{ "type": "bundle", "id": "bundle--a5b48ec2-4e87-5841-92c5-63c5e1237eda", "spec_version": "2.1", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--91352396-6279-52ac-9619-7c2f544373d1", "created": "2020-01-01T09:00:00.000Z", "modified": "2020-01-01T09:00:00.000Z", "name": "Wiz, Inc.", "identity_class": "organization", "sectors": [ "technology" ] }, { "spec_version": "2.1", "id": "campaign--cc78ddd1-3114-5e5a-bf8d-a291cb97f795", "type": "campaign", "created": "2026-05-27T00:00:00.000Z", "modified": "2026-05-27T00:00:00.000Z", "name": "JINX-0164 Targeting Cryptocurrency Development Infrastructure", "description": "Wiz Research identified an active threat campaign targeting cryptocurrency organizations and software development infrastructure through social engineering, malicious meeting lures, and supply chain compromise activity. The campaign leveraged fake business interactions and tro...", "objective": "Data exfiltration, Resource hijacking", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/threat-actors-target-crypto-orgs" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--99065426-ba13-5e40-998c-2da007495de3", "type": "campaign", "created": "2026-05-24T00:00:00.000Z", "modified": "2026-05-24T00:00:00.000Z", "name": "Supply Chain Campaign Targeting Composer and GitHub Repositories", "description": "Researchers identified multiple coordinated software supply chain attacks targeting Composer/Packagist packages and upstream GitHub repositories. The activity involved malicious postinstall hooks, compromised Git tags, CI/CD payload execution, and credential-stealing malware d...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.stepsecurity.io", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack#indicators-of-compromise" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e7a484d9-b510-5173-85b7-04d154a3b4c1", "type": "campaign", "created": "2026-05-22T00:00:00.000Z", "modified": "2026-05-22T00:00:00.000Z", "name": "Megalodon Campaign Backdoors GitHub Repositories via CI Workflow Compromise", "description": "Researchers disclosed a large-scale software supply chain campaign dubbed “Megalodon,” in which attackers reportedly compromised thousands of GitHub repositories by injecting malicious GitHub Actions workflows designed to exfiltrate secrets and cloud credentials. The campaign ...", "objective": "Data exfiltration, Supply chain attack", "external_references": [ { "source_name": "safedep.io", "url": "https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--4cc0c60e-c332-5157-b24f-230afd2813f2", "type": "campaign", "created": "2026-05-18T00:00:00.000Z", "modified": "2026-05-18T00:00:00.000Z", "name": "New Mini-Shai-Hulud Wave Targets NPM, PyPi Packages and VSCode Extension", "description": "Researchers identified a broad TeamPCP-linked supply chain campaign involving malicious NPM packages, compromised GitHub Actions, a trojanized VSCode extension, and malicious PyPI packages targeting cloud and CI/CD environments. The campaign includes large-scale credential the...", "objective": "Supply chain attack, Data exfiltration", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/mini-shai-hulud-teampcp-hits-antv-supply-chain" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a2836d26-eb7c-5744-b1a1-341114d64fc4", "type": "campaign", "created": "2026-05-14T00:00:00.000Z", "modified": "2026-05-14T00:00:00.000Z", "name": "node-ipc npm Distribution Compromised", "description": "Multiple trojanized versions of the @node-ipc package have were uploaded to npm on 14 May 2026. The malicious versions are: node-ipc@9.1.6, node-ipc@9.2.3, node-ipc@12.0.1 The malicious code collects data and exfiltrates it via dns tunneling.On 14 May 2026 three malicious vers...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.ox.security", "url": "https://www.ox.security/blog/node-ipc-npm-package-infostealer-malware/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--3e5deedb-d08b-5ad7-901b-a7e5d4f151a3", "type": "campaign", "created": "2026-05-11T00:00:00.000Z", "modified": "2026-05-11T00:00:00.000Z", "name": "Tanstack and other Packages Compromised in Supply Chain Attack", "description": "On May 11, 2026, TeamPCP launched coordinated software supply chain attacks targeting the npm and PyPI ecosystems. Over roughly six hours, the attacker published dozens of trojanized packages across multiple namespaces, including several high-profile and trusted publishers.The...", "objective": "Data exfiltration, Supply chain attack", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b4923f9f-5528-5613-8233-f245e155f31b", "type": "campaign", "created": "2026-05-10T00:00:00.000Z", "modified": "2026-05-10T00:00:00.000Z", "name": "DDoS Botnet Leveraging Jenkins Misconfigurations for Initial Access", "description": "The attack begins with unauthorized access to exposed Jenkins instances, often enabled by weak credentials. Threat actors abuse the scriptText endpoint, which allows execution of Groovy scripts, to achieve remote code execution. The malicious script delivers platform-specific ...", "objective": "Denial of service, Data exfiltration", "external_references": [ { "source_name": "www.darktrace.com", "url": "https://www.darktrace.com/blog/darktrace-malware-analysis-jenkins-honeypot-reveals-emerging-botnet-targeting-online-games" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--f8848a5a-5633-5f8d-912c-d4d5e92817dd", "type": "campaign", "created": "2026-05-09T00:00:00.000Z", "modified": "2026-05-09T00:00:00.000Z", "name": "Compromise of Checkmarx Jenkins AST Plugin by TeamPCP", "description": "Previously, the attackers gained access to internal resources, and used it to extract sensitive credentials, including publishing credentials for Jenkins plugins. Using this access, they modified and redistributed the Checkmarx AST Scanner Jenkins Plugin via the official plugi...", "objective": "Data exfiltration, Supply chain attack", "external_references": [ { "source_name": "x.com", "url": "https://x.com/adnanthekhan/status/2053156381616676928" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ee24b549-472e-567a-a820-2f0696a9b449", "type": "campaign", "created": "2026-04-30T00:00:00.000Z", "modified": "2026-04-30T00:00:00.000Z", "name": "Lightning and Intercom Packages Compromised in Supply Chain Attack", "description": "In the PyPI package lightning, malicious code is triggered automatically upon import. The code downloads and installs the Bun runtime and executes a large (~11 MB) obfuscated JavaScript payload. This behavior enables credential harvesting from developer environments and CI/CD ...", "objective": "Data exfiltration, Supply chain attack", "external_references": [ { "source_name": "lightning.ai", "url": "https://lightning.ai/blog/pytorch-lightning-supply-chain-attack" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--1c116cae-f41c-5b57-87f0-65270e62ba99", "type": "campaign", "created": "2026-04-29T00:00:00.000Z", "modified": "2026-04-29T00:00:00.000Z", "name": "Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware", "description": "Malicious versions of legitimate SAP ecosystem packages (e.g., @cap-js/sqlite, @cap-js/postgres) were created by modifying them to include a preinstall script that executes setup.mjs automatically during npm install. This script downloads the Bun runtime and executes an obfusc...", "objective": "Supply chain attack, Data exfiltration", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/mini-shai-hulud-supply-chain-sap-npm" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--371a7eb4-e401-5727-aaa1-b967c75ff72b", "type": "campaign", "created": "2026-04-27T00:00:00.000Z", "modified": "2026-04-27T00:00:00.000Z", "name": "Critical SQL Injection Vulnerability in LiteLLM Exploited in-the-Wild", "description": "The vulnerability exists in LiteLLM’s authentication flow, where the Authorization: Bearer header is directly concatenated into a SQL query without proper parameterization. This flaw allows attackers to inject arbitrary SQL statements prior to authentication, enabling direct a...", "objective": "Data exfiltration", "external_references": [ { "source_name": "webflow.sysdig.com", "url": "https://webflow.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a3fa8097-1950-5316-ba33-1de41d09f899", "type": "campaign", "created": "2026-04-23T00:00:00.000Z", "modified": "2026-04-23T00:00:00.000Z", "name": "Elementary Data Compromised in Supply Chain Attack", "description": "The compromise originated from a GitHub Actions script injection vulnerability in a workflow that improperly handled untrusted input from pull request comments. An attacker exploited this flaw to execute arbitrary commands within the CI pipeline, gaining access to the reposito...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.stepsecurity.io", "url": "https://www.stepsecurity.io/blog/elementary-data-compromised-on-pypi-and-ghcr-forged-release-pushed-via-github-actions-script-injection#indicators-of-compromise" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--59b63734-d3b8-5835-888f-2beb3636b7b2", "type": "campaign", "created": "2026-04-22T00:00:00.000Z", "modified": "2026-04-22T00:00:00.000Z", "name": "Checkmarx KICS and Bitwarden CLI Compromised in Fresh Supply Chain Attack", "description": "Multiple malicious versions of Checkmarx projects have been published, including Docker images and VS Code extensions (this included both publishing new malicious image versions and pointing existing tags to malicious instances). This is a new incident, separate from the March...", "objective": "Data exfiltration, Supply chain attack", "external_references": [ { "source_name": "checkmarx.com", "url": "https://checkmarx.com/blog/checkmarx-security-update-april-22/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--783f5f68-1570-5c6e-a01f-f2dd8270cd74", "type": "campaign", "created": "2026-04-22T00:00:00.000Z", "modified": "2026-04-22T00:00:00.000Z", "name": "Xinference Compromised in Supply Chain Attack", "description": "The attackers compromised legitimate xinference releases rather than publishing a typosquat package, embedding malicious code directly into xinference/init.py. This ensures execution whenever the package is imported, including during application startup or dependency resolutio...", "objective": "Data exfiltration", "external_references": [ { "source_name": "research.jfrog.com", "url": "https://research.jfrog.com/post/xinference-compromise/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--0f888851-985f-5b10-94d6-97984a4e3d4e", "type": "campaign", "created": "2026-04-09T00:00:00.000Z", "modified": "2026-04-09T00:00:00.000Z", "name": "PolinRider Campaign: DPRK-Linked Supply Chain Attack Infects GitHub Repositories", "description": "A supply chain campaign attributed to a DPRK-linked threat actor, PolinRider, has resulted in the compromise of over 1,900 GitHub repositories through malicious npm packages, VS Code artifacts, and injected JavaScript payloads. The campaign leverages stealthy code injection an...", "objective": "Supply chain attack, Resource hijacking", "external_references": [ { "source_name": "github.com", "url": "https://github.com/OpenSourceMalware/PolinRider" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--7b53c2eb-cbb7-568c-88c2-f3e4414548a3", "type": "campaign", "created": "2026-04-07T00:00:00.000Z", "modified": "2026-04-07T00:00:00.000Z", "name": "Stolen SaaS Integration Tokens Enable Data Theft Across Snowflake Environments", "description": "The attack originated reportedly from a security incident affecting Anodot, a SaaS analytics and anomaly detection platform that integrates with multiple cloud services (e.g., Snowflake, S3, and streaming pipelines). Threat actors reportedly obtained authentication tokens asso...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.bleepingcomputer.com", "url": "https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a82e2bfb-3509-5cc4-b8f3-a2b9eb9a6545", "type": "campaign", "created": "2026-04-07T00:00:00.000Z", "modified": "2026-04-07T00:00:00.000Z", "name": "O365 Device Code Phishing Campaign using EvilTokens and Abusing Railway Platform", "description": "A phishing campaign has been reported leveraging the EvilTokens Phishing-as-a-Service platform to target O365 users. The attackers use device code phishing to bypass Multi-Factor Authentication (MFA), and they also utilize Railway to host their malicious infrastructure. The ca...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.huntress.com", "url": "https://www.huntress.com/blog/railway-paas-m365-token-replay-campaign" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--d74f013e-9ac8-551d-b457-33c931dbdc71", "type": "campaign", "created": "2026-04-06T00:00:00.000Z", "modified": "2026-04-06T00:00:00.000Z", "name": "Exploitation Campaign of Vulnerable GitHub Workflows", "description": "An unknown threat actor has been conducting an opportunistic campaign of automated malicious pull requests to attempt to initiate supply chain compromise against various open source repositories. In at least two cases, the attacker has been able to inject malicious code that u...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/six-accounts-one-actor-inside-the-prt-scan-supply-chain-campaign" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--1af8d64e-95a4-5bf1-a414-52ac32dcf533", "type": "campaign", "created": "2026-04-02T00:00:00.000Z", "modified": "2026-04-02T00:00:00.000Z", "name": "UAT-10608 Campaign Abuses React2Shell for Cloud Credential Harvesting", "description": "An automated campaign attributed to threat cluster UAT-10608 is exploiting vulnerable Next.js applications to achieve pre-authentication remote code execution and deploy a multi-phase credential harvesting framework. The operation has compromised hundreds of hosts across cloud...", "objective": "Data exfiltration", "external_references": [ { "source_name": "blog.talosintelligence.com", "url": "https://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--4338c7fd-21dc-5a13-a64d-f8ea9f47626e", "type": "campaign", "created": "2026-02-20T00:00:00.000Z", "modified": "2026-02-20T00:00:00.000Z", "name": "SANDWORM_MODE: Typosquatted npm Packages Used to Hijack CI Workflows", "description": "According to Socket, the campaign operates as a typosquatting worm: the attacker publishes malicious packages that mimic trusted names (e.g., look-alikes of common utilities and AI coding tools). When one of these malicious packages is installed and imported, it executes a sta...", "objective": "Supply chain attack", "external_references": [ { "source_name": "socket.dev", "url": "https://socket.dev/blog/sandworm-mode-npm-worm-ai-toolchain-poisoning" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e2938afb-aa81-583a-bc19-6ee5267228d0", "type": "campaign", "created": "2026-02-09T00:00:00.000Z", "modified": "2026-02-09T00:00:00.000Z", "name": "SSHStalker Linux Botnet campaign", "description": "On 2026-02-09, a campaign was reported, involving SSHStalker, gaining initial access via Password attack, to achieve Resource hijacking, Data exfiltration.", "objective": "Resource hijacking, Data exfiltration", "external_references": [ { "source_name": "flare.io", "url": "https://flare.io/learn/resources/blog/old-school-irc-new-victims-inside-the-newly-discovered-sshstalker-linux-botnet" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--df43a35d-4ade-5a42-8198-ada852cb2075", "type": "campaign", "created": "2026-02-05T00:00:00.000Z", "modified": "2026-02-05T00:00:00.000Z", "name": "TeamPCP Cloud-Native Campaign Targeting Exposed Control Planes", "description": "TeamPCP’s operations center on abusing unauthenticated or weakly protected orchestration and management interfaces rather than exploiting traditional endpoints. Initial access is achieved via exposed Docker and Kubernetes APIs, vulnerable React/Next.js applications (CVE-2025-2...", "objective": "Resource hijacking, RansomOp", "external_references": [ { "source_name": "flare.io", "url": "https://flare.io/learn/resources/blog/teampcp-cloud-native-ransomware" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ee8c8282-0b1c-58a4-8c46-c1218f1acc62", "type": "campaign", "created": "2026-02-02T00:00:00.000Z", "modified": "2026-02-02T00:00:00.000Z", "name": "Supply-Chain Hijacking of Notepad++ Updates via Hosting Provider Compromise", "description": "Between June and late 2025, threat actors compromised the shared hosting infrastructure used by Notepad++ and selectively hijacked update traffic destined for notepad-plus-plus.org. Rather than exploiting a vulnerability in Notepad++ code, the attackers abused access at the ho...", "objective": "Supply chain attack", "external_references": [ { "source_name": "notepad-plus-plus.org", "url": "https://notepad-plus-plus.org/news/hijacked-incident-info-update/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a192df61-ed63-5954-b88f-8f0c891aa909", "type": "campaign", "created": "2026-01-31T00:00:00.000Z", "modified": "2026-01-31T00:00:00.000Z", "name": "Supply-Chain Attack via Force Pushes on Plone GitHub Repositories", "description": "In January 2026, the Plone security team disclosed a security incident affecting the Plone GitHub organization, in which an attacker used force pushes to insert malicious JavaScript code into multiple repositories. The activity was traced back to a compromised contributor acco...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.openwall.com", "url": "https://www.openwall.com/lists/oss-security/2026/01/31/2" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ecd4ec4b-2777-55fb-ac29-e040a811b761", "type": "campaign", "created": "2026-01-28T00:00:00.000Z", "modified": "2026-01-28T00:00:00.000Z", "name": "Operation Bizarre Bazaar: Commercialized LLMjacking", "description": "Between December 2025 and January 2026, researchers uncovered a large-scale, systematic campaign targeting exposed large language model (LLM) and Model Context Protocol (MCP) infrastructure. Dubbed Operation Bizarre Bazaar, the activity represents the first publicly documented...", "objective": "Resource hijacking, Data exfiltration", "external_references": [ { "source_name": "www.pillar.security", "url": "https://www.pillar.security/blog/operation-bizarre-bazaar-first-attributed-llmjacking-campaign-with-commercial-marketplace-monetization#heading-5" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--7bcd57f8-3426-5584-8072-6b39401840c9", "type": "campaign", "created": "2026-01-27T00:00:00.000Z", "modified": "2026-01-27T00:00:00.000Z", "name": "Cloud-Native Phishing Infrastructure via Abused AWS WorkMail", "description": "Threat actors abused native AWS email services to build phishing and spam infrastructure inside a compromised cloud environment. After obtaining exposed long-term AWS credentials, the attackers conducted IAM and service reconnaissance to assess email-sending capabilities. Whil...", "objective": "Resource hijacking, Data exfiltration", "external_references": [ { "source_name": "www.rapid7.com", "url": "https://www.rapid7.com/blog/post/dr-threat-actors-aws-workmail-phishing-campaigns/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--3d2330ed-f098-5d23-a5e1-b125dd367e8d", "type": "campaign", "created": "2026-01-17T00:00:00.000Z", "modified": "2026-01-17T00:00:00.000Z", "name": "Canonical Snap Store Hijacking Campaign", "description": "On 2026-01-17, a campaign was reported, involving an unknown actor, gaining initial access via Dangling resource,.", "objective": "", "external_references": [ { "source_name": "blog.popey.com", "url": "https://blog.popey.com/2026/01/malware-purveyors-taking-over-published-snap-email-domains/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--0f98a859-1b25-5847-91cc-3661b9cba0df", "type": "campaign", "created": "2026-01-13T00:00:00.000Z", "modified": "2026-01-13T00:00:00.000Z", "name": "VoidLink: A Cloud-Native Linux Malware Framework", "description": "Researchers have uncovered VoidLink, a highly modular and cloud-native Linux malware framework featuring custom loaders, implants, kernel-level rootkits, and more than 30 in-memory plugins. Built in Zig and engineered for modern cloud and containerized environments, VoidLink a...", "objective": "Data exfiltration", "external_references": [ { "source_name": "research.checkpoint.com", "url": "https://research.checkpoint.com/2026/voidlink-the-cloud-native-malware-framework/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--7facf28e-b585-56e1-9b15-a134477dd2a5", "type": "campaign", "created": "2025-12-26T00:00:00.000Z", "modified": "2025-12-26T00:00:00.000Z", "name": "GeoServer RCE Exploited in CoinMiner Campaigns", "description": "The activity centers on CVE-2024-36401, a remote code execution vulnerability disclosed in 2024 that allows unauthenticated attackers to execute arbitrary commands on vulnerable GeoServer instances. Since disclosure, multiple threat actors have systematically scanned for expos...", "objective": "Resource hijacking", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/91724/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--44ff3a47-1e21-5376-95ce-3d1778340c43", "type": "campaign", "created": "2025-12-18T00:00:00.000Z", "modified": "2025-12-18T00:00:00.000Z", "name": "Amadey Loader Abuses Compromised Self-Hosted GitLab to Deliver StealC Infostealer", "description": "Amadey, an established malware loader active since at least 2018, was observed downloading second-stage payloads from a hijacked self-hosted GitLab instance hosted on gitlab[.]bzctoons[.]net. The infrastructure appears to belong to a legitimate organization, with evidence sugg...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.trellix.com", "url": "https://www.trellix.com/blogs/research/amadey-exploiting-self-hosted-gitlab-to-distribute-stealc/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c5024126-58ee-5886-835b-dce1a47d9db9", "type": "campaign", "created": "2025-12-17T00:00:00.000Z", "modified": "2025-12-17T00:00:00.000Z", "name": "China-nexus Campaign Exploits CVE-2025-20393 in Cisco Email Security Devices", "description": "On December 17, 2025 Cisco announced that they had detected a campaign exploiting a zero day in their email security devices. The vulnerability affects the physical and virtual versions of Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance (ESA), and ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "blog.talosintelligence.com", "url": "https://blog.talosintelligence.com/uat-9686/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--500d6a73-d6d5-5722-97b6-79bf25437fb8", "type": "campaign", "created": "2025-11-24T00:00:00.000Z", "modified": "2025-11-24T00:00:00.000Z", "name": "Shai-Hulud 2.0 Supply Chain Attack", "description": "A new wave of the Shai-Hulud–style supply-chain attack has trojanized hundreds of npm packages—including widely used components from Zapier, ENS Domains, PostHog, and Postman—resulting in more than 25,000 GitHub repositories populated with stolen secrets. Beginning on November...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "type": "campaign", "created": "2025-11-19T00:00:00.000Z", "modified": "2025-11-19T00:00:00.000Z", "name": "Cryptomining Campaign Exploiting Exposed Ray AI Infrastructure", "description": "ShadowRay 2.0 targets Ray clusters whose dashboard / Jobs API is exposed without authentication. Attackers first use interact.sh (oast.fun) for out-of-band discovery, posting test jobs to /api/jobs/ that trigger HTTP/DNS callbacks to identify exploitable Ray dashboards. Once a...", "objective": "Resource hijacking, Denial of service", "external_references": [ { "source_name": "www.oligo.security", "url": "https://www.oligo.security/blog/shadowray-2-0-attackers-turn-ai-against-itself-in-global-campaign-that-hijacks-ai-into-self-propagating-botnet" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c776c8b0-7b34-5973-8944-a86226c70c41", "type": "campaign", "created": "2025-11-13T00:00:00.000Z", "modified": "2025-11-13T00:00:00.000Z", "name": "Cisco ISE Vulnerability Exploited as 0day by APT", "description": "Researchers uncovered an advanced persistent threat (APT) exploiting zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems (CitrixBleed2). The vulnerabilities, tracked as CVE-2025-20337 and CVE-2025-5777, were leveraged by the attackers to deploy ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "aws.amazon.com", "url": "https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--7698c3cb-ec09-5075-bf63-95d4b265c6f5", "type": "campaign", "created": "2025-11-12T00:00:00.000Z", "modified": "2025-11-12T00:00:00.000Z", "name": "Unauthenticated Remote Access via Triofox Vulnerability Exploited by UNC6485", "description": "Researchers uncovered active exploitation of an unauthenticated access vulnerability (CVE-2025-12480) in Gladinet’s Triofox remote access platform by the threat cluster UNC6485. The flaw, present in versions before 16.7.10368.56560, allowed attackers to bypass authentication u...", "objective": "Data exfiltration", "external_references": [ { "source_name": "cloud.google.com", "url": "https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--6819ae69-bf23-5a02-845e-0b209f9eae73", "type": "campaign", "created": "2025-11-11T00:00:00.000Z", "modified": "2025-11-11T00:00:00.000Z", "name": "Gambling Network Exploits Abandoned Subdomains", "description": "A routine asset scan for a major entertainment company uncovered a massive gambling operation hiding behind legitimate e-commerce infrastructure. The discovery began with a simple subdomain takeover on Shopify-an abandoned DNS mapping that had been left active after decommissi...", "objective": "Resource hijacking", "external_references": [ { "source_name": "huskeys.io", "url": "https://huskeys.io/blog/subdomain-takeover-gambling-network" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c0093d01-22b5-5dda-ad3d-baab23b2eb1b", "type": "campaign", "created": "2025-11-05T00:00:00.000Z", "modified": "2025-11-05T00:00:00.000Z", "name": "China-Linked Actors Target U.S. Policy-Oriented Non-Profit Organisations", "description": "A China-linked espionage campaign targeted a U.S. non-profit organization engaged in influencing government policy, maintaining weeks of access in April 2025. The intrusion leveraged legitimate binaries for DLL sideloading and persistence, consistent with techniques observed i...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.security.com", "url": "https://www.security.com/threat-intelligence/china-apt-us-policy" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--78abeec9-9390-5c74-ba5a-a6e22fa8f6db", "type": "campaign", "created": "2025-10-31T00:00:00.000Z", "modified": "2025-10-31T00:00:00.000Z", "name": "TruffleNet Campaign Exploits AWS SES for Large-Scale Cloud Abuse and BEC Fraud", "description": "Researchers uncovered a coordinated campaign leveraging stolen AWS credentials to automate reconnaissance and abuse Amazon Simple Email Service (SES) for Business Email Compromise (BEC) operations. The attackers used a custom infrastructure dubbed TruffleNet, built around the ...", "objective": "Resource hijacking, Data exfiltration", "external_references": [ { "source_name": "www.fortinet.com", "url": "https://www.fortinet.com/blog/threat-research/cloud-abuse-at-scale" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--412cb677-aec9-5bec-8e4c-75b91107c8a9", "type": "campaign", "created": "2025-10-22T00:00:00.000Z", "modified": "2025-10-22T00:00:00.000Z", "name": "IIS Backdoor Exploiting Exposed ASP.NET Machine Keys", "description": "Initial access leverages IIS apps configured with reused/public machineKey (ValidationKey/DecryptionKey) values, enabling __VIEWSTATE deserialization to run arbitrary commands. Following foothold, REF3927 deploys Godzilla-family webshells (e.g., 1.aspx) and GotoHTTP for GUI ac...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.elastic.co", "url": "https://www.elastic.co/security-labs/tollbooth" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--6b169a00-8062-5553-9e7b-abfdef1ae08e", "type": "campaign", "created": "2025-10-21T00:00:00.000Z", "modified": "2025-10-21T00:00:00.000Z", "name": "PassiveNeuron Campaign: Espionage Campaign Targeting Windows Server Environments", "description": "Attackers obtain remote code execution through abuse of SQL-server environments (exploitation, SQL injection, or credential compromise) and attempt to install web shells. When detection (e.g., endpoint AV) blocks the web-shell stage they escalate to a multi-stage DLL loader ch...", "objective": "Data exfiltration", "external_references": [ { "source_name": "securelist.com", "url": "https://securelist.com/passiveneuron-campaign-with-apt-implants-and-cobalt-strike/117745/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--1a36baa1-93f5-57f8-867d-f86d031f9577", "type": "campaign", "created": "2025-10-14T00:00:00.000Z", "modified": "2025-10-14T00:00:00.000Z", "name": "eBPF Rootkit Targeting AWS and Linux Environments", "description": "The infection began with the exploitation of a vulnerable Jenkins server (CVE-2024-238976), which enabled lateral movement into AWS EKS clusters. The threat actor deployed a malicious Docker image (kvlnt/vv) containing a Rust-based downloader (vGet) that retrieved an encrypted...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.synacktiv.com", "url": "https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--22e110dd-e49d-5c0a-93c2-97d680c1fc02", "type": "campaign", "created": "2025-10-02T00:00:00.000Z", "modified": "2025-10-02T00:00:00.000Z", "name": "“Crimson Collective” Claims Theft of Customer Data from Red Hat", "description": "An extortion group calling themselves \"Crimson Collective\" has claimed to have stolen nearly 570 GB of data from Red Hat's private GitLab repositories. Red Hat confirmed a security incident to BleepingComputer, saying \"Red Hat is aware of reports regarding a security incident ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.rapid7.com", "url": "https://www.rapid7.com/blog/post/tr-crimson-collective-a-new-threat-group-observed-operating-in-the-cloud/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--16c46fdf-0704-5fbc-9c4b-b5b26e92d47a", "type": "campaign", "created": "2025-10-02T00:00:00.000Z", "modified": "2025-10-02T00:00:00.000Z", "name": "Cl0p Extortion Campaign Claims Theft via Oracle E-Business Suite", "description": "In an October 1st Bloomberg article, Halcyon, a cybersecurity company responding to a related incident, has stated that the attackers gained access to the data by compromising user emails and abusing the default password-reset function. On October 2nd, Oracle posted a statemen...", "objective": "RansomOp", "external_references": [ { "source_name": "www.oracle.com", "url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixEBS" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--3281b769-1663-52d2-a211-c5ca6cab82df", "type": "campaign", "created": "2025-09-26T00:00:00.000Z", "modified": "2025-09-26T00:00:00.000Z", "name": "Renewed \"ArcaneDoor\" Campaign Targeting 0-day Vulnerabilities in Cisco ASA", "description": "Cisco has reported exploitation in the wild of two 0-day vulnerabilities affecting Cisco Adaptive Security Appliance (ASA), CVE-2025-20333 and CVE-2025-20362, allowing RCE and local privilege escalation, respectively. NCSC and CISA have corroborated these reports, noting the u...", "objective": "Data exfiltration", "external_references": [ { "source_name": "sec.cloudapps.cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b61401ab-1876-5af5-82d2-e103ec693343", "type": "campaign", "created": "2025-09-25T00:00:00.000Z", "modified": "2025-09-25T00:00:00.000Z", "name": "BRICKSTORM Espionage Backdoor Targeting U.S. Tech and Legal Sectors", "description": "BRICKSTORM is a Go backdoor (with SOCKS proxying) deployed preferentially on Linux/BSD network and edge appliances that often lack EDR coverage. Attackers favor devices like VMware vCenter/ESXi as pivot points, using valid credentials harvested from appliances to move laterall...", "objective": "Data exfiltration", "external_references": [ { "source_name": "cloud.google.com", "url": "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--2960e856-db31-54b0-9f55-b4038a932527", "type": "campaign", "created": "2025-09-15T00:00:00.000Z", "modified": "2025-09-15T00:00:00.000Z", "name": "Shai-Hulud: Ongoing Package Supply Chain Compromise Delivering Data-Stealing Malware", "description": "On September 15, 2025, malicious versions of multiple popular packages were published to npm with a post-install script that harvested sensitive developer assets and exfiltrated data to attacker-created public GitHub repos named Shai-Hulud. Wiz Research estimates that this act...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--53a48a36-6bcd-5269-8d2a-3d960469d701", "type": "campaign", "created": "2025-09-05T00:00:00.000Z", "modified": "2025-09-05T00:00:00.000Z", "name": "GhostAction campaign", "description": "On September 5, 2025, GitGuardian reported a campaign titled \"GhostAction\": attackers with write access to GitHub repositories - gained by an unknown initial access vector - added a malicious GitHub Actions workflow that exfiltrates CI/CD secrets via HTTP POST to an attacker-c...", "objective": "Data exfiltration", "external_references": [ { "source_name": "blog.gitguardian.com", "url": "https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ff3c9ad8-1169-5cbf-bfbd-5545df11d243", "type": "campaign", "created": "2025-09-02T00:00:00.000Z", "modified": "2025-09-02T00:00:00.000Z", "name": "Compromised Salesloft Drift Tokens Enable Data Theft Across Integrations", "description": "Google Threat Intelligence Group report a widespread data-theft campaign abusing OAuth tokens tied to Salesloft Drift. Initially observed against Salesforce orgs (Aug 8–18, 2025), the scope now includes other Drift integrations: on Aug 9, a small number of Google Workspace mai...", "objective": "Data exfiltration", "external_references": [ { "source_name": "cloud.google.com", "url": "https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--54f1c71b-bfd9-53fe-8e4e-b80328b036a6", "type": "campaign", "created": "2025-08-28T00:00:00.000Z", "modified": "2025-08-28T00:00:00.000Z", "name": "Storm-0501 Deploys Cloud-Based Ransomware", "description": "After attaining domain admin on-prem, Storm-0501 evaded visibility gaps (checking Defender services), moved laterally with Evil-WinRM, and performed DCSync. They compromised Entra Connect Sync servers, used the Directory Synchronization Account (DSA) to enumerate identities/re...", "objective": "RansomOp", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--6e8ad996-ae29-5de3-b961-6395ab6375d4", "type": "campaign", "created": "2025-08-27T00:00:00.000Z", "modified": "2025-08-27T00:00:00.000Z", "name": "Nx Package Supply Chain Compromise Delivers Data-Stealing Malware", "description": "The compromise introduced a malicious telemetry.js file triggered via a post-install script in the npm package. The payload executed only on Linux and macOS systems, systematically searching for sensitive files (wallets, keystores, .env, SSH keys) and extracting credentials (g...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/s1ngularity-supply-chain-attack" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--93ca5944-4ace-5bee-857f-eb480eb59c23", "type": "campaign", "created": "2025-08-24T00:00:00.000Z", "modified": "2025-08-24T00:00:00.000Z", "name": "GENESIS PANDA's Cloud Intrusions: Persistent Control Plane Exploitation and Access Brokerage", "description": "GENESIS PANDA begins attacks by exploiting exposed services (e.g., Jenkins) and querying Instance Metadata Services (IMDS) on compromised cloud-hosted VMs to harvest credentials. With this access, the actor pivots into the cloud control plane, enabling actions like SSH access ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "go.crowdstrike.com", "url": "http://go.crowdstrike.com/rs/281-OBQ-266/images/Threat-Hunt-Report-2025.pdf" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--2e3279d5-32b0-582d-8fdd-89405171ff14", "type": "campaign", "created": "2025-08-24T00:00:00.000Z", "modified": "2025-08-24T00:00:00.000Z", "name": "Silk Typhoon Exploiting Trusted Relationships for Cloud Environments Compromise", "description": "Silk Typhoon (a.k.a Murky Panda) achieves initial access primarily through exploiting internet-facing appliances (e.g., Citrix NetScaler ADC, CVE-2023-3519) and has also been observed compromising SOHO devices to mask activity. Once inside, the adversary deploys web shells suc...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.crowdstrike.com", "url": "https://www.crowdstrike.com/en-us/blog/murky-panda-trusted-relationship-threat-in-cloud/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--de7a0b51-f067-5e5b-a159-314983044863", "type": "campaign", "created": "2025-08-20T00:00:00.000Z", "modified": "2025-08-20T00:00:00.000Z", "name": "Warlock Ransomware Exploiting Sharepoint Vulnerabilities ", "description": "Warlock ransomware is exploiting Microsoft SharePoint vulnerabilities to infiltrate enterprise environments. Attackers gain initial access by uploading web shells through targeted HTTP POST requests, then escalate privileges via Group Policy abuse and compromised accounts. The...", "objective": "RansomOp", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/25/h/warlock-ransomware.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--8562c595-9855-5202-a2d1-17bb8e275cfe", "type": "campaign", "created": "2025-08-19T00:00:00.000Z", "modified": "2025-08-19T00:00:00.000Z", "name": "DripDropper Malware Exploits Patched Apache ActiveMQ for Persistence on Cloud Linux Systems", "description": "The attack chain begins with exploitation of the Apache ActiveMQ RCE vulnerability (CVE-2023-46604) on cloud Linux hosts. Upon gaining access, the attacker installs the Sliver C2 implant and modifies sshd settings to permit root login over SSH, then downloads and executes the ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "redcanary.com", "url": "https://redcanary.com/blog/threat-intelligence/dripdropper-linux-malware/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "type": "campaign", "created": "2025-08-18T00:00:00.000Z", "modified": "2025-08-18T00:00:00.000Z", "name": "UAT-7237 Targets Taiwanese Web Infrastructure Using Customized Open-Source Tools", "description": "Researchers uncovered a sophisticated intrusion by UAT-7237, a Chinese-speaking APT group active since at least 2022 and likely a subgroup of UAT-5918. The group recently compromised a Taiwanese web hosting provider, targeting its VPN and cloud infrastructure. Unlike its paren...", "objective": "Data exfiltration", "external_references": [ { "source_name": "blog.talosintelligence.com", "url": "https://blog.talosintelligence.com/uat-7237-targets-web-hosting-infra/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--4a36ad0d-3b08-5634-baec-c4641925365d", "type": "campaign", "created": "2025-08-06T00:00:00.000Z", "modified": "2025-08-06T00:00:00.000Z", "name": "Akira Ransomware Targeting Critical Vulnerability in SonicWall SSLVPN", "description": "Researchers identified active exploitation of CVE-2024-40766 in SonicWall's seventh-generation firewalls, specifically impacting SSL VPN functionality. Threat actors are bypassing multi-factor authentication (MFA), gaining privileged access, and deploying Akira ransomware. The...", "objective": "RansomOp", "external_references": [ { "source_name": "www.huntress.com", "url": "https://www.huntress.com/blog/exploitation-of-sonicwall-vpn" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a2a39a48-da18-5e62-aea9-5ba1bd3cf6fa", "type": "campaign", "created": "2025-08-04T00:00:00.000Z", "modified": "2025-08-04T00:00:00.000Z", "name": "Plague PAM-Based Backdoor for Linux", "description": "A newly discovered Linux backdoor, dubbed Plague, was embedded as a malicious PAM (Pluggable Authentication Module) component. Designed to silently bypass system authentication, Plague grants attackers persistent SSH access while evading all known antivirus detection and leavi...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.nextron-systems.com", "url": "https://www.nextron-systems.com/2025/08/01/plague-a-newly-discovered-pam-based-backdoor-for-linux/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a83ee3ef-59f0-58f2-b017-c19aba068309", "type": "campaign", "created": "2025-07-29T00:00:00.000Z", "modified": "2025-07-29T00:00:00.000Z", "name": "Auto-Color Malware Exploits SAP Vulnerability for Linux Backdoor", "description": "In April 2025, a threat actor exploited CVE-2025-31324, a critical vulnerability in SAP NetWeaver, to deploy the Auto-Color backdoor malware on a US-based chemical company's network. The intrusion began with suspicious ZIP file downloads and DNS tunneling to test exploitabilit...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.darktrace.com", "url": "https://www.darktrace.com/blog/auto-color-backdoor-how-darktrace-thwarted-a-stealthy-linux-intrusion" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--8b0433f4-f418-5a13-8b86-ade6384e4904", "type": "campaign", "created": "2025-07-23T00:00:00.000Z", "modified": "2025-07-23T00:00:00.000Z", "name": "Soco404 Cryptomining Campaign Exploits PostgreSQL and Cloud Misconfigurations", "description": "Wiz Research has uncovered an ongoing, sophisticated cryptomining campaign dubbed Soco404, which targets both Linux and Windows systems in cloud environments. The campaign exploits exposed PostgreSQL instances and vulnerable Apache Tomcat servers to achieve initial access, the...