277Z", "modified": "2026-06-14T11:56:36.538277Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--92aea28a-cb6e-56cb-9b2c-d5966d6dfa8d", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--220fe336-6ac1-576e-86f1-8798ef4c1391", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.538388Z", "modified": "2026-06-14T11:56:36.538388Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--91aa5fda-d052-53af-abe8-9ea121496ff9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--87001263-0c9e-509d-a25c-261014f1d587", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.538509Z", "modified": "2026-06-14T11:56:36.538509Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--51cebff5-208a-5dbf-bc7f-0849b403a182", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--540c6413-388e-5ff8-8552-bd6a5894caba", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.538623Z", "modified": "2026-06-14T11:56:36.538623Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--828d9d86-7b23-5fec-8c55-bbfdbb49da01", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--62efd482-6b82-5953-ba73-8354e2d85669", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.538732Z", "modified": "2026-06-14T11:56:36.538732Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--241320d2-9716-500c-a074-40473cac12ed", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a3d4ee1b-032e-56a4-9e33-fbc844ef5cec", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.538861Z", "modified": "2026-06-14T11:56:36.538861Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--3e4c79e6-c27d-5d0e-922a-36b700116835", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0222a98c-1a41-5f4d-a654-3f444c36d625", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.539007Z", "modified": "2026-06-14T11:56:36.539007Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--fb490788-7052-5895-920d-f3e9f6ddda01", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3ebcde0b-af37-5231-a54e-87216e2d6bf1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.539133Z", "modified": "2026-06-14T11:56:36.539133Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--42f250f2-4e7a-5cdb-84d8-1b2c8db827db", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b6fc1ee2-d500-5788-accd-9fe7d65700f6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.539294Z", "modified": "2026-06-14T11:56:36.539294Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--5fb816c0-3278-5857-8ace-11f27a2b9460", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c0ec22f-9db0-5d3d-a9ce-25706697ea51", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.539473Z", "modified": "2026-06-14T11:56:36.539473Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--81a85062-00c8-5ada-b2ca-420fcf695016", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a50578b5-7a19-5198-afb0-8dcd902e42eb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.539604Z", "modified": "2026-06-14T11:56:36.539604Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--550d221f-54f6-5cf9-ae95-64bed04563dd", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--92104e1a-11fc-595e-ab39-48089277e5cf", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.539739Z", "modified": "2026-06-14T11:56:36.539739Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--9022c575-10e7-548f-a79b-cc6fde25bec7", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--941c25fb-da6a-5070-a0b7-ea183b831af1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.539857Z", "modified": "2026-06-14T11:56:36.539857Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--11586296-d611-5271-99ee-0653e87f30ed", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--da94c054-22a3-5242-927f-e36ea40fc644", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.539993Z", "modified": "2026-06-14T11:56:36.539993Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--6e0f17e4-5129-5619-a768-addca2433910", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--95430877-747b-516e-9cf1-06306128bdb8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.540109Z", "modified": "2026-06-14T11:56:36.540109Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--5fe46e3c-36bb-56c1-8892-e500fcbbbc8a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2eb8372b-ac76-5655-b68e-bcd3c0243aa2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.540219Z", "modified": "2026-06-14T11:56:36.540219Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--095b64be-68db-55b7-a069-c6a5507febc4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4f894dbc-4c0b-55b3-a389-7c67d06d6a61", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.540325Z", "modified": "2026-06-14T11:56:36.540325Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--4822bcdb-87a9-502b-b221-980c43699884", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b60b3401-e6e9-5b8a-ba92-18ca75197067", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.54043Z", "modified": "2026-06-14T11:56:36.54043Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--e104770d-57d1-5f3e-ad6c-1d3daa50c61a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3041d675-e27e-5741-8b97-6370e3dbdcfa", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.540542Z", "modified": "2026-06-14T11:56:36.540542Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--ea512644-88b4-527c-95de-f7ff69abe2f2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e2b51f1a-6d8d-59cc-ac27-710c6e5b3acb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.540647Z", "modified": "2026-06-14T11:56:36.540647Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--ee672558-132d-5f09-95bd-03c54dfcd4fd", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--67b6b2dc-61ff-5fd6-b55e-c5ae8b4f5811", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.54081Z", "modified": "2026-06-14T11:56:36.54081Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--336d851c-4e86-56b6-a2a9-41edb9e22a24", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c029db4a-4910-5584-808e-43c376c64120", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.540985Z", "modified": "2026-06-14T11:56:36.540985Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "tool--5070ad4c-72db-5bbc-8ac7-d37d22a384a3", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--371c1fdc-9484-5b3d-979c-57254882478e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.541114Z", "modified": "2026-06-14T11:56:36.541114Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--d81b46ce-ef63-5c04-a945-180b77ff6da7", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c1113fc6-c9dd-5ef1-8f34-a804cfc71424", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.541246Z", "modified": "2026-06-14T11:56:36.541246Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--01f77abf-3c19-5651-8fcf-9341ee825e47", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c08a90b3-c2f1-5a21-8aa7-87a2ced73909", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.541358Z", "modified": "2026-06-14T11:56:36.541358Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--5b0b768b-2d00-57d7-a937-e3c0ebe626dc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a5450efe-7069-5d2b-8c9e-51ca9f8f81b6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.541467Z", "modified": "2026-06-14T11:56:36.541467Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--584ca769-97ff-51b5-8eed-ea21edee42f2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.541582Z", "modified": "2026-06-14T11:56:36.541582Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cef454a2-17b0-539c-a770-3027ade8ae8f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.541689Z", "modified": "2026-06-14T11:56:36.541689Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--62bdf9f9-e2c4-5b72-929c-a912687a4418", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0c8a973-4335-5525-8842-0f66f1b8aa7e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.541797Z", "modified": "2026-06-14T11:56:36.541797Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--4f83db55-e9f1-5071-aef3-ab98216b533a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c18970a-54ea-5ec2-9c8f-338c1c2a9bd5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.541904Z", "modified": "2026-06-14T11:56:36.541904Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c9a1a791-3dea-51de-acb3-53228314ca01", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.542021Z", "modified": "2026-06-14T11:56:36.542021Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--856a360d-8aca-55ff-949d-fee64905d0a8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--73d1ecf4-0ab7-5a87-a1d7-6fd73cbc837f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.54214Z", "modified": "2026-06-14T11:56:36.54214Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e5f6dc93-d7d9-5d4f-8a62-8bafe49e02e7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.542253Z", "modified": "2026-06-14T11:56:36.542253Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5c250f82-941d-535c-bd81-316f303eea57", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.54236Z", "modified": "2026-06-14T11:56:36.54236Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--7373eec5-e966-5e5e-8010-488ee0ec6942", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--06e76b2b-d07c-55bd-8058-1636bc715b2d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.542486Z", "modified": "2026-06-14T11:56:36.542486Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--fd8dd968-9ef8-5d44-9278-54e070789645", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--44c4e371-1219-5544-8d96-e8436b156894", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.542609Z", "modified": "2026-06-14T11:56:36.542609Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--5fe616ae-31a6-5f69-82d6-bd3747d20616", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--640b88ac