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/soco404-multiplatform-cryptomining-campaign-uses-fake-error-pages-to-hide-payload" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--fd7ecf12-1e8e-5c60-8351-961dfd60c5b3", "type": "campaign", "created": "2025-07-21T00:00:00.000Z", "modified": "2025-07-21T00:00:00.000Z", "name": "Mimo Targets Magento, Docker, and Cloud Environments", "description": "The threat actor known as Mimo (or Mimo’lette) has expanded its intrusion operations from Craft CMS to the Magento ecommerce platform, Docker environments, and cloud instances. Mimo exploits PHP-FPM vulnerabilities in Magento to gain initial access, establishes persistence usi...", "objective": "Resource hijacking", "external_references": [ { "source_name": "securitylabs.datadoghq.com", "url": "https://securitylabs.datadoghq.com/articles/beyond-mimolette-tracking-mimo-expansion-magento-cms-docker/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--2fee3f3a-250c-56b8-875f-ce72209cd07e", "type": "campaign", "created": "2025-07-20T00:00:00.000Z", "modified": "2025-07-20T00:00:00.000Z", "name": "Supply Chain Attack on npm Packages via Maintainer Phishing", "description": "A phishing attack targeting a popular npm maintainer led to the compromise of several widely used packages, including eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, and others. The attacker stole the maintainer’s npm token via a spoofed email and used it ...", "objective": "Supply chain attack", "external_references": [ { "source_name": "socket.dev", "url": "https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--1f29f191-7189-54c3-8e94-cee7a8151008", "type": "campaign", "created": "2025-07-20T00:00:00.000Z", "modified": "2025-07-20T00:00:00.000Z", "name": "0day Vulnerability in Microsoft Sharepoint Exploited in-the-Wild", "description": "Microsoft has disclosed two actively exploited zero-day vulnerabilities in on-premises SharePoint Server—CVE-2025-53770 (RCE via unsafe deserialization) and CVE-2025-53771 (authentication bypass via Referer header spoofing). These flaws form a chained exploit known as ToolShel...", "objective": "", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/sharepoint-vulnerabilities-cve-2025-53770-cve-2025-53771-everything-you-need-to-k" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--30f60ec5-bd5b-5828-bd7b-24d46834b821", "type": "campaign", "created": "2025-07-17T00:00:00.000Z", "modified": "2025-07-17T00:00:00.000Z", "name": "Linuxsys Cryptominer Campaign", "description": "The Linuxsys cryptominer is part of a long-running campaign active since at least 2021, consistently exploiting multiple web application vulnerabilities to deploy the Linuxsys coinminer on compromised systems. The attacker utilizes a stable methodology: exploiting n-day vulner...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.vulncheck.com", "url": "https://www.vulncheck.com/blog/linuxsys-cryptominer" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--4bc801f4-136d-5266-81ee-1331b97efd35", "type": "campaign", "created": "2025-07-08T00:00:00.000Z", "modified": "2025-07-08T00:00:00.000Z", "name": "AWS Network Exploitation and Ransomware Detonation", "description": "AWS customer faced a compromise through a SonicWall SMA 500v EC2 instance that was improperly exposed to the internet. The attacker connected via multiple Vultr VPS endpoints, performed network scans, and moved laterally between EC2 instances using RDP. Over 700 GB of data was...", "objective": "RansomOp, Data exfiltration", "external_references": [ { "source_name": "www.darktrace.com", "url": "https://www.darktrace.com/blog/defending-the-cloud-stopping-cyber-threats-in-azure-and-aws-with-darktrace" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--55b10927-bc20-5eff-9a8a-331698b9e9df", "type": "campaign", "created": "2025-07-08T00:00:00.000Z", "modified": "2025-07-08T00:00:00.000Z", "name": "AWS Data Exfiltration and Attempted Ransomware", "description": "In February 2025, a UK-based AWS environment was infiltrated using compromised VPN credentials. The threat actor conducted internal reconnaissance with Nmap and staged data exfiltration using the Rclone tool, transferring sensitive files from AWS file servers, particularly fin...", "objective": "RansomOp, Data exfiltration", "external_references": [ { "source_name": "www.darktrace.com", "url": "https://www.darktrace.com/blog/defending-the-cloud-stopping-cyber-threats-in-azure-and-aws-with-darktrace" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c25e0040-8d0e-5739-8b48-82afef005127", "type": "campaign", "created": "2025-07-08T00:00:00.000Z", "modified": "2025-07-08T00:00:00.000Z", "name": "Azure Account Hijack via Stolen Tokens", "description": "In early 2024, a Darktrace customer’s Azure environment was compromised after attackers stole access tokens linked to an external consultant’s account, obtained via cracked software. Using these tokens, the attacker authenticated into the Azure environment, modified security r...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.darktrace.com", "url": "https://www.darktrace.com/blog/defending-the-cloud-stopping-cyber-threats-in-azure-and-aws-with-darktrace" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--3b9aa022-8763-5f4d-9122-b2976bc3f688", "type": "campaign", "created": "2025-07-08T00:00:00.000Z", "modified": "2025-07-08T00:00:00.000Z", "name": "In-Memory IIS Attacks via View State Deserialization", "description": "Unit 42 researchers uncovered a campaign by a threat actor they call TGR-CRI-0045—assessed with medium confidence to be part of the Gold Melody (UNC961/Prophet Spider) group—targeting ASP.NET IIS servers using compromised Machine Keys. This group, acting as an Initial Access B...", "objective": "Data exfiltration", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/initial-access-broker-exploits-leaked-machine-keys/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--d1dfc8c0-6aa0-59cf-903a-ebb9026f31b2", "type": "campaign", "created": "2025-07-03T00:00:00.000Z", "modified": "2025-07-03T00:00:00.000Z", "name": "UNC5174 Exploits Ivanti CSA Zero-Days in “Houken” Campaign", "description": "The attacker chained Ivanti CSA zero-days to execute a base64-encoded Python script, which extracted the admin password from a local PostgreSQL database. Using this access, the attacker created or modified PHP scripts to serve as webshells and sometimes deployed a custom Linux...", "objective": "Resource hijacking, Data exfiltration", "external_references": [ { "source_name": "www.cert.ssi.gouv.fr", "url": "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-009.pdf" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e00f2ab3-11c3-5c05-8dd2-89eeab8373b2", "type": "campaign", "created": "2025-07-02T00:00:00.000Z", "modified": "2025-07-02T00:00:00.000Z", "name": "JDWP Exploited in the Wild", "description": "On 2025-07-02, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, targeting JDWP, TeamCity to achieve Resource hijacking. The following tools were observed: XMRig.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/exposed-jdwp-exploited-in-the-wild" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c37925cf-f656-5605-9203-6035c4599288", "type": "campaign", "created": "2025-06-30T00:00:00.000Z", "modified": "2025-06-30T00:00:00.000Z", "name": "Linux SSH Servers Compromised to Deploy Proxies", "description": "In one attack chain, a Bash script retrieved from 0x0[.]st was used to install TinyProxy via common package managers like apt, yum, or dnf. The script then modified configuration files to allow unrestricted external access (Allow 0.0.0.0/0), exposing the proxy service on port ...", "objective": "Resource hijacking", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/88749/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--5849b6f1-b541-5f7f-ad9f-e2077e9336d2", "type": "campaign", "created": "2025-06-25T00:00:00.000Z", "modified": "2025-06-25T00:00:00.000Z", "name": "Attacks on Korean IIS & Linux Servers", "description": "In June 2025 researchers documented a campaign that breaches vulnerable South-Korean IIS web servers—and sometimes adjacent Linux hosts—by uploading ASP/ASPX web shells through file-upload flaws. Once the shell is in place, the operators fan out: they run basic host discovery ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/88627/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--39e9264f-19ba-5e20-8b29-ae77dac653df", "type": "campaign", "created": "2025-06-17T00:00:00.000Z", "modified": "2025-06-17T00:00:00.000Z", "name": "Langflow Vulnerability Exploited to Deliver Flodrix Botnet", "description": "CVE-2025-3248 is an unauthenticated remote code execution (RCE) vulnerability in Langflow, a popular Python-based framework for building AI applications. The flaw lies in the code validation endpoint, which fails to enforce authentication or sandboxing when parsing and executi...", "objective": "Denial of service, Resource hijacking, Data exfiltration", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html#" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--8ba21552-cc91-547b-8736-f5d825e07d07", "type": "campaign", "created": "2025-06-12T00:00:00.000Z", "modified": "2025-06-12T00:00:00.000Z", "name": "SFireTruck: Malicious JavaScript Campaign Using Obfuscation", "description": "Researchers uncovered a large-scale malvertising campaign, active primarily between March 26 and April 25, 2025, during which over 269,000 legitimate websites were compromised with highly obfuscated JavaScript code dubbed “JSFireTruck” (a euphemism for JSF*ck). Using only six ...", "objective": "Resource hijacking", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--cd12717c-5535-5899-a54c-9bad17e30c73", "type": "campaign", "created": "2025-06-11T00:00:00.000Z", "modified": "2025-06-11T00:00:00.000Z", "name": "TeamFiltration Account Takeover Campaign", "description": "On 2025-06-11, a campaign was reported, involving an unknown actor, gaining initial access via End-user compromise, while using Password spraying, Resource enumeration, targeting Microsoft OneDrive, Microsoft Outlook, Microsoft Teams to achieve Data exfiltration. The following tools were observed: TeamFiltration.", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.proofpoint.com", "url": "https://www.proofpoint.com/us/blog/threat-insight/attackers-unleash-teamfiltration-account-takeover-campaign" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--886be814-17af-5c0f-8193-41ea09e332ae", "type": "campaign", "created": "2025-06-07T00:00:00.000Z", "modified": "2025-06-07T00:00:00.000Z", "name": "NPM Supply Chain Attack Compromises 16 Popular React Native and GlueStack Packages", "description": "A threat actor compromised 16 highly popular React Native and GlueStack packages, collectively downloaded over a million times weekly. The attackers inserted a stealthy backdoor into these packages using whitespace obfuscation to hide malicious code. The payload is a Remote Ac...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.aikido.dev", "url": "https://www.aikido.dev/blog/supply-chain-attack-on-react-native-aria-ecosystem" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--2c0e1f2c-49c8-545d-895f-654126bea6ae", "type": "campaign", "created": "2025-06-03T00:00:00.000Z", "modified": "2025-06-03T00:00:00.000Z", "name": "Open WebUI Misconfiguration Exploited for Cryptojacking", "description": "Researchers discovered an active exploitation of a misconfigured Open WebUI instance—a self-hosted interface for large language models (LLMs)—that was exposed to the internet with administrator access enabled and no authentication. A threat actor leveraged this misconfiguratio...", "objective": "Resource hijacking", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/attacker-exploits-misconfigured-ai-tool-to-run-ai-generated-payload/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--7d8c948a-3d1e-5a37-8fa6-8b3e3463b7c9", "type": "campaign", "created": "2025-06-02T00:00:00.000Z", "modified": "2025-06-02T00:00:00.000Z", "name": "Cryptojacking Campaign Targets Misconfigured DevOps Tools", "description": "JINX-0132 targets exposed Nomad servers lacking ACL protections by submitting malicious jobs through the API, effectively gaining remote code execution. These jobs download and run the XMRig miner from public GitHub releases, bypassing traditional IOC-based detection. Gitea in...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/jinx-0132-cryptojacking-campaign" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--465bfc80-4766-52ab-8308-8f0eb1040a43", "type": "campaign", "created": "2025-05-29T00:00:00.000Z", "modified": "2025-05-29T00:00:00.000Z", "name": "Earth Lamia Custom Toolkit Targets Multiple Sectors via Web Vulnerabilities", "description": "Earth Lamia, a suspected China-nexus APT group active since at least 2023, has expanded its cyber espionage campaigns across Brazil, India, and Southeast Asia. The group targets multiple industries — shifting from financial services to logistics, online retail, and currently I...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/25/e/earth-lamia.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e9e1c5be-599c-5f12-9e49-e59a7b000492", "type": "campaign", "created": "2025-05-28T00:00:00.000Z", "modified": "2025-05-28T00:00:00.000Z", "name": "DragonForce Exploits SimpleHelp Vulnerabilities in Ransomware Campaign", "description": "DragonForce gained access to an MSP’s SimpleHelp instance and weaponized its remote management capabilities to deliver a malicious installer to client environments. Once executed, the installer enabled credential harvesting, network reconnaissance, and ransomware deployment. T...", "objective": "RansomOp", "external_references": [ { "source_name": "socradar.io", "url": "https://socradar.io/dragonforce-exploits-simplehelp-msp-ransomware/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--9cd07d75-f0fd-57e9-9090-8f62692dabf4", "type": "campaign", "created": "2025-05-28T00:00:00.000Z", "modified": "2025-05-28T00:00:00.000Z", "name": "Coordinated One-Day Cloud Scanning Operation Targets 75 Exposure Points", "description": "On May 8, 2025, GreyNoise observed a tightly coordinated and large-scale reconnaissance campaign launched from 251 malicious IP addresses, all hosted on Amazon AWS and geolocated in Japan. These IPs were active for only one day and collectively triggered 75 distinct scanning b...", "objective": "None", "external_references": [ { "source_name": "www.greynoise.io", "url": "https://www.greynoise.io/blog/coordinated-cloud-based-scanning-operation-targets-75-known-exposure-points" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ff682907-b1fa-500a-8c0a-4d9f7dc2713c", "type": "campaign", "created": "2025-05-27T00:00:00.000Z", "modified": "2025-05-27T00:00:00.000Z", "name": "Mimo Exploits Craft CMS RCE to Deploy Cryptominer and Proxyware in Coordinated Campaign", "description": "Between February and May 2025, the intrusion set known as Mimo exploited CVE-2025-32432, a critical unauthenticated RCE in Craft CMS, to deploy a multi-stage infection chain observed via honeypots. The attack began by injecting a PHP webshell through a crafted GET request, fol...", "objective": "Resource hijacking", "external_references": [ { "source_name": "blog.sekoia.io", "url": "https://blog.sekoia.io/the-sharp-taste-of-mimolette-analyzing-mimos-latest-campaign-targeting-craft-cms/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--76f41e4f-cf1b-5de7-880a-4e4e2864e585", "type": "campaign", "created": "2025-05-20T00:00:00.000Z", "modified": "2025-05-20T00:00:00.000Z", "name": "Ivanti EPMM RCE Vulnerability Chain Exploited in the Wild", "description": "Wiz Threat Research has confirmed active in-the-wild exploitation of a vulnerability chain in Ivanti Endpoint Manager Mobile (EPMM), comprising CVE-2025-4427 (authentication bypass) and CVE-2025-4428 (post-auth RCE). Exploited together, these flaws enable unauthenticated remot...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/ivanti-epmm-rce-vulnerability-chain-cve-2025-4427-cve-2025-4428" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e944af05-4f93-523e-bb11-74961d40a4e2", "type": "campaign", "created": "2025-05-19T00:00:00.000Z", "modified": "2025-05-19T00:00:00.000Z", "name": "UTG-Q-015 Exploits 0-Days for Espionage in Asia", "description": "UTG-Q-015, a Southeast Asia-based threat actor, escalated its operations in early 2025 by shifting to more aggressive tactics. Initially exposed in December 2024 for mounting attacks on Chinese developer forums, UTG-Q-015 evolved to exploit both 0-day and N-day vulnerabilities...", "objective": "Data exfiltration", "external_references": [ { "source_name": "ti.qianxin.com", "url": "https://ti.qianxin.com/blog/articles/operation-run-the-cyber-carnival-of-offshore-patriots-en/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a3b208a7-19c5-5e39-b11b-c8171458f86e", "type": "campaign", "created": "2025-05-08T00:00:00.000Z", "modified": "2025-05-08T00:00:00.000Z", "name": "RedisRaider Linux Cryptojacking Campaign Targets Redis Servers", "description": "RedisRaider begins by indiscriminately scanning the IPv4 space for Redis servers open on port 6379. Upon identifying a target, the malware checks the server OS and uses Redis commands to inject a base64-encoded shell script as a cron job. It writes this payload to disk by reco...", "objective": "Resource hijacking", "external_references": [ { "source_name": "securitylabs.datadoghq.com", "url": "https://securitylabs.datadoghq.com/articles/redisraider-weaponizing-misconfigured-redis/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--8f2144bd-783f-5e20-8fc8-fe2fa94abf27", "type": "campaign", "created": "2025-05-06T00:00:00.000Z", "modified": "2025-05-06T00:00:00.000Z", "name": "ComfyUI exploitation campaign ", "description": "Baidu reports an exploitation campaign targeting publicly-exposed instances of ComfyUI. ComfyUI provides a GUI for AI image generation workflows. By default, it does not implement authentication. A popular extension, ComfyUI-Manager, allows an attacker to execute remote code v...", "objective": "Unknown", "external_references": [ { "source_name": "anquan.baidu.com", "url": "https://anquan.baidu.com/article/1920" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--405d7209-3208-506f-9ad7-d028761ed5e8", "type": "campaign", "created": "2025-05-05T00:00:00.000Z", "modified": "2025-05-05T00:00:00.000Z", "name": "Supply Chain Compromise of ", "description": "Researchers detected a malicious update to the popular npm package rand-user-agent, used for generating randomized user-agent strings. The attacker published multiple unauthorized versions (1.0.110, 2.0.83, 2.0.84) containing heavily obfuscated code designed to covertly instal...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.aikido.dev", "url": "https://www.aikido.dev/blog/catching-a-rat-remote-access-trojian-rand-user-agent-supply-chain-compromise" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--233b3e44-1af7-5ac2-a68e-918bb8d37050", "type": "campaign", "created": "2025-04-30T00:00:00.000Z", "modified": "2025-04-30T00:00:00.000Z", "name": "Larva-25003: IIS Native Module Malware Used in Targeted Web Server Attacks", "description": "In early 2025, AhnLab Security Intelligence Center (ASEC) discovered a targeted attack campaign dubbed Larva-25003, believed to be operated by Chinese-speaking threat actors. The attackers gained access to poorly secured Microsoft IIS web servers in South Korea and deployed a ...", "objective": "Data exfiltration, Resource hijacking", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/87804/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--0c73b53a-d432-5815-ae53-71ac73ea4944", "type": "campaign", "created": "2025-04-23T00:00:00.000Z", "modified": "2025-04-23T00:00:00.000Z", "name": "Password spray attack leads to containers being used for cryptomining", "description": "In the past year Microsoft observed AzureChecker(Storm-1977) launching password spray attacks, against cloud tenants in the education sector.\nThe actor used AzureChecker.exe (CLI tool that is being used by a wide range of actors)", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2025/04/23/understanding-the-threat-landscape-for-kubernetes-and-containerized-assets/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b05116cb-0c59-566b-8d66-f1b30f5532c3", "type": "campaign", "created": "2025-04-23T00:00:00.000Z", "modified": "2025-04-23T00:00:00.000Z", "name": "Apache Druid cryptojacking", "description": "ARMO’s research team uncovered two cryptojacking campaigns targeting a deliberately exposed Kubernetes honeypot running Apache Druid, leveraging the known CVE-2021-25646 vulnerability for unauthenticated remote code execution. The first campaign, linked to the RUDEDEVIL/LUCIFE...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.armosec.io", "url": "https://www.armosec.io/blog/armo-cadr-detects-kubernetes-crypto-mining/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b334cad9-4a98-51f7-aa34-64888a34bb88", "type": "campaign", "created": "2025-04-23T00:00:00.000Z", "modified": "2025-04-23T00:00:00.000Z", "name": "Apache Druid cryptojacking", "description": "ARMO’s research team uncovered two cryptojacking campaigns targeting a deliberately exposed Kubernetes honeypot running Apache Druid, leveraging the known CVE-2021-25646 vulnerability for unauthenticated remote code execution. The first campaign, linked to the RUDEDEVIL/LUCIFE...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.armosec.io", "url": "https://www.armosec.io/blog/armo-cadr-detects-kubernetes-crypto-mining/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--07db8379-bc3c-5ed9-b17b-3d0b67c7a2a3", "type": "campaign", "created": "2025-04-22T00:00:00.000Z", "modified": "2025-04-22T00:00:00.000Z", "name": "SAP NetWeaver Visual Composer exploitation campaign", "description": "CVE-2025-31324 is a critical zero-day vulnerability in the SAP NetWeaver Visual Composer component (CVSS 10.0) that enables unauthenticated remote code execution (RCE). The flaw, caused by missing authorization checks in the Metadata Uploader interface, allows attackers to upl...", "objective": "Unknown", "external_references": [ { "source_name": "reliaquest.com", "url": "https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--5e2a2ab6-16b2-57e2-b2d7-4f9cc9d1567b", "type": "campaign", "created": "2025-04-22T00:00:00.000Z", "modified": "2025-04-22T00:00:00.000Z", "name": "Multi-Layered Cryptojacking via Docker", "description": "A recent malware campaign targeting Docker showcases a novel form of cryptojacking that abuses legitimate Web3 services for profit while employing heavy layers of obfuscation to evade detection. By leveraging publicly hosted Docker images, the attackers deploy Python scripts t...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.darktrace.com", "url": "https://www.darktrace.com/blog/obfuscation-overdrive-next-gen-cryptojacking-with-layers" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--43ff4f3a-24be-5a54-b26f-449e6f2aa86b", "type": "campaign", "created": "2025-04-16T00:00:00.000Z", "modified": "2025-04-16T00:00:00.000Z", "name": "UNC5174 Linux Espionage Campaign", "description": "UNC5174, a suspected Chinese state-sponsored threat actor, has resurfaced in a stealthy espionage campaign targeting Linux systems across research institutions, government agencies, NGOs, and critical infrastructure sectors in Western and APAC countries. The campaign, active s...", "objective": "Data exfiltration", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/unc5174-chinese-threat-actor-vshell/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--470a1430-79d3-5303-b1a1-85193bc72f77", "type": "campaign", "created": "2025-04-16T00:00:00.000Z", "modified": "2025-04-16T00:00:00.000Z", "name": "CrazyHunter Ransomware Group Targets Critical Sectors in Taiwan", "description": "CrazyHunter is a newly emerged ransomware group that has rapidly gained attention for its focused attacks on Taiwan’s critical sectors, particularly healthcare, education, and manufacturing. The group’s operations demonstrate a high level of sophistication, leveraging both adv...", "objective": "RansomOp", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/25/d/crazyhunter-campaign.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ee036a1f-2232-5853-a0db-c819ccd8ee56", "type": "campaign", "created": "2025-04-14T00:00:00.000Z", "modified": "2025-04-14T00:00:00.000Z", "name": "BPFDoor’s Hidden Controller Targets AMEA Sectors", "description": "Trend Micro uncovered a previously unseen controller used in BPFDoor campaigns, attributing it to Earth Bluecrow (also known as Red Menshen), a state-sponsored APT group. BPFDoor is a stealthy Linux backdoor leveraging Berkeley Packet Filtering (BPF) to silently activate via \"...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--210da783-1ee0-5230-ab13-9575cbced559", "type": "campaign", "created": "2025-04-10T00:00:00.000Z", "modified": "2025-04-10T00:00:00.000Z", "name": "Atlas Lion Campaign Exploits Device Enrollment and MFA for Persistence", "description": "The initial intrusion vector was an SMS phishing campaign that spoofed internal IT notifications to harvest user credentials and MFA codes. Atlas Lion then enrolled a VM from their Azure tenant into the organization’s domain by mimicking the legitimate Windows device setup pro...", "objective": "Data exfiltration", "external_references": [ { "source_name": "expel.com", "url": "https://expel.com/blog/observing-atlas-lion-part-one/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--2e1c4598-876a-5f47-8e29-a13e627107df", "type": "campaign", "created": "2025-04-03T00:00:00.000Z", "modified": "2025-04-03T00:00:00.000Z", "name": "Critical Ivanti Connect Secure Vulnerability Exploited by China-linked Actor", "description": "On April 3, 2025, Ivanti disclosed a critical vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure (ICS) VPN appliances version 22.7R2.5 and earlier. The flaw, initially underestimated as a denial-of-service risk, was later found to be a buffer overflow that allows r...", "objective": "Data exfiltration", "external_references": [ { "source_name": "cloud.google.com", "url": "https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--0e9038ac-3d78-5457-9dbd-2f5c1c795719", "type": "campaign", "created": "2025-03-24T00:00:00.000Z", "modified": "2025-03-24T00:00:00.000Z", "name": "Weaver Ant data exfiltration campaign", "description": "Sygnia uncovered a prolonged cyber-espionage campaign targeting a major Asian telecom provider, orchestrated by a China-nexus APT group dubbed Weaver Ant. The group maintained stealthy, long-term access to the network for over four years using advanced techniques centered arou...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.sygnia.co", "url": "https://www.sygnia.co/threat-reports-and-advisories/weaver-ant-tracking-a-china-nexus-cyber-espionage-operation/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b097e505-89f2-510f-94d5-96082f0a6e94", "type": "campaign", "created": "2025-03-21T00:00:00.000Z", "modified": "2025-03-21T00:00:00.000Z", "name": "Albabat Ransomware Targets Windows, Linux, and macOS Using GitHub Infrastructure", "description": "Researchers have uncovered new and evolving versions of the Albabat ransomware, which now target Windows, Linux, and macOS systems. These updated variants (v2.0.0 and v2.5) show a notable expansion from the ransomware’s initial Windows-only focus and use GitHub for storing and...", "objective": "RansomOp", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/25/c/albabat-ransomware-group.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--2427bcde-e35b-5719-9633-d4f266153b01", "type": "campaign", "created": "2025-03-16T00:00:00.000Z", "modified": "2025-03-16T00:00:00.000Z", "name": "Exposed Jupyter Notebooks Targeted for Cryptomining", "description": "Cado Security Labs has uncovered a cryptomining campaign exploiting misconfigured Jupyter Notebooks, affecting both Windows and Linux environments. The attackers use Jupyter as an entry point to deploy a cryptominer through a series of evasive techniques. On Windows, the attac...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/blog/jupyter-notebooks-cryptominer" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--cce82e77-aba7-50f9-913a-219265c2daea", "type": "campaign", "created": "2025-03-06T00:00:00.000Z", "modified": "2025-03-06T00:00:00.000Z", "name": "PHP-CGI Vulnerability Exploited in Attacks Targeting Japan", "description": "Researchers identified an ongoing attack campaign targeting organizations in Japan across sectors like technology, telecommunications, education, entertainment, and e-commerce. Active since at least January 2025, the attacker exploits CVE-2024-4577, a critical PHP-CGI remote c...", "objective": "Data exfiltration", "external_references": [ { "source_name": "blog.talosintelligence.com", "url": "https://blog.talosintelligence.com/new-persistent-attacks-japan/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--77b3994e-382e-578e-8029-ad5e71595905", "type": "campaign", "created": "2025-03-05T00:00:00.000Z", "modified": "2025-03-05T00:00:00.000Z", "name": "Silk Typhoon Targeting IT and Cloud Applications", "description": "Microsoft Threat Intelligence has identified an evolution in the tactics of Silk Typhoon, a Chinese state-sponsored espionage group, now increasingly focusing on compromising IT solutions, remote management tools, and cloud applications to gain initial access. By exploiting un...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b69d8105-0ad2-5952-b408-bdb068ac65d2", "type": "campaign", "created": "2025-02-28T00:00:00.000Z", "modified": "2025-02-28T00:00:00.000Z", "name": "JavaGhost SES abuse", "description": "The threat group JavaGhost has evolved from website defacement to persistent phishing operations targeting cloud environments, particularly AWS. Between 2022 and 2024, JavaGhost leveraged exposed long-term AWS access keys due to customer misconfigurations. These keys allowed t...", "objective": "Resource hijacking", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/javaghost-cloud-phishing/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--993ec2f4-956f-5e68-a569-70eef0e72981", "type": "campaign", "created": "2025-02-26T00:00:00.000Z", "modified": "2025-02-26T00:00:00.000Z", "name": "Krpano XSS exploitation campaign", "description": "The \"360XSS\" campaign is a widespread exploitation of a reflected cross-site scripting (XSS) vulnerability in the popular virtual tour framework Krpano, which allows external XML content to be injected via the xml query parameter. The vulnerability, known as CVE-2020-24901, st...", "objective": "Defacement, Resource hijacking", "external_references": [ { "source_name": "olegzay.com", "url": "https://olegzay.com/360xss/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "type": "campaign", "created": "2025-02-18T00:00:00.000Z", "modified": "2025-02-18T00:00:00.000Z", "name": "RevivalStone Campaign by Winnti", "description": "The China-linked APT group Winnti (APT41) has been linked to a new cyber espionage campaign, RevivalStone, targeting Japanese manufacturing, materials, and energy companies in March 2024. The attack, detailed by LAC, exploited an SQL injection vulnerability in an unspecified E...", "objective": "Data exfiltration", "external_references": [ { "source_name": "thehackernews.com", "url": "https://thehackernews.com/2025/02/winnti-apt41-targets-japanese-firms-in.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--163378ab-7488-5e73-9cfd-2e93f114937a", "type": "campaign", "created": "2025-02-18T00:00:00.000Z", "modified": "2025-02-18T00:00:00.000Z", "name": "Earth Preta’s Campaign Abusing MAVInject to Bypass Detection", "description": "Earth Preta (Mustang Panda), a known APT group targeting government entities in the Asia-Pacific region, has been observed using a new technique to evade detection and maintain persistence. Researchers from Trend Micro discovered that the group leverages Microsoft Application ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/25/b/earth-preta-mixes-legitimate-and-malicious-components-to-sidestep-detection.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e76d62e2-2ddc-595d-8ec7-c8bcfc96e736", "type": "campaign", "created": "2025-02-13T00:00:00.000Z", "modified": "2025-02-13T00:00:00.000Z", "name": "Seashell Blizzard Subgroup's Campaign Exploiting Vulnerabilities for Data Exfiltration", "description": "The BadPilot campaign operates as a horizontally scalable cyber operation, compromising a wide range of internet-facing systems using publicly available exploits. The subgroup conducts broad scanning for vulnerable systems and leverages commodity exploits to infiltrate network...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--761bb01f-be4d-590e-a724-6746619b52f5", "type": "campaign", "created": "2025-02-12T00:00:00.000Z", "modified": "2025-02-12T00:00:00.000Z", "name": "Code Injection Attacks Exploiting Publicly Disclosed ASP.NET Keys", "description": "Microsoft Threat Intelligence identified a threat actor exploiting publicly disclosed ASP.NET machine keys to perform ViewState code injection attacks. This technique enables attackers to inject malicious code into web applications, leading to remote code execution on IIS serv...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys/?msockid=25c90a83c749600b2ebc1fb3c6286115" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--6beba7f0-3e91-52a9-aff8-1ff8af1f3785", "type": "campaign", "created": "2025-02-11T00:00:00.000Z", "modified": "2025-02-11T00:00:00.000Z", "name": "Black Basta Exploiting Vulnerabilities in Multiple Products", "description": "A major leak of Black Basta’s internal chat logs on February 11, 2025, has exposed significant internal conflicts, leadership instability, and financial fraud within the ransomware group. The leak, allegedly triggered by their attacks on Russian banks, has led to a decline in ...", "objective": "RansomOp", "external_references": [ { "source_name": "socradar.io", "url": "https://socradar.io/black-bastas-internal-chats-leak/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--4d9204e0-affe-583a-a179-601a81d103eb", "type": "campaign", "created": "2025-02-09T00:00:00.000Z", "modified": "2025-02-09T00:00:00.000Z", "name": "Malicious AI Models Bypass Picklescan Detection", "description": "The nullifAI attack exploits Pickle file serialization, an insecure method for storing ML models, to distribute malware-laced PyTorch models on Hugging Face. Instead of using PyTorch’s default ZIP compression, the attackers compressed the models using 7z, preventing automatic ...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.reversinglabs.com", "url": "https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a82395d0-4f36-5df0-aa4d-7467c4778e9f", "type": "campaign", "created": "2025-01-24T00:00:00.000Z", "modified": "2025-01-24T00:00:00.000Z", "name": "Operation LongFang", "description": "Operation LongFang is a cyber-espionage campaign, attributed to a Chinese threat actor, targeting Latin American government entities. First detected in December 2024, it has been active for at least two years. The campaign's initial access was achieved by exploiting vulnerabil...", "objective": "Data exfiltration", "external_references": [ { "source_name": "medium.com", "url": "https://medium.com/@gunthertrigger/operation-longfang-attribution-and-analysis-of-a-chinese-cyber-espionage-campaign-9716da62b924" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a977f299-9e5a-5c50-bd3c-fc17801ff3d1", "type": "campaign", "created": "2025-01-21T00:00:00.000Z", "modified": "2025-01-21T00:00:00.000Z", "name": "TRIPLESTRENGTH: Cloud Account Hijacking and Cryptocurrency Mining via Stolen Credentials", "description": "The threat actor TRIPLESTRENGTH uses stolen credentials and cookies, partially sourced from Racoon infostealer logs, to gain unauthorized access to victim cloud environments. Initially, they exploited legitimate compromised accounts to create compute resources for cryptocurren...", "objective": "Resource hijacking, RansomOp", "external_references": [ { "source_name": "thehackernews.com", "url": "https://thehackernews.com/2025/01/triplestrength-targets-cloud-platforms.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--bc6ac451-4324-5cd5-bde0-657a2b3283ba", "type": "campaign", "created": "2025-01-21T00:00:00.000Z", "modified": "2025-01-21T00:00:00.000Z", "name": "UNC2165 Targets Hybrid Environments with Ransomware", "description": "In 2024, UNC2165 exploited a victim's environment by a UNC1543 FAKEUPDATES infection to gain initial access. They deployed their Python tunneler, VIPERTUNNEL, for persistent access and used utility scripts for reconnaissance and disabling anti-virus protection. UNC2165 then ac...", "objective": "RansomOp, Data exfiltration", "external_references": [ { "source_name": "services.google.com", "url": "https://services.google.com/fh/files/misc/threat_horizons_report_h1_2025.pdf" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--7dd7931d-306b-5cbd-87b0-cc3f928b3b0e", "type": "campaign", "created": "2025-01-15T00:00:00.000Z", "modified": "2025-01-15T00:00:00.000Z", "name": "Bapak Exploiting Stolen Cloud Access Keys", "description": "Wiz Threat Research discovered a malicious campaign where attackers are using leaked or stolen cloud access keys to access cloud environments and deploy ECS clusters. The attacker was observed abusing accidentally exposed AWS access keys and trying to gain a permanent foothold...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/detecting-behavioral-cloud-indicators-of-compromise-iocs" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--134b9fd4-6b49-5100-8bb9-e0839fbb9e41", "type": "campaign", "created": "2025-01-13T00:00:00.000Z", "modified": "2025-01-13T00:00:00.000Z", "name": "Codefinger Ransomware Campaign Targeting S3 Buckets", "description": "Researchers discovered a ransomware campaign leveraging AWS Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data in Amazon S3 buckets. The attack, orchestrated by the threat actor \"Codefinger,\" uses compromised AWS credentials to encrypt files securely. V...", "objective": "RansomOp", "external_references": [ { "source_name": "www.halcyon.ai", "url": "https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--5bdaa393-b782-548e-b611-855a30e54ce9", "type": "campaign", "created": "2025-01-11T00:00:00.000Z", "modified": "2025-01-11T00:00:00.000Z", "name": "Exploitation in the Wild of Aviatrix Controller RCE", "description": "The vulnerability CVE-2024-50603 was disclosed on 2025-01-07, with a detailed blog and proof-of-concept exploit released by researchers soon after. Evidence of exploitation in cloud environments were observed by Wiz Research, targeting publicly exposed, vulnerable machines. At...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.securing.pl", "url": "https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--2d5e879a-4088-5405-ba96-943097d65af9", "type": "campaign", "created": "2025-01-10T00:00:00.000Z", "modified": "2025-01-10T00:00:00.000Z", "name": "Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls", "description": "Threat actors recently targeted Fortinet FortiGate firewall devices with exposed management interfaces in a suspected zero-day campaign. Arctic Wolf observed unauthorized admin logins via the jsconsole interface, new account creation, SSL VPN configurations, and other system c...", "objective": "Data exfiltration", "external_references": [ { "source_name": "arcticwolf.com", "url": "https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a62db5ac-b779-5c8c-b29e-a61c84d59383", "type": "campaign", "created": "2024-12-30T00:00:00.000Z", "modified": "2024-12-30T00:00:00.000Z", "name": "EC2 Grouper Campaign", "description": "The \"EC2 Grouper\" threat actor is a prolific group frequently detected in cloud environments. They are known for using consistent user agents and a specific security group naming convention (e.g., ec2group, ec2group12345) during attacks, making them easier to identify. However...", "objective": "Unknown, Resource hijacking", "external_references": [ { "source_name": "www.fortinet.com", "url": "https://www.fortinet.com/blog/threat-research/catching-ec2-grouper-no-indicators-required" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c1996100-0c0c-56dd-95a1-aeee22de2de2", "type": "campaign", "created": "2024-12-18T00:00:00.000Z", "modified": "2024-12-18T00:00:00.000Z", "name": "Phishing campaign leading to Azure account takeover", "description": "In June 2024, Unit 42 researchers identified a phishing campaign targeting approximately 20,000 users in European automotive, chemical, and industrial compound manufacturing sectors, particularly in Germany and the UK. The attackers employed fake forms created with HubSpot's F...", "objective": "Unknown", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/european-phishing-campaign/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b4749f10-0e9c-5e73-bd03-c3ef4813d283", "type": "campaign", "created": "2024-12-17T00:00:00.000Z", "modified": "2024-12-17T00:00:00.000Z", "name": "Diicot Campaign Targeting Linux Environments", "description": "Wiz Research uncovered a sophisticated malware campaign by the Romanian-speaking Diicot threat group targeting Linux systems, especially in cloud environments. This campaign demonstrates notable advancements over previous iterations, such as corrupted UPX headers, cloud-specif...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/diicot-threat-group-malware-campaign" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--d1d048ea-c212-59a1-8c66-37766ada8640", "type": "campaign", "created": "2024-12-17T00:00:00.000Z", "modified": "2024-12-17T00:00:00.000Z", "name": "RCE Vulnerability in Apache Struts Targeted by Attackers", "description": "CVE-2024-53677 is a critical vulnerability in Apache Struts 2 with a CVSS score of 9.5. This flaw in the file upload logic allows path traversal and uploading of malicious files, enabling remote code execution (RCE). Exploitation has been observed in the wild using public proo...", "objective": "Unknown", "external_references": [ { "source_name": "www.bleepingcomputer.com", "url": "https://www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c1205c32-2979-5b74-a5ee-ba1ad5b50cf5", "type": "campaign", "created": "2024-12-16T00:00:00.000Z", "modified": "2024-12-16T00:00:00.000Z", "name": "PHP Targeted with Glutton backdoor", "description": "The Glutton backdoor, a modular PHP-based malware framework, has been observed targeting systems in China, the U.S., Cambodia, Pakistan, and South Africa. The malware, linked with moderate confidence to the Chinese nation-state group Winnti, showcases unique behavior by target...", "objective": "Data exfiltration", "external_references": [ { "source_name": "blog.xlab.qianxin.com", "url": "https://blog.xlab.qianxin.com/glutton_stealthily_targets_mainstream_php_frameworks-en/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--111eb687-134d-5f80-b86c-fa32e75ef542", "type": "campaign", "created": "2024-12-15T00:00:00.000Z", "modified": "2024-12-15T00:00:00.000Z", "name": "LLM Hijacking Targeting AWS", "description": "On November 26, 2024, Wiz Threat Research identified JINX-2401, a threat actor attempting to hijack LLM models in multiple AWS environments using compromised IAM credentials. The attackers leveraged compromised IAM user keys to gain access, perform privilege escalation, and es...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--be04cb55-9b39-5b8e-9942-717b7c91dbed", "type": "campaign", "created": "2024-12-15T00:00:00.000Z", "modified": "2024-12-15T00:00:00.000Z", "name": "Cleo Vulnerabilities Targeted by Cl0p Ransomware", "description": "Two critical vulnerabilities in Cleo file transfer software—CVE-2024-50623 and CVE-2024-55956—have been actively exploited, leading to unauthorized data access and system compromise. The Clop ransomware gang has claimed responsibility for these attacks, leveraging zero-day exp...", "objective": "RansomOp", "external_references": [ { "source_name": "www.bleepingcomputer.com", "url": "https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--d8a3cda9-9254-53b3-9ede-c48bdf8c894d", "type": "campaign", "created": "2024-12-05T00:00:00.000Z", "modified": "2024-12-05T00:00:00.000Z", "name": "State-Sponsored APT Abuse Visual Studio Code in Attacks", "description": "Operation Digital Eye, a suspected China-nexus cyberespionage campaign, targeted business-to-business IT service providers in Southern Europe from late June to mid-July 2024. The attacks aimed to establish strategic footholds for further compromise of downstream entities. Thre...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.sentinelone.com", "url": "https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--78b676dd-7443-57fd-bfde-2b9074420c6b", "type": "campaign", "created": "2024-12-04T00:00:00.000Z", "modified": "2024-12-04T00:00:00.000Z", "name": "Solana web3.js Supply Chain Attack", "description": "On December 3, 2024, a critical supply chain attack was uncovered targeting versions 1.95.6 and 1.95.7 of the widely-used @solana/web3.js JavaScript library. The attack involved a malicious backdoor injected via a compromised npm publish account. Once deployed, the backdoor ca...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.cyfrin.io", "url": "https://www.cyfrin.io/blog/critical-security-alert-solana-web3-js-library-compromise" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ed01aee8-882c-5c4e-844f-8e4f5bf52723", "type": "campaign", "created": "2024-12-03T00:00:00.000Z", "modified": "2024-12-03T00:00:00.000Z", "name": "Gafgyt Malware Targeting Misconfigured Docker Servers", "description": "Researchers identified threat actors leveraging misconfigured Docker Remote API servers to deploy the Gafgyt malware, traditionally targeting IoT devices, to perform DDoS attacks. Attackers exploit these misconfigurations to create Docker containers, elevate privileges, and ex...", "objective": "Data exfiltration, Denial of service", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/l/gafgyt-malware-targeting-docker-remote-api-servers.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c3af1cb8-c81d-506a-9a86-87c522e54332", "type": "campaign", "created": "2024-12-02T00:00:00.000Z", "modified": "2024-12-02T00:00:00.000Z", "name": "Mauri Ransomware Exploiting Apache ActiveMQ", "description": "CVE-2023-46604 is a critical Remote Code Execution (RCE) vulnerability in Apache ActiveMQ. This vulnerability may allow a remote attacker with network access to a broker to run arbitrary commands due to an insecure deserialization in the OpenWire protocol.The vulnerability is ...", "objective": "RansomOp", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/85000/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--74470953-460d-5e2d-868e-e50bdc580060", "type": "campaign", "created": "2024-11-21T00:00:00.000Z", "modified": "2024-11-21T00:00:00.000Z", "name": "Gelsemium’s Shift to Linux Malware with WolfsBane and FireWood", "description": "ESET researchers have identified two Linux backdoors, WolfsBane and FireWood, linked to the China-aligned Gelsemium APT group. WolfsBane is the Linux counterpart of Gelsevirine, a Windows backdoor, and is attributed to Gelsemium with high confidence due to shared features like...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.welivesecurity.com", "url": "https://www.welivesecurity.com/en/eset-research/unveiling-wolfsbane-gelsemiums-linux-counterpart-to-gelsevirine/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--5ca6b9da-e0bb-5c29-a0aa-282dea516d32", "type": "campaign", "created": "2024-11-19T00:00:00.000Z", "modified": "2024-11-19T00:00:00.000Z", "name": "Sports Piracy Exploiting Misconfigured Jupyter Servers", "description": "Threat actors have developed an attack leveraging misconfigured JupyterLab and Jupyter Notebook servers to conduct illegal live streaming of sports events. By exploiting unauthenticated access to these environments, attackers deploy the open-source tool ffmpeg to capture and r...", "objective": "", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/threat-actors-hijack-misconfigured-servers-for-live-sports-streaming/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--cff6eb55-1bf6-5eb7-bf52-55f21c351e1d", "type": "campaign", "created": "2024-11-19T00:00:00.000Z", "modified": "2024-11-19T00:00:00.000Z", "name": "Earth Kasha’s Campaign Exploiting Fortinet Vulnerability", "description": "Researchers discovered a new campaign by Earth Kasha, a threat group targeting Japan, Taiwan, and India since 2019, with connections to the broader APT10 umbrella. This recent campaign, beginning in 2023, employs updated TTPs, including exploiting vulnerabilities like CVE-2023...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/k/lodeinfo-campaign-of-earth-kasha.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--22282a15-4802-58c6-94bc-55532d3e72bb", "type": "campaign", "created": "2024-11-15T00:00:00.000Z", "modified": "2024-11-15T00:00:00.000Z", "name": "BrazenBamboo Weaponizes FortiClient Vulnerability to Steal Credentials", "description": "A zero-day vulnerability in Fortinet's Windows VPN client, FortiClient, was discovered by Volexity, allowing user credentials to remain in process memory after authentication. This vulnerability was exploited by BrazenBamboo, a Chinese state-affiliated threat actor, using a pl...", "objective": "Data exfiltration", "external_references": [ { "source_name": "cybersecuritynews.com", "url": "https://cybersecuritynews.com/brazenbamboo-apt-forticlient-zero-day/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c663bb5b-e59b-53b0-81f9-729993531605", "type": "campaign", "created": "2024-11-08T00:00:00.000Z", "modified": "2024-11-08T00:00:00.000Z", "name": "RCE Vulnerability in PAN-OS Exploited in-the-Wild", "description": "Palo Alto Networks has confirmed the active exploitation of a critical remote code execution vulnerability (CVE-2024-0012) in the PAN-OS management interface. This vulnerability allows an unauthenticated attacker with network access to the management interface to bypass authen...", "objective": "Unknown", "external_references": [ { "source_name": "security.paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0015" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--71ce0879-9ba5-540f-bd39-dd419c8e70f2", "type": "campaign", "created": "2024-11-07T00:00:00.000Z", "modified": "2024-11-07T00:00:00.000Z", "name": "Silent Skimmer Attacks Exploiting Telerik UI to Steal Payment Data", "description": "In May 2024, researchers observed an attack by the Silent Skimmer threat actor, targeting a multinational organization’s payment infrastructure. This attack exploited known vulnerabilities in Telerik UI to gain unauthorized access and deploy various malicious tools, including ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--28c35a46-f557-5097-a551-6cfdcdf39db5", "type": "campaign", "created": "2024-11-06T00:00:00.000Z", "modified": "2024-11-06T00:00:00.000Z", "name": "Mozi Botnet Using AndroxGh0st Toolkit to Target Cloud Environments", "description": "Researchers at CloudSEK’s Threat Research team identified major developments in the Androxgh0st toolkit, expanding its arsenal of vulnerabilities, and noticed a potential operational integration with the Mozi botnet. First observed in early 2024, Androxgh0st integrates Mozi’s ...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cloudsek.com", "url": "https://www.cloudsek.com/blog/mozi-resurfaces-as-androxgh0st-botnet-unraveling-the-latest-exploitation-wave" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e3e08e43-3c1e-5901-a24b-7b5585f95cdf", "type": "campaign", "created": "2024-10-31T00:00:00.000Z", "modified": "2024-10-31T00:00:00.000Z", "name": "Supply Chain Attack on lottie-player", "description": "On October 30, 2024, a supply chain attack was initiated against the popular JavaScript library lottie-player, injecting malicious code that populates a Web3 wallet connection prompt on legitimate websites using the library, potentially targeting prominent cryptocurrency platf...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/lottie-player-supply-chain-attack" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--79e260a5-bdc4-5d9a-b671-3881b1af4e77", "type": "campaign", "created": "2024-10-30T00:00:00.000Z", "modified": "2024-10-30T00:00:00.000Z", "name": "EMERALDWHALE Attacks Targeting Exposed Git Config Files", "description": "Research uncovered an operation named EMERALDWHALE that compromised over 15,000 cloud service credentials by exploiting exposed Git configurations and other misconfigured web services. The attack aimed to steal credentials from private Git repositories and cloud environments, ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/emeraldwhale/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b0646f9a-1152-5892-97ec-898cefb4b5b3", "type": "campaign", "created": "2024-10-25T00:00:00.000Z", "modified": "2024-10-25T00:00:00.000Z", "name": "TeamTNT’s Docker Gatling Gun Campaign", "description": "Researchers observed TeamTNT, a threat group known to target cloud environments, in a campaign targeting cloud-native environments by compromising exposed Docker daemons. Using Docker Hub to distribute malware, the group employs cryptominers and the Sliver malware, enhancing t...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/threat-alert-teamtnts-docker-gatling-gun-campaign/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--f011075a-1315-51cd-b942-8a4081b34c1a", "type": "campaign", "created": "2024-10-24T00:00:00.000Z", "modified": "2024-10-24T00:00:00.000Z", "name": "UNC5820 exploiting FortiManager flaw", "description": "Researchers identified a zero-day vulnerability, CVE-2024-47575, impacting FortiManager, exploited by the UNC5820 group. This flaw allows unauthorized access, enabling threat actors to exfiltrate critical configuration data. The vulnerability has been actively exploited, with ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "cloud.google.com", "url": "https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--3326393b-917d-5503-aabd-177fe650a035", "type": "campaign", "created": "2024-10-23T00:00:00.000Z", "modified": "2024-10-23T00:00:00.000Z", "name": "Prometei campaign", "description": "The Prometei botnet attempted to infiltrate a company’s network using a brute-force attack. Researchers from Trend Micro identified and mitigated the threat by tracing Prometei’s stealthy, modular structure. Prometei, primarily aimed at cryptocurrency mining and credential the...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/j/unmasking-prometei-a-deep-dive-into-our-mxdr-findings.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--856e0c94-ba5b-59e5-bf49-ccac507d7fdc", "type": "campaign", "created": "2024-10-22T00:00:00.000Z", "modified": "2024-10-22T00:00:00.000Z", "name": "Triad Nexus: Funnull malicious campaign", "description": "Silent Push’s investigation into FUNNULL, a Chinese CDN, reveals its role in hosting extensive malicious infrastructure dubbed \"Triad Nexus.\" This includes over 200,000 algorithmically generated domains connected to gambling, investment scams, phishing, and a supply chain atta...", "objective": "Supply chain attack", "external_references": [ { "source_name": "www.silentpush.com", "url": "https://www.silentpush.com/blog/triad-nexus-funnull/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--dfea130e-f927-511b-9489-97cf82c0294b", "type": "campaign", "created": "2024-10-21T00:00:00.000Z", "modified": "2024-10-21T00:00:00.000Z", "name": "perfctl campaign targeting Docker API", "description": "Attackers are exploiting exposed Docker Remote API servers to deploy a new malware strain named \"perfctl.\" This malware is designed to mine cryptocurrency and can evade detection by disabling security features and establishing persistence on compromised systems. The attackers ...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/j/attackers-target-exposed-docker-remote-api-servers-with-perfctl-.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--eebb4775-eace-5622-93e6-6eeae9d14865", "type": "campaign", "created": "2024-10-11T00:00:00.000Z", "modified": "2024-10-11T00:00:00.000Z", "name": "Earth Simnavaz (APT34) Targeting UAE and Gulf Regions", "description": "Researchers at Trend Micro identified cyberattacks by Earth Simnavaz (also known as APT34 or OilRig), targeting UAE and Gulf region entities. The group exploits vulnerabilities, including CVE-2024-30088, to escalate privileges and deploy backdoors via Microsoft Exchange server...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks-uae-gulf-regions.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--0793b6b6-4074-50f1-879f-725f7527437e", "type": "campaign", "created": "2024-10-10T00:00:00.000Z", "modified": "2024-10-10T00:00:00.000Z", "name": "APT29 Targeting Zimbra and TeamCity Servers", "description": "The U.S. and U.K. cyber agencies have issued a joint advisory warning about Russian Foreign Intelligence Service (SVR)-linked attackers, tracked as APT29 (a.k.a Cozy Bear or Midnight Blizzard). These actors are exploiting vulnerabilities in Zimbra and JetBrains TeamCity server...", "objective": "Data exfiltration, RansomOp, Supply chain attack", "external_references": [ { "source_name": "www.bleepingcomputer.com", "url": "https://www.bleepingcomputer.com/news/security/us-uk-warn-of-russian-apt29-hackers-targeting-zimbra-teamcity-servers/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--d36f0130-cb65-5109-bac9-9db89e2ccef9", "type": "campaign", "created": "2024-10-10T00:00:00.000Z", "modified": "2024-10-10T00:00:00.000Z", "name": "Veeam Vulnerability Exploited by Akira and Fog Ransomware", "description": "CVE-2024-40711 arises from the deserialization of untrusted data in the Veeam Backup & Replication software. This vulnerability can be exploited with low-complexity attacks, making it a threat to organizations relying on Veeam’s platform for backup, disaster recovery, and data...", "objective": "RansomOp", "external_references": [ { "source_name": "infosec.exchange", "url": "https://infosec.exchange/@SophosXOps/113284564225476186" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--4e4c1991-bbd6-523e-9735-a9255f1323d1", "type": "campaign", "created": "2024-10-03T00:00:00.000Z", "modified": "2024-10-03T00:00:00.000Z", "name": "LLMJacking for Roleplaying Campaign", "description": "In September 2024, threat actors conducted a campaign exploiting exposed AWS access keys to hijack AWS Bedrock services for operating illicit AI-powered roleplay chatbots. The attackers leverage compromised long-lived credentials (AKIA keys) discovered primarily through GitHub...", "objective": "Resource hijacking", "external_references": [ { "source_name": "permiso.io", "url": "https://permiso.io/blog/exploiting-hosted-models" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--480870e5-fee6-5da9-a213-fc45831ee442", "type": "campaign", "created": "2024-10-03T00:00:00.000Z", "modified": "2024-10-03T00:00:00.000Z", "name": "perfctl Malware Targeting Linux", "description": "Researchers investigated the \"perfctl malware,\" a Linux malware targeting misconfigurations and vulnerabilities on Linux servers. Perfctl employs rootkits, privilege escalation exploits, and cryptomining activities. It also uses tactics such as process masquerading and deletin...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--998d9c81-9407-597d-b47c-6ef4326c6bfc", "type": "campaign", "created": "2024-09-27T00:00:00.000Z", "modified": "2024-09-27T00:00:00.000Z", "name": "REF6138 campaign", "description": "Elastic Security Labs uncovered a Linux malware campaign that began in March 2024, targeting vulnerable servers via an Apache2 web server exploit. The attackers gained access and deployed a variety of tools and malware families, including KAIJI, known for its DDoS capabilities...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.elastic.co", "url": "https://www.elastic.co/security-labs/betting-on-bots" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--12b13083-7f15-5ade-a9ca-bbbd09ab9f94", "type": "campaign", "created": "2024-09-26T00:00:00.000Z", "modified": "2024-09-26T00:00:00.000Z", "name": "Storm-0501 Targeting Hybrid Environments with Ransomware", "description": "Storm-0501 has been observed conducting multi-staged attacks targeting hybrid cloud environments across various U.S. sectors, including government and manufacturing. These attacks involve lateral movement from on-premises environments to the cloud, leading to data exfiltration...", "objective": "RansomOp", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a6747af1-1073-55be-a158-0f3df448097a", "type": "campaign", "created": "2024-09-26T00:00:00.000Z", "modified": "2024-09-26T00:00:00.000Z", "name": "Storm-0501 attacking hybrid environments with ransomware", "description": "Microsoft sheds light on the activities of Storm-0501, a threat actor known for deploying ransomware attacks in hybrid cloud environments. The group has expanded its operations to target both on-premises and cloud resources, posing significant risks to organizations utilizing ...", "objective": "RansomOp, Data exfiltration", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--d85a56ea-cea8-584d-8d66-f91cd543a341", "type": "campaign", "created": "2024-09-23T00:00:00.000Z", "modified": "2024-09-23T00:00:00.000Z", "name": "Docker Swarm and K8s cryptojacking campaign", "description": "Datadog Security Research has uncovered a sophisticated cryptojacking campaign targeting microservice technologies, specifically Docker and Kubernetes. The threat actors exploit exposed Docker Engine APIs to gain initial access, deploying cryptocurrency miners on compromised c...", "objective": "Resource hijacking", "external_references": [ { "source_name": "securitylabs.datadoghq.com", "url": "https://securitylabs.datadoghq.com/articles/threat-actors-leveraging-docker-swarm-kubernetes-mine-cryptocurrency/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--88cb84b6-506e-5d8a-a1fa-c015899ef38e", "type": "campaign", "created": "2024-09-20T00:00:00.000Z", "modified": "2024-09-20T00:00:00.000Z", "name": "UNC1860 Attacks Targeting the Middle East", "description": "UNC1860 is an Iranian state-sponsored threat actor, likely affiliated with Iran's Ministry of Intelligence and Security (MOIS). This group specializes in gaining persistent access to high-priority networks, especially in the government and telecommunications sectors in the Mid...", "objective": "Data exfiltration", "external_references": [ { "source_name": "cloud.google.com", "url": "https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b014eecf-3ce8-5d6f-bb0c-5314d8c15995", "type": "campaign", "created": "2024-09-12T00:00:00.000Z", "modified": "2024-09-12T00:00:00.000Z", "name": "Campaign targeting Selenium Grid for cryptomining", "description": "Cado Security Labs discovered two campaigns exploiting misconfigured Selenium Grid instances to deploy malware, including an exploit kit, cryptominer, and proxyjacker. Selenium Grid is widely used for browser automation and testing, but its default configuration lacks authenti...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/blog/from-automation-to-exploitation-the-growing-misuse-of-selenium-grid-for-cryptomining-and-proxyjacking" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--d1289a13-0f69-5edc-baef-87e956a8a04a", "type": "campaign", "created": "2024-09-12T00:00:00.000Z", "modified": "2024-09-12T00:00:00.000Z", "name": "Hadooken Malware Targeting Weblogic Servers", "description": "Researchers discovered a new Linux malware named \"Hadooken\" that specifically targets Oracle WebLogic servers. The malware exploits weak passwords to gain access and then deploys both Tsunami malware and a cryptominer. The attack flow involves using a combination of shell and ...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/hadooken-malware-targets-weblogic-applications/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--2b74c3bf-6492-59db-8231-9488a99b0434", "type": "campaign", "created": "2024-09-10T00:00:00.000Z", "modified": "2024-09-10T00:00:00.000Z", "name": "DragonRank Targeting IIS Web Servers", "description": "Researchers identified a \"DragonRank\" campaign targeting countries in Asia and Europe. This group exploits web application services to deploy web shells and malware like PlugX and BadIIS, primarily for manipulating search engine rankings. The campaign has affected more than 35...", "objective": "Data exfiltration, Resource hijacking", "external_references": [ { "source_name": "blog.talosintelligence.com", "url": "https://blog.talosintelligence.com/dragon-rank-seo-poisoning/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--eba81e9c-690a-56a0-8f2f-927769988763", "type": "campaign", "created": "2024-08-30T00:00:00.000Z", "modified": "2024-08-30T00:00:00.000Z", "name": "Godzilla Backdoor Exploiting Confluence Vulnerability", "description": "Researchers discovered a new attack exploiting the CVE-2023-22527. The attack uses an in-memory fileless backdoor, known as the Godzilla webshell. The Godzilla backdoor uses AES encryption for communication and remains in memory, making it difficult to identify. It is recommen...", "objective": "Unknown", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/h/godzilla-fileless-backdoors.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--80e31b10-a729-50f5-ad2b-5e001892feeb", "type": "campaign", "created": "2024-08-28T00:00:00.000Z", "modified": "2024-08-28T00:00:00.000Z", "name": "Confluence exploited for cryptojacking", "description": "The critical vulnerability CVE-2023-22527 is being actively exploited for cryptojacking activities, turning affected Confluence Data Center and Server instances into cryptomining networks. Attackers exploit this vulnerability through methods like deploying shell scripts and XM...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--49058e39-e2cb-5c2a-8003-bb96af57a4d2", "type": "campaign", "created": "2024-08-23T00:00:00.000Z", "modified": "2024-08-23T00:00:00.000Z", "name": "ShinyHunters Ransomware Targeting Cloud Environments", "description": "The threat actor group Bling Libra (behind ShinyHunters ransomware) has been observed infiltrating an organization's Amazon Web Services (AWS) environment, focusing on extortion rather than selling stolen data. Using legitimate credentials sourced from public repositories, the...", "objective": "RansomOp", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--53e57ce9-f80f-520f-b59b-820d7fe0716d", "type": "campaign", "created": "2024-08-19T00:00:00.000Z", "modified": "2024-08-19T00:00:00.000Z", "name": "PG_MEM Malware Exploiting Misconfigured PostreSQL Instances", "description": "Researchers have discovered a new PostgreSQL malware called PG_MEM, which uses brute force attacks to access databases, hide its operations, and mine cryptocurrency. The attack involves creating a superuser role, delivering two malware payloads, and evading detection while eli...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/pg_mem-a-malware-hidden-in-the-postgres-processes/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e5c78518-794f-5980-a397-2f7eaa5c10b8", "type": "campaign", "created": "2024-08-19T00:00:00.000Z", "modified": "2024-08-19T00:00:00.000Z", "name": "Msupedge Backdoor Targeting Taiwanese University", "description": "A newly discovered backdoor, dubbed Backdoor.Msupedge, was used in an attack on a Taiwanese university, leveraging an unusual communication method through DNS traffic to reach its command-and-control (C&C) server. While DNS-based communication is known among threat actors, its...", "objective": "Data exfiltration", "external_references": [ { "source_name": "symantec-enterprise-blogs.security.com", "url": "https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a77d8491-2ffd-5e45-bef7-0661440daae6", "type": "campaign", "created": "2024-08-15T00:00:00.000Z", "modified": "2024-08-15T00:00:00.000Z", "name": "Extortion Campaign Exploiting Exposed Environment Variable", "description": "Researchers uncovered an extortion campaign that exploited exposed environment variable files (.env) in cloud environments. These files, which contained sensitive credentials, were accessed and leveraged by attackers to ransom data from victim organizations. The attackers used...", "objective": "Data exfiltration, RansomOp", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--66c24416-465b-5585-a625-ae989dfae3d1", "type": "campaign", "created": "2024-08-14T00:00:00.000Z", "modified": "2024-08-14T00:00:00.000Z", "name": "Gafgyt Malware Targeting Cloud Environments", "description": "Researchers identified a new variant of the Gafgyt botnet targeting cloud-native environments by exploiting weak SSH passwords. This variant integrates cryptomining with traditional botnet activities, using GPU power to mine cryptocurrency. The attack flow includes brute-forci...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/gafgyt-malware-variant-exploits-gpu-power-and-cloud-native-environments/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c5f96644-3a0a-5061-b1dc-84ba7d004f95", "type": "campaign", "created": "2024-08-09T00:00:00.000Z", "modified": "2024-08-09T00:00:00.000Z", "name": "Horde Panda targeting South Asian telecommunications provider ", "description": "Between late June 2023 and early August 2023, CrowdStrike detected suspicious activity at a South Asian telecommunications provider linked to the China-based threat group Horde Panda. The adversary used multiple compromised identities to try to embed themselves deeper into the...", "objective": "Data exfiltration", "external_references": [ { "source_name": "github.com", "url": "https://github.com/blackorbird/APT_REPORT/blob/master/summary/2024/crowdstrike-2024-threat-hunting-report.pdf" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--eb2dc06a-5fae-54fd-a9ca-42f574808603", "type": "campaign", "created": "2024-08-09T00:00:00.000Z", "modified": "2024-08-09T00:00:00.000Z", "name": "Scattered Spider Abuses Cloud Management Agent", "description": "In May 2024, CrowdStrike observed the cyber threat group Scattered Spider establish a foothold on a cloud-hosted virtual machine (VM) using a cloud service VM management agent. The attackers compromised existing credentials through a phishing campaign to authenticate to the cl...", "objective": "Resource hijacking", "external_references": [ { "source_name": "github.com", "url": "https://github.com/blackorbird/APT_REPORT/blob/master/summary/2024/crowdstrike-2024-threat-hunting-report.pdf" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--20a41a82-e265-52b0-bd84-fb3805e5af9d", "type": "campaign", "created": "2024-08-09T00:00:00.000Z", "modified": "2024-08-09T00:00:00.000Z", "name": "Earth Baku campaign", "description": "Earth Baku, a threat actor linked to APT41, has extended its operations beyond the Indo-Pacific, targeting regions across Europe, the Middle East, and Africa, including countries such as Italy, Germany, the UAE, and Qatar, with suspected activities in Georgia and Romania. The ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--f939f46c-d0f4-55a8-bd3e-5cf3f8bcf166", "type": "campaign", "created": "2024-08-02T00:00:00.000Z", "modified": "2024-08-02T00:00:00.000Z", "name": "Panamorfi campaign", "description": "On 2024-08-02, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, while using Jupyter Notebook misconfig abuse, targeting Jupyter Notebook to achieve Denial of service. The following tools were observed: Mineping.", "objective": "Denial of service", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/panamorfi-a-new-discord-ddos-campaign/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--30a8ecd0-0982-5f01-be5f-591ed06da8e5", "type": "campaign", "created": "2024-07-31T00:00:00.000Z", "modified": "2024-07-31T00:00:00.000Z", "name": "Mirai Botnet Exploiting Apache OFBiz Vulnerability", "description": "The Apache Foundation's OFBiz, an open-source Java-based ERP framework, addressed in May 2024 a critical security vulnerability (CVE-2024-32113) involving path traversal that could lead to remote command execution. Despite its lesser prevalence compared to commercial ERP syste...", "objective": "Resource hijacking", "external_references": [ { "source_name": "isc.sans.edu", "url": "https://isc.sans.edu/diary/Increased%20Activity%20Against%20Apache%20OFBiz%20CVE-2024-32113/31132" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "type": "campaign", "created": "2024-07-29T00:00:00.000Z", "modified": "2024-07-29T00:00:00.000Z", "name": "Ransomware operators exploit ESXi vulnerability", "description": "Microsoft researchers have discovered a vulnerability in ESXi hypervisors, identified as CVE-2024-37085. This flaw is being exploited by ransomware operators to gain full administrative access to domain-joined ESXi hypervisors, enabling them to encrypt file systems, access hos...", "objective": "RansomOp", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--14878912-a1e2-5a16-865c-a1d4635addb4", "type": "campaign", "created": "2024-07-25T00:00:00.000Z", "modified": "2024-07-25T00:00:00.000Z", "name": "SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining", "description": "Wiz Research has detected an ongoing threat campaign dubbed “SeleniumGreed” that exploits exposed Selenium Grid services to deploy cryptominers. Selenium is a popular open-source suite used for testing web applications, allowing users to write tests that simulate user interact...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/seleniumgreed-cryptomining-exploit-attack-flow-remediation-steps" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "type": "campaign", "created": "2024-07-11T00:00:00.000Z", "modified": "2024-07-11T00:00:00.000Z", "name": "crystalray", "description": "The Sysdig Threat Research Team (TRT) identified a threat actor named CRYSTALRAY, who has significantly expanded its operations since its initial detection in February 2024. CRYSTALRAY exploits multiple vulnerabilities and uses various open source security tools, such as SSH-S...", "objective": "Resource hijacking, Data exfiltration", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/CRYSTALRAY-rising-threat-actor-exploiting-oss-tools/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e27e47dc-f06b-508b-a1ff-554ab3a2dc7f", "type": "campaign", "created": "2024-07-05T00:00:00.000Z", "modified": "2024-07-05T00:00:00.000Z", "name": "Misconfigured Jenkins Servers Used for Cryptomining", "description": "Researchers discovered attackers targeting misconfigurations in the Jenkins Script Console to execute malicious Groovy scripts, leading to activities such as deploying cryptocurrency miners. By leveraging vulnerabilities and misconfigurations, such as improperly set authentica...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/g/turning-jenkins-into-a-cryptomining-machine-from-an-attackers-pe.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--99ff35e3-5980-592f-9428-6740d0ba2c28", "type": "campaign", "created": "2024-06-30T00:00:00.000Z", "modified": "2024-06-30T00:00:00.000Z", "name": "8220 Gang Exploiting WebLogic Vulnerabilities for Cryptojacking", "description": "Water Sigbin exploits CVE-2017-3506 to gain initial access, deploying a PowerShell script on the compromised machine. This script decodes and executes the first stage payload, named wireguard2-3.exe, in the temporary directory. The malware masquerades as a legitimate VPN appli...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/f/water-sigbin-xmrig.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--02cbb801-8506-5893-98a9-dadaa086522e", "type": "campaign", "created": "2024-06-25T00:00:00.000Z", "modified": "2024-06-25T00:00:00.000Z", "name": "Funnull Polyfill supply chain attack", "description": "A Chinese company named Funnull acquired the Polyfill domain and GitHub repo, and inserted malware into polyfill.js that redirected users to gambling websites. Further pivoting revealed that Funnull had exposed a CloudFlare API key that linked the company to several CDN provid...", "objective": "Supply chain attack, Defacement", "external_references": [ { "source_name": "sansec.io", "url": "https://sansec.io/research/polyfill-supply-chain-attack" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--01424f86-96a8-51f2-a205-7301fa8fc6a1", "type": "campaign", "created": "2024-06-24T00:00:00.000Z", "modified": "2024-06-24T00:00:00.000Z", "name": "Chinese Threat Actor RedJuliett Exploiting VPN and Firewall Vulnerabilities", "description": "Between November 2023 and April 2024, researchers observed RedJuliett, a likely Chinese state-sponsored cyber-espionage group, targeting entities primarily in Taiwan but also across Asia, Africa, and the US. The focus was on sectors such as government, education, technology, a...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.recordedfuture.com", "url": "https://www.recordedfuture.com/research/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeter" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--12e366ea-3896-54d1-826e-d11d1424987b", "type": "campaign", "created": "2024-06-21T00:00:00.000Z", "modified": "2024-06-21T00:00:00.000Z", "name": "Boolka campaign", "description": "On 2024-06-21, a campaign was reported, involving Boolka, gaining initial access via Web vulnerability, while using SQL injection, to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.group-ib.com", "url": "https://www.group-ib.com/blog/boolka/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--77d935e0-4629-5885-b6f5-3ca193b95ccd", "type": "campaign", "created": "2024-06-14T00:00:00.000Z", "modified": "2024-06-14T00:00:00.000Z", "name": "Scattered Spider SaaS targeting (2024)", "description": "UNC3944, a financially motivated threat group linked to \"0ktapus,\" \"Octo Tempest,\" \"Scatter Swine,\" and \"Scattered Spider,\" has evolved its tactics to include data theft from SaaS applications, persistence mechanisms in virtualization platforms, and lateral movement via SaaS p...", "objective": "Data exfiltration, RansomOp", "external_references": [ { "source_name": "cloud.google.com", "url": "https://cloud.google.com/blog/topics/threat-intelligence/unc3944-targets-saas-applications/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--67547770-529a-5caa-9726-a0a6ddcb46f9", "type": "campaign", "created": "2024-06-10T00:00:00.000Z", "modified": "2024-06-10T00:00:00.000Z", "name": "RCE Vulnerability in PHP CGI Exploited by TellYouThePass", "description": "The TellYouThePass ransomware gang has been exploiting the recently patched vulnerability (CVE-2024-4577) in PHP to deploy webshells and execute their encryptor payload on target systems. Attacks started on June 8, just after the release of security updates, using publicly ava...", "objective": "RansomOp", "external_references": [ { "source_name": "www.imperva.com", "url": "https://www.imperva.com/blog/update-cve-2024-4577-quickly-weaponized-to-distribute-tellyouthepass-ransomware/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e2eccf73-a53f-52c4-80ae-ab051186580d", "type": "campaign", "created": "2024-06-07T00:00:00.000Z", "modified": "2024-06-07T00:00:00.000Z", "name": "DERO cryptojacking campaign (2024)", "description": "Wiz Threat Research discovered a new variant of a cryptojacking campaign targeting misconfigured Kubernetes clusters in cloud environments. The threat actor abuses cluster anonymous access to deploy malicious container images from Docker Hub that contain a DERO miner. The thre...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/dero-cryptojacking-campaign-adapts-to-evade-detection" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--5a1ffecb-d5ed-5865-a7c0-a4c0b7957cdd", "type": "campaign", "created": "2024-06-06T00:00:00.000Z", "modified": "2024-06-06T00:00:00.000Z", "name": "Scylla LLMJacking campaign", "description": "On 2024-06-06, a campaign was reported, involving an unknown actor, gaining initial access via End-user compromise, while using LLMjacking, Cloud key compromise, Cloud API e, targeting Amazon Bedrock to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.lacework.com", "url": "https://www.lacework.com/blog/detecting-ai-resource-hijacking-with-composite-alerts" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--4d57cbc5-f223-5a39-9863-f410d1661308", "type": "campaign", "created": "2024-06-05T00:00:00.000Z", "modified": "2024-06-05T00:00:00.000Z", "name": "Gitloker campaign", "description": "On 2024-06-05, a campaign was reported, involving Gitloker, gaining initial access via End-user compromise, while using Repo encryption for extortion, targeting GitHub to achieve RansomOp.", "objective": "RansomOp", "external_references": [ { "source_name": "www.bleepingcomputer.com", "url": "https://www.bleepingcomputer.com/news/security/new-gitloker-attacks-wipe-github-repos-in-extortion-scheme/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c5002cb7-e8ad-59d8-9d1a-02342631e08a", "type": "campaign", "created": "2024-06-05T00:00:00.000Z", "modified": "2024-06-05T00:00:00.000Z", "name": "Dama webshell deployment via ThinkPHP exploitation", "description": "On 2024-06-05, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, while using Vulnerability exploitation, targeting ThinkPHP to achieve Resource hijacking. The following tools were observed: Dama.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.akamai.com", "url": "https://www.akamai.com/blog/security-research/2024-thinkphp-applications-exploit-1-days-dama-webshell" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--633165cd-e155-5de6-8a1f-8e81ea05eac3", "type": "campaign", "created": "2024-06-04T00:00:00.000Z", "modified": "2024-06-04T00:00:00.000Z", "name": "Operation Veles", "description": "On 2024-06-04, a campaign was reported, involving UTG-Q-008, gaining initial access via Password attack, while using SSH bruteforcing, to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "ti.qianxin.com", "url": "https://ti.qianxin.com/blog/articles/Operation-Veles-Decade-Long-Espionage-Targeting-the-Global-Research-and-Education-Sector-EN/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--86f12b21-149f-5395-abe1-a231105a689c", "type": "campaign", "created": "2024-06-04T00:00:00.000Z", "modified": "2024-06-04T00:00:00.000Z", "name": "Muhstik", "description": "Researchers uncovered a new campaign using Muhstik malware to target Apache RocketMQ, a distributed messaging platform, exploiting a remote code execution vulnerability (CVE-2023-33246). Attackers use this vulnerability to download and execute Muhstik malware on compromised in...", "objective": "Resource hijacking, Denial of service", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--93b2a63f-8927-5b9c-b948-d033e01c71c2", "type": "campaign", "created": "2024-05-30T00:00:00.000Z", "modified": "2024-05-30T00:00:00.000Z", "name": "RedTail Cryptomining campaign ", "description": "The RedTail cryptomining malware has been updated to exploit CVE-2024-3400, a vulnerability in PAN-OS. The attackers are using private cryptomining pools for greater control, and the malware now includes advanced antiresearch techniques. It spreads through multiple web exploit...