-b6cf-53fa-8ce8-630dd1976d03", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.542729Z", "modified": "2026-06-14T11:56:36.542729Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a7870df5-44fa-5508-8753-b20ef7978131", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.542851Z", "modified": "2026-06-14T11:56:36.542851Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--0876da5f-998d-56c9-bcbe-39e02e92a674", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fe893e58-9d4d-5529-a853-65eca3ad83aa", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.542978Z", "modified": "2026-06-14T11:56:36.542978Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d191cf11-de66-5762-8d18-d6c3ff7c40e4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.54312Z", "modified": "2026-06-14T11:56:36.54312Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--158cd13b-9b1d-5a89-8d15-437b17ba066e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.543237Z", "modified": "2026-06-14T11:56:36.543237Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--c7e354f8-164e-59ee-b61a-886c0fbf0163", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--636e23f0-0232-51d1-ae8e-093c9ac55402", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.543361Z", "modified": "2026-06-14T11:56:36.543361Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--dbdc0ff5-a0c3-52de-8a5b-d39dc834a1f9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--99083539-91f1-57e5-91bd-0d16d2e56c51", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.543474Z", "modified": "2026-06-14T11:56:36.543474Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--90f7d8d5-4e0b-5ef7-9d27-9a8b66f273f9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--480a92db-ad80-53b8-9c08-2e9b562b64ce", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.543592Z", "modified": "2026-06-14T11:56:36.543592Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--8f085a7a-7d79-590d-bc12-dc9504ef8580", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aa1945cc-a32a-526a-8739-572314ae9237", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.543707Z", "modified": "2026-06-14T11:56:36.543707Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--7aaed457-e65a-5fce-9e83-3b3f1fcd78ce", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ee4dce56-abbe-5d72-b1bb-544ed7d5e8d8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.543821Z", "modified": "2026-06-14T11:56:36.543821Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--8ed1ed7b-e352-5aff-aed4-519d09134d5c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c856f37-39e9-577f-8b1e-ec2b2718e51b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.543936Z", "modified": "2026-06-14T11:56:36.543936Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4c8916d6-5669-5dcf-bc6f-c635780298e7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.544054Z", "modified": "2026-06-14T11:56:36.544054Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--83a47b8e-dcfc-5e3c-a861-e6cf71a4e454", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.544182Z", "modified": "2026-06-14T11:56:36.544182Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0e1fb627-0865-58cb-89e0-98846f7b7cf9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.544314Z", "modified": "2026-06-14T11:56:36.544314Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--655489a2-5d78-575d-adcf-cc303e355763", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8fd805f9-0d8f-541e-b278-2acd52494d28", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.544446Z", "modified": "2026-06-14T11:56:36.544446Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--1cd60ab4-39fa-5340-8faf-bdf057228647", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--67f5f88a-f01e-5590-b008-89f241e2ed1c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.544585Z", "modified": "2026-06-14T11:56:36.544585Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b56803c8-8311-5739-9784-8112654e218b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.5447Z", "modified": "2026-06-14T11:56:36.5447Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--86770f6c-ab30-58b7-9891-5c841d20a94e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.544819Z", "modified": "2026-06-14T11:56:36.544819Z", "relationship_type": "uses", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "attack-pattern--8e773df3-b3cc-54bd-83db-4028fe946d79", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0d834923-335d-5fe0-8c39-5874f2e372e2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.545023Z", "modified": "2026-06-14T11:56:36.545023Z", "relationship_type": "hosts", "source_ref": "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "target_ref": "infrastructure--1f3facda-2ee5-5b55-bbc9-3fa32ac7c3e3", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--522c623f-e153-520b-b900-8eb2787d9a1a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.545166Z", "modified": "2026-06-14T11:56:36.545166Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--d81b46ce-ef63-5c04-a945-180b77ff6da7", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ba2db72a-1109-5054-9011-d0aa194eb3b1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.545339Z", "modified": "2026-06-14T11:56:36.545339Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--01f77abf-3c19-5651-8fcf-9341ee825e47", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--07fb59a3-687a-5b75-b78b-119193ae4180", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.545452Z", "modified": "2026-06-14T11:56:36.545452Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--5b0b768b-2d00-57d7-a937-e3c0ebe626dc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--326a3dbb-c1a7-5e9a-9f7d-9b8081da273b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.545579Z", "modified": "2026-06-14T11:56:36.545579Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e659c0d5-09ef-5b77-9a8e-88e49d8cec58", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.545708Z", "modified": "2026-06-14T11:56:36.545708Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f3655187-4945-5026-a250-a135ca5cb143", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.545821Z", "modified": "2026-06-14T11:56:36.545821Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--62bdf9f9-e2c4-5b72-929c-a912687a4418", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a6f5b7aa-0e0a-506e-89c7-cdb5f4fa2b6b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.545933Z", "modified": "2026-06-14T11:56:36.545933Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--4f83db55-e9f1-5071-aef3-ab98216b533a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--98d17ee9-4790-5c18-bd2c-edc2dca4669f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.546059Z", "modified": "2026-06-14T11:56:36.546059Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e232daef-b0ce-5c56-a2c7-1db3ffea99a6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.546168Z", "modified": "2026-06-14T11:56:36.546168Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--856a360d-8aca-55ff-949d-fee64905d0a8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b24e2cd5-c9b2-506c-97f8-b2ed62d581bd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.546274Z", "modified": "2026-06-14T11:56:36.546274Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0f20f03a-09b2-5af2-8b76-638986f36350", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.546379Z", "modified": "2026-06-14T11:56:36.546379Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--95d43a3d-ad26-535e-b4e0-1d2924b56d83", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.546488Z", "modified": "2026-06-14T11:56:36.546488Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--7373eec5-e966-5e5e-8010-488ee0ec6942", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9d0a5a56-4c54-5ece-9ba1-9b26e61ba4f2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.546593Z", "modified": "2026-06-14T11:56:36.546593Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--fd8dd968-9ef8-5d44-9278-54e070789645", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b71c411f-11fa-5076-86b7-b8bf23bd5574", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.546695Z", "modified": "2026-06-14T11:56:36.546695Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--5fe616ae-31a6-5f69-82d6-bd3747d20616", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7325c5e-ed0f-5747-80f1-e7891c466be5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.546854Z", "modified": "2026-06-14T11:56:36.546854Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0d945a9e-a5d2-5471-8cf0-e07a2b1514b0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.547003Z", "modified": "2026-06-14T11:56:36.547003Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--0876da5f-998d-56c9-bcbe-39e02e92a674", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a44bcc80-08a4-5a44-8a35-c722bf10d4f0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.54711Z", "modified": "2026-06-14T11:56:36.54711Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7473a22f-11b0-5c47-91a9-f6807f6c10c7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.547232Z", "modified": "2026-06-14T11:56:36.547232Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c07bf003-05af-5295-a4c0-4c86a0f01a43", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.547342Z", "modified": "2026-06-14T11:56:36.547342Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--c7e354f8-164e-59ee-b61a-886c0fbf0163", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77dd3b7c-4f11-5fcb-9663-dcfd6e99852a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.547452Z", "modified": "2026-06-14T11:56:36.547452Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--dbdc0ff5-a0c3-52de-8a5b-d39dc834a1f9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