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.akamai.com", "url": "https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--5891f6fa-2ae6-54dc-afcb-3e6980f31e60", "type": "campaign", "created": "2024-05-16T00:00:00.000Z", "modified": "2024-05-16T00:00:00.000Z", "name": "Kinsing targeting cloud servers", "description": "Researchers observed recent activities surrounding the Kinsing malware, which primarily targets Linux-based cloud infrastructure. Kinsing exploits various vulnerabilities to gain unauthorized access and deploys backdoors and cryptominers. Recent findings show that Kinsing also...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.tenable.com", "url": "https://www.tenable.com/blog/kinsing-malware-hides-itself-as-a-manual-page-and-targets-cloud-servers" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e3fe1c91-028c-55d2-81a6-f5e1e0d6f201", "type": "campaign", "created": "2024-05-07T00:00:00.000Z", "modified": "2024-05-07T00:00:00.000Z", "name": "Mirai campaign targeting Ivanti products", "description": "On 2024-05-07, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting Ivanti Connect Secure VPN to achieve Resource hijacking. The following tools were observed: Mirai.", "objective": "Resource hijacking", "external_references": [ { "source_name": "blogs.juniper.net", "url": "https://blogs.juniper.net/en-us/security/protecting-your-network-from-opportunistic-ivanti-pulse-secure-vulnerability-exploitation" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ec06b922-5b6f-5660-9820-fccb3f2bad94", "type": "campaign", "created": "2024-05-06T00:00:00.000Z", "modified": "2024-05-06T00:00:00.000Z", "name": "Atlas Lion phishing campaign", "description": "Microsoft has identified a Morocco-based cybercrime group, Storm-0539, known for sophisticated phishing attacks to steal and sell gift cards. Active since 2021, the group targets large retailers by compromising gift card services and bypassing multi-factor authentication. Thei...", "objective": "Resource hijacking, Denial of wallet, Data exfiltration", "external_references": [ { "source_name": "www.ic3.gov", "url": "https://www.ic3.gov/Media/News/2024/240507.pdf" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--66ce1b0a-4c43-5766-8646-90331c01382d", "type": "campaign", "created": "2024-05-02T00:00:00.000Z", "modified": "2024-05-02T00:00:00.000Z", "name": "TargetCompany Abusing MSSQL Servers for Ransomware", "description": "Researchers investigated a series of ransomware attacks targeting poorly managed MS-SQL servers by the TargetCompany ransomware group. This group primarily installs Mallox ransomware, with recent analysis linking these incidents to earlier attacks involving Tor2Mine CoinMiner ...", "objective": "RansomOp", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/64921/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a6f6908b-b4c3-5e45-8cda-652b4ad842b7", "type": "campaign", "created": "2024-04-24T00:00:00.000Z", "modified": "2024-04-24T00:00:00.000Z", "name": "ArcaneDoor Campaign Targeting Cisco Adaptive Security Appliance 0day", "description": "Cisco reported two zero-day vulnerabilities in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls that have been exploited by a state-backed hacking group known as UAT4356 or STORM-1849. These vulnerabilities have been under attack since Novembe...", "objective": "Data exfiltration", "external_references": [ { "source_name": "blog.talosintelligence.com", "url": "https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--f4b23eb0-c694-5b9f-91fe-9894d34dfe78", "type": "campaign", "created": "2024-04-17T00:00:00.000Z", "modified": "2024-04-17T00:00:00.000Z", "name": "Kubernetes Clusters Targeted in OpenMetadata Exploits", "description": "Researchers observed attackers exploiting critical vulnerabilities in the OpenMetadata platform to infiltrate Kubernetes environments for cryptomining. OpenMetadata, an open-source platform for managing data source metadata, was found to have several vulnerabilities (CVE-2024-...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--98174b70-bb3b-5dbb-b0bf-d8554a2cb462", "type": "campaign", "created": "2024-04-09T00:00:00.000Z", "modified": "2024-04-09T00:00:00.000Z", "name": "RUBYCARP: Botnet Exploiting Vulnerabilities for Crypto", "description": "Researchers has uncovered a decade-long botnet operation by a Romanian group dubbed RUBYCARP. This group focuses on financial gain through cryptomining, phishing, and DDoS attacks, utilizing public exploits and brute force for deployment.Pinpointing their exact origin is chall...", "objective": "Denial of service, Resource hijacking", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/rubycarp-romanian-botnet-group/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b425407d-b0fa-5806-aad6-1de6d5b71901", "type": "campaign", "created": "2024-04-09T00:00:00.000Z", "modified": "2024-04-09T00:00:00.000Z", "name": "Muddled Libra campaigns (2024)", "description": "On 2024-04-09, a campaign was reported, involving 0ktapus, gaining initial access via End-user compromise, while using Exfiltration via AWS Transfer, Exfiltration via AWS DataSync, Cloud API e, to achieve Data exfiltration.", "objective": "Data exfiltration", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b34a42f8-62b4-508a-ad6a-225e4b3d6dec", "type": "campaign", "created": "2024-03-26T00:00:00.000Z", "modified": "2024-03-26T00:00:00.000Z", "name": "Agenda Ransomware Targets ESXi and vCenter Servers", "description": "Researchers observed the Agenda Ransomware group, identified as Qilin or Water Galura, has been spreading through VMware vCenter and ESXi servers. The group has been actively evolving and targeting entities globally, particularly in the US, Argentina, Australia, and Thailand, ...", "objective": "RansomOp", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--adbbc9d8-4967-5707-b824-8258f5048c8f", "type": "campaign", "created": "2024-03-22T00:00:00.000Z", "modified": "2024-03-22T00:00:00.000Z", "name": "UNC5174 ScreenConnect and F5 BIG-IP exploitation", "description": "On 2024-03-22, a campaign was reported, involving UNC5174, gaining initial access via 1-day vulnerability, while using Vulnerability exploitation, targeting ConnectWise ScreenConnect, F5 BIG IP, Confluence Server to achieve Data exfiltration. The following tools were observed: SUPERSHELL, SNOWLIGHT, GOHEAVY.", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.mandiant.com", "url": "https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--81431f24-3c94-5d59-b0e7-aaa38d39c683", "type": "campaign", "created": "2024-03-19T00:00:00.000Z", "modified": "2024-03-19T00:00:00.000Z", "name": "teamcity-exploitation", "description": "On 2024-03-19, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, while using LOLBin abuse, targeting TeamCity to achieve Resource hijacking, RansomOp. The following tools were observed: Jasmin, XMRig, Cobalt Strike, SparkRAT.", "objective": "Resource hijacking, RansomOp", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c36275be-46e7-5172-855d-b0aa52edce6e", "type": "campaign", "created": "2024-03-15T00:00:00.000Z", "modified": "2024-03-15T00:00:00.000Z", "name": "vulnerability-in-aiohttp-targeted-by-shadowsyndicate", "description": "Aiohttp is a widely used open-source library for handling concurrent HTTP requests in Python applications. The ransomware group ShadowSyndicate, has been scanning for servers vulnerable to CVE-2024-23334. The flaw means that improperly configuring static resource resolution in...", "objective": "RansomOp", "external_references": [ { "source_name": "cyble.com", "url": "https://cyble.com/blog/cgsi-probes-shadowsyndicate-groups-possible-exploitation-of-aiohttp-vulnerability-cve-2024-23334/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--8dc0f680-a596-5321-8e74-99fd2ce3b58e", "type": "campaign", "created": "2024-03-11T00:00:00.000Z", "modified": "2024-03-11T00:00:00.000Z", "name": "Meson Network cryptojacking campaign", "description": "Researchers uncovered a malicious campaign targeting the Meson Network, a decentralized content delivery network (CDN) that leverages blockchain for bandwidth marketplace operations. This campaign aimed to exploit the crypto token unlock event around March 15th, attempting to ...", "objective": "Resource hijacking", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/cloud-threats-deploying-crypto-cdn/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--2b153f83-170b-5419-b4a6-81b442608f72", "type": "campaign", "created": "2024-03-08T00:00:00.000Z", "modified": "2024-03-08T00:00:00.000Z", "name": "Magnet Goblin campaign (2024)", "description": "On 2024-03-08, a campaign was reported, involving Magnet Goblin, gaining initial access via 1-day vulnerability, targeting Ivanti Connect Secure VPN, Apache ActiveMQ, Magento, Qlink Sense with unknown impact. The following tools were observed: NerbianRAT, AnyDesk, WARPWIRE, MiniNerbian, ScreenConnect, Ligolo.", "objective": "Unknown", "external_references": [ { "source_name": "research.checkpoint.com", "url": "https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--f174a9b6-3c28-57a6-abb2-e8d0b04cb772", "type": "campaign", "created": "2024-03-06T00:00:00.000Z", "modified": "2024-03-06T00:00:00.000Z", "name": "malware-campaign-targeting-misconfigured-servers", "description": "Researchers observed threat actors exploiting misconfiguration in servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware, which uses worm-like behavior to automate host discovery and compromise. After gaining access to misconfigured serv...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--4693dd1c-2465-57c8-bbd7-c63c27340466", "type": "campaign", "created": "2024-03-06T00:00:00.000Z", "modified": "2024-03-06T00:00:00.000Z", "name": "z0Miner targeting WebLogic servers", "description": "Researchers observed threat actor z0Miner targeting Korean WebLogic servers as download servers for distributing malware, including miners and network tools. It is recommended to look for indicators of compromise in your environment, and if any are identified, remove the files...", "objective": "Resource hijacking", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/62564/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--27b33137-800d-5e18-9b32-f236da924b9b", "type": "campaign", "created": "2024-02-22T00:00:00.000Z", "modified": "2024-02-22T00:00:00.000Z", "name": "lucifer-botnet-targeting-apache-hadoop", "description": "Researchers identified a malicious campaign focusing on Apache big-data solutions, particularly Apache Hadoop and Apache Druid. This campaign leverages the Lucifer DDoS botnet, infecting Linux machines to mine the Monero cryptocurrency.The attackers target misconfigurations an...", "objective": "Denial of service, Resource hijacking", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/lucifer-ddos-botnet-malware-is-targeting-apache-big-data-stack/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--835ff793-583d-5556-9dc1-6ed09686a06a", "type": "campaign", "created": "2024-02-20T00:00:00.000Z", "modified": "2024-02-20T00:00:00.000Z", "name": "Migo cryptominer targeting Redis", "description": "A new campaign named Migo targeting Redis servers running on Linux hosts to mine cryptocurrency. The campaign was identified following suspicious activities on a Redis honeypot, where a malicious node disabled several Redis configuration options to weaken security and facilita...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/migo-a-redis-miner-with-novel-system-weakening-techniques/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--054eaf63-69bc-5fea-9718-858d017542c1", "type": "campaign", "created": "2024-02-20T00:00:00.000Z", "modified": "2024-02-20T00:00:00.000Z", "name": "SSH-Snake Confluence targeting campaign", "description": "On 2024-02-20, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, while using SSH propagation, targeting Confluence Server to achieve Resource hijacking. The following tools were observed: SSH-Snake.", "objective": "Resource hijacking", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/ssh-snake/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e117c5dd-a1fc-5e07-8040-e2b6d954d852", "type": "campaign", "created": "2024-02-15T00:00:00.000Z", "modified": "2024-02-15T00:00:00.000Z", "name": "Sliver deployment via Confluence\n vulnerability", "description": "On 2024-02-15, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting Confluence Server to achieve Resource hijacking. The following tools were observed: XMRig, Sliver.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.rapid7.com", "url": "https://www.rapid7.com/blog/post/2024/02/15/rce-to-sliver-ir-tales-from-the-field/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--33e7587c-0720-52f6-bb10-2b4d128f3edf", "type": "campaign", "created": "2024-02-13T00:00:00.000Z", "modified": "2024-02-13T00:00:00.000Z", "name": "Microsoft Smartscreen Vulnerability Exploited by Water Hydra", "description": "Water Hydra group (AKA DarkCasino), whose activity was first detected in 2021, is known for their cyberattacks targeting the financial industry globally, including banks, cryptocurrency platforms, and gambling sites. Initially confused with the Evilnum APT group, Water Hydra w...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--2b4033c4-57d2-5402-82f1-086ec1a1f60d", "type": "campaign", "created": "2024-02-08T00:00:00.000Z", "modified": "2024-02-08T00:00:00.000Z", "name": "C3Pool mining via Confluence vulnerability", "description": "On 2024-02-08, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, while using Vulnerability exploitation, targeting Confluence Server to achieve Resource hijacking. The following tools were observed: C3Pool.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.imperva.com", "url": "https://www.imperva.com/blog/attackers-quick-to-weaponize-cve-2023-22527-for-malware-delivery/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--f5991678-8844-5807-aa5e-2b31bc0e6efb", "type": "campaign", "created": "2024-02-02T00:00:00.000Z", "modified": "2024-02-02T00:00:00.000Z", "name": "Windows SmartScreen vulnerability exploited by Mispadu trojan", "description": "Mispadu Stealer, a banking Trojan first reported in November 2019, has been observed exploiting the Windows SmartScreen bypass vulnerability, CVE-2023-36025. This variant of Mispadu spreads through phishing emails and primarily affects victims in Latin America. The malware is ...", "objective": "Data exfiltration", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/mispadu-infostealer-variant/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--681febe4-2f41-5ae3-94fe-9c16478e560e", "type": "campaign", "created": "2024-02-01T00:00:00.000Z", "modified": "2024-02-01T00:00:00.000Z", "name": "Commando Cat campaign", "description": "This campaign, active since the beginning of 2024, deploys a benign container through the Commando project, escaping it to run multiple payloads on the Docker host. Docker is used as an initial access vector to deliver payloads that register persistence, create backdoors, exfi...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/the-nine-lives-of-commando-cat-analysing-a-novel-malware-campaign-targeting-docker/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--18fe4f29-f3ae-5743-bf58-ad791f8c68f8", "type": "campaign", "created": "2024-01-28T00:00:00.000Z", "modified": "2024-01-28T00:00:00.000Z", "name": "trigona-ransomware-infecting-misconfigured-mssql-servers", "description": "Trigona ransomware has been active since at least June 2022, targeting MSSQL servers. Mimic ransomware was first identified in June 2022, with a January 2024 attack by a Turkish-speaking threat actor on poorly managed MSSQL servers. Researchers believe the same Trigona threat ...", "objective": "RansomOp", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/51343/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--fd045333-e867-5335-ad70-f759e78e39e1", "type": "campaign", "created": "2024-01-19T00:00:00.000Z", "modified": "2024-01-19T00:00:00.000Z", "name": "ECS Fargate cryptojacking", "description": "Datadog observed an attacker leveraging a compromised IAM user access key to gain initial access to an AWS environment, at which point they immediately began spinning up hundreds of ECS Fargate clusters, within which they created ECS task definitions to launch containers based...", "objective": "Resource hijacking", "external_references": [ { "source_name": "securitylabs.datadoghq.com", "url": "https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-ecs-crypto-mining/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--052191b8-2b9c-5616-b610-ebb413ea1d1b", "type": "campaign", "created": "2024-01-18T00:00:00.000Z", "modified": "2024-01-18T00:00:00.000Z", "name": "From ActiveMQ to Godzilla webshell", "description": "On 2024-01-18, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting Apache ActiveMQ to achieve Resource hijacking. The following tools were observed: Godzilla.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.trustwave.com", "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/apache-activemq-vulnerability-leads-to-stealthy-godzilla-webshell/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--06ac02a3-db87-53bd-8e58-a666273565ee", "type": "campaign", "created": "2024-01-18T00:00:00.000Z", "modified": "2024-01-18T00:00:00.000Z", "name": "Mimo cryptomining campaign", "description": "On 2024-01-18, a campaign was reported, involving Mimo operator, gaining initial access via 1-day vulnerability, targeting VMware Horizon, Confluence Server, WSO2, Apache ActiveMQ, PaperCut to achieve Resource hijacking, RansomOp. The following tools were observed: Mimo, NHAS reverse_ssh, XMRig, Mimus, Peer2Profit.", "objective": "Resource hijacking, RansomOp", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/60440/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--acadb9c3-ba64-52ab-bddf-337b6e7f9eeb", "type": "campaign", "created": "2024-01-18T00:00:00.000Z", "modified": "2024-01-18T00:00:00.000Z", "name": "9hits Docker campaign", "description": "On 2024-01-18, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, while using Proxyjacking, targeting Docker to achieve Resource hijacking. The following tools were observed: 9hits, XMRig.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/containerised-clicks-malicious-use-of-9hits-on-vulnerable-docker-hosts/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--152a629d-2127-5185-8923-4b03d8c51bf4", "type": "campaign", "created": "2024-01-16T00:00:00.000Z", "modified": "2024-01-16T00:00:00.000Z", "name": "AndroxGh0st usage (2024)", "description": "On 2024-01-16, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, Software misconfig, while using Exposed environment config abuse, targeting PHP, Apache HTTP Server, Laravel to achieve Resource hijacking. The following tools were observed: AndroxGh0st.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cisa.gov", "url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-016a" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ee296d32-43b4-532d-a814-4d2bcac8224a", "type": "campaign", "created": "2024-01-11T00:00:00.000Z", "modified": "2024-01-11T00:00:00.000Z", "name": "Dreambus campaign (2023)", "description": "On 2024-01-11, a campaign was reported, involving Dreambus operator, gaining initial access via Software misconfig, 1-day vulnerability, targeting Apache RocketMQ, Metabase to achieve Resource hijacking. The following tools were observed: XMRig.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.zscaler.com", "url": "https://www.zscaler.com/blogs/security-research/dreambus-unleashes-metabase-mayhem-new-exploit-module" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--44ccfa8b-280d-538c-8806-426337417da6", "type": "campaign", "created": "2024-01-11T00:00:00.000Z", "modified": "2024-01-11T00:00:00.000Z", "name": "FBot toolkit targets cloud environments", "description": "FBot is a Python-based hacking toolkit, targeting web servers, cloud services, and SaaS platforms like AWS, Office365, PayPal, Sendgrid, and Twilio. FBot's primary purpose is to enable actors to hijack cloud, SaaS, and web services, with a secondary focus on acquiring accounts...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.sentinelone.com", "url": "https://www.sentinelone.com/labs/exploring-fbot-python-based-malware-targeting-cloud-and-payment-services/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "type": "campaign", "created": "2024-01-10T00:00:00.000Z", "modified": "2024-01-10T00:00:00.000Z", "name": "Ivanti Connect Secure targeting campaign", "description": "On 2024-01-10, a campaign was reported, involving UNC5221, gaining initial access via 0-day vulnerability, targeting Ivanti Connect Secure VPN with unknown impact. The following tools were observed: PySoxy, LIGHTWIRE, THINSPOOL, WARPWIRE, WIREFIRE, enum4Linux, ZIPLINE, BUSHWALK, CHAINLINE, FRAMESTING, Impacket, CrackMapExec, iodine, DSLog.", "objective": "Unknown", "external_references": [ { "source_name": "forums.ivanti.com", "url": "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--dd874265-9037-53b3-adce-2a3d8253253a", "type": "campaign", "created": "2024-01-10T00:00:00.000Z", "modified": "2024-01-10T00:00:00.000Z", "name": "returgence-campaign-targeting-mssql-servers-with-ransomware", "description": "Researchers identified attacks targeting Microsoft SQL (MSSQL) servers to encrypt the victims' files with Mimic (N3ww4v3) ransomware. The attacks are tracked as RE#TURGENCE and have been observed targeting Europe, the United States, and Latin America.Threat actors targeted pub...", "objective": "RansomOp", "external_references": [ { "source_name": "www.securonix.com", "url": "https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-returgence-attack-campaign-turkish-hackers-target-mssql-servers-to-deliver-domain-wide-mimic-ransomware/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a7abf7d6-139f-57f8-9f48-f2b7ede70eef", "type": "campaign", "created": "2024-01-10T00:00:00.000Z", "modified": "2024-01-10T00:00:00.000Z", "name": "Apache app cryptojacking campaign", "description": "On 2024-01-10, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, Software misconfig, targeting Apache Flink, Apache Hadoop, Spring Framework, Redis to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "blog.aquasec.com", "url": "https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-stealthy-attacker" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--235d85c1-d436-547d-9a76-2d38bf054db4", "type": "campaign", "created": "2023-12-28T00:00:00.000Z", "modified": "2023-12-28T00:00:00.000Z", "name": "Cyber Toufan Linux destruction", "description": "On 2023-12-28, a campaign was reported, involving Cyber Toufan, gaining initial access via Supply chain vector, while using TOR anonymization, Email server hijacking, to achieve Data exfiltration, Data destruction.", "objective": "Data exfiltration, Data destruction", "external_references": [ { "source_name": "doublepulsar.com", "url": "https://doublepulsar.com/cyber-toufan-goes-oprah-mode-with-free-linux-system-wipes-of-over-100-organisations-eaf249b042dc" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a3f244de-5a10-5bbd-a8da-a47e2cbed8f5", "type": "campaign", "created": "2023-12-14T00:00:00.000Z", "modified": "2023-12-14T00:00:00.000Z", "name": "GambleForce SQL injection campaign", "description": "On 2023-12-14, a campaign was reported, involving GambleForce, gaining initial access via Web vulnerability, 1-day vulnerability, while using SQL injection, to achieve Data exfiltration.", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.group-ib.com", "url": "https://www.group-ib.com/blog/gambleforce-gang/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--14c9ff66-2d65-5e80-b09f-ecda9cbffadc", "type": "campaign", "created": "2023-12-13T00:00:00.000Z", "modified": "2023-12-13T00:00:00.000Z", "name": "APT29 TeamCity campaign", "description": "On 2023-12-13, a campaign was reported, involving APT29, gaining initial access via 1-day vulnerability, targeting TeamCity to achieve Data exfiltration.", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.cisa.gov", "url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c0bcaede-27f5-5a19-9643-6e710ebcbddd", "type": "campaign", "created": "2023-12-12T00:00:00.000Z", "modified": "2023-12-12T00:00:00.000Z", "name": "OAuth applications to deploy VMs for cryptomining", "description": "On 2023-12-12, a campaign was reported, involving Storm-1283, gaining initial access via End-user compromise, while using OAuth app creation, OAuth app hijack, to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--0104f36a-ba94-5a50-b35b-a29760e5d1a7", "type": "campaign", "created": "2023-12-07T00:00:00.000Z", "modified": "2023-12-07T00:00:00.000Z", "name": "Krasue Thailand campaign", "description": "On 2023-12-07, a campaign was reported, involving Krasue operator, gaining initial access via Unknown, to achieve Data exfiltration. The following tools were observed: Krasue.", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.group-ib.com", "url": "https://www.group-ib.com/blog/krasue-rat/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--56eb9b45-5fe2-51d1-ad68-4228d9b067ca", "type": "campaign", "created": "2023-11-28T00:00:00.000Z", "modified": "2023-11-28T00:00:00.000Z", "name": "GoTitan ActiveMQ campaign", "description": "Fortiguard Labs detected numerous threat actors exploiting CVE-2023-46604 to disseminate diverse strains of malware. Their analysis unveiled the emergence of a newly discovered Golang-based botnet named GoTitan and a .NET program called \"PrCtrl Rat,\" equipped with remote contr...", "objective": "Unknown", "external_references": [ { "source_name": "www.fortinet.com", "url": "https://www.fortinet.com/blog/threat-research/gotitan-botnet-exploitation-on-apache-activemq" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--d5e5694c-81e3-5972-8d75-fb44f1b73842", "type": "campaign", "created": "2023-11-27T00:00:00.000Z", "modified": "2023-11-27T00:00:00.000Z", "name": "Andariel exploiting Apache ActiveMQ", "description": "On 2023-11-27, a campaign was reported, involving Andariel, gaining initial access via 1-day vulnerability, while using Vulnerability exploitation, targeting Apache ActiveMQ with unknown impact. The following tools were observed: NukeSped, Metasploit.", "objective": "Unknown", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/59318/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--9d07fbeb-a438-5746-aa8c-3bdb28d5387d", "type": "campaign", "created": "2023-11-20T00:00:00.000Z", "modified": "2023-11-20T00:00:00.000Z", "name": "cryptojacking-against-apache-servers-with-cobalt-strike", "description": "Researchers detected a cyber attack campaign that installs the XMRig CoinMiner on Windows web servers operating Apache. The threat actor employed Cobalt Strike to manage the compromised system. Cobalt Strike, a commercial penetration testing tool, has recently become a common ...", "objective": "Resource hijacking", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/59110/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--f142a4ec-2e6c-580d-8e93-36272cbc6253", "type": "campaign", "created": "2023-11-14T00:00:00.000Z", "modified": "2023-11-14T00:00:00.000Z", "name": "Confluence targeting by C3RB3R", "description": "On 2023-11-14, a campaign was reported, involving C3RB3R operator, gaining initial access via 1-day vulnerability, targeting Confluence Server to achieve RansomOp. The following tools were observed: C3RB3R Ransomware.", "objective": "RansomOp", "external_references": [ { "source_name": "www.sentinelone.com", "url": "https://www.sentinelone.com/blog/c3rb3r-ransomware-ongoing-exploitation-of-cve-2023-22518-targets-unpatched-confluence-servers/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--7c0aa995-5191-5e30-aef6-34fad89463ab", "type": "campaign", "created": "2023-11-13T00:00:00.000Z", "modified": "2023-11-13T00:00:00.000Z", "name": "OracleIV campaign", "description": "On 2023-11-13, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, while using Abusing exposed Docker socket, targeting Docker to achieve Resource hijacking. The following tools were observed: OracleIV.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/oracleiv-a-dockerised-ddos-botnet/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c6f020df-4e0f-5095-9afd-50986fa3636f", "type": "campaign", "created": "2023-10-30T00:00:00.000Z", "modified": "2023-10-30T00:00:00.000Z", "name": "EleKtra-Leak", "description": "Unit 42 researchers identified a campaign dubbed EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories.", "objective": "Resource hijacking", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/malicious-operations-of-exposed-iam-keys-cryptojacking/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--3b68bb31-36e0-540e-8f79-a81b1e7920a9", "type": "campaign", "created": "2023-10-18T00:00:00.000Z", "modified": "2023-10-18T00:00:00.000Z", "name": "Qubitstrike Crypto Mining and Rootkit Campaign", "description": "Qubitstrike is a cryptojacking campaing targeting exposed Jupyter Notebooks, as they may allow to execute commands remotely. After obtaining a shell on the remote host, the shell script executes a cryptocurrency miner and establishes persistence using a cron job that inserts a...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b389c318-014c-52f3-89fd-2089337aad45", "type": "campaign", "created": "2023-10-10T00:00:00.000Z", "modified": "2023-10-10T00:00:00.000Z", "name": "Cloud tools imitation campaign", "description": "On 2023-10-10, a campaign was reported, involving an unknown actor, gaining initial access via Supply chain vector, while using Package typosquatting, Package Starjacking, with unknown impact.", "objective": "Unknown", "external_references": [ { "source_name": "blog.phylum.io", "url": "https://blog.phylum.io/cloud-provider-credentials-targeted-in-new-pypi-malware-campaign/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--57761641-629b-5d73-a3a6-b483364baff7", "type": "campaign", "created": "2023-10-03T00:00:00.000Z", "modified": "2023-10-03T00:00:00.000Z", "name": "SQL Server to cloud lateral movement", "description": "On 2023-10-03, a campaign was reported, involving an unknown actor, gaining initial access via Web vulnerability, while using SQL injection, Use DNS for exfiltration, IMDS abuse, SQL commands, targeting Microsoft SQL Server to achieve Data exfiltration.", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--71ae8bc5-1544-587a-bafa-20758366bdde", "type": "campaign", "created": "2023-09-20T00:00:00.000Z", "modified": "2023-09-20T00:00:00.000Z", "name": "Scattered Spider SaaS targeting", "description": "On 2023-09-20, a campaign was reported, involving 0ktapus, gaining initial access via End-user compromise, while using Smishing (SMS phishing), Serial port abuse, MFA enrollment, Create new cloud user, SIM swap scam, Phishing, to achieve Data exfiltration, RansomOp.", "objective": "Data exfiltration, RansomOp", "external_references": [ { "source_name": "permiso.io", "url": "https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--d7bb859a-3c30-5c3b-873b-8090faa0566d", "type": "campaign", "created": "2023-09-20T00:00:00.000Z", "modified": "2023-09-20T00:00:00.000Z", "name": "Prophet Spider campaign", "description": "On 2023-09-20, a campaign was reported, involving Prophet Spider, gaining initial access via , while using Vulnerability exploitation,.", "objective": "", "external_references": [ { "source_name": "www.secureworks.com", "url": "https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b10411a5-414f-50c4-8c7d-27b565744e87", "type": "campaign", "created": "2023-09-18T00:00:00.000Z", "modified": "2023-09-18T00:00:00.000Z", "name": "AmberSquid campaign", "description": "Researchers uncovered a cryptojacking operation targeting AWS services such as AWS Amplify, AWS Fargate, and Amazon SageMaker to mine cryptocurrency. The timeline of this operation spans from May 2022 to March 2023. Initially, the attackers used Docker Hub accounts to distribu...", "objective": "Resource hijacking", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/ambersquid/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--6f974368-3041-5cf5-8823-94c26681d5a4", "type": "campaign", "created": "2023-09-14T00:00:00.000Z", "modified": "2023-09-14T00:00:00.000Z", "name": "peach-sandstorm-cloud-activity", "description": "According to Microsoft Threat Research, during a campaign by Iranian state-sponsored actor Peach Sandstorm, they were observed utilizing password spray attacks to gain unauthorized access to target environments. Active since February 2023, the campaign successfully targeted sa...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--35f09c8d-7338-5660-ad53-c951f2213bdd", "type": "campaign", "created": "2023-09-08T00:00:00.000Z", "modified": "2023-09-08T00:00:00.000Z", "name": "From SSH bruteforce to cryptojacking", "description": "The researchers observed a malicious IP address, previously flagged for conducting SSH brute force attempts, communicating with a malicious shell script named hoze. This script downloads xrx.tar, an archive that contains more scripts that uninstall security software and enable...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cloudsek.com", "url": "https://www.cloudsek.com/threatintelligence/hoze-shell-script-dropped-along-with-xmrig-miners-on-misconfigured-ssh-servers-by-brute-forcing" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--bf3d19ba-8209-5a5e-b0b8-49a7178cd9ce", "type": "campaign", "created": "2023-09-04T00:00:00.000Z", "modified": "2023-09-04T00:00:00.000Z", "name": "Evil_MinIO campaign", "description": "On 2023-09-04, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting MinIO with unknown impact.", "objective": "Unknown", "external_references": [ { "source_name": "www.securityjoes.com", "url": "https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a0403a69-8ef9-52a6-ac27-39c503d0f30b", "type": "campaign", "created": "2023-08-29T00:00:00.000Z", "modified": "2023-08-29T00:00:00.000Z", "name": "Kinsing campaigns (2023-2024)", "description": "On 2023-08-29, a campaign was reported, involving Kinsing operator, gaining initial access via 1-day vulnerability, Software misconfig, while using Misconfigured PostgreSQL abuse, targeting Openfire, PostgreSQL, WebLogic, WordPress, Liferay, PHPUnit, Apache RocketMQ to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/kinsing-malware-exploits-novel-openfire-vulnerability/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--80ad655a-0185-5580-a1ad-959b76eed5d4", "type": "campaign", "created": "2023-08-29T00:00:00.000Z", "modified": "2023-08-29T00:00:00.000Z", "name": "UNC4841 Barracuda ESG Campaign", "description": "On 2023-08-29, a campaign was reported, involving UNC4841, gaining initial access via 0-day vulnerability, targeting Barracuda ESG to achieve Data exfiltration.", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.mandiant.com", "url": "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--1a38971b-dda2-5afc-bdf6-fa2154ff25d7", "type": "campaign", "created": "2023-08-17T00:00:00.000Z", "modified": "2023-08-17T00:00:00.000Z", "name": "Labrat GitLab campaign", "description": "On 2023-08-17, a campaign was reported, involving Labrat operator, gaining initial access via 1-day vulnerability, while using Proxyjacking, Cloud compute cryptojacking, targeting GitLab to achieve Resource hijacking. The following tools were observed: Gsocket, ProxyLite, IPRoyal.", "objective": "Resource hijacking", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--69528297-a2e6-5bba-a9f8-d0ac9baa5893", "type": "campaign", "created": "2023-08-15T00:00:00.000Z", "modified": "2023-08-15T00:00:00.000Z", "name": "use-of-azure-run-commands", "description": "On 2023-08-15, a campaign was reported, involving 0ktapus, gaining initial access via Unknown, while using Azure Run Commands abuse, with unknown impact.", "objective": "Unknown", "external_references": [ { "source_name": "go.crowdstrike.com", "url": "https://go.crowdstrike.com/rs/281-OBQ-266/images/report-crowdstrike-2023-threat-hunting-report.pdf" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a65a7239-846b-5caa-be17-7328b5493838", "type": "campaign", "created": "2023-08-10T00:00:00.000Z", "modified": "2023-08-10T00:00:00.000Z", "name": "SugarCRM as initial access to AWS envs", "description": "On 2023-08-10, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting SugarCRM. The following tools were observed: Pacu, ScoutSuite.", "objective": "", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/sugarcrm-cloud-incident-black-hat/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c6cff913-c8b6-5f2f-af93-cdd9ad744779", "type": "campaign", "created": "2023-07-31T00:00:00.000Z", "modified": "2023-07-31T00:00:00.000Z", "name": "P2PInfect campaign", "description": "A campaign targeting misconfigured Redis servers with a peer-to-peer self-replicating worm named P2Pinfect. The campaign exploits a critical vulnerability and makes use of the SLAVEOF feature to install malware that acts as a botnet agent. P2Pinfect is written in Rust and empl...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/redis-p2pinfect/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--95eea450-d581-53c4-822a-cce7c30d6029", "type": "campaign", "created": "2023-07-31T00:00:00.000Z", "modified": "2023-07-31T00:00:00.000Z", "name": "Meow Jupyter Notebook campaign", "description": "On 2023-07-31, a campaign was reported, involving Meow, gaining initial access via Software misconfig, while using Jupyter Notebook misconfig abuse, targeting Jupyter Notebook to achieve Data destruction.", "objective": "Data destruction", "external_references": [ { "source_name": "blog.aquasec.com", "url": "https://blog.aquasec.com/three-years-later-the-meow-campaign-reaches-jupyter" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--39fc9918-448e-5e85-9a57-0eecdef5d7dc", "type": "campaign", "created": "2023-07-30T00:00:00.000Z", "modified": "2023-07-30T00:00:00.000Z", "name": "SkidMap targeting Redis", "description": "On 2023-07-30, a campaign was reported, involving SkidMap operator, gaining initial access via Software misconfig, while using Misconfigured Redis abuse, targeting Redis with unknown impact. The following tools were observed: SkidMap.", "objective": "Unknown", "external_references": [ { "source_name": "www.trustwave.com", "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-recon-new-variant-of-skidmap-targeting-redis/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "type": "campaign", "created": "2023-07-13T00:00:00.000Z", "modified": "2023-07-13T00:00:00.000Z", "name": "SilentBob cryptomining campaign", "description": "A cloud attack campaign possibly orchestrated by the threat actor known as TeamTNT. The campaign primarily involves an aggressive cloud worm that targets JupyterLab and Docker APIs to deploy Tsunami malware, hijack cloud credentials, and execute resource hijacking.On July 13, ...", "objective": "Resource hijacking", "external_references": [ { "source_name": "blog.aquasec.com", "url": "https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e35f7378-c306-52ca-867a-e20b1f3e3927", "type": "campaign", "created": "2023-07-11T00:00:00.000Z", "modified": "2023-07-11T00:00:00.000Z", "name": "Storm-0558 phishing campaigns", "description": "On 2023-07-11, a campaign was reported, involving Storm-0558, gaining initial access via End-user compromise, while using Phishing, LSASS dumping, with unknown impact. The following tools were observed: Cigril, China Chopper.", "objective": "Unknown", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a0a66279-0ef7-59ba-abb7-9033f0409d93", "type": "campaign", "created": "2023-07-11T00:00:00.000Z", "modified": "2023-07-11T00:00:00.000Z", "name": "PyLoose campaign", "description": "In mid-2023, an unknown financially-motivated threat actor began targeting publicly exposed Jupyter Notebook instances to hijack them for running cryptomining operations. The threat actor deployed a fileless Python tool (dubbed “PyLoose”) that loaded an XMRig miner directly in...