cfa9bf22-4fe0-5484-a646-540ec80b235b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.547572Z", "modified": "2026-06-14T11:56:36.547572Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--90f7d8d5-4e0b-5ef7-9d27-9a8b66f273f9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7fe687ab-8b90-517c-a7a7-b0fb33c9b2a2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.547681Z", "modified": "2026-06-14T11:56:36.547681Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--8f085a7a-7d79-590d-bc12-dc9504ef8580", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--09e8de4c-b20a-5e1b-ba2f-5dd2c5f6dc5f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.547793Z", "modified": "2026-06-14T11:56:36.547793Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--7aaed457-e65a-5fce-9e83-3b3f1fcd78ce", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a077eaa5-fafd-5f44-a077-f03bef6c2a08", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.547901Z", "modified": "2026-06-14T11:56:36.547901Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--8ed1ed7b-e352-5aff-aed4-519d09134d5c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3bf7b0c9-a2bf-5d73-ac6a-198d7def0fcb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.548017Z", "modified": "2026-06-14T11:56:36.548017Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2961b6a2-08d8-5af2-9c42-7e48bd2d969f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.54813Z", "modified": "2026-06-14T11:56:36.54813Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a600dd5c-faab-5e10-8801-ec2ecaf7a011", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.548242Z", "modified": "2026-06-14T11:56:36.548242Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e32d9263-92bb-5f68-9e43-9f67188fce41", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.548356Z", "modified": "2026-06-14T11:56:36.548356Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--655489a2-5d78-575d-adcf-cc303e355763", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a99f1521-6732-5a33-a038-eeed3c51d632", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.548603Z", "modified": "2026-06-14T11:56:36.548603Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--1cd60ab4-39fa-5340-8faf-bdf057228647", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3c47cf0d-a2fa-50b9-8c2e-371322d8d951", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.548849Z", "modified": "2026-06-14T11:56:36.548849Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4d854b12-ef63-5659-b3d6-f4d7d5c4169b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.549032Z", "modified": "2026-06-14T11:56:36.549032Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8d79f979-cea3-5369-969d-8c1ee9500a93", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.549196Z", "modified": "2026-06-14T11:56:36.549196Z", "relationship_type": "uses", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "attack-pattern--8e773df3-b3cc-54bd-83db-4028fe946d79", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b19beaaa-17ef-55ae-8008-7241e45b65d8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.549321Z", "modified": "2026-06-14T11:56:36.549321Z", "relationship_type": "communicates-with", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "infrastructure--1f3facda-2ee5-5b55-bbc9-3fa32ac7c3e3", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4c99621d-079b-5e10-b2d0-2fd18e142540", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.549435Z", "modified": "2026-06-14T11:56:36.549435Z", "relationship_type": "exploits", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "vulnerability--e345f6a3-73b6-5129-8a42-a32282179b79", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--285569ce-f9ce-5870-a920-918194cbaba6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.549547Z", "modified": "2026-06-14T11:56:36.549547Z", "relationship_type": "exploits", "source_ref": "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "target_ref": "vulnerability--a2742e4a-4311-5bc1-a0e8-374a9f3bbb50", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--783ff0df-0f2b-5e8e-8e49-420b0b319d86", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.54966Z", "modified": "2026-06-14T11:56:36.54966Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--d81b46ce-ef63-5c04-a945-180b77ff6da7", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8f1e64ca-7bc2-549a-8965-27ff149c2bd6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.549775Z", "modified": "2026-06-14T11:56:36.549775Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--01f77abf-3c19-5651-8fcf-9341ee825e47", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--619725fb-da8d-5d3c-9838-9995f985fdcc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.549889Z", "modified": "2026-06-14T11:56:36.549889Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--5b0b768b-2d00-57d7-a937-e3c0ebe626dc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d6db6ac7-ed7c-5c34-8d60-7d7ae709e49e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.550001Z", "modified": "2026-06-14T11:56:36.550001Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5497b021-05d7-578d-8c5e-0114b645f8e1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.550125Z", "modified": "2026-06-14T11:56:36.550125Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--97efcbb2-c378-57fc-84ce-3d0790752bb7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.550287Z", "modified": "2026-06-14T11:56:36.550287Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--62bdf9f9-e2c4-5b72-929c-a912687a4418", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--389aa717-fe65-576b-bcef-e75edf75170d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.55042Z", "modified": "2026-06-14T11:56:36.55042Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--4f83db55-e9f1-5071-aef3-ab98216b533a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--13d3d049-3360-55b7-b825-3abb82ee78e5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.550538Z", "modified": "2026-06-14T11:56:36.550538Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0cf82313-5c0d-5441-9ba2-1197d9d81066", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.550667Z", "modified": "2026-06-14T11:56:36.550667Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--856a360d-8aca-55ff-949d-fee64905d0a8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--411719fb-ef5f-5ba7-aed1-8cb2fde16ef4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.550799Z", "modified": "2026-06-14T11:56:36.550799Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--12dcd7c8-86bb-5a8b-b4ce-a9801fafa918", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.550931Z", "modified": "2026-06-14T11:56:36.550931Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c432baba-0d5e-5d46-9224-e2729043a09f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.551126Z", "modified": "2026-06-14T11:56:36.551126Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--7373eec5-e966-5e5e-8010-488ee0ec6942", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ff868ff6-5be5-5eb0-9787-718f61e84c8b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.55131Z", "modified": "2026-06-14T11:56:36.55131Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--fd8dd968-9ef8-5d44-9278-54e070789645", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--094f01b3-f194-54b7-bcdb-38669e3d1d43", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.551519Z", "modified": "2026-06-14T11:56:36.551519Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--5fe616ae-31a6-5f69-82d6-bd3747d20616", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f8dea9a9-231e-5b37-981f-7d0dc6c166d1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.551707Z", "modified": "2026-06-14T11:56:36.551707Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a60dfe1-aafd-550e-a66b-7f8b8d5ebe4e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.551867Z", "modified": "2026-06-14T11:56:36.551867Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--0876da5f-998d-56c9-bcbe-39e02e92a674", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0974a743-69ac-56e8-9948-39cc893f4e5f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.552005Z", "modified": "2026-06-14T11:56:36.552005Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ca91cdfb-7b61-5800-be65-b30f0989d617", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.55211Z", "modified": "2026-06-14T11:56:36.55211Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6a966f35-27c3-5a54-a664-a4cb969aeaa0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.552212Z", "modified": "2026-06-14T11:56:36.552212Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--c7e354f8-164e-59ee-b61a-886c0fbf0163", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cb4c2700-aef8-59d6-8305-b4386c1c473e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.552327Z", "modified": "2026-06-14T11:56:36.552327Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--dbdc0ff5-a0c3-52de-8a5b-d39dc834a1f9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a1738ced-8f23-50bd-8bde-013e4da079a0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.552433Z", "modified": "2026-06-14T11:56:36.552433Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--90f7d8d5-4e0b-5ef7-9d27-9a8b66f273f9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--99e5d287-ce78-593a-a3b6-68aa40e2c459", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.552538Z", "modified": "2026-06-14T11:56:36.552538Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--8f085a7a-7d79-590d-bc12-dc9504ef8580", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--45f78515-d498-5b3c-999d-e8246b600613", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.552642Z", "modified": "2026-06-14T11:56:36.552642Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--7aaed457-e65a-5fce-9e83-3b3f1fcd78ce", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--65563e21-d0a3-55a9-b149-b2f10e3fc27d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.552747Z", "modified": "2026-06-14T11:56:36.552747Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--8ed1ed7b-e352-5aff-aed4-519d09134d5c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4d22b464-de95-5cc2-82c6-4ee05dbac694", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.552851Z", "modified": "2026-06-14T11:56:36.552851Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dfd60265-71fe-5f80-ae62-c7f1be17342c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.552962Z", "modified": "2026-06-14T11:56:36.552962Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0f7f1bbb-f8ed-5aeb-97fe-435db6fe398a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.553068Z", "modified": "2026-06-14T11:56:36.553068Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9ac05745-4510-5261-b504-c1fdd1edef8d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.55319Z", "modified": "2026-06-14T11:56:36.55319Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--655489a2-5d78-575d-adcf-cc303e355763", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4784df6c-838f-513b-90f8-fcad39bff7be", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.553299Z", "modified": "2026-06-14T11:56:36.553299Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--1cd60ab4-39fa-5340-8faf-bdf057228647", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b7a33976-d0ed-5d39-b878-3caee1c07bf1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.553415Z", "modified": "2026-06-14T11:56:36.553415Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--21ab950e-a6ac-53d0-aa1d-014d32b671f9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.553531Z", "modified": "2026-06-14T11:56:36.553531Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e5e1ed43-1ce2-5922-864d-0d37cb9db4c1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.55365Z", "modified": "2026-06-14T11:56:36.55365Z", "relationship_type": "uses", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "attack-pattern--8e773df3-b3cc-54bd-83db-4028fe946d79", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6d7ca651-f70a-5b97-be0f-962fad061f46", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.553776Z", "modified": "2026-06-14T11:56:36.553776Z", "relationship_type": "communicates-with", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "infrastructure--1f3facda-2ee5-5b55-bbc9-3fa32ac7c3e3", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--240ba755-69e8-59a8-a76d-b9370ced7ac8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.5539Z", "modified": "2026-06-14T11:56:36.5539Z", "relationship_type": "exploits", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "vulnerability--e345f6a3-73b6-5129-8a42-a32282179b79", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3e17cfc7-bd40-5e47-8190-aa14929b915f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.554031Z", "modified": "2026-06-14T11:56:36.554031Z", "relationship_type": "exploits", "source_ref": "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "target_ref": "vulnerability--a2742e4a-4311-5bc1-a0e8-374a9f3bbb50", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ad21e4f9-659c-5859-bf95-b7b0d34603f5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.554138Z", "modified": "2026-06-14T11:56:36.554138Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--d81b46ce-ef63-5c04-a945-180b77ff6da7", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24be5329-cf90-5df3-a0ae-ed50d87a6515", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.554252Z", "modified": "2026-06-14T11:56:36.554252Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--01f77abf-3c19-5651-8fcf-9341ee825e47", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--730618b2-32bc-5f14-8e65-70c8f5d6374a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.554388Z", "modified": "2026-06-14T11:56:36.554388Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--5b0b768b-2d00-57d7-a937-e3c0ebe626dc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b64d365-fe75-55ec-829b-0a43d0ec9fe8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.554499Z", "modified": "2026-06-14T11:56:36.554499Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d4899474-d543-5b64-8a94-212279f02580", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.554614Z", "modified": "2026-06-14T11:56:36.554614Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fdb2cfb3-92d5-5475-bb79-3c80af03d0fd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.55474Z", "modified": "2026-06-14T11:56:36.55474Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--62bdf9f9-e2c4-5b72-929c-a912687a4418", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--88a4d693-fd40-55cf-acf4-7f47abcb69fb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.554856Z", "modified": "2026-06-14T11:56:36.554856Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--4f83db55-e9f1-5071-aef3-ab98216b533a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d4f1397a-3ce6-5f6b-ba49-bec0e5502c88", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.554974Z", "modified": "2026-06-14T11:56:36.554974Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--356a7b66-ba83-5e1e-9907-e38ee552f388", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.555088Z", "modified": "2026-06-14T11:56:36.555088Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--856a360d-8aca-55ff-949d-fee64905d0a8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5b0e614c-67b5-54fa-8392-8b32e2406b1d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.555219Z", "modified": "2026-06-14T11:56:36.555219Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--30e53eeb-a8a9-522c-92b8-df59c19997dd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.555348Z", "modified": "2026-06-14T11:56:36.555348Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--566f898b-6242-5f36-97f3-7a21e607018d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.555677Z", "modified": "2026-06-14T11:56:36.555677Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--7373eec5-e966-5e5e-8010-488ee0ec6942", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2b8c7b36-766e-580e-95bb-b4eb8d0eaf9e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.555793Z", "modified": "2026-06-14T11:56:36.555793Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--fd8dd968-9ef8-5d44-9278-54e070789645", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0fb11416-270b-52f8-b2e2-cc0cdcc2d74b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.555899Z", "modified": "2026-06-14T11:56:36.555899Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--5fe616ae-31a6-5f69-82d6-bd3747d20616", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ddf0fae6-3e5c-57e3-b2f0-e66171e98685", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.556017Z", "modified": "2026-06-14T11:56:36.556017Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c8e15cb4-7ee4-5886-a2be-e87c47aef910", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.556128Z", "modified": "2026-06-14T11:56:36.556128Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--0876da5f-998d-56c9-bcbe-39e02e92a674", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c84ba751-cbde-5dd6-8e56-c2168d5b9bb1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.556231Z", "modified": "2026-06-14T11:56:36.556231Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2d10cfd9-6d9a-57b4-9bec-e8d79000197b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.556343Z", "modified": "2026-06-14T11:56:36.556343Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7d796dc8-3d8e-50c3-8697-de53361f706e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.556449Z", "modified": "2026-06-14T11:56:36.556449Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--c7e354f8-164e-59ee-b61a-886c0fbf0163", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--913be01e-9835-5d18-a346-829c34f67f12", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.556573Z", "modified": "2026-06-14T11:56:36.556573Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--dbdc0ff5-a0c3-52de-8a5b-d39dc834a1f9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--717fe848-994d-59df-9b35-eccb0d6766d6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.556693Z", "modified": "2026-06-14T11:56:36.556693Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--90f7d8d5-4e0b-5ef7-9d27-9a8b66f273f9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3502da5f-e282-5923-86c9-9cd1232e12d4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.556813Z", "modified": "2026-06-14T11:56:36.556813Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--8f085a7a-7d79-590d-bc12-dc9504ef8580", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5b029d3b-96a5-5529-b20e-df3bd04bcd28", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.556933Z", "modified": "2026-06-14T11:56:36.556933Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--7aaed457-e65a-5fce-9e83-3b3f1fcd78ce", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--239a0eaf-071e-59b4-beee-8a3830869518", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.55705Z", "modified": "2026-06-14T11:56:36.55705Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--8ed1ed7b-e352-5aff-aed4-519d09134d5c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3f426336-0f6b-54b6-9252-141631c86766", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.557174Z", "modified": "2026-06-14T11:56:36.557174Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--31a193cd-266f-5b9a-8482-2923595386d2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.557302Z", "modified": "2026-06-14T11:56:36.557302Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3c1dd2b7-884b-58fa-8e56-234501ff0c6e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.557452Z", "modified": "2026-06-14T11:56:36.557452Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7268947e-5d9c-558f-a035-06ab993031c4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.557572Z", "modified": "2026-06-14T11:56:36.557572Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--655489a2-5d78-575d-adcf-cc303e355763", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4ac22851-408e-58f3-b33b-f49dde7e6fec", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.557691Z", "modified": "2026-06-14T11:56:36.557691Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--1cd60ab4-39fa-5340-8faf-bdf057228647", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--650872bc-6738-595a-9d03-6d4ec7f2cc78", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.557805Z", "modified": "2026-06-14T11:56:36.557805Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7821039b-3225-52cf-a4e0-1063a169d6cf", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.557922Z", "modified": "2026-06-14T11:56:36.557922Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--64e16a94-b581-54db-99ce-82828427aaa2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.558041Z", "modified": "2026-06-14T11:56:36.558041Z", "relationship_type": "uses", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "attack-pattern--8e773df3-b3cc-54bd-83db-4028fe946d79", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--65d3d0c1-42c1-5476-b551-306b5b246172", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.55816Z", "modified": "2026-06-14T11:56:36.55816Z", "relationship_type": "communicates-with", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "infrastructure--1f3facda-2ee5-5b55-bbc9-3fa32ac7c3e3", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--18dd07b1-934c-5226-8ca6-2640a559146b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.558277Z", "modified": "2026-06-14T11:56:36.558277Z", "relationship_type": "exploits", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "vulnerability--e345f6a3-73b6-5129-8a42-a32282179b79", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eedcd285-d19a-5e55-ad1e-35f1c5467ee4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.558398Z", "modified": "2026-06-14T11:56:36.558398Z", "relationship_type": "exploits", "source_ref": "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "target_ref": "vulnerability--a2742e4a-4311-5bc1-a0e8-374a9f3bbb50", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aeef2f2f-d54f-50fe-af60-fa6d0485e5fd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.558504Z", "modified": "2026-06-14T11:56:36.558504Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--d81b46ce-ef63-5c04-a945-180b77ff6da7", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--68a552bc-91b8-5df1-9dd3-61a890faf6fc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.558608Z", "modified": "2026-06-14T11:56:36.558608Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--01f77abf-3c19-5651-8fcf-9341ee825e47", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8de176fb-8853-5fa0-b94b-49ea9f01f401", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.558712Z", "modified": "2026-06-14T11:56:36.558712Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--5b0b768b-2d00-57d7-a937-e3c0ebe626dc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6b10a794-16ed-5c41-8547-e6c5d07cf577", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.558814Z", "modified": "2026-06-14T11:56:36.558814Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b9c5d802-77b8-5409-82ab-3ec3e729b264", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.558916Z", "modified": "2026-06-14T11:56:36.558916Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e672ad7f-af5e-5136-827d-0b4038ead435", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.559023Z", "modified": "2026-06-14T11:56:36.559023Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--62bdf9f9-e2c4-5b72-929c-a912687a4418", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--128bb5f6-66ec-5fef-ad42-37b0afce3fa1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.559131Z", "modified": "2026-06-14T11:56:36.559131Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--4f83db55-e9f1-5071-aef3-ab98216b533a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--02b4ed1b-bf24-5f5e-bbd6-7814e9cc8b59", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.559301Z", "modified": "2026-06-14T11:56:36.559301Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eaca7f21-1b92-5b8e-b458-5d9ce7d931a4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.55949Z", "modified": "2026-06-14T11:56:36.55949Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--856a360d-8aca-55ff-949d-fee64905d0a8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c3b58a0f-595a-50bd-bd3a-24486c36ec59", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.559667Z", "modified": "2026-06-14T11:56:36.559667Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8b18e44f-ecfe-5795-913f-eb97bbc5f574", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.559842Z", "modified": "2026-06-14T11:56:36.559842Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--37e29906-eb12-506a-a908-bef4c36df380", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.559997Z", "modified": "2026-06-14T11:56:36.559997Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--7373eec5-e966-5e5e-8010-488ee0ec6942", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b52c0178-dacb-55cc-825f-bb8889958448", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.560124Z", "modified": "2026-06-14T11:56:36.560124Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--fd8dd968-9ef8-5d44-9278-54e070789645", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e7b60735-1eb5-5fd9-aa98-034c7583b5e8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.56023Z", "modified": "2026-06-14T11:56:36.56023Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--5fe616ae-31a6-5f69-82d6-bd3747d20616", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a76d1080-76dd-5fc5-9378-00bf040524b7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.560345Z", "modified": "2026-06-14T11:56:36.560345Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--370e20f0-9b4f-5a24-af5a-52430dc5800a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.560454Z", "modified": "2026-06-14T11:56:36.560454Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--0876da5f-998d-56c9-bcbe-39e02e92a674", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0e553b34-8fdb-54ce-ac86-a3c5b9c77c83", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.560566Z", "modified": "2026-06-14T11:56:36.560566Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--44503dff-8717-5526-93bb-c4b5c99bdc29", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.56068Z", "modified": "2026-06-14T11:56:36.56068Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1f994080-2a09-5970-a751-4b4a06e6a313", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.560797Z", "modified": "2026-06-14T11:56:36.560797Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--c7e354f8-164e-59ee-b61a-886c0fbf0163", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--53c9de1e-ce79-5d63-b630-55a22cb79d6e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.560924Z", "modified": "2026-06-14T11:56:36.560924Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--dbdc0ff5-a0c3-52de-8a5b-d39dc834a1f9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4767a11c-5476-5125-99c9-97a12d8d208f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.561099Z", "modified": "2026-06-14T11:56:36.561099Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--90f7d8d5-4e0b-5ef7-9d27-9a8b66f273f9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--de04e8ce-318d-5937-879f-85ca7d6cca12", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.561281Z", "modified": "2026-06-14T11:56:36.561281Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--8f085a7a-7d79-590d-bc12-dc9504ef8580", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fb4a8d38-8d8e-55a6-be00-0bf9ea63fb43", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.561455Z", "modified": "2026-06-14T11:56:36.561455Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--7aaed457-e65a-5fce-9e83-3b3f1fcd78ce", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--12df0c51-79f5-524b-9e4f-b5a8d7673cc8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.561625Z", "modified": "2026-06-14T11:56:36.561625Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--8ed1ed7b-e352-5aff-aed4-519d09134d5c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9438549f-3737-52bd-a66c-e65d797e884b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.561775Z", "modified": "2026-06-14T11:56:36.561775Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7e57ef2b-3736-5f88-aa2e-de7dba6dc75d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.561885Z", "modified": "2026-06-14T11:56:36.561885Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e381a644-5fa2-5c42-a77b-7c60700cc5c2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.561994Z", "modified": "2026-06-14T11:56:36.561994Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e69cc7d3-2056-58e6-aa47-2db4bcc12eaf", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.5621Z", "modified": "2026-06-14T11:56:36.5621Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--655489a2-5d78-575d-adcf-cc303e355763", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f3bcf842-2616-5168-8b12-24908a3cc57c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.562205Z", "modified": "2026-06-14T11:56:36.562205Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--1cd60ab4-39fa-5340-8faf-bdf057228647", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a246455a-1481-5dc3-b991-dd096012dacd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.562326Z", "modified": "2026-06-14T11:56:36.562326Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b10daccf-25c1-56fb-b9b2-54a0bad7089b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.562449Z", "modified": "2026-06-14T11:56:36.562449Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6b4f89fd-7484-5cc3-b8c5-f0c0d1281d6d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.562598Z", "modified": "2026-06-14T11:56:36.562598Z", "relationship_type": "uses", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "attack-pattern--8e773df3-b3cc-54bd-83db-4028fe946d79", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--59fc9d96-9223-551a-acae-0cdd835e2f75", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.562754Z", "modified": "2026-06-14T11:56:36.562754Z", "relationship_type": "communicates-with", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "infrastructure--1f3facda-2ee5-5b55-bbc9-3fa32ac7c3e3", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e03815b2-90c2-5178-93c4-47ad6df6c720", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.562875Z", "modified": "2026-06-14T11:56:36.562875Z", "relationship_type": "exploits", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "vulnerability--e345f6a3-73b6-5129-8a42-a32282179b79", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8735a8c1-1c1f-5b3d-8755-8f6c5caf06b2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.562999Z", "modified": "2026-06-14T11:56:36.562999Z", "relationship_type": "exploits", "source_ref": "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "target_ref": "vulnerability--a2742e4a-4311-5bc1-a0e8-374a9f3bbb50", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "report", "spec_version": "2.1", "id": "report--5270d6b2-a916-5d6d-a909-1e8f4252dc72", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-14T11:56:36.563489Z", "modified": "2026-06-14T11:56:36.563489Z", "name": "CVE-2026-41940 cPanel Harvester Toolkit \u2014 216.126.227.49", "report_types": [ "threat-report" ], "published": "2026-05-17T00:00:00Z", "object_refs": [ "ipv4-addr--39440d9f-8c09-5af9-81c6-d656524b413e", "indicator--08c1b8ac-2e83-5fae-b1d2-be70a9bf99d4", "ipv4-addr--91d62c51-5f13-5773-aa03-82a5986c120a", "indicator--b7e4b100-be84-5725-8140-ff376eb37970", "ipv4-addr--34657fd1-8b00-571f-93e4-64ac27535b40", "indicator--094176b9-77a0-56e0-a12b-197de8bc94e2", "ipv4-addr--5ede154f-68b3-5ca4-9806-704d50b5bfee", "indicator--6ab82cd0-1805-52e2-a125-0ab03f6892be", "ipv4-addr--e48c5b4d-9ca0-5d7b-93a2-54c90af1082c", "indicator--d7c0d657-0845-5ed9-b87c-cd4a867ee127", "ipv4-addr--742a1be7-0f60-53a2-9498-82c289d62d89", "indicator--820fc49e-c2b1-552c-9292-37c0c31c0744", "ipv4-addr--10b90211-5553-5edc-be00-92c38eb0b74e", "indicator--e61a6f86-45c6-5f40-b649-f7d80b1b97ef", "ipv4-addr--be3f6419-b2ae-528e-8349-1156e4fe6124", "indicator--df35430c-1703-5776-88a0-315f41f5f96a", "ipv4-addr--8fd0d63f-4f51-5daf-a349-cb2f65660ffd", "indicator--85246ce1-36ab-59d7-868d-d62366b27cec", "ipv4-addr--aa9a13f9-dd33-52da-ab7c-01666a27c336", "indicator--c353ad7d-45dd-5347-a2f0-bb331dea61ae", "ipv4-addr--cee16e0c-ac77-52b4-99b1-12c3edc9d031", "indicator--d57fffb7-bec3-5620-8b56-d85f688a3baf", "ipv4-addr--842de2e4-8bf6-5552-8bb4-bd3928a012e4", "indicator--ec271e13-31e3-5ea4-b8eb-19652aa80811", "url--a054c52e-939c-5cb5-9307-9232735d000e", "indicator--36f092e1-4ae1-5bc8-bed9-64aa977301e9", "url--d500f117-27a1-57a9-b429-19daaa00fbc3", "indicator--9119671d-1b52-5692-95b5-9e57d6165067", "url--badce799-4abf-520f-b214-f6e92dccd939", "indicator--164998fa-9657-5f09-9c48-5369d5030e25", "url--5d82fdb5-aa90-54c7-a2fe-2cb1bfd5e860", "indicator--86bb51a8-8b0b-5d27-8e43-ed219c2a3bd1", "url--bd050364-f7f3-5325-a37e-ca6324ff119f", "indicator--6650cbc9-f8e3-59af-926b-923affe7c76d", "url--6d2af35c-1cc9-5056-9b31-49adcdb5544a", "indicator--0039cba3-2762-5f8e-9c6e-e0d2f417648c", "domain-name--314da1c9-af58-5d8a-920e-44eae28a5095", "indicator--6fe0f274-e5c7-57c3-b9c4-2ca20325601d", "domain-name--fd882686-29e7-555a-a90a-02412d9834d7", "indicator--0b7d47b8-7cd9-5b1f-8763-b869aa81edc4", "domain-name--0ca179df-0dc2-57e7-8586-d98dd0e9df47", "indicator--e6aa7720-b2cb-564e-99d0-0bac0d8c922d", "domain-name--a4db3618-cf63-57c3-ad05-cfc29405272c", "indicator--e650a17f-3d8c-5250-80b8-e462c5bb5584", "domain-name--9b3bf7d6-18c4-5be6-aafa-c399226328c9", "indicator--050aebf0-cc3e-5ee3-88ea-e2345e5cd048", "domain-name--9a93d6ea-d92c-5313-ae2f-7f1a64f032ac", "indicator--30d8c295-c2d3-5325-a416-81cf16df6209", "domain-name--109378e4-6cca-5dc6-9055-434232351ed0", "indicator--d90dec93-1266-5d0c-a781-24ea1bec7d3c", "domain-name--7d012d2f-a5fe-5b3c-9ef8-057ec5de166d", "indicator--57596c9e-28d4-5ea8-9988-6311a9fab472", "domain-name--b6f246f6-db69-582f-9e1e-b024d642a6a0", "indicator--c3c48b66-3af7-5b41-b6ba-129514add9c0", "domain-name--a893c685-db6e-5011-9582-c4dbff0f9a31", "indicator--eb160ad4-e1c2-5a74-b685-e14a1ac66cd0", "domain-name--e44c588c-ab4f-510a-ac5b-fdead3decb40", "indicator--61f6bbd4-bbf9-53e3-9cae-4d5f18103a3b", "domain-name--2e12438e-3de5-5740-831f-653f584c4bab", "indicator--4681e435-2a16-53ca-9619-e26f3feec768", "domain-name--32e2fc38-fbfc-5fdc-b9aa-d5faf8bb41d2", "indicator--97ea13d2-8833-5d3f-9727-6412cc3d0fbb", "domain-name--eeae0bb1-f566-5528-8d4f-00015814efb7", "indicator--06c5db73-5ad1-59b4-a0e3-712f7444cc30", "domain-name--15a71a2f-067f-518b-af17-0629d519baad", "indicator--5fa96943-633d-51d3-a3b6-e4358b51f4e9", "domain-name--4eb5c703-fb78-57ff-96d6-87bc38885005", "indicator--0d0e377a-69ea-5f41-8f62-9da97346c11f", "domain-name--5bb3ebbd-f3cd-53fc-b79e-70dfe1406b0a", "indicator--e150f5af-6a7e-5ca8-a47e-2df986a9c744", "domain-name--bbdde2bd-d7a9-53c0-8354-c63cbb9905f2", "indicator--5d2cbb90-1500-5a93-8d01-2296c71dbd6a", "domain-name--5ea3ba5b-4575-5533-b3ca-db8beb08a1cd", "indicator--402683cb-6f7d-54ce-831b-27f1a9650a5c", "domain-name--59982a06-96f9-56fd-b095-ab670a03d807", "indicator--2c8228fd-a501-589b-afb6-0ec6b4487ec4", "domain-name--711cbcd7-1bf6-59cc-bbf6-b1e940fc1a73", "indicator--f9d792fe-dbac-5567-850d-9afed229fd1e", "domain-name--6d67f299-d4a4-54a4-8ecc-02562047bd8b", "indicator--e7a5fc13-6800-5966-95b3-3c67a953872d", "domain-name--5c7cc284-0d65-534b-bd35-2ac0220da54f", "indicator--0f112fbd-d52a-534f-b532-87b39f6b3391", "domain-name--4d7dff65-80a0-5e33-b0a4-213b82aeb003", "indicator--a3df6c0e-69b9-5eab-83f3-4b7fd160de30", "domain-name--49738c73-9d3f-57fd-a441-d1343aad518a", "indicator--d1012354-b4fa-56c4-b2d4-a4d97ded3c02", "domain-name--31a9a37b-8b1b-5e80-b97a-06e26b09d89d", "indicator--d99b8b9a-4323-595f-82ab-5716898e7a94", "domain-name--85f51f95-0c41-53e3-a7db-e960ae1cafbb", "indicator--de0faab0-20d0-5ecd-a028-bdee9d6c832c", "domain-name--c273a91e-5aaa-5b2d-9b7f-a4b25ee61310", "indicator--82cec78b-2c43-53f3-a5f8-fadb3f63e33a", "domain-name--fff560ab-4d55-5f1e-8474-3c76eb1f6928", "indicator--8eaefa43-92db-5f06-89a3-c038182c70c4", "domain-name--32e1d571-8d53-5e65-bd74-05b06fe0378b", "indicator--83f6e59b-a843-599f-8f5a-ac1ce64aa57a", "file--a21afb7f-cf76-5e79-ae19-32315b93c162", "file--80efcdc7-a4d0-5af6-bcb2-b91f34fd1f13", "file--e33815ab-16ae-5a15-b7de-ebcc66b65a67", "file--f1511e81-80c9-58c8-ae8d-39c31b640c05", "file--a7c1bca8-5060-5a91-9e6d-745a875eef22", "file--8437092e-8fc9-5706-8f78-5ff2c4aa31f6", "file--c5b339b7-0269-5a65-ba7e-8f7d1a5740a2", "file--b18345d2-a426-58b0-ace4-48aa28a3d1a9", "file--19b38e72-f91c-5238-bd8d-16e3d25706e3", "file--4413678c-b30e-577d-915a-492f1497efc7", "file--03c1fea3-9efe-57c1-b88f-78fac964e22b", "file--6456e434-5aee-5de8-ad4d-98fe3c9d5878", "file--b40862dc-ff3f-5965-8615-2fa44902c918", "file--d72a0b47-4f70-5fbb-a24b-74adae2a2043", "file--cadbfc95-215d-527b-ac39-ce14b03672fe", "file--b8d41a55-72db-5dd5-b0e7-5101dfdf22b3", "file--e5c65a47-cce3-5562-9e6c-8f542f9c373d", "file--ad8a007a-b376-5f38-ab4d-6720a374ebe8", "file--954c8733-8865-549b-aa6d-f0243f033fcf", "file--37bedc08-5aaa-5bae-9144-493a9ff5b86e", "file--44010cf6-211f-5d97-aa32-e284ffd35b42", "file--0dbeb7b1-e32f-570b-8cb3-c645fb782900", "file--476f84b3-77cc-5df3-a34d-149f023f201b", "file--9498f3ee-72fd-5278-ace6-91f300a3c94d", "file--2ab4bf92-b98e-5235-972e-e0bfffdef259", "file--19629ba0-5c56-5951-9ffc-c7cb65887e52", "file--e235a54a-0df2-5374-b665-2d09850a41e9", "file--de240e20-1c15-5bdc-9bfd-d7f532be8c58", "file--3dc6926b-ef3a-5bb1-92cd-9917fb886f7f", "file--654dd12a-3bfa-5cbd-a982-66767c6b85d8", "file--b88d8a7b-151f-5417-974c-92457a5f3741", "file--125fe58c-69a1-5a43-8429-9d2557c72831", "file--fa9a8807-4981-59f6-a855-38f6d244affb", "file--8841b3da-2638-5dca-b055-78d0971b4f2a", "file--c434af98-ca2b-5b91-be81-27a8f0a92116", "file--fb39e1ff-e8ae-5246-87d2-7dcfdb8e2878", "file--259104d8-e648-567a-a84f-93f1c4c8af3d", "file--b79392d5-6297-5a43-95fb-f05d927a7e85", "file--3b8f3a89-d72b-55c3-91f0-ddb6ce1443bb", "file--78dab4ea-a6be-5c4e-875e-0a2dce589197", "file--aa6e770c-d120-5bf3-8221-0e7132bb2c53", "file--8fb64655-2aaa-5706-9282-cd46af7d5eac", "file--c16249bb-c888-5304-8ede-8e501b42368b", "indicator--777322cb-c9df-5902-9b4f-527888ffc35d", "indicator--5453b9ff-a922-5b10-8a54-5088c34af41e", "indicator--0b2f6571-8f96-5179-893f-7ba5b3d4ebbd", "indicator--2906fb49-3d2a-57f1-85fa-2206899289a9", "indicator--1a3bc208-100f-5d0c-93e1-57f214f6d063", "indicator--8df99916-3fc0-53ed-a654-7c0415e8a974", "indicator--47066d0a-a9a6-5923-bcfb-02f222328017", "indicator--00ab52ba-4462-5d02-8a30-4edb78296af5", "indicator--aa69daf6-8114-544c-98a1-1f8d1f301747", "indicator--9c03c7a1-6cf2-56a1-be40-9854aee5abc8", "indicator--e7c015bb-5476-50cf-bda8-05019758b6af", "indicator--deed8470-8b0