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/pyloose-first-python-based-fileless-attack-on-cloud-workloads" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e9b7dcf6-dbb2-5563-ba7d-1e7751df6bcf", "type": "campaign", "created": "2023-07-11T00:00:00.000Z", "modified": "2023-07-11T00:00:00.000Z", "name": "APT31 Rekoobe campaign", "description": "On 2023-07-11, a campaign was reported, involving APT31, gaining initial access via ,. The following tools were observed: Rekoobe.", "objective": "", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/55229/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--7ed65aa1-b286-547d-8753-7a5e50ae1301", "type": "campaign", "created": "2023-07-11T00:00:00.000Z", "modified": "2023-07-11T00:00:00.000Z", "name": "scarleteel20", "description": "In July 2023, details of recent activities related to ScarletEel were published, showing the advancement of the attacker over time. The threat actors expanded their arsenal to include new tools and a C2 infrastructure, making it more difficult to detect their activity. They ty...", "objective": "Resource hijacking, Data exfiltration, Denial of service", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/scarleteel-2-0/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e7d94680-1648-51e1-8104-06bfeac4bece", "type": "campaign", "created": "2023-07-03T00:00:00.000Z", "modified": "2023-07-03T00:00:00.000Z", "name": "RomCom exploiting Word vulnerability in campaign targeting government entities", "description": "In June 2023, Storm-0978 launched a campaign exploiting the CVE-2023-36884 vulnerability, a remote code execution flaw in Microsoft Word documents. This campaign targeted defense and government entities in Europe and North America, using phishing emails with lures related to t...", "objective": "RansomOp, Data exfiltration", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--05cff386-860f-5d4a-b581-90567477a46b", "type": "campaign", "created": "2023-06-15T00:00:00.000Z", "modified": "2023-06-15T00:00:00.000Z", "name": "Diicot Campaign Targeting Exposed SSH", "description": "On 2023-06-15, a campaign was reported, involving Diicot, gaining initial access via Password attack, while using SSH bruteforcing, UPX packing, Cron persistence, to achieve Resource hijacking. The following tools were observed: XMRig, zmap.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/blog/tracking-diicot-an-emerging-romanian-threat-actor" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--29aee6f3-500a-57b2-8154-8a47e3488472", "type": "campaign", "created": "2023-05-16T00:00:00.000Z", "modified": "2023-05-16T00:00:00.000Z", "name": "8820-gang-targeting-oracle-weblogic", "description": "8220 Gang, a financially-motivated Chinese threat actor known for their cryptojacking activity, has been observed by researchers to be exploiting CVE-2020-14883, a remote code execution (RCE) vulnerability in Oracle WebLogic Server. The attackers seem to be exploiting the vuln...", "objective": "Resource hijacking, Data exfiltration", "external_references": [ { "source_name": "www.imperva.com", "url": "https://www.imperva.com/blog/imperva-detects-undocumented-8220-gang-activities/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--7448b409-3f1c-5d5e-acd8-40932320b6b2", "type": "campaign", "created": "2023-04-21T00:00:00.000Z", "modified": "2023-04-21T00:00:00.000Z", "name": "8220 Gang exploiting Log4Shell8220 Gang targeting Confluence", "description": "On 2023-04-21, a campaign was reported, involving 8220 Gang, gaining initial access via 1-day vulnerability, to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/51568/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--d615d0bf-c03e-5771-98d2-da0dc41e4493", "type": "campaign", "created": "2023-04-17T00:00:00.000Z", "modified": "2023-04-17T00:00:00.000Z", "name": "Trigona targeting MSSQL servers", "description": "Microsoft SQL servers were observed being attacked through brute-force or dictionary attacks that exploit weak account credentials. The servers were then used as entry points to deploy Trigona ransomware and encrypt all filesOnce the attackers gain access to a server, they dep...", "objective": "RansomOp", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/51343/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--1c3f4a53-6ecc-5c0e-9190-d8e736f70df2", "type": "campaign", "created": "2023-04-12T00:00:00.000Z", "modified": "2023-04-12T00:00:00.000Z", "name": "Mexals cryptojacking campaign", "description": "On 2023-04-12, a campaign was reported, involving Diicot, gaining initial access via Password attack, while using SSH bruteforcing, Cron persistence, UPX packing, to achieve Resource hijacking. The following tools were observed: XMRig.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.akamai.com", "url": "https://www.akamai.com/blog/security-research/mexals-cryptojacking-malware-resurgence" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--25151717-0bd8-5cdf-b8ea-40bbee396aa5", "type": "campaign", "created": "2023-03-30T00:00:00.000Z", "modified": "2023-03-30T00:00:00.000Z", "name": "AlienFox campaign", "description": "On 2023-03-30, a campaign was reported, involving an unknown actor, gaining initial access via Unknown, to achieve Data exfiltration. The following tools were observed: AlienFox.", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.sentinelone.com", "url": "https://www.sentinelone.com/labs/dissecting-alienfox-the-cloud-spammers-swiss-army-knife/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--a6d3c29f-c8dc-5baa-a5c4-bab3ec9337c2", "type": "campaign", "created": "2023-03-24T00:00:00.000Z", "modified": "2023-03-24T00:00:00.000Z", "name": "ChinaZ campaigns", "description": "On 2023-03-24, a campaign was reported, involving ChinaZ, gaining initial access via , while using Misconfigured SSH abuse,.", "objective": "", "external_references": [ { "source_name": "asec.ahnlab.com", "url": "https://asec.ahnlab.com/en/50316/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--1bf8c769-bb66-5337-95a2-a54540e61219", "type": "campaign", "created": "2023-03-23T00:00:00.000Z", "modified": "2023-03-23T00:00:00.000Z", "name": "JavaScript injection via vulnerable CMS", "description": "On 2023-03-23, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/malicious-javascript-injection/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--46b800c6-434a-564f-9025-d8440163d0e2", "type": "campaign", "created": "2023-03-16T00:00:00.000Z", "modified": "2023-03-16T00:00:00.000Z", "name": "UNC3886 campaigns", "description": "On 2023-03-16, a campaign was reported, involving UNC3886, gaining initial access via 1-day vulnerability, targeting ESXi Server, Fortinet Fortigate to achieve Data exfiltration. The following tools were observed: Reptile.", "objective": "Data exfiltration", "external_references": [ { "source_name": "cloud.google.com", "url": "https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--4c818218-703d-5c8f-be90-b15fd7ad0510", "type": "campaign", "created": "2023-03-15T00:00:00.000Z", "modified": "2023-03-15T00:00:00.000Z", "name": "Dero cryptojacking targeting K8s", "description": "On 2023-03-15, a campaign was reported, involving an unknown actor, gaining initial access via Cloud native misconfig, while using Cloud compute cryptojacking, K8s anonymous auth abuse, targeting Kubernetes to achieve Resource hijacking. The following tools were observed: DERO miner.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.crowdstrike.com", "url": "https://www.crowdstrike.com/blog/crowdstrike-discovers-first-ever-dero-cryptojacking-campaign-targeting-kubernetes/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--60b34afc-9756-52ae-99d5-1707c8c11d78", "type": "campaign", "created": "2023-03-10T00:00:00.000Z", "modified": "2023-03-10T00:00:00.000Z", "name": "GoBruteforcer campaign", "description": "GoBruteforcer is a new kind of botnet malware that is written in Golang, and targets web servers, specifically those running phpMyAdmin, MySQL, FTP and Postgres services. The following information is based on samples discovered by researchers in March 2023.The GoBruteforcer ma...", "objective": "Resource hijacking", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/gobruteforcer-golang-botnet/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--250a8d45-e9c8-5794-81d6-39269a0cd1ff", "type": "campaign", "created": "2023-03-09T00:00:00.000Z", "modified": "2023-03-09T00:00:00.000Z", "name": "IceFire Aspera Faspex campaign", "description": "On 2023-03-09, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting Aspera Faspex to achieve RansomOp. The following tools were observed: IceFire.", "objective": "RansomOp", "external_references": [ { "source_name": "www.sentinelone.com", "url": "https://www.sentinelone.com/labs/icefire-ransomware-returns-now-targeting-linux-enterprise-networks/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--8737d2a0-e157-561e-b348-2d25c338b2a2", "type": "campaign", "created": "2023-03-09T00:00:00.000Z", "modified": "2023-03-09T00:00:00.000Z", "name": "Stealing the LIGHTSHOW", "description": "On 2023-03-09, a campaign was reported, involving UNC2970, gaining initial access via , while using Azure AD abuse, Intune abuse,.", "objective": "", "external_references": [ { "source_name": "www.mandiant.com", "url": "https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e818ed0a-1b9a-52e3-8061-745276db4910", "type": "campaign", "created": "2023-02-28T00:00:00.000Z", "modified": "2023-02-28T00:00:00.000Z", "name": "scarleteel", "description": "In early 2023, Sysdig researchers discovered a cyber operation targeting public-facing containerized web apps running in a self-hosted K8s cluster, in order to mine for cryptocurrency and infiltrate the larger cloud environment. The operation, dubbed \"SCARLETEEL\", involved ret...", "objective": "Resource hijacking, Data exfiltration", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/cloud-breach-terraform-data-theft/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--dccf8e0e-d372-5d63-82d8-e352a0ee63a9", "type": "campaign", "created": "2023-02-03T00:00:00.000Z", "modified": "2023-02-03T00:00:00.000Z", "name": "esxiargs-attack", "description": "On 2023-02-03, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, to achieve RansomOp. The following tools were observed: Babuk.", "objective": "RansomOp", "external_references": [ { "source_name": "www.bleepingcomputer.com", "url": "https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--3ad482f8-bda8-536b-88a9-7756a86df376", "type": "campaign", "created": "2023-02-01T00:00:00.000Z", "modified": "2023-02-01T00:00:00.000Z", "name": "HeadCrab campaign", "description": "On 2023-02-01, a campaign was reported, involving HeadCrab operator, gaining initial access via Software misconfig, while using Misconfigured Redis abuse, targeting Redis to achieve Resource hijacking. The following tools were observed: HeadCrab.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--eaa29b5d-4ced-5cf6-a156-5600668d63a0", "type": "campaign", "created": "2022-12-28T00:00:00.000Z", "modified": "2022-12-28T00:00:00.000Z", "name": "Jupyter Notebook cred harvesting campaign", "description": "Permiso identified a credential harvesting campaign targeting cloud infrastructure for the purpose of harvesting credentials. The majority of the victim system were running public facing Juptyer Notebooks. At the time of writing there were about 50 compromised systems. The ini...", "objective": "Data exfiltration", "external_references": [ { "source_name": "permiso.io", "url": "https://permiso.io/blog/s/christmas-cloud-cred-harvesting-campaign/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ffff57ea-6f99-5b30-b5bb-e3f36eeefd97", "type": "campaign", "created": "2022-12-01T00:00:00.000Z", "modified": "2022-12-01T00:00:00.000Z", "name": "Redigo campaign", "description": "On 2022-12-01, a campaign was reported, involving Redigo operator, gaining initial access via 1-day vulnerability, while using Vulnerability exploitation, targeting Redis with unknown impact. The following tools were observed: Redigo.", "objective": "Unknown", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/redigo-redis-backdoor-malware/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--354b316b-8e2e-5564-aa46-ef674c0d4984", "type": "campaign", "created": "2022-11-16T00:00:00.000Z", "modified": "2022-11-16T00:00:00.000Z", "name": "WatchDog East-Asian CSP campaign", "description": "On 2022-11-16, a campaign was reported, involving WatchDog, gaining initial access via ,.", "objective": "", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/watchdog-continues-to-target-east-asian-csps/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--8bfcb3d3-1d63-552a-a4c5-368442438435", "type": "campaign", "created": "2022-09-01T00:00:00.000Z", "modified": "2022-09-01T00:00:00.000Z", "name": "Redirection Roulette", "description": "Beginning in early September 2022, an unknown threat actor successfully compromised tens of thousands of websites mainly aimed at East Asian audiences, redirecting hundreds of thousands of their users to adult-themed content. In several cases, the threat actor connected to the...", "objective": "Defacement", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/redirection-roulette" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e0153fc6-aeb5-5877-a8a9-822ac6ce5fbd", "type": "campaign", "created": "2022-09-01T00:00:00.000Z", "modified": "2022-09-01T00:00:00.000Z", "name": "Kiss-A-Dog campaign", "description": "CrowdStrike uncovered a cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog”-themed mining pool domains.Nicknamed “Kiss-a-dog,” the campaign used multiple comman...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.crowdstrike.com", "url": "https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--352b94fd-ccaa-5d06-9abf-f06325d7b586", "type": "campaign", "created": "2022-08-22T00:00:00.000Z", "modified": "2022-08-22T00:00:00.000Z", "name": "APT29 targeting Microsoft 365", "description": "On 2022-08-22, a campaign was reported, involving APT29, gaining initial access via , while using Add attacker-controlled IdP via ADFS access, Disable logging, MFA enrollment, Auth token signing via Golden SAML, Auth token signing via ADFS access,.", "objective": "", "external_references": [ { "source_name": "www.mandiant.com", "url": "https://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--402c1f9b-c434-5028-8715-e69e2237444b", "type": "campaign", "created": "2022-07-11T00:00:00.000Z", "modified": "2022-07-11T00:00:00.000Z", "name": "Bondnet campaign (2022)", "description": "On 2022-07-11, a campaign was reported, involving Bondnet, gaining initial access via Password attack, targeting Microsoft SQL Server to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "thedfirreport.com", "url": "https://thedfirreport.com/2022/07/11/select-xmrig-from-sqlserver/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--722a53a9-d464-5325-a8b1-e60aec782280", "type": "campaign", "created": "2022-07-07T00:00:00.000Z", "modified": "2022-07-07T00:00:00.000Z", "name": "8220 Gang targeting Confluence", "description": "On 2022-07-07, a campaign was reported, involving 8220 Gang, gaining initial access via 1-day vulnerability, to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.aquasec.com", "url": "https://www.aquasec.com/blog/8220-gang-confluence-vulnerability-cve-2022-26134/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--0871ee8d-729c-5ab0-813a-172c76926051", "type": "campaign", "created": "2022-06-21T00:00:00.000Z", "modified": "2022-06-21T00:00:00.000Z", "name": "darkradiation-container-ransomwarewiper", "description": "On 2022-06-21, a campaign was reported, involving DarkRadiation operator, gaining initial access via Unknown, while using Database ransomware, Disk Wipe, Remotely execute commands or scripts on a VM , Rootkit - LD_PRELOAD, targeting Docker to achieve RansomOp.", "objective": "RansomOp", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/21/f/bash-ransomware-darkradiation-targets-red-hat--and-debian-based-linux-distributions.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--3e53e935-716a-593d-b6eb-5df5c286c2ed", "type": "campaign", "created": "2022-05-11T00:00:00.000Z", "modified": "2022-05-11T00:00:00.000Z", "name": "JavaScript injection via WordPress exploitation", "description": "On 2022-05-11, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting WordPress to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "blog.sucuri.net", "url": "https://blog.sucuri.net/2022/05/massive-wordpress-javascript-injection-campaign-redirects-to-ads.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ca66c765-25cf-5721-9ab7-b118498e763e", "type": "campaign", "created": "2022-05-04T00:00:00.000Z", "modified": "2022-05-04T00:00:00.000Z", "name": "UNC2903 campaigns", "description": "On 2022-05-04, a campaign was reported, involving UNC2903, gaining initial access via , while using IMDS abuse, SSRF,.", "objective": "", "external_references": [ { "source_name": "www.mandiant.com", "url": "https://www.mandiant.com/resources/blog/cloud-metadata-abuse-unc2903" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--1270a24e-1884-59fb-ac7e-a233635002fd", "type": "campaign", "created": "2022-04-21T00:00:00.000Z", "modified": "2022-04-21T00:00:00.000Z", "name": "LemonDuck Docker campaign", "description": "On 2022-04-21, a campaign was reported, involving LemonDuck, gaining initial access via ,.", "objective": "", "external_references": [ { "source_name": "www.crowdstrike.com", "url": "https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--94999ee3-645b-5f31-90ea-8ff855f87fd7", "type": "campaign", "created": "2022-04-06T00:00:00.000Z", "modified": "2022-04-06T00:00:00.000Z", "name": "Denonia campaign", "description": "Denonia is a newly discovered type of malware targeting AWS Lambda environments. It was recently exposed by Cado Security, who named it after the domain it communicates with. Once the malware is executed on the victim's host, it launches XMRig cryptominer.Denonia's delivery an...", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--05eb0674-38c5-5ba1-a877-f11a82d82ae9", "type": "campaign", "created": "2022-03-28T00:00:00.000Z", "modified": "2022-03-28T00:00:00.000Z", "name": "Muhstick Redis campaign", "description": "On 2022-03-28, a campaign was reported, involving Muhstik operator, gaining initial access via ,.", "objective": "", "external_references": [ { "source_name": "thehackernews.com", "url": "https://thehackernews.com/2022/03/muhstik-botnet-targeting-redis-servers.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--df15e4d9-2a8c-58d2-9ee3-54a48d8de8c9", "type": "campaign", "created": "2022-03-22T00:00:00.000Z", "modified": "2022-03-22T00:00:00.000Z", "name": "LAPSUS$ campaigns", "description": "According to Microsoft Threat Research, as part of LAPSUS$’s large-scale social engineering and extortion campaigns, they also gained access to several of their targets’ cloud environments.LAPSUS$ initially targeted organizations in the UK and South America, and then expanded ...", "objective": "Data exfiltration, Data destruction, RansomOp", "external_references": [ { "source_name": "www.microsoft.com", "url": "https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--47b1ba29-df78-5e43-a5ee-a66217b15e40", "type": "campaign", "created": "2022-02-02T00:00:00.000Z", "modified": "2022-02-02T00:00:00.000Z", "name": "CoinStomp campaign", "description": "On 2022-02-02, a campaign was reported, involving CoinStomp operator, gaining initial access via , while using Timestomping, Reverse shell, Cron persistence,. The following tools were observed: CoinStomp.", "objective": "", "external_references": [ { "source_name": "www.cadosecurity.com", "url": "https://www.cadosecurity.com/coinstomp-malware-family-targets-asian-cloud-service-providers/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--038979b9-596f-56ce-bfd7-ff67e4a623d1", "type": "campaign", "created": "2021-12-15T00:00:00.000Z", "modified": "2021-12-15T00:00:00.000Z", "name": "UNC3379 npm supply chain attacks", "description": "Mandiant has attributed supply chain attacks which compromised ua-parser-js , coa, and rc to UNC3379. The malicious packages would download and execute both a Monero cryptocurrency miner, and the DANABOT banking trojan, depending on the OS. ", "objective": "Resource hijacking, Supply chain attack", "external_references": [ { "source_name": "cloud.google.com", "url": "https://cloud.google.com/blog/topics/threat-intelligence/supply-chain-node-js/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--99b17f44-6b2a-5061-b359-671ffd4fa6bc", "type": "campaign", "created": "2021-10-26T00:00:00.000Z", "modified": "2021-10-26T00:00:00.000Z", "name": "Tsunami targeting Jenkins and Weblogic", "description": "On 2021-10-26, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, 1-day vulnerability, targeting Jenkins, WebLogic to achieve Resource hijacking. The following tools were observed: Tsunami.", "objective": "Resource hijacking", "external_references": [ { "source_name": "sysdig.com", "url": "https://sysdig.com/blog/tsunami-malware-jenkins-weblogic/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--dfb7b61e-fa22-5845-9e09-86984b6671c6", "type": "campaign", "created": "2021-10-08T00:00:00.000Z", "modified": "2021-10-08T00:00:00.000Z", "name": "Abcbot Huawei Cloud targeting campaign", "description": "On 2021-10-08, a campaign was reported, involving Abcbot operator, gaining initial access via Cloud native misconfig, to achieve Resource hijacking. The following tools were observed: Kunpeng.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_us/research/21/j/actors-target-huawei-cloud-using-upgraded-linux-malware-.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--4176e9f3-4c1c-545f-a568-1c582bc348a4", "type": "campaign", "created": "2021-06-07T00:00:00.000Z", "modified": "2021-06-07T00:00:00.000Z", "name": "Siloscape campaign", "description": "On 2021-06-07, a campaign was reported, involving Siloscape operator, gaining initial access via 1-day vulnerability, Web vulnerability, while using TOR anonymization, Thread impersonation to escape to host, targeting Kubernetes with unknown impact. The following tools were observed: Siloscape.", "objective": "Unknown", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/siloscape/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--12dc43e8-0f8c-5af8-917e-fb2874146235", "type": "campaign", "created": "2021-02-09T00:00:00.000Z", "modified": "2021-02-09T00:00:00.000Z", "name": "Gin Docker cryptojacking campaign", "description": "On 2021-02-09, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, while using Escape to host via cgroups release_agent, targeting Docker to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.trendmicro.com", "url": "https://www.trendmicro.com/en_za/research/21/b/threat-actors-now-target-docker-via-container-escape-features.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--8a0b09ea-8446-506d-a50e-a5d159164e23", "type": "campaign", "created": "2021-02-03T00:00:00.000Z", "modified": "2021-02-03T00:00:00.000Z", "name": "TeamTNT campaigns", "description": "On 2021-02-03, a campaign was reported, involving TeamTNT, gaining initial access via ,. The following tools were observed: Peirates, Hildegard.", "objective": "", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/teamtnt-operations-cloud-environments/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--b035196a-c1c2-59c2-b289-20c21614003e", "type": "campaign", "created": "2021-01-22T00:00:00.000Z", "modified": "2021-01-22T00:00:00.000Z", "name": "dreambus-campaign", "description": "See Dreambus operator for more information.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.zscaler.com", "url": "https://www.zscaler.com/blogs/security-research/dreambus-botnet-technical-analysis" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--67383f5f-e9a8-589b-afbd-4641315d184f", "type": "campaign", "created": "2020-12-13T00:00:00.000Z", "modified": "2020-12-13T00:00:00.000Z", "name": "solarwinds-supply-chain-attack", "description": "What seemed to be at first a targeted attack against FireEye, turned out to be a much worse espionage campaign associated with APT29 that the United State has suffered from.The SolarWinds attackers, linked to a Mimecast attack on Jan 13th, executed a sophisticated supply chain...", "objective": "Data exfiltration", "external_references": [ { "source_name": "www.wiz.io", "url": "https://www.wiz.io/blog/the-solarwinds-attack" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--8a36673d-e464-5a6d-a9e2-16a5328b6f2a", "type": "campaign", "created": "2020-11-16T00:00:00.000Z", "modified": "2020-11-16T00:00:00.000Z", "name": "Loggerminer campaign", "description": "On 2020-11-16, a campaign was reported, involving Abcbot operator, gaining initial access via , to achieve Resource hijacking. The following tools were observed: Loggerminer.", "objective": "Resource hijacking", "external_references": [ { "source_name": "s.tencent.com", "url": "https://s.tencent.com/research/report/1177.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--069fc1fc-dc5f-5a9d-bcf5-390c48ea8e08", "type": "campaign", "created": "2020-08-27T00:00:00.000Z", "modified": "2020-08-27T00:00:00.000Z", "name": "Cetus campaign", "description": "On 2020-08-27, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, targeting Docker to achieve Resource hijacking. The following tools were observed: Cetus.", "objective": "Resource hijacking", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/cetus-cryptojacking-worm/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--76d1504f-5988-5497-9998-f06c0e91484e", "type": "campaign", "created": "2020-07-28T00:00:00.000Z", "modified": "2020-07-28T00:00:00.000Z", "name": "Doki cryptojacking campaign", "description": "On 2020-07-28, a campaign was reported, involving Doki operator, gaining initial access via Software misconfig, while using Exploiting host mount to escape to host, targeting Docker to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "intezer.com", "url": "https://intezer.com/blog/cloud-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--acb3e603-6cd7-5b56-ae8b-d7c5df5815b2", "type": "campaign", "created": "2020-07-25T00:00:00.000Z", "modified": "2020-07-25T00:00:00.000Z", "name": "Meow database server campaign", "description": "On 2020-07-25, a campaign was reported, involving Meow, gaining initial access via Software misconfig, while using FTP access, Misconfigured DB abuse, targeting MongoDB, Elasticsearch, Apache Cassandra, Apache CouchDB, Jenkins, Apache Hadoop to achieve Data destruction.", "objective": "Data destruction", "external_references": [ { "source_name": "www.csoonline.com", "url": "https://www.csoonline.com/article/559725/attackers-start-wiping-data-from-couchdb-and-hadoop-databases.html" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--ddaf7816-1449-5a80-a65c-afdc778ba908", "type": "campaign", "created": "2020-05-28T00:00:00.000Z", "modified": "2020-05-28T00:00:00.000Z", "name": "Exim exploitation by Sandworm", "description": "On May 28, 2020, the NSA released a cybersecurity advisory on Russian APT group Sandworm exploiting CVE-2019-10149, a vulnerability in Exim Mail Transfer Agent (MTA) software. An unauthenticated remote attacker can use this vulnerability to send a specially crafted email to ex...", "objective": "", "external_references": [ { "source_name": "www.cisa.gov", "url": "https://www.cisa.gov/news-events/alerts/2020/05/28/nsa-releases-advisory-sandworm-actors-exploiting-exim-vulnerability" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--882da77e-3f2b-5e01-96dc-dce8b05b2a1c", "type": "campaign", "created": "2020-04-08T00:00:00.000Z", "modified": "2020-04-08T00:00:00.000Z", "name": "Large-scale cryptomining attack against K8s clusters detected by Azure", "description": "On 2020-04-08, a campaign was reported, involving an unknown actor, gaining initial access via , targeting Kubernetes to achieve Resource hijacking.", "objective": "Resource hijacking", "external_references": [ { "source_name": "azure.microsoft.com", "url": "https://azure.microsoft.com/en-us/blog/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--e88ac94c-b58e-58b1-b04b-39ba8e49c33e", "type": "campaign", "created": "2020-01-16T00:00:00.000Z", "modified": "2020-01-16T00:00:00.000Z", "name": "kinsing-campaign-2020", "description": "On 2020-01-16, a campaign was reported, involving Kinsing operator, gaining initial access via Software misconfig, 1-day vulnerability, while using Vulnerability exploitation, Misconfigured Docker abuse, targeting Redis, Confluence Server, Docker, Apache Hadoop, Solr, ThinkPHP to achieve Resource hijacking. The following tools were observed: Kinsing.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.alibabacloud.com", "url": "https://www.alibabacloud.com/blog/new-outbreak-of-h2miner-worms-exploiting-redis-rce-detected_595743" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--6f03c534-b94f-5057-976a-70d2c944287f", "type": "campaign", "created": "2019-10-16T00:00:00.000Z", "modified": "2019-10-16T00:00:00.000Z", "name": "Graboid campaign", "description": "On 2019-10-16, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, targeting Docker to achieve Resource hijacking. The following tools were observed: Graboid.", "objective": "Resource hijacking", "external_references": [ { "source_name": "unit42.paloaltonetworks.com", "url": "https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--4147d606-6d89-5522-8cda-c88207686025", "type": "campaign", "created": "2018-09-12T00:00:00.000Z", "modified": "2018-09-12T00:00:00.000Z", "name": "ngrok cryptojacking campaign", "description": "On 2018-09-12, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting Redis, Apache CouchDB, Docker, Jenkins, Drupal, MODX to achieve Resource hijacking. The following tools were observed: ngrok.", "objective": "Resource hijacking", "external_references": [ { "source_name": "blog.netlab.360.com", "url": "https://blog.netlab.360.com/a-new-mining-botnet-blends-its-c2s-into-ngrok-service/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--10a54d17-fa41-5b22-b927-c70827a4b58a", "type": "campaign", "created": "2014-03-18T00:00:00.000Z", "modified": "2014-03-18T00:00:00.000Z", "name": "Operation Windigo", "description": "On 2014-03-18, a campaign was reported, involving Windigo operator, gaining initial access via Supply chain vector, while using Create SSH backdoor, to achieve Resource hijacking. The following tools were observed: Ebury.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.welivesecurity.com", "url": "https://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "campaign--c64cf421-af04-5a95-b77d-0f6472dde8c9", "type": "campaign", "created": "2013-05-07T00:00:00.000Z", "modified": "2013-05-07T00:00:00.000Z", "name": "Cdorked campaign", "description": "On 2013-05-07, a campaign was reported, involving an unknown actor, gaining initial access via Unknown, targeting Apache HTTP Server, NGINX, Lighttpd to achieve Resource hijacking. The following tools were observed: Cdorked.", "objective": "Resource hijacking", "external_references": [ { "source_name": "www.welivesecurity.com", "url": "https://www.welivesecurity.com/2013/05/07/linuxcdorked-malware-lighttpd-and-nginx-web-servers-also-affected/" } ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bb4f6e90-222f-5423-8bac-cf0a5bb7969f", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--cc78ddd1-3114-5e5a-bf8d-a291cb97f795", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c7ec9cb3-8af9-5430-90b5-48cee77391c2", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--cc78ddd1-3114-5e5a-bf8d-a291cb97f795", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fc0f7482-7036-5786-aa0f-0c8156c3ce4e", "target_ref": "attack-pattern--784d2d19-fa9a-5d1d-b9ed-eacc0f6bd0b8", "source_ref": "campaign--cc78ddd1-3114-5e5a-bf8d-a291cb97f795", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f0e56ee1-dbf2-518c-9cab-2737a1f65f87", "target_ref": "attack-pattern--77c9068f-40a3-53cf-a89f-92c26c4eb8ae", "source_ref": "campaign--cc78ddd1-3114-5e5a-bf8d-a291cb97f795", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a7531baa-9198-54e8-9829-1c58b6937ccc", "target_ref": "malware--ff2b4da7-c90a-5f4e-8b7b-da3c23bf1750", "source_ref": "campaign--cc78ddd1-3114-5e5a-bf8d-a291cb97f795", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0d4b5194-17a1-5c08-9040-f7122fe246bf", "target_ref": "malware--c9a24dca-814c-588a-8929-02f9adb49b1e", "source_ref": "campaign--cc78ddd1-3114-5e5a-bf8d-a291cb97f795", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--dbaf52e5-814f-51dc-8311-960a08d3e00c", "target_ref": "threat-actor--c84ee96b-0e1b-5d8f-813f-6bd936461cfd", "source_ref": "campaign--cc78ddd1-3114-5e5a-bf8d-a291cb97f795", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f28af855-8538-5c07-ab4c-3239de8c5e57", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--99065426-ba13-5e40-998c-2da007495de3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--401961f5-3a6c-56aa-b21f-462e99f6d7ac", "target_ref": "attack-pattern--77c9068f-40a3-53cf-a89f-92c26c4eb8ae", "source_ref": "campaign--99065426-ba13-5e40-998c-2da007495de3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d614eb0b-652d-51cb-90f3-4d1698b96ded", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--99065426-ba13-5e40-998c-2da007495de3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--25dc7da8-73ba-5722-97b5-025de774d153", "target_ref": "attack-pattern--77c9068f-40a3-53cf-a89f-92c26c4eb8ae", "source_ref": "campaign--e7a484d9-b510-5173-85b7-04d154a3b4c1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--319f9a8e-f224-5197-9696-29d3486c0287", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--e7a484d9-b510-5173-85b7-04d154a3b4c1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e22b2c48-6f8a-5d9a-8084-2ed2258a9235", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--e7a484d9-b510-5173-85b7-04d154a3b4c1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8a8721ef-a77b-57f9-ad31-b6e9964f6924", "target_ref": "attack-pattern--1fb7547a-975b-59fd-90ff-e28444f98778", "source_ref": "campaign--e7a484d9-b510-5173-85b7-04d154a3b4c1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--80e1b37b-4cba-5176-9887-0695c0247f41", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--e7a484d9-b510-5173-85b7-04d154a3b4c1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b4aaeac7-e66d-58ba-8a90-a6fcedb3eb79", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--4cc0c60e-c332-5157-b24f-230afd2813f2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--390aff5e-4e1f-5943-9d72-d4089a2cdc80", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--4cc0c60e-c332-5157-b24f-230afd2813f2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f68f15ed-57c2-50be-aa55-4637e2f3e8bb", "target_ref": "attack-pattern--c181a996-c857-5590-baf2-d96984736617", "source_ref": "campaign--4cc0c60e-c332-5157-b24f-230afd2813f2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9a57d1e1-5a29-5633-adf9-22b1fb9298ca", "target_ref": "threat-actor--73187952-0eef-5c18-bc0e-713ea0679872", "source_ref": "campaign--4cc0c60e-c332-5157-b24f-230afd2813f2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a6fa74a7-4f28-591d-8880-52d16c567c71", "target_ref": "attack-pattern--fd04f468-aebe-5ed2-8048-a16ae7fd15bf", "source_ref": "campaign--a2836d26-eb7c-5744-b1a1-341114d64fc4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1bf69e7f-929d-5e12-988d-b041fe8e11fe", "target_ref": "attack-pattern--c181a996-c857-5590-baf2-d96984736617", "source_ref": "campaign--a2836d26-eb7c-5744-b1a1-341114d64fc4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7b377287-d118-5e1b-9e89-aece4111d7d4", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--a2836d26-eb7c-5744-b1a1-341114d64fc4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--289f214b-e2a0-553f-97d7-de5d02388058", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--a2836d26-eb7c-5744-b1a1-341114d64fc4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a5b0d9c8-d698-5146-add5-03e43ba8be9f", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--a2836d26-eb7c-5744-b1a1-341114d64fc4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cdb7fd3d-4f56-5c1b-827a-0cab5991266a", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--3e5deedb-d08b-5ad7-901b-a7e5d4f151a3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ad7a77d2-280e-5a79-8099-c2e4c80b51cc", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--3e5deedb-d08b-5ad7-901b-a7e5d4f151a3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--53e4c12f-3b64-5162-87bb-de126c607022", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--3e5deedb-d08b-5ad7-901b-a7e5d4f151a3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--66347190-bac5-53c0-840b-cb16fa0e4073", "target_ref": "threat-actor--73187952-0eef-5c18-bc0e-713ea0679872", "source_ref": "campaign--3e5deedb-d08b-5ad7-901b-a7e5d4f151a3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a33f7614-059e-593b-a590-57d32e79ae84", "target_ref": "attack-pattern--692bfeab-5698-5131-842c-577b24bb2606", "source_ref": "campaign--b4923f9f-5528-5613-8233-f245e155f31b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--55e7f4dc-d19c-5154-9742-9badd4778fd5", "target_ref": "attack-pattern--8128ef78-d790-56a1-96a7-e2861e19be99", "source_ref": "campaign--b4923f9f-5528-5613-8233-f245e155f31b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f8b5e57a-f941-515a-ab7c-fbd0c6b179f1", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--b4923f9f-5528-5613-8233-f245e155f31b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5bac5cea-27c2-555c-934f-89e0d54b972e", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--f8848a5a-5633-5f8d-912c-d4d5e92817dd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6297382a-d40f-5c38-9b64-3aff52126050", "target_ref": "attack-pattern--fd04f468-aebe-5ed2-8048-a16ae7fd15bf", "source_ref": "campaign--f8848a5a-5633-5f8d-912c-d4d5e92817dd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8fb05815-2709-515c-8632-640318fc0301", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--f8848a5a-5633-5f8d-912c-d4d5e92817dd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cc90bc9d-f326-569d-82d0-8ecfd5891f73", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--f8848a5a-5633-5f8d-912c-d4d5e92817dd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--94aba1cf-6994-545f-9bc5-c7d5bc9c1a86", "target_ref": "threat-actor--73187952-0eef-5c18-bc0e-713ea0679872", "source_ref": "campaign--f8848a5a-5633-5f8d-912c-d4d5e92817dd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fd4d6a7b-5908-5742-926d-f3a2506eb274", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--ee24b549-472e-567a-a820-2f0696a9b449", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--debe0953-8a00-5928-8085-c75de6ed9b65", "target_ref": "attack-pattern--fd04f468-aebe-5ed2-8048-a16ae7fd15bf", "source_ref": "campaign--ee24b549-472e-567a-a820-2f0696a9b449", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--cbe586ee-a25f-513d-8d10-f3e0ffbbcb22", "target_ref": "threat-actor--73187952-0eef-5c18-bc0e-713ea0679872", "source_ref": "campaign--ee24b549-472e-567a-a820-2f0696a9b449", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c03999c6-2ee8-59bd-8f90-3f8554156598", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--1c116cae-f41c-5b57-87f0-65270e62ba99", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--820b3c51-4540-54ba-8e38-0f565d00232d", "target_ref": "attack-pattern--9aab113e-2245-5db2-885a-5671bc74ca5c", "source_ref": "campaign--1c116cae-f41c-5b57-87f0-65270e62ba99", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--309aff34-8619-5557-a4d5-d26e90c79d2d", "target_ref": "attack-pattern--c181a996-c857-5590-baf2-d96984736617", "source_ref": "campaign--1c116cae-f41c-5b57-87f0-65270e62ba99", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--810288a3-131f-5fa1-afc3-015c19b11c07", "target_ref": "malware--771355de-8cb7-5ee9-b16d-886bbcb4d8a1", "source_ref": "campaign--1c116cae-f41c-5b57-87f0-65270e62ba99", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--dee41aba-c423-5a6b-8493-79942483279e", "target_ref": "threat-actor--73187952-0eef-5c18-bc0e-713ea0679872", "source_ref": "campaign--1c116cae-f41c-5b57-87f0-65270e62ba99", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--65a93a1c-0567-5b3a-9f10-5ff72df1541b", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--371a7eb4-e401-5727-aaa1-b967c75ff72b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--eebde30c-106e-583d-abbd-30f1cfbd6f9a", "target_ref": "attack-pattern--cf7639aa-2732-525e-a991-524955855cbd", "source_ref": "campaign--371a7eb4-e401-5727-aaa1-b967c75ff72b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--faf0dd59-cede-5c17-8d62-7196d0f2c905", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--371a7eb4-e401-5727-aaa1-b967c75ff72b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--63cb674b-1c56-5d64-96e7-7d88e47b601e", "target_ref": "attack-pattern--ce6abf1c-a506-5efe-a91c-34115e8f9b18", "source_ref": "campaign--a3fa8097-1950-5316-ba33-1de41d09f899", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7f4471a4-7457-5f26-8868-fe60fe4f8e20", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--a3fa8097-1950-5316-ba33-1de41d09f899", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--8ce7cd5e-2a69-5577-af56-3a280005c561", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--a3fa8097-1950-5316-ba33-1de41d09f899", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0869813b-7ee8-5a3d-9254-c4dd75e751fb", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--59b63734-d3b8-5835-888f-2beb3636b7b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f18fdf45-03a7-51f4-b513-530483128000", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--59b63734-d3b8-5835-888f-2beb3636b7b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--1c404d87-22ca-5947-8a5e-f1dea367e34f", "target_ref": "threat-actor--73187952-0eef-5c18-bc0e-713ea0679872", "source_ref": "campaign--59b63734-d3b8-5835-888f-2beb3636b7b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fb3223f1-231b-5e55-8d64-ca3f878aeaf0", "target_ref": "attack-pattern--fd04f468-aebe-5ed2-8048-a16ae7fd15bf", "source_ref": "campaign--783f5f68-1570-5c6e-a01f-f2dd8270cd74", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--96ce4a84-d3e3-5792-acfa-a46b487c1225", "target_ref": "attack-pattern--c181a996-c857-5590-baf2-d96984736617", "source_ref": "campaign--783f5f68-1570-5c6e-a01f-f2dd8270cd74", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a7d98523-2224-5f65-ae67-e1ce704be979", "target_ref": "threat-actor--73187952-0eef-5c18-bc0e-713ea0679872", "source_ref": "campaign--783f5f68-1570-5c6e-a01f-f2dd8270cd74", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--39574525-54b0-5d76-b4bf-5d06b620b004", "target_ref": "attack-pattern--c181a996-c857-5590-baf2-d96984736617", "source_ref": "campaign--0f888851-985f-5b10-94d6-97984a4e3d4e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--897fdaa1-b533-55dc-b3d8-146ad490b5ac", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--0f888851-985f-5b10-94d6-97984a4e3d4e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f53a570e-540e-587f-8e2d-1b3d0c58d492", "target_ref": "malware--d06b3214-99f4-5579-9ce5-ed8d1ba28db2", "source_ref": "campaign--0f888851-985f-5b10-94d6-97984a4e3d4e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--da43c1e3-c344-5e26-9256-4087fb84be49", "target_ref": "threat-actor--0071e9af-b4ae-5d34-b345-5081e4148ab2", "source_ref": "campaign--0f888851-985f-5b10-94d6-97984a4e3d4e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--378b6717-0fd4-5a83-8ec4-12fee759a289", "target_ref": "attack-pattern--1a947c3c-aacd-5259-85ab-ce51657fd153", "source_ref": "campaign--7b53c2eb-cbb7-568c-88c2-f3e4414548a3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--8a3a1975-d600-5d8b-a095-1253a423bcc0", "target_ref": "threat-actor--d083a682-3a37-51ad-9787-4978d9041f7c", "source_ref": "campaign--7b53c2eb-cbb7-568c-88c2-f3e4414548a3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--aab74637-59e3-58ff-9a4a-c562391dcf84", "target_ref": "attack-pattern--2aa946c6-0396-5c00-9bf9-9908c062c0b4", "source_ref": "campaign--a82e2bfb-3509-5cc4-b8f3-a2b9eb9a6545", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--71f8bfbf-833c-5070-9692-de8f0794c02a", "target_ref": "attack-pattern--5e45525a-8869-5496-b37a-d46883876081", "source_ref": "campaign--a82e2bfb-3509-5cc4-b8f3-a2b9eb9a6545", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f259b0a8-45f2-5bc3-b393-84071e83c7fa", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--a82e2bfb-3509-5cc4-b8f3-a2b9eb9a6545", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--37cb9572-1314-581c-8e87-4eb9c27671c3", "target_ref": "attack-pattern--9aab113e-2245-5db2-885a-5671bc74ca5c", "source_ref": "campaign--d74f013e-9ac8-551d-b457-33c931dbdc71", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f46e8684-e91c-5164-974a-89ca77733e35", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--d74f013e-9ac8-551d-b457-33c931dbdc71", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5dc4673c-9032-5bea-a1d9-e56d449960fb", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--1af8d64e-95a4-5bf1-a414-52ac32dcf533", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1484cbfd-e4e0-5367-bfe2-db1df404f90c", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--1af8d64e-95a4-5bf1-a414-52ac32dcf533", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f5717143-fcfa-56dd-ad92-0cc250a522d1", "target_ref": "threat-actor--f666cb03-c4d9-5121-8117-f47021b14aee", "source_ref": "campaign--1af8d64e-95a4-5bf1-a414-52ac32dcf533", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0919164d-a430-597d-82d4-a523789ae649", "target_ref": "attack-pattern--c181a996-c857-5590-baf2-d96984736617", "source_ref": "campaign--4338c7fd-21dc-5a13-a64d-f8ea9f47626e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--457d0ff6-4e59-5878-8153-213fdf1b95b1", "target_ref": "attack-pattern--b199c800-d532-5048-bcba-8f0b8c3915b5", "source_ref": "campaign--4338c7fd-21dc-5a13-a64d-f8ea9f47626e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--302cd43c-5ad2-5b75-935e-a1e907627eb9", "target_ref": "attack-pattern--c288c362-49e2-5a1c-84a4-5c6dcb21102e", "source_ref": "campaign--4338c7fd-21dc-5a13-a64d-f8ea9f47626e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--34165d0c-1550-5fb6-90e2-da485f6961f7", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--4338c7fd-21dc-5a13-a64d-f8ea9f47626e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4d5c99a6-1db1-59cd-b300-7d2d861ba8e8", "target_ref": "threat-actor--c9798d74-c763-515d-8956-6a76e0f1d2f5", "source_ref": "campaign--e2938afb-aa81-583a-bc19-6ee5267228d0", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e2e83630-ba91-51ae-a45b-dbd9bb434933", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--df43a35d-4ade-5a42-8198-ada852cb2075", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d01b6d38-f642-5e3b-a921-cc2de18bcfdc", "target_ref": "attack-pattern--b736d0bd-e82e-5c5f-aa25-9906e9eb79ba", "source_ref": "campaign--df43a35d-4ade-5a42-8198-ada852cb2075", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3f0adaa2-3985-5fda-af19-66ee99678fff", "target_ref": "attack-pattern--ebada0bc-2296-5195-9af9-ef7b54067b2d", "source_ref": "campaign--df43a35d-4ade-5a42-8198-ada852cb2075", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c6c994af-687f-575e-ae3a-1588570804b6", "target_ref": "attack-pattern--692bfeab-5698-5131-842c-577b24bb2606", "source_ref": "campaign--df43a35d-4ade-5a42-8198-ada852cb2075", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e74e6aae-2500-5e5e-928d-72ed3383c751", "target_ref": "tool--e4ea1a47-2cc7-5b40-ae04-25bfd7351dbb", "source_ref": "campaign--df43a35d-4ade-5a42-8198-ada852cb2075", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--6a700e67-aeeb-5df4-863e-69da7cc2fafe", "target_ref": "threat-actor--73187952-0eef-5c18-bc0e-713ea0679872", "source_ref": "campaign--df43a35d-4ade-5a42-8198-ada852cb2075", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--220517cc-617b-51fd-99cb-fc5384f0f130", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--ee8c8282-0b1c-58a4-8c46-c1218f1acc62", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--49a7992d-8f0f-512d-9d6a-f0d278d17405", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--ee8c8282-0b1c-58a4-8c46-c1218f1acc62", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0c395e13-c17d-586b-a382-96bb699efec9", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--a192df61-ed63-5954-b88f-8f0c891aa909", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e7bd0c5b-600e-5f5f-ab61-8c94d817ff88", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--a192df61-ed63-5954-b88f-8f0c891aa909", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2a8f2177-82ed-53e7-a84a-5b9a701fe0ff", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--a192df61-ed63-5954-b88f-8f0c891aa909", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e754c17b-721f-55bd-82f5-105868bc578a", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--a192df61-ed63-5954-b88f-8f0c891aa909", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cab2947a-6465-5154-88bf-519f1a7b9b97", "target_ref": "attack-pattern--407cdfc4-3be1-5674-b877-bc35982865cf", "source_ref": "campaign--ecd4ec4b-2777-55fb-ac29-e040a811b761", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4ca45d6a-7090-5c4a-82dd-89605bdf1789", "target_ref": "attack-pattern--cf7639aa-2732-525e-a991-524955855cbd", "source_ref": "campaign--ecd4ec4b-2777-55fb-ac29-e040a811b761", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--de54b245-4646-5883-8895-e474c9410ee5", "target_ref": "threat-actor--86534d91-ac96-5d59-93fa-ad75a5f24799", "source_ref": "campaign--ecd4ec4b-2777-55fb-ac29-e040a811b761", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--561821b7-4051-5505-b95a-e82e73ec7e0b", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--7bcd57f8-3426-5584-8072-6b39401840c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fb0d74ca-414e-55b3-850d-65b6fb3628da", "target_ref": "attack-pattern--5ab8f232-2e54-5fe7-bcba-87f5d5569351", "source_ref": "campaign--7bcd57f8-3426-5584-8072-6b39401840c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--27e7a733-ff20-55d3-adb0-cf7b70c86aec", "target_ref": "tool--5509c610-320e-51af-9ea5-4ea2bf80f647", "source_ref": "campaign--7bcd57f8-3426-5584-8072-6b39401840c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3ede3dfe-8f08-55ae-99d1-a9d6c6440325", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--7bcd57f8-3426-5584-8072-6b39401840c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e0f4fcab-571e-5b03-a71d-0b7a52da8276", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--3d2330ed-f098-5d23-a5e1-b125dd367e8d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--310a0ac9-738f-58c7-a000-ddd5dd84680f", "target_ref": "attack-pattern--cf7639aa-2732-525e-a991-524955855cbd", "source_ref": "campaign--0f98a859-1b25-5847-91cc-3661b9cba0df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--55c08373-134e-5935-9fc5-5d743a7a7c61", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--0f98a859-1b25-5847-91cc-3661b9cba0df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--453b22cb-aecf-5827-b25e-68dbc4fbcbc8", "target_ref": "malware--86a3683e-a1f0-5cd1-a97d-ff4c50a0d199", "source_ref": "campaign--0f98a859-1b25-5847-91cc-3661b9cba0df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--1b062704-5348-5b4d-a775-7d1894117aea", "target_ref": "threat-actor--af86dfc2-7bd8-56be-8b18-e13e7ed185b8", "source_ref": "campaign--0f98a859-1b25-5847-91cc-3661b9cba0df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f19eb7ee-32c0-5e63-8512-affce09a847e", "target_ref": "threat-actor--4b827fef-0961-574e-975d-8167e370e318", "source_ref": "campaign--0f98a859-1b25-5847-91cc-3661b9cba0df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b64af5ef-0299-5f57-9037-8e0bf18802a0", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--7facf28e-b585-56e1-9b15-a134477dd2a5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c08b431c-1d8e-5df8-940b-285476d34494", "target_ref": "attack-pattern--692bfeab-5698-5131-842c-577b24bb2606", "source_ref": "campaign--7facf28e-b585-56e1-9b15-a134477dd2a5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--053a4227-4ee2-5ad2-ac9d-0966024fdf6b", "target_ref": "malware--c2f855cd-c105-542a-9f04-4430c53e8e32", "source_ref": "campaign--7facf28e-b585-56e1-9b15-a134477dd2a5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bbabd499-41cd-52ec-a41a-73da7312fa4f", "target_ref": "tool--48087600-1c22-5071-bc6c-0cc6130e700d", "source_ref": "campaign--7facf28e-b585-56e1-9b15-a134477dd2a5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fb7dea4c-8725-58b0-8f43-7abfc8eab9bc", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--7facf28e-b585-56e1-9b15-a134477dd2a5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a450f762-1e13-57dc-84e3-00a353bcbc7c", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--7facf28e-b585-56e1-9b15-a134477dd2a5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a1ac6ffd-17a6-57a5-97f4-fb50b7f52d84", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--44ff3a47-1e21-5376-95ce-3d1778340c43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--08419d4c-c063-5f8e-bdd1-f2fc4b0a5dc3", "target_ref": "malware--af49becb-ec90-566e-8bbc-4a04374e9342", "source_ref": "campaign--44ff3a47-1e21-5376-95ce-3d1778340c43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--83acb1a0-c85a-5a63-8512-2a3a27600a94", "target_ref": "malware--8ce63afe-95f4-5c7f-9c2e-9f78907f53d1", "source_ref": "campaign--44ff3a47-1e21-5376-95ce-3d1778340c43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--74aa2ddc-fe1a-575f-8273-3df967de68d5", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--44ff3a47-1e21-5376-95ce-3d1778340c43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ca1a2dc9-2f49-5beb-a6d5-be999bd2605b", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--c5024126-58ee-5886-835b-dce1a47d9db9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--333f0572-7cd8-507f-b89d-544c59458c47", "target_ref": "attack-pattern--13869276-e957-566f-b5ca-21a1a80dedbe", "source_ref": "campaign--c5024126-58ee-5886-835b-dce1a47d9db9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8315363a-4a27-5c00-9f09-30fca642d108", "target_ref": "malware--389ab4ac-130c-5349-ba18-83e0caeb3c3c", "source_ref": "campaign--c5024126-58ee-5886-835b-dce1a47d9db9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3e55b506-3827-5f26-94f4-35d4744d338b", "target_ref": "malware--57c56437-7425-5c3b-ab16-f9d9783fc672", "source_ref": "campaign--c5024126-58ee-5886-835b-dce1a47d9db9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e8b28dfa-9402-5738-bdff-8af0fd2c6d77", "target_ref": "malware--14088d01-218c-5a8c-aed8-ba8ac82a0038", "source_ref": "campaign--c5024126-58ee-5886-835b-dce1a47d9db9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f48452d4-d72f-506b-8ca2-211a655b1719", "target_ref": "malware--d0d0dcfa-b521-51b9-9316-ffb6735fd0db", "source_ref": "campaign--c5024126-58ee-5886-835b-dce1a47d9db9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ae75638a-a164-5729-b139-168c92eff0b5", "target_ref": "threat-actor--5516296e-2ab7-5589-b188-b76b8e8919b1", "source_ref": "campaign--c5024126-58ee-5886-835b-dce1a47d9db9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c43d9a61-492e-5480-90f4-6f59a22f32da", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--500d6a73-d6d5-5722-97b6-79bf25437fb8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c8d04ce1-69f2-5e1b-8550-2c658536fc9e", "target_ref": "attack-pattern--29968e6e-8877-55e1-b538-10d848d9bfb3", "source_ref": "campaign--500d6a73-d6d5-5722-97b6-79bf25437fb8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--93493d46-0c19-5026-8988-725e68f5a7d7", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--500d6a73-d6d5-5722-97b6-79bf25437fb8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a0d53bee-af17-547a-b3c6-89e7ce040d59", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--500d6a73-d6d5-5722-97b6-79bf25437fb8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4766e2bf-6196-5dce-9c7c-1c52d69bbe51", "target_ref": "attack-pattern--859f8a54-93ec-589f-b18a-88c6b8565682", "source_ref": "campaign--500d6a73-d6d5-5722-97b6-79bf25437fb8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3994d1ad-ccfc-5012-a75b-6238c1b0cdce", "target_ref": "attack-pattern--1fb7547a-975b-59fd-90ff-e28444f98778", "source_ref": "campaign--500d6a73-d6d5-5722-97b6-79bf25437fb8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--02b2e6eb-43bb-594f-972a-217bf3205aa1", "target_ref": "attack-pattern--c181a996-c857-5590-baf2-d96984736617", "source_ref": "campaign--500d6a73-d6d5-5722-97b6-79bf25437fb8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--137fe6af-a4cf-52a6-a369-7dfb4549419e", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--500d6a73-d6d5-5722-97b6-79bf25437fb8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5bba2cf6-98be-522e-87c2-eaa6db8cf663", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d6068439-7eff-582e-b253-256579cce1fd", "target_ref": "attack-pattern--d14fabf9-910b-5fac-969d-9be1b154fac8", "source_ref": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--23f9d3cb-99df-5630-9073-51008916f98d", "target_ref": "attack-pattern--13869276-e957-566f-b5ca-21a1a80dedbe", "source_ref": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--91da2761-eb35-54f4-ad3b-eb4f9fe61ab1", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--363bc535-efd6-5536-84a7-efc27cc0cba1", "target_ref": "attack-pattern--c9f845f3-99d6-5e16-ae4b-f04d0ac5547a", "source_ref": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1be46731-d5c6-5c2b-bb50-73111fa2acf0", "target_ref": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "source_ref": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--54762c05-dac0-519e-9e81-5901f68062e1", "target_ref": "attack-pattern--3526a872-e04b-5ffe-9f46-bea52f146528", "source_ref": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--49215896-8d95-5967-9d10-6294a93ffa18", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c6ba7e5d-224c-5bd5-86a8-93cf808b006c", "target_ref": "malware--192ed40a-cf7a-55e5-99f3-abcf59a2412f", "source_ref": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8b508168-b158-5a1d-943c-efe493be4bb8", "target_ref": "malware--9e8260a2-b4da-56d4-adc3-211441820744", "source_ref": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d3f04b31-d8ce-598b-bcd9-e932e3cfcac3", "target_ref": "threat-actor--998880f6-bf25-5078-99a7-2e658d4b2c1a", "source_ref": "campaign--9b64062c-0fb6-591b-a84a-9e6f348d6077", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--160b5812-5886-5b89-b8a5-80d89ef59667", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--c776c8b0-7b34-5973-8944-a86226c70c41", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d3c23634-34c0-555b-b21b-62229d581206", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--c776c8b0-7b34-5973-8944-a86226c70c41", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a5a8ba71-2aa0-5532-b2fb-4762dd686d4b", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--c776c8b0-7b34-5973-8944-a86226c70c41", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--18667204-f5c5-56ed-9c36-0b5bde11668c", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--c776c8b0-7b34-5973-8944-a86226c70c41", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--02cf3001-28a2-5ca2-bd44-49450aa74fcf", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--7698c3cb-ec09-5075-bf63-95d4b265c6f5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5f38541d-7847-5d4d-8dae-e93070ef1796", "target_ref": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "source_ref": "campaign--7698c3cb-ec09-5075-bf63-95d4b265c6f5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d81dbf93-def4-5969-879a-2912da1ad80c", "target_ref": "tool--48087600-1c22-5071-bc6c-0cc6130e700d", "source_ref": "campaign--7698c3cb-ec09-5075-bf63-95d4b265c6f5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--056ba37f-6ac2-54c0-90a2-84f246210b08", "target_ref": "threat-actor--d5d52ddc-1aa5-52d9-97db-34e61b51316e", "source_ref": "campaign--7698c3cb-ec09-5075-bf63-95d4b265c6f5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d94e33bb-7afd-5b25-85b2-34c41a74d700", "target_ref": "attack-pattern--2f16b62a-4e07-534c-bb1a-eb33a69d445a", "source_ref": "campaign--6819ae69-bf23-5a02-845e-0b209f9eae73", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--93f1f8a8-7318-5f37-862f-925a2e50fb28", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--6819ae69-bf23-5a02-845e-0b209f9eae73", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6006f4f0-e908-5db3-a02b-33798b63e256", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--c0093d01-22b5-5dda-ad3d-baab23b2eb1b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--09a4f546-20bb-517f-bcfc-3bec79d5e45b", "target_ref": "threat-actor--1d705fbd-fd86-5ed6-a4b7-320e8adfa19f", "source_ref": "campaign--c0093d01-22b5-5dda-ad3d-baab23b2eb1b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7bf1f6ac-918d-5722-8c2e-325e3cb8c6f4", "target_ref": "attack-pattern--5ab8f232-2e54-5fe7-bcba-87f5d5569351", "source_ref": "campaign--78abeec9-9390-5c74-ba5a-a6e22fa8f6db", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9cdd171b-3556-567f-aea0-71dfa6676dd4", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--78abeec9-9390-5c74-ba5a-a6e22fa8f6db", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--dea5ed26-0451-547f-a164-5bcb7f25463b", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--78abeec9-9390-5c74-ba5a-a6e22fa8f6db", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--594cbd52-aaa5-5e11-af93-a4584f4fd8e8", "target_ref": "tool--5509c610-320e-51af-9ea5-4ea2bf80f647", "source_ref": "campaign--78abeec9-9390-5c74-ba5a-a6e22fa8f6db", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a12d524f-aefc-5747-815a-d81a02ec0e3d", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--78abeec9-9390-5c74-ba5a-a6e22fa8f6db", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f797bafa-8478-5737-924e-876ee3e9190d", "target_ref": "attack-pattern--ef72daf1-b0a0-5c12-89dd-5311bc0caab5", "source_ref": "campaign--412cb677-aec9-5bec-8e4c-75b91107c8a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a36022fd-4c5b-57a9-b9ba-c4248b062f28", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--412cb677-aec9-5bec-8e4c-75b91107c8a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0d701d3a-6d6d-5e03-a807-2de49002d375", "target_ref": "attack-pattern--f63326da-bb77-576a-9389-b635595c857f", "source_ref": "campaign--412cb677-aec9-5bec-8e4c-75b91107c8a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--62e840a7-80b7-5681-9b60-881ff5f37516", "target_ref": "malware--d082380b-482b-5c5c-b737-d33fb320d9da", "source_ref": "campaign--412cb677-aec9-5bec-8e4c-75b91107c8a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8d193b9c-f17f-571e-91b9-1d9b030d0a34", "target_ref": "tool--6b4b7b9d-748c-59a5-83a6-7ee2251bbf00", "source_ref": "campaign--412cb677-aec9-5bec-8e4c-75b91107c8a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ca23045f-c880-55c9-92fc-af9a32c0bbff", "target_ref": "threat-actor--5103b4e8-f6e9-525f-8cf1-473cb803d6ef", "source_ref": "campaign--412cb677-aec9-5bec-8e4c-75b91107c8a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4fe8a836-27b0-5184-b2aa-d52616b5dcbc", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--6b169a00-8062-5553-9e7b-abfdef1ae08e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--33bd692d-74e2-5733-a626-cffd2ef42e5b", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--6b169a00-8062-5553-9e7b-abfdef1ae08e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c66ee1b1-98c3-5347-a794-ea6d6d84602e", "target_ref": "attack-pattern--66b124ea-b293-5ca9-82ac-5c7f52981b89", "source_ref": "campaign--6b169a00-8062-5553-9e7b-abfdef1ae08e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c9e41c56-21cb-5981-935e-3857665381f2", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--6b169a00-8062-5553-9e7b-abfdef1ae08e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--90e8ce33-4516-5d3b-93a8-e4286a3c995b", "target_ref": "malware--91ac8b41-7deb-5eab-b31b-662b5dad5409", "source_ref": "campaign--6b169a00-8062-5553-9e7b-abfdef1ae08e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b3709944-31bb-5f3c-b7b3-6f8a201dbeb4", "target_ref": "malware--2efb396f-738b-52b5-8ef8-60e5a64c6240", "source_ref": "campaign--6b169a00-8062-5553-9e7b-abfdef1ae08e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3937b37f-e5e2-519c-8b3b-2572a141235d", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--6b169a00-8062-5553-9e7b-abfdef1ae08e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cd6dd300-da86-5f40-b61a-37c9b2a32791", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--1a36baa1-93f5-57f8-867d-f86d031f9577", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d7ae4d70-3ad7-5c55-bf27-2bd448df2de5", "target_ref": "attack-pattern--fbb64e96-fc1f-551a-a857-bd75d395ca22", "source_ref": "campaign--1a36baa1-93f5-57f8-867d-f86d031f9577", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--291e047c-0e0d-506d-b942-462e46b77753", "target_ref": "attack-pattern--692bfeab-5698-5131-842c-577b24bb2606", "source_ref": "campaign--1a36baa1-93f5-57f8-867d-f86d031f9577", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--878d6dd3-0eda-5ff3-bfb5-dbf4c83b04af", "target_ref": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "source_ref": "campaign--1a36baa1-93f5-57f8-867d-f86d031f9577", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--910bd0a8-1eb8-551c-92af-da0c4d6c09a5", "target_ref": "attack-pattern--e31639b2-f244-523a-a8b5-021004b4a2ed", "source_ref": "campaign--1a36baa1-93f5-57f8-867d-f86d031f9577", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3064d704-50cc-5c17-a67b-6bab2c080f0c", "target_ref": "malware--61230a00-fb63-5580-aeac-9dd7ccbc36ee", "source_ref": "campaign--1a36baa1-93f5-57f8-867d-f86d031f9577", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--50edb415-a011-59f9-963a-1b1a591e733c", "target_ref": "malware--765eaa59-d6f1-5a50-858b-e1f54c503703", "source_ref": "campaign--1a36baa1-93f5-57f8-867d-f86d031f9577", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--968d0556-1230-5a9a-ae60-b6b99e7ff40e", "target_ref": "malware--76e20690-3430-5744-a1a3-78a0efb79a84", "source_ref": "campaign--1a36baa1-93f5-57f8-867d-f86d031f9577", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--8612c77f-8344-5b51-bc0e-528994af9542", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--1a36baa1-93f5-57f8-867d-f86d031f9577", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3e4c3211-2ac1-59b1-a28f-945c070d426c", "target_ref": "threat-actor--fdb1ebfc-7fb3-5593-82c0-65036511a8bf", "source_ref": "campaign--22e110dd-e49d-5c0a-93c2-97d680c1fc02", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7167492d-219f-52bd-9da6-27ba9c626377", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--16c46fdf-0704-5fbc-9c4b-b5b26e92d47a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b2c5fec1-1309-5863-b44c-1f2b1c66a2ab", "target_ref": "malware--1eeb085a-70e7-544e-b154-1fd5ea87296b", "source_ref": "campaign--16c46fdf-0704-5fbc-9c4b-b5b26e92d47a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--fbeaedb6-92e4-5e06-a9d4-c6c7cda7b578", "target_ref": "threat-actor--759f0092-5a60-5059-8a6c-850a7b0946aa", "source_ref": "campaign--16c46fdf-0704-5fbc-9c4b-b5b26e92d47a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--19cd0828-1168-57a4-90d8-0bb956224bc8", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--3281b769-1663-52d2-a211-c5ca6cab82df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b12e2a57-9050-5eb9-a4cf-b70094a5387b", "target_ref": "malware--137d45d5-3cea-51f3-bedb-c7b146691826", "source_ref": "campaign--3281b769-1663-52d2-a211-c5ca6cab82df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--620b67ea-e61d-525f-b1e2-5cf0ed736ff3", "target_ref": "malware--49a8eb92-06e5-5f2b-8f5f-1896d102ae47", "source_ref": "campaign--3281b769-1663-52d2-a211-c5ca6cab82df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--2b3eda26-9ad5-58db-87d0-256f143de3b1", "target_ref": "threat-actor--c3d956b4-9222-53c1-9395-3f1d1c94dd68", "source_ref": "campaign--3281b769-1663-52d2-a211-c5ca6cab82df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a3ddb65b-adda-51eb-8d0d-74eb98b76816", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--b61401ab-1876-5af5-82d2-e103ec693343", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9e59977f-c4b9-534e-835b-db387615933a", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--b61401ab-1876-5af5-82d2-e103ec693343", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8d86a23c-f97c-502c-a05d-3219f2776d82", "target_ref": "malware--ec22f54f-1673-5986-bc0b-d124215f9f80", "source_ref": "campaign--b61401ab-1876-5af5-82d2-e103ec693343", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b23746df-bb66-5154-a15a-a30b8a8b6aba", "target_ref": "malware--45d12326-18b7-51d1-9542-cb846f4459a9", "source_ref": "campaign--b61401ab-1876-5af5-82d2-e103ec693343", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d5c8bb9d-7cf1-582d-89fd-c130421c8222", "target_ref": "threat-actor--82494930-131b-5754-8de7-233c22554b02", "source_ref": "campaign--b61401ab-1876-5af5-82d2-e103ec693343", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--04802e36-fc7b-5f7c-890e-638c94227284", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--2960e856-db31-54b0-9f55-b4038a932527", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d8ac1a5d-bc91-5a12-b1b4-88eae131373d", "target_ref": "attack-pattern--859f8a54-93ec-589f-b18a-88c6b8565682", "source_ref": "campaign--2960e856-db31-54b0-9f55-b4038a932527", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--34916548-3f2d-5f63-96ee-1c991252c2ad", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--2960e856-db31-54b0-9f55-b4038a932527", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--deada101-8c20-53a7-ad02-e5ce91a6abb9", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--2960e856-db31-54b0-9f55-b4038a932527", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e122eefd-32a1-54e2-9e4a-a2d3ae62a014", "target_ref": "tool--5509c610-320e-51af-9ea5-4ea2bf80f647", "source_ref": "campaign--2960e856-db31-54b0-9f55-b4038a932527", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--783c7911-fddf-552f-aa13-be03cbe35eb5", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--2960e856-db31-54b0-9f55-b4038a932527", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--49226f76-c75d-56b7-becf-c021c5e08a1b", "target_ref": "attack-pattern--ce6abf1c-a506-5efe-a91c-34115e8f9b18", "source_ref": "campaign--53a48a36-6bcd-5269-8d2a-3d960469d701", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e90983b2-0c1e-51ad-960b-ba2ce184d2b4", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--53a48a36-6bcd-5269-8d2a-3d960469d701", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8b57a5da-0a8a-5a13-9252-bbb7188e4e25", "target_ref": "attack-pattern--859f8a54-93ec-589f-b18a-88c6b8565682", "source_ref": "campaign--53a48a36-6bcd-5269-8d2a-3d960469d701", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4e7e1b85-8404-5a45-b1aa-829144cf3098", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--53a48a36-6bcd-5269-8d2a-3d960469d701", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--be48469a-d6af-5976-8ea1-c12165b5391c", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--ff3c9ad8-1169-5cbf-bfbd-5545df11d243", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--08620a2d-e3c3-5e61-8c99-c5e1e2ab00d5", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--ff3c9ad8-1169-5cbf-bfbd-5545df11d243", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--92bb0e7c-166d-5015-bfe0-d8d6ca513318", "target_ref": "threat-actor--9829dcdc-09e9-504a-ad5b-2218c569fcc5", "source_ref": "campaign--ff3c9ad8-1169-5cbf-bfbd-5545df11d243", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--79d26f5d-204c-5918-8749-53406db77e90", "target_ref": "attack-pattern--49f22301-6915-5e0b-ae99-6cb3496d7157", "source_ref": "campaign--54f1c71b-bfd9-53fe-8e4e-b80328b036a6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bdefbeb2-624f-53b5-82b7-c06bc4c4526d", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--54f1c71b-bfd9-53fe-8e4e-b80328b036a6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7f392352-c012-555f-a647-97579e8e1f68", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--54f1c71b-bfd9-53fe-8e4e-b80328b036a6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--536ab6ef-a853-5d29-8680-46c68823d4a4", "target_ref": "malware--7f2b8aec-f97d-5f49-8239-fb172fe77246", "source_ref": "campaign--54f1c71b-bfd9-53fe-8e4e-b80328b036a6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--935fa115-c965-5a95-97c4-0a3f5261fd16", "target_ref": "tool--5db280ed-d748-5f6c-8551-96ccd4ed701f", "source_ref": "campaign--54f1c71b-bfd9-53fe-8e4e-b80328b036a6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cccaa8e4-51ca-510c-ad02-a741595acc29", "target_ref": "malware--a8c25b6d-852a-5c7f-9030-a876c2173b37", "source_ref": "campaign--54f1c71b-bfd9-53fe-8e4e-b80328b036a6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--77329a38-6c65-5135-9ec6-9e38b96209de", "target_ref": "malware--8bc1fd9b-f0b4-59be-8333-077cd059a1e8", "source_ref": "campaign--54f1c71b-bfd9-53fe-8e4e-b80328b036a6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--77eed6bf-47db-5698-80e2-0941f3348a04", "target_ref": "tool--50775061-da02-5b4b-82af-83ccda7e1ee3", "source_ref": "campaign--54f1c71b-bfd9-53fe-8e4e-b80328b036a6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--0c174dc7-34e8-5888-b607-67251d670356", "target_ref": "threat-actor--8f0db9e2-8318-515d-9447-72aa092c946e", "source_ref": "campaign--54f1c71b-bfd9-53fe-8e4e-b80328b036a6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7c566d42-2de0-5a05-bfc9-dc33e192c442", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--6e8ad996-ae29-5de3-b961-6395ab6375d4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d8947c78-0d87-56a8-b52a-0d3af1582917", "target_ref": "attack-pattern--fd04f468-aebe-5ed2-8048-a16ae7fd15bf", "source_ref": "campaign--6e8ad996-ae29-5de3-b961-6395ab6375d4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--556a4af8-0b8d-5a21-9cc4-5e0ab172dda4", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--6e8ad996-ae29-5de3-b961-6395ab6375d4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8f3bcb89-3e21-5c6d-925a-d619127fc596", "target_ref": "attack-pattern--692bfeab-5698-5131-842c-577b24bb2606", "source_ref": "campaign--93ca5944-4ace-5bee-857f-eb480eb59c23", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a0a43836-e3ce-5ad3-8234-b465b8187b64", "target_ref": "attack-pattern--45c6154a-9151-5c4c-96df-b8f602d00b9c", "source_ref": "campaign--93ca5944-4ace-5bee-857f-eb480eb59c23", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9211efd5-faf0-5657-8afa-9c3d6cdeabba", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--93ca5944-4ace-5bee-857f-eb480eb59c23", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2081f58f-9a1e-5a9b-b3b6-b93f29062dec", "target_ref": "attack-pattern--5ab8f232-2e54-5fe7-bcba-87f5d5569351", "source_ref": "campaign--93ca5944-4ace-5bee-857f-eb480eb59c23", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a92aec06-14fe-5649-8c87-b61e31978bac", "target_ref": "threat-actor--71f56ff3-397c-56d9-8fea-8010d04f078f", "source_ref": "campaign--93ca5944-4ace-5bee-857f-eb480eb59c23", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cc4e7c36-1a2b-5ceb-b95b-66af2d83987d", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--2e3279d5-32b0-582d-8fdd-89405171ff14", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--dd4e67be-4741-5c6c-9d7c-4d22cfd54166", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--2e3279d5-32b0-582d-8fdd-89405171ff14", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--dee1b444-1d62-5c5d-a8ef-3307bbdf8cb3", "target_ref": "malware--d08d9fa7-5873-5c45-b726-3b09c12bae07", "source_ref": "campaign--2e3279d5-32b0-582d-8fdd-89405171ff14", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--01eba244-ccfb-53e2-a986-16d5582a1d14", "target_ref": "malware--f2ac792a-101d-55a9-8a7c-9d7c3d0feac7", "source_ref": "campaign--2e3279d5-32b0-582d-8fdd-89405171ff14", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--0c6ff4b7-e03f-5052-9a90-2b368e971f4d", "target_ref": "threat-actor--c11b3e4a-16f6-5d49-87a3-25211b14f212", "source_ref": "campaign--2e3279d5-32b0-582d-8fdd-89405171ff14", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--34ece78d-9577-5734-8cf0-22f5dc64841f", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--de7a0b51-f067-5e5b-a159-314983044863", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3a93d866-884f-53ac-9f1f-0762ae481283", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--de7a0b51-f067-5e5b-a159-314983044863", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--27cc0ea3-6f35-5dea-9dab-f5f777d160ea", "target_ref": "malware--9d3ca539-0f5f-5027-bfe6-bfeb7cf98551", "source_ref": "campaign--de7a0b51-f067-5e5b-a159-314983044863", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d485794a-d189-58ae-b86f-7b99396f9759", "target_ref": "tool--6b4b7b9d-748c-59a5-83a6-7ee2251bbf00", "source_ref": "campaign--de7a0b51-f067-5e5b-a159-314983044863", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--af742ee7-48b5-5828-b7cf-87bf176b478a", "target_ref": "threat-actor--70a5f37e-3615-5049-b423-939fe4430247", "source_ref": "campaign--de7a0b51-f067-5e5b-a159-314983044863", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--290fb535-e041-56d6-a090-ea680a47bbf6", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--8562c595-9855-5202-a2d1-17bb8e275cfe", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c4e6442b-9db5-5e51-bd48-25ce90f7e3de", "target_ref": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "source_ref": "campaign--8562c595-9855-5202-a2d1-17bb8e275cfe", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--48eec9d0-d400-5225-a836-e7e844a00dc3", "target_ref": "malware--370d5662-98d9-5c73-86c7-33b3c145f76b", "source_ref": "campaign--8562c595-9855-5202-a2d1-17bb8e275cfe", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ef735cc2-78ae-528c-9293-c252100c0f89", "target_ref": "tool--e4ea1a47-2cc7-5b40-ae04-25bfd7351dbb", "source_ref": "campaign--8562c595-9855-5202-a2d1-17bb8e275cfe", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--162b7735-c070-5030-83d9-d98eb4f6af6a", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--8562c595-9855-5202-a2d1-17bb8e275cfe", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b306dd64-d0ac-58e6-abdc-c5cec452bd90", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6675d66e-6088-5e7b-8b8b-97eb7d0c3fd7", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8e07e087-ca3e-5a65-bbdd-df64ed9ce1ad", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f79aad38-6de9-5737-ab12-8bf598d13caf", "target_ref": "attack-pattern--f6aa59d5-6d35-5287-8615-0d9e2effa5de", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--06cc1969-a3ff-5a29-92b8-4f9443d7ec32", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2a54f109-cc82-577a-b9f9-c7df82af7e4b", "target_ref": "tool--6b4b7b9d-748c-59a5-83a6-7ee2251bbf00", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2886f103-3e61-571f-94d6-cbb7900704de", "target_ref": "tool--8dcec46b-edf3-5cea-90b8-e42be4dad172", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7b9dbf38-af63-574a-914e-0cd9fa0daf81", "target_ref": "malware--d079b785-7f75-5aeb-8223-2cad129e7b09", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--96e9c469-6924-58e4-b13d-6d171b9c5a4e", "target_ref": "malware--b33924bc-79ae-519f-a83a-cb4770fc4e93", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--19982c59-1bd9-5236-a352-818f74043b66", "target_ref": "malware--cd628afa-97c8-5dd9-ac67-031475f351ab", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5fbdc6ee-b011-51e5-845a-ef3f1f0f4a0d", "target_ref": "malware--6d081008-925c-5835-9956-891d5f776b78", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4a3f61a1-c277-524d-8cea-8170c27aca47", "target_ref": "threat-actor--b19c6b6b-580c-52fe-9007-392378cdb0dd", "source_ref": "campaign--b045e912-a158-5e6b-8b44-8ad1b401c031", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7daabf37-50df-52ad-bd8b-462f6ea6194b", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--4a36ad0d-3b08-5634-baec-c4641925365d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cc690964-012f-5bc2-919f-de783d0a4567", "target_ref": "attack-pattern--5e45525a-8869-5496-b37a-d46883876081", "source_ref": "campaign--4a36ad0d-3b08-5634-baec-c4641925365d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d2ad2c77-debb-549d-a549-11abe661c129", "target_ref": "malware--92b01d1c-da0f-5a34-9874-9d683b8242ca", "source_ref": "campaign--4a36ad0d-3b08-5634-baec-c4641925365d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--27715780-5ce1-57d5-ae0d-0f83555f3c4f", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--4a36ad0d-3b08-5634-baec-c4641925365d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--62fef794-44fb-5b2e-a771-0947eb06531d", "target_ref": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "source_ref": "campaign--a2a39a48-da18-5e62-aea9-5ba1bd3cf6fa", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e33c84b4-d5e1-5e4e-91e0-9582761408d2", "target_ref": "malware--be4fecd6-b7da-52e8-b268-c2e777d3a21e", "source_ref": "campaign--a2a39a48-da18-5e62-aea9-5ba1bd3cf6fa", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3240b8f9-11c4-5841-b4b9-b9e1f3794abc", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--a2a39a48-da18-5e62-aea9-5ba1bd3cf6fa", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1160d252-a30d-51a5-8c63-43cde45ad8fc", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--a83ee3ef-59f0-58f2-b017-c19aba068309", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cc99e92f-6419-54b5-a695-b634c76b518c", "target_ref": "malware--be537e63-2a06-53dd-9196-3a99e1cd7f69", "source_ref": "campaign--a83ee3ef-59f0-58f2-b017-c19aba068309", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2f5544b2-3321-526d-ae89-ac1dbed9b85e", "target_ref": "malware--efc8a1be-2e4b-5dd5-bb83-c20fa9ff8376", "source_ref": "campaign--a83ee3ef-59f0-58f2-b017-c19aba068309", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--bebdcc17-6066-5b66-bb08-38ce3864004a", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--a83ee3ef-59f0-58f2-b017-c19aba068309", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--83bdef38-380a-58fa-a060-f777cddb2e57", "target_ref": "attack-pattern--e948084b-6a67-51c7-93b3-a937832fed2a", "source_ref": "campaign--8b0433f4-f418-5a13-8b86-ade6384e4904", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--65519cbd-20ff-5709-bcb5-4c72ac28801d", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--8b0433f4-f418-5a13-8b86-ade6384e4904", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c6669890-7d67-5d46-a773-467b701dc0ce", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--8b0433f4-f418-5a13-8b86-ade6384e4904", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f2f95301-e70f-532d-825b-d774cc99136c", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--fd7ecf12-1e8e-5c60-8351-961dfd60c5b3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e40f50c3-c615-5f88-a7f5-cf8f71e9aadf", "target_ref": "malware--df0f2f4f-67f0-52c1-8dea-bdf6a013c1ea", "source_ref": "campaign--fd7ecf12-1e8e-5c60-8351-961dfd60c