c-5407-8443-088739132f13", "indicator--3fd1fbd6-473d-5eeb-9a03-9dbee911a19f", "malware--ef5ba99e-ce62-5cba-ae17-de2eedfbfcca", "malware--43787b5e-0ccf-559b-afb1-218ce9829c41", "malware--884367d8-1af1-5ed2-a97b-1a26951a54ef", "malware--a3f823f0-ff60-5e28-af78-77beb468b27b", "tool--32c62850-84cf-5541-83c6-89525bcae1e7", "tool--deab939d-0a36-554d-b964-127ac64c3a17", "tool--8dca8286-6b6e-5b73-ba5b-77f83e5b85c5", "tool--8a622e9d-cd2d-5aea-94f9-ff25ae23a8eb", "tool--ed690641-45a9-57e6-b706-51e0723ae92c", "tool--18ad69ab-557d-5cfd-b9af-0ed91ca5a64f", "tool--bcd329be-f4ec-5130-a460-b16f33590ebb", "tool--3e7ace09-7206-55b8-affe-a65f9051f530", "tool--8fc029e1-bcda-56d4-be44-7f777fd64263", "tool--212af0dc-6cd0-5a44-8f21-50450f62c104", "tool--5f9dbdbe-e53b-5636-937e-bbccfccb5d95", "tool--e785b088-d38a-5c24-9da3-b89885517496", "tool--14adc7d0-bb3e-59be-ae72-4b90a0028122", "tool--aeae1b33-b111-56d4-82b7-ad0eaff30a17", "tool--51bec880-c3d5-5373-b08b-1d6dbd130e79", "tool--28677ad3-1b66-5776-815e-4f1223d86335", "tool--9cd49410-4e6b-537d-9996-618ed2a93f1b", "tool--f4da35c3-06c8-5979-9906-931bf4e535c9", "tool--0fc6a567-2eba-5d2e-873e-95dd3df4a973", "tool--9171996c-04d4-5a0a-8fe5-39fc3fb04f33", "tool--43e0e08f-3b3d-586c-b147-2ec5bd4b8a17", "tool--92aea28a-cb6e-56cb-9b2c-d5966d6dfa8d", "tool--91aa5fda-d052-53af-abe8-9ea121496ff9", "tool--51cebff5-208a-5dbf-bc7f-0849b403a182", "tool--828d9d86-7b23-5fec-8c55-bbfdbb49da01", "tool--241320d2-9716-500c-a074-40473cac12ed", "tool--3e4c79e6-c27d-5d0e-922a-36b700116835", "tool--fb490788-7052-5895-920d-f3e9f6ddda01", "tool--42f250f2-4e7a-5cdb-84d8-1b2c8db827db", "tool--5fb816c0-3278-5857-8ace-11f27a2b9460", "tool--81a85062-00c8-5ada-b2ca-420fcf695016", "tool--550d221f-54f6-5cf9-ae95-64bed04563dd", "tool--9022c575-10e7-548f-a79b-cc6fde25bec7", "tool--11586296-d611-5271-99ee-0653e87f30ed", "tool--6e0f17e4-5129-5619-a768-addca2433910", "tool--5fe46e3c-36bb-56c1-8892-e500fcbbbc8a", "tool--095b64be-68db-55b7-a069-c6a5507febc4", "tool--4822bcdb-87a9-502b-b221-980c43699884", "tool--e104770d-57d1-5f3e-ad6c-1d3daa50c61a", "tool--ea512644-88b4-527c-95de-f7ff69abe2f2", "tool--ee672558-132d-5f09-95bd-03c54dfcd4fd", "tool--336d851c-4e86-56b6-a2a9-41edb9e22a24", "tool--5070ad4c-72db-5bbc-8ac7-d37d22a384a3", "attack-pattern--d81b46ce-ef63-5c04-a945-180b77ff6da7", "attack-pattern--01f77abf-3c19-5651-8fcf-9341ee825e47", "attack-pattern--5b0b768b-2d00-57d7-a937-e3c0ebe626dc", "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "attack-pattern--62bdf9f9-e2c4-5b72-929c-a912687a4418", "attack-pattern--4f83db55-e9f1-5071-aef3-ab98216b533a", "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "attack-pattern--856a360d-8aca-55ff-949d-fee64905d0a8", "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "attack-pattern--7373eec5-e966-5e5e-8010-488ee0ec6942", "attack-pattern--fd8dd968-9ef8-5d44-9278-54e070789645", "attack-pattern--5fe616ae-31a6-5f69-82d6-bd3747d20616", "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "attack-pattern--0876da5f-998d-56c9-bcbe-39e02e92a674", "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "attack-pattern--716aa1a6-8f94-57f9-b2b2-9556a5f81acb", "attack-pattern--c7e354f8-164e-59ee-b61a-886c0fbf0163", "attack-pattern--dbdc0ff5-a0c3-52de-8a5b-d39dc834a1f9", "attack-pattern--90f7d8d5-4e0b-5ef7-9d27-9a8b66f273f9", "attack-pattern--8f085a7a-7d79-590d-bc12-dc9504ef8580", "attack-pattern--7aaed457-e65a-5fce-9e83-3b3f1fcd78ce", "attack-pattern--8ed1ed7b-e352-5aff-aed4-519d09134d5c", "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "attack-pattern--655489a2-5d78-575d-adcf-cc303e355763", "attack-pattern--1cd60ab4-39fa-5340-8faf-bdf057228647", "attack-pattern--2a264b9c-3fd7-5eeb-9ade-d73008a13713", "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "attack-pattern--8e773df3-b3cc-54bd-83db-4028fe946d79", "intrusion-set--568d13cb-ed00-50af-b16b-40251e3a7699", "infrastructure--1f3facda-2ee5-5b55-bbc9-3fa32ac7c3e3", "vulnerability--e345f6a3-73b6-5129-8a42-a32282179b79", "vulnerability--a2742e4a-4311-5bc1-a0e8-374a9f3bbb50", "relationship--0a3b3446-2685-50c1-9d1b-b0d08a39f2b8", "relationship--de0a161d-14c8-55b2-aacd-7c45993af75f", "relationship--ccd76c4c-21e3-5a96-abc2-2155710c47aa", "relationship--377ce123-f814-5cd7-b497-8c9d3223a5e4", "relationship--776eb69b-b3ad-5bb8-b207-997d3c3c9ab9", "relationship--53869ee3-2cf6-5941-8138-260425953480", "relationship--a6e3f2bf-da79-5aa2-b1f6-bcd360f59938", "relationship--ac430802-89dd-5993-94d2-d07206062def", "relationship--0af9751d-9723-531f-a80e-01ccc63e1105", "relationship--785f437e-0143-5dca-bd5c-2cd546fe4c21", "relationship--c50d6d86-34ef-5e86-8d28-7ad406a1ce99", "relationship--eb740101-8232-506a-bda3-e2da9e1b5573", "relationship--0c1bfdcc-70f1-508c-bcf1-beb103576a94", "relationship--5bcfa29b-c873-5b71-8fc2-97b6f69fe798", "relationship--2d3f85c6-c5a3-5c6a-99ad-4508408cf5b0", "relationship--382f2120-2f04-548a-8d90-cc7b2f69d4d4", "relationship--81dea4e7-9909-514c-85e1-72a2717eeed4", "relationship--bf6ddb92-a003-53fa-a04a-27e61ec1aa2f", "relationship--c5a6cb32-5d40-5676-b439-8d70e4215ec7", "relationship--c6b8080c-51ca-545c-bf67-54a7a85d21b3", "relationship--d0afbd8a-d899-5d8a-a8eb-5dbf4ffdcefe", "relationship--0f7b8850-8bb7-536a-a153-2b8ff227df50", "relationship--54d71d16-56e5-5902-9ac6-7b0333f42c68", "relationship--1bee6e7c-644d-5b4c-a7dd-8e952d2b147e", "relationship--d65d71d2-addd-5e82-be3a-7a0fb0f8965e", "relationship--ebc04110-77f7-5920-8976-ecb531ddb49f", "relationship--25f1fee4-f72b-54b2-967b-d57878edab02", "relationship--855282ab-ce20-5930-9da0-6e6e854101c5", "relationship--a8c4014a-04b0-532b-a072-b6fd4549473e", "relationship--b0074088-549a-5d2c-9053-2551c610e199", "relationship--37bbbaa3-00c9-52e5-8d8d-81282283a643", "relationship--15942174-ac2a-5749-8d35-34a6416c4950", "relationship--71196a05-06b4-5738-91c6-d90273bbb5d0", "relationship--3b5cad8d-8649-529d-a468-7bf6a6e22ac4", "relationship--bf89dc42-ef15-5502-ab87-06603ffab444", "relationship--24be7006-bb1a-55c2-9f38-5b74923d5274", "relationship--4dd24fc9-0d6b-59d5-9d91-52f4b38bb20d", "relationship--f0f26931-ba77-5be5-a756-e56624d3a435", "relationship--e9eb79a7-a1d5-569e-89aa-cb0baaf7bd87", "relationship--2e4269f7-388a-5324-b35a-d1fe1aca7dcc", "relationship--e2fc61ee-112e-509f-a7d3-9a071418fc4a", "relationship--646e5c18-6c02-5755-b543-d55f61a6272d", "relationship--1cae3ba8-3eea-57bc-97d7-984e9047c359", "relationship--0a54606d-8f59-56ea-80f8-bd59a69c3a2e", "relationship--d659cfe2-b399-556e-ac0e-bbefe22a1fc8", "relationship--35a5c623-bd82-5906-a170-e5ce62259d9c", "relationship--5d55c019-7188-54df-a881-3cdfee17a195", "relationship--92e4a119-7c26-50eb-9d52-5df0cfe1e1c7", "relationship--4ce56d63-5b94-5fba-99b1-595da4465b79", "relationship--224a3c22-3d2b-5522-aeab-4b29c40f2753", "relationship--4f851517-35f5-5bd4-8de7-28cfd9d7164a", "relationship--a95580b6-d2f1-58da-8f50-17198dc2e383", "relationship--3cb04e53-26ad-5ecd-b5ae-27349631f3ac", "relationship--af20382e-c987-5898-b393-093231279246", "relationship--f36a9ed6-b5a3-50db-b1d2-b4f3619c69e4", "relationship--b9fce01d-9cea-50e0-a36d-3d9408575f22", "relationship--b0024e58-a922-54c4-9b8e-5187c569cd92", "relationship--6dab9c05-b896-57c1-9e3e-d82d7b13dc53", "relationship--77e0a107-94ee-515f-8abf-350d4eca87df", "relationship--031a0bc6-b588-5f3d-a1ae-0ce33616a0ae", "relationship--9ce86648-1072-5016-aefb-bc4e692467c9", "relationship--ec7cbc4f-6780-57a4-9ed0-f21d675c2d40", "relationship--0df283af-baa6-5157-8f43-f35b52cbcfd2", "relationship--2c1aa4a1-19eb-5432-9b19-7f9c4142e657", "relationship--a32a2677-d8f9-5ac8-92cb-bcf1b3e4673d", "relationship--bd3377d7-e7ca-52d0-8f98-77e1061d5262", "relationship--a1281572-699f-549c-a59a-7f558e7b28ee", "relationship--4a8455ae-239d-5c50-adfb-594ad7eeeec9", "relationship--09ccb03f-9ba6-5e56-89d5-ca4384d920ba", "relationship--373810b4-b04e-5346-b13a-4897faec180e", "relationship--b20286d5-93db-525e-8bf4-41a473868dfa", "relationship--429bc874-e1f7-5635-9d62-23e625ac01e1", "relationship--8e912b58-2d58-59e7-9431-9dc29ca54bb0", "relationship--7ddedd57-6b9c-59a1-b14c-9829ede0990e", "relationship--95c099c0-235c-509b-a816-37b17d971672", "relationship--ec4c6724-04cd-5cc4-9e2c-43fb52c6702d", "relationship--03b3367a-6a0d-5c45-83ec-1163b55e292f", "relationship--2a6a8e42-815c-54ab-acea-4d1688093780", "relationship--228e030f-e4f1-5def-90ac-07362c3b652e", "relationship--3e009be3-e895-5157-872b-86617c610452", "relationship--49269c7f-af47-5077-b54c-ce07e9a4d04b", "relationship--08c6b15b-d1d5-502e-a159-c30363e08cc0", "relationship--eabae2e7-fa29-59d4-a1f4-80267f3c64d7", "relationship--fb3a595e-3784-55ca-b2de-8220094f36e7", "relationship--31cb0737-d8e4-58d1-8dfd-914c6159dcd6", "relationship--23c4c81b-744b-5320-a829-36765ced9173", "relationship--0f2b4ca6-d4bd-5e95-89da-050363b90557", "relationship--220fe336-6ac1-576e-86f1-8798ef4c1391", "relationship--87001263-0c9e-509d-a25c-261014f1d587", "relationship--540c6413-388e-5ff8-8552-bd6a5894caba", "relationship--62efd482-6b82-5953-ba73-8354e2d85669", "relationship--a3d4ee1b-032e-56a4-9e33-fbc844ef5cec", "relationship--0222a98c-1a41-5f4d-a654-3f444c36d625", "relationship--3ebcde0b-af37-5231-a54e-87216e2d6bf1", "relationship--b6fc1ee2-d500-5788-accd-9fe7d65700f6", "relationship--0c0ec22f-9db0-5d3d-a9ce-25706697ea51", "relationship--a50578b5-7a19-5198-afb0-8dcd902e42eb", "relationship--92104e1a-11fc-595e-ab39-48089277e5cf", "relationship--941c25fb-da6a-5070-a0b7-ea183b831af1", "relationship--da94c054-22a3-5242-927f-e36ea40fc644", "relationship--95430877-747b-516e-9cf1-06306128bdb8", "relationship--2eb8372b-ac76-5655-b68e-bcd3c0243aa2", "relationship--4f894dbc-4c0b-55b3-a389-7c67d06d6a61", "relationship--b60b3401-e6e9-5b8a-ba92-18ca75197067", "relationship--3041d675-e27e-5741-8b97-6370e3dbdcfa", "relationship--e2b51f1a-6d8d-59cc-ac27-710c6e5b3acb", "relationship--67b6b2dc-61ff-5fd6-b55e-c5ae8b4f5811", "relationship--c029db4a-4910-5584-808e-43c376c64120", "relationship--371c1fdc-9484-5b3d-979c-57254882478e", "relationship--c1113fc6-c9dd-5ef1-8f34-a804cfc71424", "relationship--c08a90b3-c2f1-5a21-8aa7-87a2ced73909", "relationship--a5450efe-7069-5d2b-8c9e-51ca9f8f81b6", "relationship--584ca769-97ff-51b5-8eed-ea21edee42f2", "relationship--cef454a2-17b0-539c-a770-3027ade8ae8f", "relationship--b0c8a973-4335-5525-8842-0f66f1b8aa7e", "relationship--0c18970a-54ea-5ec2-9c8f-338c1c2a9bd5", "relationship--c9a1a791-3dea-51de-acb3-53228314ca01", "relationship--73d1ecf4-0ab7-5a87-a1d7-6fd73cbc837f", "relationship--e5f6dc93-d7d9-5d4f-8a62-8bafe49e02e7", "relationship--5c250f82-941d-535c-bd81-316f303eea57", "relationship--06e76b2b-d07c-55bd-8058-1636bc715b2d", "relationship--44c4e371-1219-5544-8d96-e8436b156894", "relationship--640b88ac-b6cf-53fa-8ce8-630dd1976d03", "relationship--a7870df5-44fa-5508-8753-b20ef7978131", "relationship--fe893e58-9d4d-5529-a853-65eca3ad83aa", "relationship--d191cf11-de66-5762-8d18-d6c3ff7c40e4", "relationship--158cd13b-9b1d-5a89-8d15-437b17ba066e", "relationship--636e23f0-0232-51d1-ae8e-093c9ac55402", "relationship--99083539-91f1-57e5-91bd-0d16d2e56c51", "relationship--480a92db-ad80-53b8-9c08-2e9b562b64ce", "relationship--aa1945cc-a32a-526a-8739-572314ae9237", "relationship--ee4dce56-abbe-5d72-b1bb-544ed7d5e8d8", "relationship--0c856f37-39e9-577f-8b1e-ec2b2718e51b", "relationship--4c8916d6-5669-5dcf-bc6f-c635780298e7", "relationship--83a47b8e-dcfc-5e3c-a861-e6cf71a4e454", "relationship--0e1fb627-0865-58cb-89e0-98846f7b7cf9", "relationship--8fd805f9-0d8f-541e-b278-2acd52494d28", "relationship--67f5f88a-f01e-5590-b008-89f241e2ed1c", "relationship--b56803c8-8311-5739-9784-8112654e218b", "relationship--86770f6c-ab30-58b7-9891-5c841d20a94e", "relationship--0d834923-335d-5fe0-8c39-5874f2e372e2", "relationship--522c623f-e153-520b-b900-8eb2787d9a1a", "relationship--ba2db72a-1109-5054-9011-d0aa194eb3b1", "relationship--07fb59a3-687a-5b75-b78b-119193ae4180", "relationship--326a3dbb-c1a7-5e9a-9f7d-9b8081da273b", "relationship--e659c0d5-09ef-5b77-9a8e-88e49d8cec58", "relationship--f3655187-4945-5026-a250-a135ca5cb143", "relationship--a6f5b7aa-0e0a-506e-89c7-cdb5f4fa2b6b", "relationship--98d17ee9-4790-5c18-bd2c-edc2dca4669f", "relationship--e232daef-b0ce-5c56-a2c7-1db3ffea99a6", "relationship--b24e2cd5-c9b2-506c-97f8-b2ed62d581bd", "relationship--0f20f03a-09b2-5af2-8b76-638986f36350", "relationship--95d43a3d-ad26-535e-b4e0-1d2924b56d83", "relationship--9d0a5a56-4c54-5ece-9ba1-9b26e61ba4f2", "relationship--b71c411f-11fa-5076-86b7-b8bf23bd5574", "relationship--f7325c5e-ed0f-5747-80f1-e7891c466be5", "relationship--0d945a9e-a5d2-5471-8cf0-e07a2b1514b0", "relationship--a44bcc80-08a4-5a44-8a35-c722bf10d4f0", "relationship--7473a22f-11b0-5c47-91a9-f6807f6c10c7", "relationship--c07bf003-05af-5295-a4c0-4c86a0f01a43", "relationship--77dd3b7c-4f11-5fcb-9663-dcfd6e99852a", "relationship--cfa9bf22-4fe0-5484-a646-540ec80b235b", "relationship--7fe687ab-8b90-517c-a7a7-b0fb33c9b2a2", "relationship--09e8de4c-b20a-5e1b-ba2f-5dd2c5f6dc5f", "relationship--a077eaa5-fafd-5f44-a077-f03bef6c2a08", "relationship--3bf7b0c9-a2bf-5d73-ac6a-198d7def0fcb", "relationship--2961b6a2-08d8-5af2-9c42-7e48bd2d969f", "relationship--a600dd5c-faab-5e10-8801-ec2ecaf7a011", "relationship--e32d9263-92bb-5f68-9e43-9f67188fce41", "relationship--a99f1521-6732-5a33-a038-eeed3c51d632", "relationship--3c47cf0d-a2fa-50b9-8c2e-371322d8d951", "relationship--4d854b12-ef63-5659-b3d6-f4d7d5c4169b", "relationship--8d79f979-cea3-5369-969d-8c1ee9500a93", "relationship--b19beaaa-17ef-55ae-8008-7241e45b65d8", "relationship--4c99621d-079b-5e10-b2d0-2fd18e142540", "relationship--285569ce-f9ce-5870-a920-918194cbaba6", "relationship--783ff0df-0f2b-5e8e-8e49-420b0b319d86", "relationship--8f1e64ca-7bc2-549a-8965-27ff149c2bd6", "relationship--619725fb-da8d-5d3c-9838-9995f985fdcc", "relationship--d6db6ac7-ed7c-5c34-8d60-7d7ae709e49e", "relationship--5497b021-05d7-578d-8c5e-0114b645f8e1", "relationship--97efcbb2-c378-57fc-84ce-3d0790752bb7", "relationship--389aa717-fe65-576b-bcef-e75edf75170d", "relationship--13d3d049-3360-55b7-b825-3abb82ee78e5", "relationship--0cf82313-5c0d-5441-9ba2-1197d9d81066", "relationship--411719fb-ef5f-5ba7-aed1-8cb2fde16ef4", "relationship--12dcd7c8-86bb-5a8b-b4ce-a9801fafa918", "relationship--c432baba-0d5e-5d46-9224-e2729043a09f", "relationship--ff868ff6-5be5-5eb0-9787-718f61e84c8b", "relationship--094f01b3-f194-54b7-bcdb-38669e3d1d43", "relationship--f8dea9a9-231e-5b37-981f-7d0dc6c166d1", "relationship--8a60dfe1-aafd-550e-a66b-7f8b8d5ebe4e", "relationship--0974a743-69ac-56e8-9948-39cc893f4e5f", "relationship--ca91cdfb-7b61-5800-be65-b30f0989d617", "relationship--6a966f35-27c3-5a54-a664-a4cb969aeaa0", "relationship--cb4c2700-aef8-59d6-8305-b4386c1c473e", "relationship--a1738ced-8f23-50bd-8bde-013e4da079a0", "relationship--99e5d287-ce78-593a-a3b6-68aa40e2c459", "relationship--45f78515-d498-5b3c-999d-e8246b600613", "relationship--65563e21-d0a3-55a9-b149-b2f10e3fc27d", "relationship--4d22b464-de95-5cc2-82c6-4ee05dbac694", "relationship--dfd60265-71fe-5f80-ae62-c7f1be17342c", "relationship--0f7f1bbb-f8ed-5aeb-97fe-435db6fe398a", "relationship--9ac05745-4510-5261-b504-c1fdd1edef8d", "relationship--4784df6c-838f-513b-90f8-fcad39bff7be", "relationship--b7a33976-d0ed-5d39-b878-3caee1c07bf1", "relationship--21ab950e-a6ac-53d0-aa1d-014d32b671f9", "relationship--e5e1ed43-1ce2-5922-864d-0d37cb9db4c1", "relationship--6d7ca651-f70a-5b97-be0f-962fad061f46", "relationship--240ba755-69e8-59a8-a76d-b9370ced7ac8", "relationship--3e17cfc7-bd40-5e47-8190-aa14929b915f", "relationship--ad21e4f9-659c-5859-bf95-b7b0d34603f5", "relationship--24be5329-cf90-5df3-a0ae-ed50d87a6515", "relationship--730618b2-32bc-5f14-8e65-70c8f5d6374a", "relationship--1b64d365-fe75-55ec-829b-0a43d0ec9fe8", "relationship--d4899474-d543-5b64-8a94-212279f02580", "relationship--fdb2cfb3-92d5-5475-bb79-3c80af03d0fd", "relationship--88a4d693-fd40-55cf-acf4-7f47abcb69fb", "relationship--d4f1397a-3ce6-5f6b-ba49-bec0e5502c88", "relationship--356a7b66-ba83-5e1e-9907-e38ee552f388", "relationship--5b0e614c-67b5-54fa-8392-8b32e2406b1d", "relationship--30e53eeb-a8a9-522c-92b8-df59c19997dd", "relationship--566f898b-6242-5f36-97f3-7a21e607018d", "relationship--2b8c7b36-766e-580e-95bb-b4eb8d0eaf9e", "relationship--0fb11416-270b-52f8-b2e2-cc0cdcc2d74b", "relationship--ddf0fae6-3e5c-57e3-b2f0-e66171e98685", "relationship--c8e15cb4-7ee4-5886-a2be-e87c47aef910", "relationship--c84ba751-cbde-5dd6-8e56-c2168d5b9bb1", "relationship--2d10cfd9-6d9a-57b4-9bec-e8d79000197b", "relationship--7d796dc8-3d8e-50c3-8697-de53361f706e", "relationship--913be01e-9835-5d18-a346-829c34f67f12", "relationship--717fe848-994d-59df-9b35-eccb0d6766d6", "relationship--3502da5f-e282-5923-86c9-9cd1232e12d4", "relationship--5b029d3b-96a5-5529-b20e-df3bd04bcd28", "relationship--239a0eaf-071e-59b4-beee-8a3830869518", "relationship--3f426336-0f6b-54b6-9252-141631c86766", "relationship--31a193cd-266f-5b9a-8482-2923595386d2", "relationship--3c1dd2b7-884b-58fa-8e56-234501ff0c6e", "relationship--7268947e-5d9c-558f-a035-06ab993031c4", "relationship--4ac22851-408e-58f3-b33b-f49dde7e6fec", "relationship--650872bc-6738-595a-9d03-6d4ec7f2cc78", "relationship--7821039b-3225-52cf-a4e0-1063a169d6cf", "relationship--64e16a94-b581-54db-99ce-82828427aaa2", "relationship--65d3d0c1-42c1-5476-b551-306b5b246172", "relationship--18dd07b1-934c-5226-8ca6-2640a559146b", "relationship--eedcd285-d19a-5e55-ad1e-35f1c5467ee4", "relationship--aeef2f2f-d54f-50fe-af60-fa6d0485e5fd", "relationship--68a552bc-91b8-5df1-9dd3-61a890faf6fc", "relationship--8de176fb-8853-5fa0-b94b-49ea9f01f401", "relationship--6b10a794-16ed-5c41-8547-e6c5d07cf577", "relationship--b9c5d802-77b8-5409-82ab-3ec3e729b264", "relationship--e672ad7f-af5e-5136-827d-0b4038ead435", "relationship--128bb5f6-66ec-5fef-ad42-37b0afce3fa1", "relationship--02b4ed1b-bf24-5f5e-bbd6-7814e9cc8b59", "relationship--eaca7f21-1b92-5b8e-b458-5d9ce7d931a4", "relationship--c3b58a0f-595a-50bd-bd3a-24486c36ec59", "relationship--8b18e44f-ecfe-5795-913f-eb97bbc5f574", "relationship--37e29906-eb12-506a-a908-bef4c36df380", "relationship--b52c0178-dacb-55cc-825f-bb8889958448", "relationship--e7b60735-1eb5-5fd9-aa98-034c7583b5e8", "relationship--a76d1080-76dd-5fc5-9378-00bf040524b7", "relationship--370e20f0-9b4f-5a24-af5a-52430dc5800a", "relationship--0e553b34-8fdb-54ce-ac86-a3c5b9c77c83", "relationship--44503dff-8717-5526-93bb-c4b5c99bdc29", "relationship--1f994080-2a09-5970-a751-4b4a06e6a313", "relationship--53c9de1e-ce79-5d63-b630-55a22cb79d6e", "relationship--4767a11c-5476-5125-99c9-97a12d8d208f", "relationship--de04e8ce-318d-5937-879f-85ca7d6cca12", "relationship--fb4a8d38-8d8e-55a6-be00-0bf9ea63fb43", "relationship--12df0c51-79f5-524b-9e4f-b5a8d7673cc8", "relationship--9438549f-3737-52bd-a66c-e65d797e884b", "relationship--7e57ef2b-3736-5f88-aa2e-de7dba6dc75d", "relationship--e381a644-5fa2-5c42-a77b-7c60700cc5c2", "relationship--e69cc7d3-2056-58e6-aa47-2db4bcc12eaf", "relationship--f3bcf842-2616-5168-8b12-24908a3cc57c", "relationship--a246455a-1481-5dc3-b991-dd096012dacd", "relationship--b10daccf-25c1-56fb-b9b2-54a0bad7089b", "relationship--6b4f89fd-7484-5cc3-b8c5-f0c0d1281d6d", "relationship--59fc9d96-9223-551a-acae-0cdd835e2f75", "relationship--e03815b2-90c2-5178-93c4-47ad6df6c720", "relationship--8735a8c1-1c1f-5b3d-8755-8f6c5caf06b2" ], "labels": [ "CVE Exploit", "Cred Theft", "Phishing", "Open Dir" ], "external_references": [ { "source_name": "The Hunters Ledger", "url": "https://the-hunters-ledger.com/reports/opendirectory-216-126-227-49-cve-2026-41940-cpanel-harvester-20260517/" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] } ] }