5b3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c635cb5b-e8a9-59cb-a933-532e0d02eeb7", "target_ref": "malware--e53abbf2-c78f-59de-878f-15a942f8a886", "source_ref": "campaign--fd7ecf12-1e8e-5c60-8351-961dfd60c5b3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d42d1196-c615-59a2-94cb-f5a0e9f2e6e4", "target_ref": "threat-actor--addd8af1-f2fc-5ccd-8407-78dcd90fc363", "source_ref": "campaign--fd7ecf12-1e8e-5c60-8351-961dfd60c5b3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5f5512cb-91a3-5ccf-92bc-32501ed71d4b", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--2fee3f3a-250c-56b8-875f-ce72209cd07e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c3e54977-5302-5828-8703-22d7aee3e20f", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--2fee3f3a-250c-56b8-875f-ce72209cd07e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3813009c-f638-5524-9b27-5411faef54c2", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--1f29f191-7189-54c3-8e94-cee7a8151008", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--da1a66b7-709b-550b-97da-924f4cd2c071", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--1f29f191-7189-54c3-8e94-cee7a8151008", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ed03cac4-3a68-54b3-8c7c-e9e8dbc409bc", "target_ref": "malware--5f1d74f5-7752-52be-949e-d964b276172e", "source_ref": "campaign--1f29f191-7189-54c3-8e94-cee7a8151008", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3903aad0-51c7-5223-8205-e697b654e8bd", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--1f29f191-7189-54c3-8e94-cee7a8151008", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--512bdd90-c77a-5170-9791-d86c25b329e6", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--30f60ec5-bd5b-5828-bd7b-24d46834b821", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1dac84cb-f459-5700-a903-fcb0f8f8fe67", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--30f60ec5-bd5b-5828-bd7b-24d46834b821", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bf0d922f-5463-5ad1-a0a9-fa10cfa07a8d", "target_ref": "malware--dcbd5480-9e38-5513-b882-f974233d7e88", "source_ref": "campaign--30f60ec5-bd5b-5828-bd7b-24d46834b821", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f9104a62-220f-5979-b103-7bb7fa759535", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--30f60ec5-bd5b-5828-bd7b-24d46834b821", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--31b24b3b-2511-54e4-89dd-98c073fae8fd", "target_ref": "attack-pattern--692bfeab-5698-5131-842c-577b24bb2606", "source_ref": "campaign--4bc801f4-136d-5266-81ee-1331b97efd35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3540ec4b-8574-50b1-9a20-bdd9283b01e0", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--4bc801f4-136d-5266-81ee-1331b97efd35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4856a1fe-c719-5856-9d20-42abc22106d7", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--55b10927-bc20-5eff-9a8a-331698b9e9df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a404dbd5-03ec-5816-90b9-0f5906967802", "target_ref": "attack-pattern--1b20466b-e861-531c-9d54-980fb6e811b1", "source_ref": "campaign--55b10927-bc20-5eff-9a8a-331698b9e9df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--afe01f50-1c40-5dac-b0a3-95d11a7c45bb", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--55b10927-bc20-5eff-9a8a-331698b9e9df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d5d50ef6-1457-54dd-8b09-e006142515da", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--c25e0040-8d0e-5739-8b48-82afef005127", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3627af27-dcaa-5590-8661-a91c2751ec67", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--c25e0040-8d0e-5739-8b48-82afef005127", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--13c0f710-4939-5093-b715-af5b3c97798c", "target_ref": "attack-pattern--e8605090-b15d-5201-9313-79abf2ca5567", "source_ref": "campaign--c25e0040-8d0e-5739-8b48-82afef005127", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4cb5c33a-4a5c-5a39-b28d-542751b9e305", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--c25e0040-8d0e-5739-8b48-82afef005127", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bd92777e-95a7-5f8f-9bf4-d0698bf38f1b", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--3b9aa022-8763-5f4d-9122-b2976bc3f688", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5089c74a-69a9-5423-86e5-088a2ba7f9c4", "target_ref": "attack-pattern--3eadf9d5-5f42-52c3-921c-25d5e829ef9d", "source_ref": "campaign--3b9aa022-8763-5f4d-9122-b2976bc3f688", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f3a2a859-75c9-5d40-a614-492f68ca1fa8", "target_ref": "malware--ef4251de-c4a4-5de5-bdcc-0ea40f1b7cfe", "source_ref": "campaign--3b9aa022-8763-5f4d-9122-b2976bc3f688", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--b5e71b7b-7036-5d81-831a-f50671e955a6", "target_ref": "threat-actor--69362ca5-21b2-5593-88ec-0a154ba2ea23", "source_ref": "campaign--3b9aa022-8763-5f4d-9122-b2976bc3f688", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bcafd1d4-1af3-5cb6-9210-fa936f0943e1", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--d1dfc8c0-6aa0-59cf-903a-ebb9026f31b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3ba31108-edd0-5a44-be02-c95d93340240", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--d1dfc8c0-6aa0-59cf-903a-ebb9026f31b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--401d98ea-7ef8-5d4b-ade6-367ea89b4b49", "target_ref": "attack-pattern--1b20466b-e861-531c-9d54-980fb6e811b1", "source_ref": "campaign--d1dfc8c0-6aa0-59cf-903a-ebb9026f31b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e5776a22-c9d6-5655-9986-71c18d18007b", "target_ref": "attack-pattern--d14fabf9-910b-5fac-969d-9be1b154fac8", "source_ref": "campaign--d1dfc8c0-6aa0-59cf-903a-ebb9026f31b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8732b95c-c635-52b9-9a87-ab8c18fe6c31", "target_ref": "attack-pattern--8fc73d88-b65b-518c-a965-8ffb0232e836", "source_ref": "campaign--d1dfc8c0-6aa0-59cf-903a-ebb9026f31b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--81d28424-2f03-5791-b237-8c6bd8f8645b", "target_ref": "malware--7c40060f-a38b-5cc0-9b78-ec05af98b7de", "source_ref": "campaign--d1dfc8c0-6aa0-59cf-903a-ebb9026f31b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bbd2ba8d-50bd-5379-835e-af52e9deaf87", "target_ref": "malware--d08d9fa7-5873-5c45-b726-3b09c12bae07", "source_ref": "campaign--d1dfc8c0-6aa0-59cf-903a-ebb9026f31b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--fb50bd6c-053b-591f-b77b-d6f1df4572f7", "target_ref": "threat-actor--59582752-5104-56c4-b809-83f1d0aaa754", "source_ref": "campaign--d1dfc8c0-6aa0-59cf-903a-ebb9026f31b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9a1356dd-a19a-586f-ade6-c24e2c0c6a5f", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--e00f2ab3-11c3-5c05-8dd2-89eeab8373b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--33eb8c75-a353-574d-92fb-774b19e8a925", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--e00f2ab3-11c3-5c05-8dd2-89eeab8373b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a799ca28-1db4-5020-9bfc-2d272234f3bb", "target_ref": "attack-pattern--0954f27a-cb10-54f4-bc22-b12ac06b001a", "source_ref": "campaign--c37925cf-f656-5605-9203-6035c4599288", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--87909c62-52d8-5ff1-9776-b25fe62d519a", "target_ref": "malware--302102d5-a560-5789-a909-46e01d6da0c7", "source_ref": "campaign--c37925cf-f656-5605-9203-6035c4599288", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--0be9725a-2419-546a-ad6f-cb1b32e9bc9f", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--c37925cf-f656-5605-9203-6035c4599288", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--734b615f-7c9f-5af4-b714-1f07efda8964", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--5849b6f1-b541-5f7f-ad9f-e2077e9336d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5e107691-8d7c-5bc1-a790-9c8668793014", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--5849b6f1-b541-5f7f-ad9f-e2077e9336d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ce6d18fa-08e1-56ff-b8a8-e634b051b91b", "target_ref": "malware--c794b6e7-0c76-5b50-b4b2-d445ebeb48fe", "source_ref": "campaign--5849b6f1-b541-5f7f-ad9f-e2077e9336d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7cf0b008-7295-5901-af5e-58077738187f", "target_ref": "malware--d082380b-482b-5c5c-b737-d33fb320d9da", "source_ref": "campaign--5849b6f1-b541-5f7f-ad9f-e2077e9336d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3a25b77a-04d6-5206-91da-a504f5f383ed", "target_ref": "malware--efc8a1be-2e4b-5dd5-bb83-c20fa9ff8376", "source_ref": "campaign--5849b6f1-b541-5f7f-ad9f-e2077e9336d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--abaf3c9b-63a4-55e3-af5f-0d1182156a78", "target_ref": "tool--efecb91b-be85-5a50-b44a-3462cf2e75d9", "source_ref": "campaign--5849b6f1-b541-5f7f-ad9f-e2077e9336d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--854b66c4-df4c-53dd-8d73-c7bb30bcee4b", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--5849b6f1-b541-5f7f-ad9f-e2077e9336d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--08f6ce28-9c12-5705-9bc4-a3a9078625a0", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--39e9264f-19ba-5e20-8b29-ae77dac653df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--387fa2e6-ae9f-5a5a-b4c0-2a7c51062317", "target_ref": "attack-pattern--8128ef78-d790-56a1-96a7-e2861e19be99", "source_ref": "campaign--39e9264f-19ba-5e20-8b29-ae77dac653df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--41856a51-71b7-5044-8d3b-11b43823b404", "target_ref": "malware--d176818b-b58b-5591-b5cb-b7999f88ee8d", "source_ref": "campaign--39e9264f-19ba-5e20-8b29-ae77dac653df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--258bab3b-8a0a-523a-8cad-51615d36b86f", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--39e9264f-19ba-5e20-8b29-ae77dac653df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--67b054f1-5ab5-57b3-be56-010c0a199912", "target_ref": "malware--311ba078-6109-5e7f-969c-b69363efedef", "source_ref": "campaign--8ba21552-cc91-547b-8736-f5d825e07d07", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4aea4bf2-1990-56c8-a808-74de926d1074", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--8ba21552-cc91-547b-8736-f5d825e07d07", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b176bd86-0225-58dd-9db5-b787f87a63f3", "target_ref": "attack-pattern--c8cffad4-b4a1-5ab2-9dad-327e36e73d0b", "source_ref": "campaign--cd12717c-5535-5899-a54c-9bad17e30c73", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--48f38210-7f7a-5919-8390-c89a7978348f", "target_ref": "attack-pattern--cf7639aa-2732-525e-a991-524955855cbd", "source_ref": "campaign--cd12717c-5535-5899-a54c-9bad17e30c73", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--66778093-7fb4-514a-b4b7-6ff0017b3865", "target_ref": "malware--b2a64edd-93f8-554b-9638-a31abfd12b13", "source_ref": "campaign--cd12717c-5535-5899-a54c-9bad17e30c73", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c816ca1d-b47b-513b-8cfa-8407ecc179af", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--cd12717c-5535-5899-a54c-9bad17e30c73", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--418f29bc-1f94-5f46-a84e-1d12067cc5e0", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--886be814-17af-5c0f-8193-41ea09e332ae", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--93f5e0a8-ef66-54cf-8c4e-9d03d8c211b5", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--886be814-17af-5c0f-8193-41ea09e332ae", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ac4cf8e8-5dbe-546f-8420-2b8b16aca3be", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--2c0e1f2c-49c8-545d-895f-654126bea6ae", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2f62beb8-452c-54b1-9ef5-1313dbc157f8", "target_ref": "malware--70cbd8d4-7823-529d-b78b-b40f01710de7", "source_ref": "campaign--2c0e1f2c-49c8-545d-895f-654126bea6ae", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--82f25012-54bc-5505-b4f3-c63f0594d58b", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--2c0e1f2c-49c8-545d-895f-654126bea6ae", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5fc00e30-4733-5d73-af73-c23c1e3b63ff", "target_ref": "attack-pattern--11c0afea-08ec-5094-b2c2-3146ed3a2b2c", "source_ref": "campaign--7d8c948a-3d1e-5a37-8fa6-8b3e3463b7c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--08d4fd00-a5a4-5a63-8167-39aeef02879a", "target_ref": "attack-pattern--fb33827d-4085-54e8-a37e-8c7fef65de05", "source_ref": "campaign--7d8c948a-3d1e-5a37-8fa6-8b3e3463b7c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a2542a80-3b69-531c-a337-59d5860ac265", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--7d8c948a-3d1e-5a37-8fa6-8b3e3463b7c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c8ef4ff5-4701-5309-aa3a-231b7fbfcf28", "target_ref": "threat-actor--f9eca988-547b-5ced-8a6c-6d46066ad6f8", "source_ref": "campaign--7d8c948a-3d1e-5a37-8fa6-8b3e3463b7c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--92968b3d-44b9-5e22-aa4d-748aaede8fa2", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--465bfc80-4766-52ab-8308-8f0eb1040a43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--818c8703-4136-5667-9c5d-4fd441a69876", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--465bfc80-4766-52ab-8308-8f0eb1040a43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9480a138-1377-503b-b727-0353ec7b4680", "target_ref": "attack-pattern--8348c017-d784-5a98-add3-7b1551d89dc1", "source_ref": "campaign--465bfc80-4766-52ab-8308-8f0eb1040a43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d13f75dd-3ed6-5a3a-9df9-f4df99bd0968", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--465bfc80-4766-52ab-8308-8f0eb1040a43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--05b8ec07-8df8-53bd-9a9c-83bdecedf486", "target_ref": "malware--525e7ae2-cd66-56f9-9ce3-9c88f3211c2b", "source_ref": "campaign--465bfc80-4766-52ab-8308-8f0eb1040a43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2ed43c98-99d0-516d-b13b-2f8e6c8caf92", "target_ref": "malware--7c5766dd-4e1c-50fc-9676-2f369cb4b6a4", "source_ref": "campaign--465bfc80-4766-52ab-8308-8f0eb1040a43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--09d44bf7-2f54-5822-8dc6-fdea55ad186f", "target_ref": "malware--b33924bc-79ae-519f-a83a-cb4770fc4e93", "source_ref": "campaign--465bfc80-4766-52ab-8308-8f0eb1040a43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--01289a15-6692-5190-abbe-588e70e1fdda", "target_ref": "threat-actor--4924e4e6-f97f-50ce-891d-50aee4edb492", "source_ref": "campaign--465bfc80-4766-52ab-8308-8f0eb1040a43", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--eccc6249-d0dd-53d2-a07c-6d4154131482", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--e9e1c5be-599c-5f12-9e49-e59a7b000492", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c1e0966e-ea93-5694-82a8-8057cbe5a2b3", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--e9e1c5be-599c-5f12-9e49-e59a7b000492", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7be936bf-09c8-5870-bb66-b263b8582679", "target_ref": "malware--53773b5d-7c28-5c96-bfa7-83a3068abcdc", "source_ref": "campaign--e9e1c5be-599c-5f12-9e49-e59a7b000492", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4a4386a1-928d-5f8e-85af-a42b4ee690c2", "target_ref": "threat-actor--f593753b-35d1-502b-9846-ce59be9e35de", "source_ref": "campaign--e9e1c5be-599c-5f12-9e49-e59a7b000492", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2721eec9-a5f7-544c-a551-8605630fbc65", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--9cd07d75-f0fd-57e9-9090-8f62692dabf4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--7f21d842-da27-5421-b7b6-ca4090d82ad1", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--9cd07d75-f0fd-57e9-9090-8f62692dabf4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--07803ddd-9a70-58d6-b682-558cc1825fba", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--ff682907-b1fa-500a-8c0a-4d9f7dc2713c", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ffcf3747-d685-51ef-9290-451f93e29cb1", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--ff682907-b1fa-500a-8c0a-4d9f7dc2713c", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bb636f02-34c7-5f8b-b7a0-9850438a526c", "target_ref": "malware--8a1996d0-c446-5cca-ad9a-41ced58682d0", "source_ref": "campaign--ff682907-b1fa-500a-8c0a-4d9f7dc2713c", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a2af7cde-f650-5d64-9af0-211217b1b694", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--ff682907-b1fa-500a-8c0a-4d9f7dc2713c", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8e6052c8-22a6-56a4-9717-6420672c3e9e", "target_ref": "tool--dd5f9bc0-42aa-519c-94bf-4c2a074ded89", "source_ref": "campaign--ff682907-b1fa-500a-8c0a-4d9f7dc2713c", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--dcca986d-5b07-51e1-9f73-4369069801ec", "target_ref": "threat-actor--addd8af1-f2fc-5ccd-8407-78dcd90fc363", "source_ref": "campaign--ff682907-b1fa-500a-8c0a-4d9f7dc2713c", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ed4cc917-2318-54ef-b4ed-ac129eb7a778", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--76f41e4f-cf1b-5de7-880a-4e4e2864e585", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d38b8711-8335-51eb-a2c8-b8c432e4947f", "target_ref": "attack-pattern--d14fabf9-910b-5fac-969d-9be1b154fac8", "source_ref": "campaign--76f41e4f-cf1b-5de7-880a-4e4e2864e585", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3930ee6a-3b08-5d15-b18e-02fd17dda052", "target_ref": "tool--e4ea1a47-2cc7-5b40-ae04-25bfd7351dbb", "source_ref": "campaign--76f41e4f-cf1b-5de7-880a-4e4e2864e585", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--236554d1-cf81-5721-b23f-754ce04a14a7", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--76f41e4f-cf1b-5de7-880a-4e4e2864e585", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--97d1ff5a-0ee1-5f1e-b5b9-6fdd485635f7", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--e944af05-4f93-523e-bb11-74961d40a4e2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1a61cb32-f97b-581a-bac1-b235add238ff", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--e944af05-4f93-523e-bb11-74961d40a4e2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e44dd95d-4a2a-5903-ac08-06051c0b0665", "target_ref": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "source_ref": "campaign--e944af05-4f93-523e-bb11-74961d40a4e2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cc2f287d-d918-5220-b2de-4d426e9b00a0", "target_ref": "attack-pattern--1b20466b-e861-531c-9d54-980fb6e811b1", "source_ref": "campaign--e944af05-4f93-523e-bb11-74961d40a4e2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--63fb7948-bbf5-5639-bf09-9d692154edd9", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--e944af05-4f93-523e-bb11-74961d40a4e2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--39e56d41-bb6c-5492-a9bf-f00ae1661794", "target_ref": "malware--61230a00-fb63-5580-aeac-9dd7ccbc36ee", "source_ref": "campaign--e944af05-4f93-523e-bb11-74961d40a4e2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--68cce51f-e174-522e-80db-29763dd748aa", "target_ref": "malware--33a33440-e1e2-5b16-a2de-882966be7116", "source_ref": "campaign--e944af05-4f93-523e-bb11-74961d40a4e2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--63aac897-1dad-50c6-98cd-c11b4f60ff45", "target_ref": "malware--afc1e1c3-37e7-5894-bfc3-c52806951f1e", "source_ref": "campaign--e944af05-4f93-523e-bb11-74961d40a4e2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a6eae675-94fc-5ba2-9d05-5894087fdd9d", "target_ref": "threat-actor--ae6299f7-67f4-55e3-9aaa-2e2be1c951fc", "source_ref": "campaign--e944af05-4f93-523e-bb11-74961d40a4e2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ce619759-409f-50a1-9231-8eb1465f3b80", "target_ref": "attack-pattern--ebada0bc-2296-5195-9af9-ef7b54067b2d", "source_ref": "campaign--a3b208a7-19c5-5e39-b11b-c8171458f86e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cbf28b3c-792c-5f02-b420-7adc68fe46bb", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--a3b208a7-19c5-5e39-b11b-c8171458f86e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--46259181-7142-5ba0-8fab-c5327b1ae498", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--a3b208a7-19c5-5e39-b11b-c8171458f86e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2d14dad1-9955-5e40-a4ec-79943a42c482", "target_ref": "attack-pattern--6452dcbd-9672-5023-939e-0a54a6f9e42d", "source_ref": "campaign--8f2144bd-783f-5e20-8fc8-fe2fa94abf27", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--12e7b938-4024-5f2b-a2c6-ab6424947442", "target_ref": "malware--61230a00-fb63-5580-aeac-9dd7ccbc36ee", "source_ref": "campaign--8f2144bd-783f-5e20-8fc8-fe2fa94abf27", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--647e9965-068a-5f27-8b9d-ae5a91e06c1e", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--8f2144bd-783f-5e20-8fc8-fe2fa94abf27", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7165124c-06d4-51cf-b9cc-c09cda8f8e5c", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--405d7209-3208-506f-9ad7-d028761ed5e8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a4a38561-fb6d-5d0a-93ed-a104a12aeb22", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--405d7209-3208-506f-9ad7-d028761ed5e8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--756ba6f0-dcd7-516e-ad6f-ea7582a171d8", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--233b3e44-1af7-5ac2-a68e-918bb8d37050", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b722236b-736d-5788-bfbc-1aac5c7b0e1c", "target_ref": "attack-pattern--ef72daf1-b0a0-5c12-89dd-5311bc0caab5", "source_ref": "campaign--233b3e44-1af7-5ac2-a68e-918bb8d37050", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--29bd62bd-9917-511d-94a3-afff40ca7b31", "target_ref": "malware--0a6a5de1-2be7-554d-a7aa-a4ec9aac27e8", "source_ref": "campaign--233b3e44-1af7-5ac2-a68e-918bb8d37050", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9d0fcd0c-0593-5285-bc52-cf6db5d1c62f", "target_ref": "malware--9e9b7036-e1e4-55e2-ab01-1fb0a2548100", "source_ref": "campaign--233b3e44-1af7-5ac2-a68e-918bb8d37050", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--5a845004-b355-5a88-81a4-212c7f5b28e7", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--233b3e44-1af7-5ac2-a68e-918bb8d37050", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d62ba408-b976-53df-bfc1-bc7faf82a68f", "target_ref": "attack-pattern--c8cffad4-b4a1-5ab2-9dad-327e36e73d0b", "source_ref": "campaign--0c73b53a-d432-5815-ae53-71ac73ea4944", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--21ef484a-d8fd-51f4-9bbf-1b4797cc9f50", "target_ref": "malware--df26afdc-bca3-5940-8f5e-e851dbb886e1", "source_ref": "campaign--0c73b53a-d432-5815-ae53-71ac73ea4944", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ae5085dc-dceb-53d6-aba8-6de35fcbebcb", "target_ref": "threat-actor--7284147c-3dfa-5892-8edf-b9c1da56d80c", "source_ref": "campaign--0c73b53a-d432-5815-ae53-71ac73ea4944", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6c892055-74a9-5bb5-a1d0-679edc8849db", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--b05116cb-0c59-566b-8d66-f1b30f5532c3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--19f5ea17-8317-5c55-80c2-7b16b1791a80", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--b05116cb-0c59-566b-8d66-f1b30f5532c3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f3219fb4-b092-5c3a-83e8-6caa2eccb984", "target_ref": "threat-actor--7fdefa69-e7ab-5aca-b26d-1c0cb9ae124e", "source_ref": "campaign--b05116cb-0c59-566b-8d66-f1b30f5532c3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--28f8306b-a269-5080-878b-12f6f92b2da8", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--b334cad9-4a98-51f7-aa34-64888a34bb88", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3f489c1c-26d1-5317-b3fd-65a150b7aff5", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--b334cad9-4a98-51f7-aa34-64888a34bb88", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e2fcdb36-8433-5089-8b7b-8236ffc73bd1", "target_ref": "malware--9a02d2fa-d4d7-587f-9b4a-3825453d708f", "source_ref": "campaign--b334cad9-4a98-51f7-aa34-64888a34bb88", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c8b11770-14fe-5ca2-9428-9a9be12393e4", "target_ref": "threat-actor--b2c6f777-7092-5939-938a-cbf2730f337c", "source_ref": "campaign--b334cad9-4a98-51f7-aa34-64888a34bb88", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5bd8379c-2788-54f5-a08c-7861bf5ca736", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--07db8379-bc3c-5ed9-b17b-3d0b67c7a2a3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8b653d61-3ddc-5420-9d35-91747700948f", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--07db8379-bc3c-5ed9-b17b-3d0b67c7a2a3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7098d318-78ee-57b5-b21c-e285fc6d4f7f", "target_ref": "malware--45e2ee08-fe7f-56f9-aaca-5c9d4fa0c705", "source_ref": "campaign--07db8379-bc3c-5ed9-b17b-3d0b67c7a2a3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--06e4e1d4-2b3c-5de8-bc83-f01aabfdc796", "target_ref": "malware--106d9bf0-00dd-5126-b5e8-269211462460", "source_ref": "campaign--07db8379-bc3c-5ed9-b17b-3d0b67c7a2a3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--1b415cb8-b550-57a3-9aa0-e00318eee4a4", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--07db8379-bc3c-5ed9-b17b-3d0b67c7a2a3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a9f6b79b-b991-5854-baa1-ac44f63dd9b8", "target_ref": "attack-pattern--de1b06cf-8261-55d2-a3bb-d385ababfb4c", "source_ref": "campaign--5e2a2ab6-16b2-57e2-b2d7-4f9cc9d1567b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3b4c77a3-c21a-537a-95be-b837795d8b64", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--5e2a2ab6-16b2-57e2-b2d7-4f9cc9d1567b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--833c0057-c47a-569f-aee5-a0c48dadcc35", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--5e2a2ab6-16b2-57e2-b2d7-4f9cc9d1567b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ceec262d-2fd7-59f2-ac9a-24ed12e81461", "target_ref": "attack-pattern--3526a872-e04b-5ffe-9f46-bea52f146528", "source_ref": "campaign--43ff4f3a-24be-5a54-b26f-449e6f2aa86b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3282c7c6-ef5a-5797-a3d9-9d7aff300a15", "target_ref": "malware--12c6aa23-6ad0-5954-9c37-4289f2dc7772", "source_ref": "campaign--43ff4f3a-24be-5a54-b26f-449e6f2aa86b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--057a7e9e-7637-5a12-bc30-d893608f5e55", "target_ref": "malware--61230a00-fb63-5580-aeac-9dd7ccbc36ee", "source_ref": "campaign--43ff4f3a-24be-5a54-b26f-449e6f2aa86b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--02e998b6-5ba4-5947-a476-5831ddea4ac5", "target_ref": "tool--e4ea1a47-2cc7-5b40-ae04-25bfd7351dbb", "source_ref": "campaign--43ff4f3a-24be-5a54-b26f-449e6f2aa86b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--0053347e-e1ee-59d0-ac99-d7dfeed9cba6", "target_ref": "threat-actor--59582752-5104-56c4-b809-83f1d0aaa754", "source_ref": "campaign--43ff4f3a-24be-5a54-b26f-449e6f2aa86b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4d57114b-36ee-5d19-8fd3-01898cb68ba0", "target_ref": "attack-pattern--0c8c740a-112c-5acd-a1b8-f38eb2714d7b", "source_ref": "campaign--470a1430-79d3-5303-b1a1-85193bc72f77", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--dd8899e4-44a5-5f1c-bf08-8380fc6e40f5", "target_ref": "malware--bd192e0d-b855-5af3-8077-ab81f7890692", "source_ref": "campaign--470a1430-79d3-5303-b1a1-85193bc72f77", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3ea49315-d9a8-5a84-9bd3-d342bd2d673c", "target_ref": "malware--76ac0792-d6b4-5f0f-a533-161d0dc28c58", "source_ref": "campaign--470a1430-79d3-5303-b1a1-85193bc72f77", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--eb9f41ce-44e2-5a4b-ac52-44d2ac42a10c", "target_ref": "malware--3df2b13b-cc41-5062-bfbc-21ebaf63cd4d", "source_ref": "campaign--470a1430-79d3-5303-b1a1-85193bc72f77", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--18da6a08-a788-5867-97c7-6e39a371fda0", "target_ref": "threat-actor--cc0811ae-7246-5daf-98de-5103fa15d8e0", "source_ref": "campaign--470a1430-79d3-5303-b1a1-85193bc72f77", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3951c4bb-7eac-56e6-9540-e2ca0ea8ba16", "target_ref": "attack-pattern--d14fabf9-910b-5fac-969d-9be1b154fac8", "source_ref": "campaign--ee036a1f-2232-5853-a0db-c819ccd8ee56", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9c46408f-c144-5f0a-8faf-16172112d44a", "target_ref": "attack-pattern--1b20466b-e861-531c-9d54-980fb6e811b1", "source_ref": "campaign--ee036a1f-2232-5853-a0db-c819ccd8ee56", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--43d332a4-4a3e-5498-8e78-fde29cfcfb5f", "target_ref": "malware--65e4e7a0-cd1a-54b3-8bda-edb13ddf4a0d", "source_ref": "campaign--ee036a1f-2232-5853-a0db-c819ccd8ee56", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ed8b765b-dd18-59bb-b66d-b50de59b3412", "target_ref": "threat-actor--a1f142d8-fa9d-5b7b-b76c-040faf6c271d", "source_ref": "campaign--ee036a1f-2232-5853-a0db-c819ccd8ee56", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--17250456-d2d2-55d1-99bf-ab316bd14145", "target_ref": "attack-pattern--e8605090-b15d-5201-9313-79abf2ca5567", "source_ref": "campaign--210da783-1ee0-5230-ab13-9575cbced559", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0705069a-a8d8-5ce5-8a79-874f7dff1564", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--210da783-1ee0-5230-ab13-9575cbced559", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fb66b65b-88ed-5ff3-bfb5-f754f9d10c2c", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--210da783-1ee0-5230-ab13-9575cbced559", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--83bcdafb-ac5d-56fe-87b0-521eb1836434", "target_ref": "threat-actor--c8927914-822e-5b3d-a464-3c273a7fcf54", "source_ref": "campaign--210da783-1ee0-5230-ab13-9575cbced559", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b17c1300-e687-5d2d-be91-b47e5ad55add", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--2e1c4598-876a-5f47-8e29-a13e627107df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0957eea1-b8f1-5694-b244-d394e4c31262", "target_ref": "malware--f1c9296a-bbd3-5d6e-aa98-47d862405b4e", "source_ref": "campaign--2e1c4598-876a-5f47-8e29-a13e627107df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d88585cc-f2ea-55bd-acc6-bb5edceb44ce", "target_ref": "malware--5d01b4a4-9cb0-5e06-9fa7-3c37ac5d0e0f", "source_ref": "campaign--2e1c4598-876a-5f47-8e29-a13e627107df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c2d6c7cc-6dc2-5988-87d8-7a4989f183e9", "target_ref": "malware--92227a1b-b911-5ef5-b03f-7240d2f04a1e", "source_ref": "campaign--2e1c4598-876a-5f47-8e29-a13e627107df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1cc20536-da1b-5415-8ce9-3bb3b73c4cbc", "target_ref": "malware--3af9f3f1-6b4e-5862-b067-7d60944c08e1", "source_ref": "campaign--2e1c4598-876a-5f47-8e29-a13e627107df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c8e4b7a8-5aca-5670-96fe-ff077e1954e5", "target_ref": "malware--426b7b01-4b04-562a-9944-01aef5e21b22", "source_ref": "campaign--2e1c4598-876a-5f47-8e29-a13e627107df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--5b828877-f85f-5710-8617-1ad948ff01f7", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--2e1c4598-876a-5f47-8e29-a13e627107df", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d11ccbdc-0caa-5032-a09e-1a5021758538", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--0e9038ac-3d78-5457-9dbd-2f5c1c795719", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c91d737b-22ec-5827-b589-e53a895ab661", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--0e9038ac-3d78-5457-9dbd-2f5c1c795719", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1655977b-164d-5500-b739-a3c40c8e4692", "target_ref": "attack-pattern--94e99384-66fb-5c8d-bfde-b97d75d432b9", "source_ref": "campaign--0e9038ac-3d78-5457-9dbd-2f5c1c795719", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6ff35c52-e0fb-524c-910d-ebb3731dd6bf", "target_ref": "malware--c794b6e7-0c76-5b50-b4b2-d445ebeb48fe", "source_ref": "campaign--0e9038ac-3d78-5457-9dbd-2f5c1c795719", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4cd24af1-085c-5685-b783-56eedb5736f8", "target_ref": "malware--52c1e5d9-83e9-52e6-8eeb-52614654a168", "source_ref": "campaign--0e9038ac-3d78-5457-9dbd-2f5c1c795719", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--304a06ac-f738-5f45-b910-1d02500857ef", "target_ref": "threat-actor--dad471f1-740d-511b-8bca-bb0d229fb46e", "source_ref": "campaign--0e9038ac-3d78-5457-9dbd-2f5c1c795719", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3d428f2b-0bd7-5a08-82c1-6411992f4625", "target_ref": "malware--68c8e5f3-6043-5a41-92ab-ca743d60ece8", "source_ref": "campaign--b097e505-89f2-510f-94d5-96082f0a6e94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--2bf74ae6-ee47-5f97-bc31-d4b4b1203cf5", "target_ref": "threat-actor--0c9aafa1-2ed4-5ebd-90f0-86cf724a3d56", "source_ref": "campaign--b097e505-89f2-510f-94d5-96082f0a6e94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4136a227-1493-556d-be9b-57ba4ad3d264", "target_ref": "attack-pattern--3779cb0e-c75c-537f-ba69-2ed84be73c0a", "source_ref": "campaign--2427bcde-e35b-5719-9633-d4f266153b01", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--36e576ed-9861-5fc8-892f-fc033589b171", "target_ref": "attack-pattern--c1d02b3e-d05f-5339-be7e-9bf784ba3df1", "source_ref": "campaign--2427bcde-e35b-5719-9633-d4f266153b01", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ee37c12d-f4c3-54c0-ab27-85e5b736b865", "target_ref": "malware--4580988d-5482-511d-940d-961ddacba928", "source_ref": "campaign--2427bcde-e35b-5719-9633-d4f266153b01", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--1e319615-69d4-558d-a624-6b77ea091817", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--2427bcde-e35b-5719-9633-d4f266153b01", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9dd76c97-70a8-5813-96c1-69d865c7cc27", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--cce82e77-aba7-50f9-913a-219265c2daea", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ab35c391-5a6b-5ea0-a8ea-2d25897a2f1d", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--cce82e77-aba7-50f9-913a-219265c2daea", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--083f351e-eadf-5589-ad16-50d9826ded99", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--cce82e77-aba7-50f9-913a-219265c2daea", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--26c6d579-ea6f-5da4-9b5c-79144c2c8fd8", "target_ref": "tool--6b4b7b9d-748c-59a5-83a6-7ee2251bbf00", "source_ref": "campaign--cce82e77-aba7-50f9-913a-219265c2daea", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9f66530f-2d30-534c-890c-20bf4600ad73", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--cce82e77-aba7-50f9-913a-219265c2daea", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ae22b3ad-1c0a-5489-8b63-4970f1c45c94", "target_ref": "attack-pattern--49f22301-6915-5e0b-ae99-6cb3496d7157", "source_ref": "campaign--77b3994e-382e-578e-8029-ad5e71595905", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--dc5cd5e0-0b76-56b6-994c-4164f83e04df", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--77b3994e-382e-578e-8029-ad5e71595905", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d5157578-07d1-5e85-bf4f-a31e1594c7ad", "target_ref": "threat-actor--c11b3e4a-16f6-5d49-87a3-25211b14f212", "source_ref": "campaign--77b3994e-382e-578e-8029-ad5e71595905", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2e149948-7bcc-5ed8-9e52-d13744d22899", "target_ref": "attack-pattern--9e6c1533-f27c-55dd-a221-e5428f8d63c2", "source_ref": "campaign--b69d8105-0ad2-5952-b408-bdb068ac65d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1a3dbdf2-061c-5a41-b3a7-aa707a99b26a", "target_ref": "attack-pattern--08b0ca9c-45fd-575d-97a0-68f97a7a8bb8", "source_ref": "campaign--b69d8105-0ad2-5952-b408-bdb068ac65d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e976494c-2a3a-5cbc-907c-5f64bd0efa43", "target_ref": "malware--43bbd2db-f773-53b4-9a28-9359e0fab397", "source_ref": "campaign--b69d8105-0ad2-5952-b408-bdb068ac65d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d48235a4-ad2c-5f1f-b82f-d6ddac877847", "target_ref": "threat-actor--4b827fef-0961-574e-975d-8167e370e318", "source_ref": "campaign--b69d8105-0ad2-5952-b408-bdb068ac65d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--331c702b-2422-5b00-9928-eb0138505182", "target_ref": "attack-pattern--3e0c46c3-e492-59d7-9450-954aa045d239", "source_ref": "campaign--993ec2f4-956f-5e68-a569-70eef0e72981", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--51dffa34-87e4-5364-b947-7d549a259fd4", "target_ref": "attack-pattern--2f16b62a-4e07-534c-bb1a-eb33a69d445a", "source_ref": "campaign--993ec2f4-956f-5e68-a569-70eef0e72981", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9e69583f-7487-5152-9f9f-c529cb317e14", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--993ec2f4-956f-5e68-a569-70eef0e72981", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a556dda4-6a3e-5f7e-836f-6f6b69a4aec6", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--993ec2f4-956f-5e68-a569-70eef0e72981", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5544c392-d289-50e7-b069-0060f4b71e0f", "target_ref": "attack-pattern--86e9b2ff-550c-524c-82c9-f5c99d7f9799", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4119f8e8-00cb-5f3b-bc6d-a1b6552b7c05", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--87d1a15d-809c-523e-aa82-86e85640310e", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c969de2b-8854-5159-acd6-934f7b1c3bba", "target_ref": "attack-pattern--1b20466b-e861-531c-9d54-980fb6e811b1", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8a735c18-39f8-5c7e-89aa-91f25109cd6f", "target_ref": "malware--c794b6e7-0c76-5b50-b4b2-d445ebeb48fe", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7c87f823-5074-5e3f-8013-1a5c7d0894bb", "target_ref": "malware--e7cf0d34-548f-5f1e-b151-855b7fde1555", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--afcdb7d1-bada-52e5-893d-8a0991739875", "target_ref": "malware--4804f062-b552-5946-be5b-11bbb23901f3", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6a58d6d5-677c-5de0-bddb-0fecdfcc1a9f", "target_ref": "malware--8981a940-5c20-5c01-a13b-97421331bae8", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6b625f20-74eb-5885-9462-e30bdc7e3322", "target_ref": "malware--7f0dab2b-e358-584f-8f19-a3173eb437bd", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--dd98f3db-09d6-58b5-b4fa-ba255bbe76af", "target_ref": "malware--1c5c965d-235c-5aae-b2b9-b38699c20acb", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3913f63c-9fc8-5ac1-bf81-c61b59fe3d5b", "target_ref": "malware--76864ecf-4022-5ca7-a9e0-41d9080380ea", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5737943f-e007-5df6-aa1e-0b535a2a18c2", "target_ref": "malware--7a92e1d2-991b-5b7f-8e20-0df80474b76d", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--57ae7474-64b6-5e01-bb86-c390de698e0d", "target_ref": "malware--35b5a993-a560-51bd-b886-6214c7fafe56", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--0eee3e93-5572-5b2a-acbb-8dc697c9f2e3", "target_ref": "threat-actor--2424d3b7-f772-5290-97b3-80655bb13c86", "source_ref": "campaign--793f096e-630f-5b59-9971-35917da0d3b4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6ba6b683-65f2-5491-97d0-94923997d4fb", "target_ref": "attack-pattern--fede1e9a-5a5c-5d74-94a0-cef9b3bc6bc7", "source_ref": "campaign--163378ab-7488-5e73-9cfd-2e93f114937a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b8af5113-7d55-5970-b4b1-cca5844d7cad", "target_ref": "attack-pattern--69cb5a21-6cd0-5767-bbbf-dfe1f0e18211", "source_ref": "campaign--163378ab-7488-5e73-9cfd-2e93f114937a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3664de8f-1e25-5f50-beab-87397f8aaed7", "target_ref": "attack-pattern--66b124ea-b293-5ca9-82ac-5c7f52981b89", "source_ref": "campaign--163378ab-7488-5e73-9cfd-2e93f114937a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5c689ebc-0486-59aa-a8d4-7e255290b4f2", "target_ref": "malware--b9285cfb-c489-5633-9ca1-386637801c00", "source_ref": "campaign--163378ab-7488-5e73-9cfd-2e93f114937a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--7435a71e-8e17-5b58-a445-3de4b5da807a", "target_ref": "threat-actor--bd8bb7d4-e2c5-513e-9b7c-46f1f67852b6", "source_ref": "campaign--163378ab-7488-5e73-9cfd-2e93f114937a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3bf8688d-3bec-588a-ad35-75f0471c356b", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--e76d62e2-2ddc-595d-8ec7-c8bcfc96e736", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3f549492-1d81-5dfc-9994-8d0da454097b", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--e76d62e2-2ddc-595d-8ec7-c8bcfc96e736", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--554c8ecc-a950-54d3-8f20-b49ad5c6d0f2", "target_ref": "malware--d0d0dcfa-b521-51b9-9316-ffb6735fd0db", "source_ref": "campaign--e76d62e2-2ddc-595d-8ec7-c8bcfc96e736", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--98af72c7-cd71-5baa-9814-8672808762b6", "target_ref": "malware--6769308a-3d78-5cf5-9c73-1276dea72b25", "source_ref": "campaign--e76d62e2-2ddc-595d-8ec7-c8bcfc96e736", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--34bf3f99-210d-5178-bba9-dac17b609f22", "target_ref": "malware--313c6c52-1a9d-52cf-b648-05ee3945d3d1", "source_ref": "campaign--e76d62e2-2ddc-595d-8ec7-c8bcfc96e736", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ad4c2547-f6b2-5a59-b3cc-915b5fe8be59", "target_ref": "threat-actor--cf06485e-2659-5dd5-8daa-551edce1d1f9", "source_ref": "campaign--e76d62e2-2ddc-595d-8ec7-c8bcfc96e736", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9461586f-e92f-5933-8e45-3e9d72cb7663", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--761bb01f-be4d-590e-a724-6746619b52f5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8dcf9d1d-0065-5a06-9840-c62f03dc9ba9", "target_ref": "malware--d082380b-482b-5c5c-b737-d33fb320d9da", "source_ref": "campaign--761bb01f-be4d-590e-a724-6746619b52f5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--871c71f3-afe1-5233-9467-672620cb05da", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--761bb01f-be4d-590e-a724-6746619b52f5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b2c755b6-028e-55c1-a7e9-68888d9c36ba", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--6beba7f0-3e91-52a9-aff8-1ff8af1f3785", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--928e2ea8-6d0c-55b6-8b27-5b88d5f8a0aa", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--6beba7f0-3e91-52a9-aff8-1ff8af1f3785", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3ed67216-6c8f-5850-988a-e8cad036ab2c", "target_ref": "malware--8234f515-4078-5423-a1af-2d24794f11ab", "source_ref": "campaign--6beba7f0-3e91-52a9-aff8-1ff8af1f3785", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c105b8c9-0ef0-5fe9-807e-7b522314e8a6", "target_ref": "threat-actor--4088d423-8b48-5bb1-bce6-4fc1596e59b6", "source_ref": "campaign--6beba7f0-3e91-52a9-aff8-1ff8af1f3785", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c3fc6a8f-a1e3-5ad4-a3b5-93649b423418", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--4d9204e0-affe-583a-a179-601a81d103eb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--21b550ac-043a-5bd9-a27a-05a60d2aa6e2", "target_ref": "attack-pattern--d14fabf9-910b-5fac-969d-9be1b154fac8", "source_ref": "campaign--4d9204e0-affe-583a-a179-601a81d103eb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9c3879e3-1c27-509d-9108-7403dc22965e", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--4d9204e0-affe-583a-a179-601a81d103eb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--86269484-4fc9-5fcb-857c-162b66333a96", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--a82395d0-4f36-5df0-aa4d-7467c4778e9f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1a8eeaed-add8-51d6-af4d-59a4fe878c72", "target_ref": "attack-pattern--66b124ea-b293-5ca9-82ac-5c7f52981b89", "source_ref": "campaign--a82395d0-4f36-5df0-aa4d-7467c4778e9f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d5bacb8f-ea63-5df0-a2c7-a68b3e772979", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--a82395d0-4f36-5df0-aa4d-7467c4778e9f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--be25abff-d2cf-5300-b0f0-b12f1d0562d0", "target_ref": "attack-pattern--ccab1da0-1617-5485-92c5-15abceb3948a", "source_ref": "campaign--a82395d0-4f36-5df0-aa4d-7467c4778e9f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--113d1b80-0435-5e2d-a062-d85b8738a927", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--a82395d0-4f36-5df0-aa4d-7467c4778e9f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9bf73283-52d1-5905-b15b-9596ab3e570e", "target_ref": "tool--6b4b7b9d-748c-59a5-83a6-7ee2251bbf00", "source_ref": "campaign--a82395d0-4f36-5df0-aa4d-7467c4778e9f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--34540e40-5640-5b8d-8c50-5599acbe7e56", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--a82395d0-4f36-5df0-aa4d-7467c4778e9f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5edf7c7d-b7d6-52a3-a3ea-8b29ecefe163", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--a977f299-9e5a-5c50-bd3c-fc17801ff3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e80af83d-3af5-5da1-ab31-4baf059aea68", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--a977f299-9e5a-5c50-bd3c-fc17801ff3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--758b5ff6-1ad6-565e-9796-0c93e55d7d68", "target_ref": "attack-pattern--5e45525a-8869-5496-b37a-d46883876081", "source_ref": "campaign--a977f299-9e5a-5c50-bd3c-fc17801ff3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d30e3b94-8b2a-5ba6-89c1-83f2c3f9190d", "target_ref": "malware--271bbd4b-c076-597a-a4db-268053cfb6e7", "source_ref": "campaign--a977f299-9e5a-5c50-bd3c-fc17801ff3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--de2cd51f-eb3d-5106-9c78-f66944fccfd8", "target_ref": "malware--730efe3d-dd7a-5ee9-910b-0531c1faec8e", "source_ref": "campaign--a977f299-9e5a-5c50-bd3c-fc17801ff3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--17f708c4-5106-5e79-b292-2d3bdecd1c68", "target_ref": "malware--77c91ef3-b0ff-561b-9511-e622f8527abc", "source_ref": "campaign--a977f299-9e5a-5c50-bd3c-fc17801ff3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4a1212fb-cae5-5219-a73a-c0c649cd0cbd", "target_ref": "malware--570faeb3-ceef-5acf-b3ec-1a8fe0181614", "source_ref": "campaign--a977f299-9e5a-5c50-bd3c-fc17801ff3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ada8f703-27ac-5c74-87f0-1ddcda938d29", "target_ref": "malware--9ed3bf22-3245-5b26-b080-ef1b5185d368", "source_ref": "campaign--a977f299-9e5a-5c50-bd3c-fc17801ff3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9b65627e-f57b-5dee-85d7-8cc164799d51", "target_ref": "threat-actor--df853f3e-dfd0-5de2-aed7-5cee3f00c05b", "source_ref": "campaign--a977f299-9e5a-5c50-bd3c-fc17801ff3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d21ac314-d3f2-52e6-bd69-e6417cbdf747", "target_ref": "attack-pattern--e13593b3-f905-5fd9-8542-f475167d1661", "source_ref": "campaign--bc6ac451-4324-5cd5-bde0-657a2b3283ba", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3433711d-20c1-52dd-99f0-1a2b9f888b75", "target_ref": "attack-pattern--fddd711e-b77c-50f9-9efa-7c823f8c68c0", "source_ref": "campaign--bc6ac451-4324-5cd5-bde0-657a2b3283ba", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1a2bbecf-77d7-5213-b3c2-120ed33185f6", "target_ref": "malware--dd13a25b-1ade-5d1b-99fe-8a88aad69223", "source_ref": "campaign--bc6ac451-4324-5cd5-bde0-657a2b3283ba", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--451336be-d4ed-55dc-9fdf-c5e068e5b966", "target_ref": "malware--db9e39b5-4475-56f0-a2b5-61fbab3a1e9e", "source_ref": "campaign--bc6ac451-4324-5cd5-bde0-657a2b3283ba", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--027015bc-1ecf-57de-90f7-1975faae82bc", "target_ref": "malware--47b674df-38b3-51de-b409-7f07efe5a181", "source_ref": "campaign--bc6ac451-4324-5cd5-bde0-657a2b3283ba", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--0c0957a6-cf58-50b4-9614-d8d2a98e0d1b", "target_ref": "threat-actor--93c168f9-3b32-5560-a38b-902458eb03c2", "source_ref": "campaign--bc6ac451-4324-5cd5-bde0-657a2b3283ba", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a2975111-4276-5851-9969-7c8ca11f86c0", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--7dd7931d-306b-5cbd-87b0-cc3f928b3b0e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3bd941ef-4668-50e5-91c5-47c4cbe6d2e9", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--7dd7931d-306b-5cbd-87b0-cc3f928b3b0e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--fe96020a-6025-54ce-88ee-3bb323f56034", "target_ref": "threat-actor--3354a135-6001-547c-b2e1-68d2ae8659c7", "source_ref": "campaign--7dd7931d-306b-5cbd-87b0-cc3f928b3b0e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6d24d746-6c56-5364-8b06-68dc46d45bca", "target_ref": "attack-pattern--92cd678d-5f7d-55ab-b280-60bd6e60bc71", "source_ref": "campaign--134b9fd4-6b49-5100-8bb9-e0839fbb9e41", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--fac3f16a-41ce-57bc-9c07-445240ef1d2a", "target_ref": "threat-actor--ee343e39-01d1-56ad-8e78-af03ac0396ec", "source_ref": "campaign--134b9fd4-6b49-5100-8bb9-e0839fbb9e41", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b776b128-daab-5f05-bad2-cc6c8e13e4ca", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--5bdaa393-b782-548e-b611-855a30e54ce9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3a326789-06be-5c6d-b3c7-54fb65bebcb5", "target_ref": "attack-pattern--ccab1da0-1617-5485-92c5-15abceb3948a", "source_ref": "campaign--5bdaa393-b782-548e-b611-855a30e54ce9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9f8dfd5d-6f72-5e6e-82f9-f3640fccdfc3", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--5bdaa393-b782-548e-b611-855a30e54ce9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--91348f6f-21b6-579b-93f0-bd90f6302e15", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--2d5e879a-4088-5405-ba96-943097d65af9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--58e25476-a4fc-50a6-894e-6cc0608b37c6", "target_ref": "attack-pattern--1b20466b-e861-531c-9d54-980fb6e811b1", "source_ref": "campaign--2d5e879a-4088-5405-ba96-943097d65af9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fb457bf8-3ae5-5385-9f34-e93b6cae4f43", "target_ref": "malware--76fac17a-5d12-502d-9d07-a7a76c489d42", "source_ref": "campaign--2d5e879a-4088-5405-ba96-943097d65af9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--1ff6774b-4bd4-5236-8379-5a85637b3a41", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--2d5e879a-4088-5405-ba96-943097d65af9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2ce7fd44-676d-58d1-9494-db7be5b72e30", "target_ref": "attack-pattern--7c35ce67-e609-5819-a3e4-9c4c2401d20c", "source_ref": "campaign--a62db5ac-b779-5c8c-b29e-a61c84d59383", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b6765b07-2614-5830-8b7b-8906b30c886c", "target_ref": "malware--689141b3-380d-5866-9693-333d261016f4", "source_ref": "campaign--a62db5ac-b779-5c8c-b29e-a61c84d59383", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--2b272eac-1dd5-597a-b594-e7cb5bcb89d6", "target_ref": "threat-actor--043f5267-da65-598b-ad4b-130d54b13b17", "source_ref": "campaign--a62db5ac-b779-5c8c-b29e-a61c84d59383", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ae8f2a84-e102-5d5c-b8f9-ed2bd356bde4", "target_ref": "attack-pattern--5ab8f232-2e54-5fe7-bcba-87f5d5569351", "source_ref": "campaign--c1996100-0c0c-56dd-95a1-aeee22de2de2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f277ca07-5106-53ab-9514-b3c038c181b7", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--c1996100-0c0c-56dd-95a1-aeee22de2de2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--44038707-93c1-5b0b-9c21-98b83ff828d6", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--c1996100-0c0c-56dd-95a1-aeee22de2de2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--54f68590-ea3d-5062-b8b3-1bb5e6595cf6", "target_ref": "attack-pattern--3c778cf2-767e-568f-bc8f-8e1486b6b9a7", "source_ref": "campaign--c1996100-0c0c-56dd-95a1-aeee22de2de2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ea33f70f-b12b-5efc-9164-44f3d79dcb50", "target_ref": "attack-pattern--e8605090-b15d-5201-9313-79abf2ca5567", "source_ref": "campaign--c1996100-0c0c-56dd-95a1-aeee22de2de2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--61e5e106-6826-5548-8aef-e96be7d9ac2a", "target_ref": "malware--da500529-bbb3-5c34-bff6-249f50b0ac6e", "source_ref": "campaign--c1996100-0c0c-56dd-95a1-aeee22de2de2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--81ebb732-219a-599d-bd5b-ae43f69cc8b9", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--c1996100-0c0c-56dd-95a1-aeee22de2de2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b3e7c1b0-2cc8-5b09-b710-c2988d008ff5", "target_ref": "attack-pattern--0954f27a-cb10-54f4-bc22-b12ac06b001a", "source_ref": "campaign--b4749f10-0e9c-5e73-bd03-c3ef4813d283", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e711bc27-e51d-5063-b746-77a2376ad100", "target_ref": "attack-pattern--d14fabf9-910b-5fac-969d-9be1b154fac8", "source_ref": "campaign--b4749f10-0e9c-5e73-bd03-c3ef4813d283", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d2447ad0-c925-54f8-88ea-be1d050f3afc", "target_ref": "attack-pattern--1630d698-b728-52d8-91d0-31408527bc0f", "source_ref": "campaign--b4749f10-0e9c-5e73-bd03-c3ef4813d283", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--39c8804f-d0c0-5827-ae91-72de7da87769", "target_ref": "threat-actor--22ad1745-fe03-5a0c-83e2-fd01da11a394", "source_ref": "campaign--b4749f10-0e9c-5e73-bd03-c3ef4813d283", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a7bd7f8d-a363-54d0-a0ec-83549faa9607", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--d1d048ea-c212-59a1-8c66-37766ada8640", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e1795d32-a4f9-51e3-8ef4-562661f568e3", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--d1d048ea-c212-59a1-8c66-37766ada8640", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e640fb54-7033-5da6-860c-6693db0323f9", "target_ref": "attack-pattern--19043398-df82-56d0-8cde-d35050a71a8d", "source_ref": "campaign--c1205c32-2979-5b74-a5ee-ba1ad5b50cf5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f184dfee-dc22-56bb-b220-b573140371e3", "target_ref": "malware--cbface8b-0247-5aa3-8145-cf807b1963cb", "source_ref": "campaign--c1205c32-2979-5b74-a5ee-ba1ad5b50cf5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--5215a1e3-efb8-5fa1-b3d0-3fe2bc7521cf", "target_ref": "threat-actor--2424d3b7-f772-5290-97b3-80655bb13c86", "source_ref": "campaign--c1205c32-2979-5b74-a5ee-ba1ad5b50cf5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6b1d431d-27c3-5471-a5ee-3efe8e734581", "target_ref": "attack-pattern--66ed8ccc-72fd-57cd-8d5e-c6002d119f83", "source_ref": "campaign--111eb687-134d-5f80-b86c-fa32e75ef542", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--997d0286-2673-5517-8fdc-2d635ed32c72", "target_ref": "malware--2ed45be8-30b3-5fc6-bc4c-68083433ef5c", "source_ref": "campaign--111eb687-134d-5f80-b86c-fa32e75ef542", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--fc77c9db-d764-5924-92d1-f583cfc53984", "target_ref": "threat-actor--797c05c7-bdcf-59d2-877c-70602f877dbf", "source_ref": "campaign--111eb687-134d-5f80-b86c-fa32e75ef542", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b6e7770b-7cf3-59df-8610-ff22b8f9207a", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--be04cb55-9b39-5b8e-9942-717b7c91dbed", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--07432854-212a-50c3-b0b6-45e97a597c82", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--be04cb55-9b39-5b8e-9942-717b7c91dbed", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e411267d-0fe0-5ef8-b330-6e2a67b452d9", "target_ref": "attack-pattern--aa55d7d6-fd5e-5c83-a582-8c8d4d858628", "source_ref": "campaign--be04cb55-9b39-5b8e-9942-717b7c91dbed", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3470b87a-7bef-5f25-94b5-99fc9499bee1", "target_ref": "malware--1eeb085a-70e7-544e-b154-1fd5ea87296b", "source_ref": "campaign--be04cb55-9b39-5b8e-9942-717b7c91dbed", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e817b3fc-bd86-54b3-bf2a-598a6d9c3f36", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--be04cb55-9b39-5b8e-9942-717b7c91dbed", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e41ce582-7d64-5d8c-921b-2bfce71fd7c1", "target_ref": "threat-actor--759f0092-5a60-5059-8a6c-850a7b0946aa", "source_ref": "campaign--be04cb55-9b39-5b8e-9942-717b7c91dbed", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--740437db-971f-5c32-b216-06c1507c07b0", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--d8a3cda9-9254-53b3-9ede-c48bdf8c894d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e855a014-f3c4-5a32-aa79-57a0428f2dbb", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--d8a3cda9-9254-53b3-9ede-c48bdf8c894d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c7de1f0f-6c48-56a5-b49d-3dbc239cfd7d", "target_ref": "attack-pattern--d8539932-9e1c-5821-8b9c-6230c35a0ba5", "source_ref": "campaign--d8a3cda9-9254-53b3-9ede-c48bdf8c894d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--08212751-28a7-5881-a1e7-f556f5524ce1", "target_ref": "malware--1ef1c04c-3c17-5fed-aaeb-cc07ff3cbc8d", "source_ref": "campaign--d8a3cda9-9254-53b3-9ede-c48bdf8c894d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--352e13e2-3cc9-5c55-8d36-e815cf105c4e", "target_ref": "tool--6b4b7b9d-748c-59a5-83a6-7ee2251bbf00", "source_ref": "campaign--d8a3cda9-9254-53b3-9ede-c48bdf8c894d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--dd7a86b8-d4ca-5da6-b94d-8b972ed1b521", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--d8a3cda9-9254-53b3-9ede-c48bdf8c894d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f66b8402-c934-5090-8dfb-0c360ad50a2d", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--78b676dd-7443-57fd-bfde-2b9074420c6b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a4208bcb-f4b5-5840-be4a-406fc9b10cc2", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--78b676dd-7443-57fd-bfde-2b9074420c6b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2f41530d-174c-5922-a5ca-00ad3f42cf96", "target_ref": "attack-pattern--b736d0bd-e82e-5c5f-aa25-9906e9eb79ba", "source_ref": "campaign--ed01aee8-882c-5c4e-844f-8e4f5bf52723", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8811d1b1-7162-598d-b44e-926315551518", "target_ref": "malware--3e44ba93-4db3-5107-ac57-d2932854c55b", "source_ref": "campaign--ed01aee8-882c-5c4e-844f-8e4f5bf52723", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--990a8f31-9276-50e1-b07f-47898b0904e3", "target_ref": "threat-actor--8ef0b19b-a195-595d-a44f-e6fdc538e364", "source_ref": "campaign--ed01aee8-882c-5c4e-844f-8e4f5bf52723", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--866d79b3-9d1a-5202-a852-c7b20d243031", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--c3af1cb8-c81d-506a-9a86-87c522e54332", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--917e5820-d622-52e0-99c8-a1dfa99478db", "target_ref": "malware--080d4180-64ce-5794-b74f-4458703144ce", "source_ref": "campaign--c3af1cb8-c81d-506a-9a86-87c522e54332", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--947b1058-95d8-5342-be27-a12ae9316308", "target_ref": "malware--43eccb9b-0ae5-506a-a4dc-ecec1f013bd6", "source_ref": "campaign--c3af1cb8-c81d-506a-9a86-87c522e54332", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c24f9740-b89e-51ef-98cb-b1f5cafc776b", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--c3af1cb8-c81d-506a-9a86-87c522e54332", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bc6f3521-3445-56e8-a3b6-2653b97de1c7", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--74470953-460d-5e2d-868e-e50bdc580060", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--83b62743-a723-5bc6-8a35-7395f8469932", "target_ref": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "source_ref": "campaign--74470953-460d-5e2d-868e-e50bdc580060", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c383164b-6319-54d4-aed1-e0f24b6baa05", "target_ref": "malware--072de0f2-2b12-57a3-944c-d71a6fd9a43f", "source_ref": "campaign--74470953-460d-5e2d-868e-e50bdc580060", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1ae907b2-d9da-5f90-9aa4-f39bcc3bdee1", "target_ref": "malware--8a62ca26-11ed-5926-992a-31cafbb0e084", "source_ref": "campaign--74470953-460d-5e2d-868e-e50bdc580060", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3ab3a7b3-9d03-5aca-b1b1-cec7d33cc808", "target_ref": "threat-actor--d8f2f35d-a05b-5f82-8fb0-cb53861840ef", "source_ref": "campaign--74470953-460d-5e2d-868e-e50bdc580060", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--63e1ffbb-bf0e-591e-a34d-f3d4a0e6abcb", "target_ref": "attack-pattern--c1d02b3e-d05f-5339-be7e-9bf784ba3df1", "source_ref": "campaign--5ca6b9da-e0bb-5c29-a0aa-282dea516d32", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3173c366-68df-5bf6-82c8-a1cb3037cafb", "target_ref": "malware--9a948e0e-fd85-5c5e-9848-90876c09d5d5", "source_ref": "campaign--5ca6b9da-e0bb-5c29-a0aa-282dea516d32", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--6de7abda-04a9-58ce-8f27-4e176496ed5f", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--5ca6b9da-e0bb-5c29-a0aa-282dea516d32", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b6c4ebe1-3563-5c91-8493-a67830e50d1d", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--cff6eb55-1bf6-5eb7-bf52-55f21c351e1d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fa86a967-e930-5c33-8d66-3375df171646", "target_ref": "attack-pattern--69cb5a21-6cd0-5767-bbbf-dfe1f0e18211", "source_ref": "campaign--cff6eb55-1bf6-5eb7-bf52-55f21c351e1d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5baf28c6-e720-5e1f-9106-440e33dd41ce", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--cff6eb55-1bf6-5eb7-bf52-55f21c351e1d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9d42bd5d-e096-5dc0-982b-9446246e0bf7", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--cff6eb55-1bf6-5eb7-bf52-55f21c351e1d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7173a5df-5e56-5cf5-8938-66426634913a", "target_ref": "malware--d1a5f3b8-e9bf-56c7-9fe1-e0ca5845e764", "source_ref": "campaign--cff6eb55-1bf6-5eb7-bf52-55f21c351e1d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--aa36a60b-5bcc-5d3a-8658-d56b3ca26d91", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--cff6eb55-1bf6-5eb7-bf52-55f21c351e1d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7f88798f-b712-5f0a-a433-8f192991f7af", "target_ref": "malware--3f8a347b-aed9-5b7b-98b2-7d4a08d731ab", "source_ref": "campaign--cff6eb55-1bf6-5eb7-bf52-55f21c351e1d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--356bdb7e-cd79-55cd-95f9-f4d4ee0062d7", "target_ref": "malware--e7d3d7c2-3dcf-5e03-a123-be18e016efbe", "source_ref": "campaign--cff6eb55-1bf6-5eb7-bf52-55f21c351e1d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e903e55e-24d4-5bda-9203-d72943e0d3e2", "target_ref": "threat-actor--f703c021-5ae6-57b0-94b1-c08e541ec20a", "source_ref": "campaign--cff6eb55-1bf6-5eb7-bf52-55f21c351e1d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e8eeec42-b61f-560d-bfd4-434ae187ea0b", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--22282a15-4802-58c6-94bc-55532d3e72bb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--dec51172-7f47-5481-b9f6-51d5451db167", "target_ref": "malware--dd65e0ef-bb94-50a2-8540-b0dc27c42022", "source_ref": "campaign--22282a15-4802-58c6-94bc-55532d3e72bb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e2f5eef9-6aae-575d-b451-3ef07ef5426f", "target_ref": "malware--1b214a0a-8ae6-52a4-bf42-6c45682245d2", "source_ref": "campaign--22282a15-4802-58c6-94bc-55532d3e72bb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--929fe4ab-5909-5796-b208-22e9c54b4866", "target_ref": "malware--aba255be-37dd-544c-a4d9-8f7cfaf78a5a", "source_ref": "campaign--22282a15-4802-58c6-94bc-55532d3e72bb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--44b3deb8-b2f4-5a18-8b62-020248d19531", "target_ref": "threat-actor--bdca3605-c4c8-5024-a782-c2a664149f9e", "source_ref": "campaign--22282a15-4802-58c6-94bc-55532d3e72bb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c45e5399-9509-5288-9b0e-84e96e2c577b", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--c663bb5b-e59b-53b0-81f9-729993531605", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--6c9f189c-6936-513a-ba00-4c781975227e", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--c663bb5b-e59b-53b0-81f9-729993531605", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--948fa634-0c69-5273-a356-1356f8489ddf", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--71ce0879-9ba5-540f-bd39-dd419c8e70f2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d330ed29-11a0-517c-8c1e-4078da2173c5", "target_ref": "attack-pattern--d14fabf9-910b-5fac-969d-9be1b154fac8", "source_ref": "campaign--71ce0879-9ba5-540f-bd39-dd419c8e70f2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a3b98f6f-f26e-5ebb-8af7-7e36e81e33a7", "target_ref": "malware--789acffc-e87c-5693-98de-9f5a10e03959", "source_ref": "campaign--71ce0879-9ba5-540f-bd39-dd419c8e70f2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5be886b5-3d24-53ee-9190-3bcb0d53030b", "target_ref": "malware--f17446e5-14f2-50bf-8709-33f083f6140e", "source_ref": "campaign--71ce0879-9ba5-540f-bd39-dd419c8e70f2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4ed91469-430c-5c5d-b8c2-fb3e85b2d930", "target_ref": "threat-actor--23f09ef2-4762-5afa-bbf0-aad7f750a6b2", "source_ref": "campaign--71ce0879-9ba5-540f-bd39-dd419c8e70f2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--37e72281-ba9f-534f-8096-cd601f17503b", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--28c35a46-f557-5097-a551-6cfdcdf39db5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--32601bc9-9edb-5d58-8a52-e27a59a78684", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--28c35a46-f557-5097-a551-6cfdcdf39db5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--02354893-78a4-5bf0-bf51-f81abf733ad3", "target_ref": "malware--26bb6270-fcf0-591b-8eb6-5f212bd11e7a", "source_ref": "campaign--28c35a46-f557-5097-a551-6cfdcdf39db5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--62ba7693-7a18-5d67-9fa5-daa8758fb8b3", "target_ref": "threat-actor--14f61c28-082b-5e1a-82dd-6c9a916187d9", "source_ref": "campaign--28c35a46-f557-5097-a551-6cfdcdf39db5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--74d2ce9b-8a44-56de-a46e-1dd01ccaa01d", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--e3e08e43-3c1e-5901-a24b-7b5585f95cdf", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f2af3d03-1d6f-55c2-8e4d-19b3e8d56ebc", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--e3e08e43-3c1e-5901-a24b-7b5585f95cdf", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a2dda475-b957-5c54-9dd8-a762c2dd266d", "target_ref": "attack-pattern--c04892fa-fe4f-5498-84fb-171191f4cae9", "source_ref": "campaign--79e260a5-bdc4-5d9a-b671-3881b1af4e77", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--729022b9-9c68-5e9b-8469-6582bdf313e0", "target_ref": "malware--42190a8f-70ac-51b9-afc9-7f79846b1644", "source_ref": "campaign--79e260a5-bdc4-5d9a-b671-3881b1af4e77", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b6705e67-d7a0-5dcf-afce-eff1cc4341f4", "target_ref": "tool--b1820b5b-658f-56b7-bb13-c5d5dbbaf582", "source_ref": "campaign--79e260a5-bdc4-5d9a-b671-3881b1af4e77", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--73b45dc0-d0d2-5cca-9180-b43378ab4f0c", "target_ref": "malware--4c73be0c-7c83-5295-9f29-f91307ad6682", "source_ref": "campaign--79e260a5-bdc4-5d9a-b671-3881b1af4e77", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--aea4d881-d510-5309-b7df-3b858533691e", "target_ref": "threat-actor--56d28b28-81fe-5e74-8878-ad148a4a6faa", "source_ref": "campaign--79e260a5-bdc4-5d9a-b671-3881b1af4e77", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f93aecad-32a8-556c-8b00-6f2376b539fe", "target_ref": "attack-pattern--de1b06cf-8261-55d2-a3bb-d385ababfb4c", "source_ref": "campaign--b0646f9a-1152-5892-97ec-898cefb4b5b3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e5cc64e1-4d93-5bdf-813a-a0e98651403f", "target_ref": "attack-pattern--b736d0bd-e82e-5c5f-aa25-9906e9eb79ba", "source_ref": "campaign--b0646f9a-1152-5892-97ec-898cefb4b5b3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d78c2f63-9300-5be6-be22-265ef364ec09", "target_ref": "tool--e4ea1a47-2cc7-5b40-ae04-25bfd7351dbb", "source_ref": "campaign--b0646f9a-1152-5892-97ec-898cefb4b5b3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d4710ed9-19e4-5c39-be8c-f02392034050", "target_ref": "malware--15d768bb-f2f6-5ea7-871a-6995fc48ada6", "source_ref": "campaign--b0646f9a-1152-5892-97ec-898cefb4b5b3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--01dca0ed-f471-5d5b-ac8b-1d74c1788062", "target_ref": "threat-actor--78db9843-979c-56d0-af37-a9eb8ae4a62f", "source_ref": "campaign--b0646f9a-1152-5892-97ec-898cefb4b5b3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8d6ff77f-c516-5adb-85c5-07aede3b1246", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--f011075a-1315-51cd-b942-8a4081b34c1a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--212d6469-d11f-5e72-b8a2-a25ffe989cc8", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--f011075a-1315-51cd-b942-8a4081b34c1a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--535b3c72-6367-52de-80a5-310a1267b6a5", "target_ref": "threat-actor--2dcd09e3-f931-5404-9952-dfd86596dda7", "source_ref": "campaign--f011075a-1315-51cd-b942-8a4081b34c1a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ccc59894-79ea-5970-8988-0a1a0a6d1428", "target_ref": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "source_ref": "campaign--3326393b-917d-5503-aabd-177fe650a035", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d8313770-702a-5742-9bc4-f7b962e8366d", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--3326393b-917d-5503-aabd-177fe650a035", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--45894542-662b-5a85-9a62-d14a1ba1fb77", "target_ref": "malware--70799f7e-14b3-5480-ad26-5cea7aefaa48", "source_ref": "campaign--3326393b-917d-5503-aabd-177fe650a035", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--44b5d1f3-e98f-5b52-a129-282a8de543cd", "target_ref": "threat-actor--d870a59e-a98f-5c14-89ed-01465fcdc8e7", "source_ref": "campaign--3326393b-917d-5503-aabd-177fe650a035", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1118e06c-1887-5010-af00-ba76e76a003e", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--856e0c94-ba5b-59e5-bf49-ccac507d7fdc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--58d88627-3337-5abd-8a43-4cec16a3e099", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--856e0c94-ba5b-59e5-bf49-ccac507d7fdc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a2ba91ea-4fda-5f23-9f15-5c2302cb4cc3", "target_ref": "threat-actor--60d480e2-9f0a-5246-9581-ac445b6fcdbe", "source_ref": "campaign--856e0c94-ba5b-59e5-bf49-ccac507d7fdc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f5080b3e-3f6d-55a0-8383-eaba996613cf", "target_ref": "malware--0264a4f8-7fdc-5e2c-8a8d-b261e3e139ac", "source_ref": "campaign--dfea130e-f927-511b-9489-97cf82c0294b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9f07d82d-c0db-52a2-ac8f-ca3091376570", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--dfea130e-f927-511b-9489-97cf82c0294b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--47d919c3-3b37-5388-98df-3aaa35e509a7", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--eebb4775-eace-5622-93e6-6eeae9d14865", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5ed7cef6-8d11-51a2-a2e2-d2efc81b4f2e", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--eebb4775-eace-5622-93e6-6eeae9d14865", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--571af744-8117-52ad-b65f-e92afa639a84", "target_ref": "tool--4fc9176b-52db-5d36-b1b1-eae2cec9cb23", "source_ref": "campaign--eebb4775-eace-5622-93e6-6eeae9d14865", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f5313f97-20e0-5897-92a0-b934dea81a1f", "target_ref": "threat-actor--8489644b-4db4-54da-9138-4fa6b1523276", "source_ref": "campaign--eebb4775-eace-5622-93e6-6eeae9d14865", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--be493043-f33c-5665-80fa-ae8c82ec10f8", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--0793b6b6-4074-50f1-879f-725f7527437e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a93f8e85-4f5b-5eb7-801d-91920e2c4e48", "target_ref": "attack-pattern--c8cffad4-b4a1-5ab2-9dad-327e36e73d0b", "source_ref": "campaign--0793b6b6-4074-50f1-879f-725f7527437e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--304772c1-ce55-5794-9d02-55e63fbfc353", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--0793b6b6-4074-50f1-879f-725f7527437e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--41ca3647-4840-5642-bce4-97045dbb9084", "target_ref": "malware--f6fd491f-8bf4-50ab-a698-96e422b613f1", "source_ref": "campaign--0793b6b6-4074-50f1-879f-725f7527437e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d3c39d6a-ccb5-5f7f-a4ae-601842930332", "target_ref": "threat-actor--08a5cf5b-b37e-5247-9f2b-3a315a20004d", "source_ref": "campaign--0793b6b6-4074-50f1-879f-725f7527437e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--659ce632-2ccf-51cd-99b8-598eedab2cad", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--d36f0130-cb65-5109-bac9-9db89e2ccef9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d9164443-8972-526f-bc8e-1871bb5bea01", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--d36f0130-cb65-5109-bac9-9db89e2ccef9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--24121b3e-82dc-594c-9980-e9be6a55d5fd", "target_ref": "malware--92b01d1c-da0f-5a34-9874-9d683b8242ca", "source_ref": "campaign--d36f0130-cb65-5109-bac9-9db89e2ccef9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1c4c315e-d981-5713-9029-99a53ece5733", "target_ref": "malware--0a3518a8-ee1e-595c-ad97-7b161e420655", "source_ref": "campaign--d36f0130-cb65-5109-bac9-9db89e2ccef9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--8fc68115-1799-5e2f-906e-37165365bb52", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--d36f0130-cb65-5109-bac9-9db89e2ccef9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9c455377-7075-5896-91f9-a28a9a206e45", "target_ref": "attack-pattern--66ed8ccc-72fd-57cd-8d5e-c6002d119f83", "source_ref": "campaign--4e4c1991-bbd6-523e-9735-a9255f1323d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--021eb785-6ea2-5e95-94b2-95c21451b2ec", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--4e4c1991-bbd6-523e-9735-a9255f1323d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--dbbe629e-24ac-5671-9f4e-3c60aaa613a8", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--4e4c1991-bbd6-523e-9735-a9255f1323d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b26cd638-bbcf-5d24-848c-5ca7afa27dd8", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--480870e5-fee6-5da9-a213-fc45831ee442", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ad2f3305-6811-5a3e-902e-bea0795fc30c", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--480870e5-fee6-5da9-a213-fc45831ee442", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c2ad985c-a6b7-5991-9afb-79ff67822afe", "target_ref": "malware--0264a4f8-7fdc-5e2c-8a8d-b261e3e139ac", "source_ref": "campaign--480870e5-fee6-5da9-a213-fc45831ee442", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--7eb00eac-8c98-5243-a4cc-8341e915041f", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--480870e5-fee6-5da9-a213-fc45831ee442", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6793e6c2-32c1-59bc-bd8d-0721ecc1baa1", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--998d9c81-9407-597d-b47c-6ef4326c6bfc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1265490a-3c28-5e46-bf11-48986990ccba", "target_ref": "attack-pattern--8128ef78-d790-56a1-96a7-e2861e19be99", "source_ref": "campaign--998d9c81-9407-597d-b47c-6ef4326c6bfc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9981d819-4913-565f-96e9-6abdd7517d82", "target_ref": "malware--e5353a3d-09d9-537f-9ba8-9ca4ed4d2380", "source_ref": "campaign--998d9c81-9407-597d-b47c-6ef4326c6bfc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f7f754bb-28e6-5582-a3e5-ed60b54bae27", "target_ref": "tool--f1d95eb0-4b64-5f31-9156-243c2a6c9cc5", "source_ref": "campaign--998d9c81-9407-597d-b47c-6ef4326c6bfc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--433700ad-ee5d-51c4-a392-a26f54a0d434", "target_ref": "malware--3142ff6f-1a41-5790-a5b0-b2e004702320", "source_ref": "campaign--998d9c81-9407-597d-b47c-6ef4326c6bfc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a6e573d4-27f7-522e-aee1-57c5c2d37d55", "target_ref": "threat-actor--7797ec4c-b4cc-5d17-9d62-eb01f8d2c885", "source_ref": "campaign--998d9c81-9407-597d-b47c-6ef4326c6bfc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6c2ff812-594e-5790-8d44-b02cd1d6dea1", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--12b13083-7f15-5ade-a9ca-bbbd09ab9f94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d6014aa0-a769-558a-a688-98ab8223b854", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--12b13083-7f15-5ade-a9ca-bbbd09ab9f94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1e90b707-27b9-5f66-b97a-b90b4c8a0ae2", "target_ref": "tool--48087600-1c22-5071-bc6c-0cc6130e700d", "source_ref": "campaign--12b13083-7f15-5ade-a9ca-bbbd09ab9f94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6c30f3f8-1bb1-53f2-b7a7-a27a65916b4c", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--12b13083-7f15-5ade-a9ca-bbbd09ab9f94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f21eb7c0-cbbe-56d5-b398-8cb216c9a9a6", "target_ref": "malware--4d0c8f15-3f53-5b04-ad56-f98003ff1ad1", "source_ref": "campaign--12b13083-7f15-5ade-a9ca-bbbd09ab9f94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--cd6b475b-3d21-5f57-828b-b49ba77167b9", "target_ref": "threat-actor--8f0db9e2-8318-515d-9447-72aa092c946e", "source_ref": "campaign--12b13083-7f15-5ade-a9ca-bbbd09ab9f94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--227b37d5-66a9-56b6-8d8c-bb6ee0bef10a", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--a6747af1-1073-55be-a158-0f3df448097a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2ec19afb-f6ac-5c97-8529-ba920f2f2714", "target_ref": "attack-pattern--fddd711e-b77c-50f9-9efa-7c823f8c68c0", "source_ref": "campaign--a6747af1-1073-55be-a158-0f3df448097a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ceb592cc-7f24-5fca-8ec1-41adfb031d5b", "target_ref": "tool--6b4b7b9d-748c-59a5-83a6-7ee2251bbf00", "source_ref": "campaign--a6747af1-1073-55be-a158-0f3df448097a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--eacca3c5-acbc-5a82-a610-90f918f86a46", "target_ref": "threat-actor--8f0db9e2-8318-515d-9447-72aa092c946e", "source_ref": "campaign--a6747af1-1073-55be-a158-0f3df448097a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d00ac355-c0d9-5f0e-8f3b-a57c70c4b5bb", "target_ref": "attack-pattern--1b20466b-e861-531c-9d54-980fb6e811b1", "source_ref": "campaign--d85a56ea-cea8-584d-8d66-f91cd543a341", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7e77e8d2-92fb-5759-b83e-768adbc71713", "target_ref": "attack-pattern--b736d0bd-e82e-5c5f-aa25-9906e9eb79ba", "source_ref": "campaign--d85a56ea-cea8-584d-8d66-f91cd543a341", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--83fb679a-042d-5dc2-8e48-8edde40e89a2", "target_ref": "tool--30b2de50-1e49-5f95-ae05-1052cccde4f5", "source_ref": "campaign--d85a56ea-cea8-584d-8d66-f91cd543a341", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3d1ebf63-28b3-545c-955b-1698a3c312e7", "target_ref": "tool--0a425dd3-da8d-5cd1-a598-ae2a7e4aa3f5", "source_ref": "campaign--d85a56ea-cea8-584d-8d66-f91cd543a341", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--6c3ed8ba-8863-5fec-9c50-0f9bce76b6f9", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--d85a56ea-cea8-584d-8d66-f91cd543a341", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7cd754a5-b3fa-5b49-a34d-2cdb00a038a0", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--88cb84b6-506e-5d8a-a1fa-c015899ef38e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ff8061c5-c2ba-5f9b-8e15-a60c43cb91cd", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--88cb84b6-506e-5d8a-a1fa-c015899ef38e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5f633389-be43-5b46-956f-15311b940e93", "target_ref": "malware--e72459e7-781a-5d18-a86f-6070af1c67d7", "source_ref": "campaign--88cb84b6-506e-5d8a-a1fa-c015899ef38e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a8a0142c-17e1-5c42-900b-2e07bb26f22b", "target_ref": "malware--fb76817e-830b-5c6e-bd01-e9cf10f7f87e", "source_ref": "campaign--88cb84b6-506e-5d8a-a1fa-c015899ef38e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3d1f366e-3334-5dcd-96cb-ebd88ae1263c", "target_ref": "malware--3d816537-d829-53d8-a0db-10adfbc33cfe", "source_ref": "campaign--88cb84b6-506e-5d8a-a1fa-c015899ef38e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--099d5e95-d029-54d5-b5ac-1a74e6189d72", "target_ref": "malware--570295ca-57b5-5fe2-ad25-ea88c2ce9847", "source_ref": "campaign--88cb84b6-506e-5d8a-a1fa-c015899ef38e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--682ad841-a22b-51cd-a1cf-7c85893a2a74", "target_ref": "threat-actor--7037c579-ac08-50d1-baff-3edbbde9fbd7", "source_ref": "campaign--88cb84b6-506e-5d8a-a1fa-c015899ef38e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e7f310c1-a3e9-592b-93f0-9ae6efd6ad19", "target_ref": "attack-pattern--1e003297-a91d-5c42-8b00-ca0f359ba398", "source_ref": "campaign--b014eecf-3ce8-5d6f-bb0c-5314d8c15995", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d5428d9d-5473-50d3-8f1f-2b5fd25b8c2e", "target_ref": "attack-pattern--3779cb0e-c75c-537f-ba69-2ed84be73c0a", "source_ref": "campaign--b014eecf-3ce8-5d6f-bb0c-5314d8c15995", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--419c6e17-177a-5be2-a577-9be0c8943bbc", "target_ref": "attack-pattern--676a526b-c3ad-5907-a397-e6741447ca95", "source_ref": "campaign--b014eecf-3ce8-5d6f-bb0c-5314d8c15995", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--17050abe-ec84-5d98-b441-204928119522", "target_ref": "tool--f1d95eb0-4b64-5f31-9156-243c2a6c9cc5", "source_ref": "campaign--b014eecf-3ce8-5d6f-bb0c-5314d8c15995", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--38b7a36b-c5ae-5b5c-b102-f61412b409e4", "target_ref": "tool--dd5f9bc0-42aa-519c-94bf-4c2a074ded89", "source_ref": "campaign--b014eecf-3ce8-5d6f-bb0c-5314d8c15995", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--987b5399-fcdb-5e5a-b129-55f1b9f9f2a5", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--b014eecf-3ce8-5d6f-bb0c-5314d8c15995", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d1d92df0-c4b8-57ed-ab22-69a20144ba35", "target_ref": "attack-pattern--102026e4-ad60-528c-9099-c766f01da475", "source_ref": "campaign--d1289a13-0f69-5edc-baef-87e956a8a04a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--005b0dab-8d70-5eeb-a9ea-9fbe4d41ad64", "target_ref": "malware--15d768bb-f2f6-5ea7-871a-6995fc48ada6", "source_ref": "campaign--d1289a13-0f69-5edc-baef-87e956a8a04a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f08429d0-6728-519f-9831-2b061652a13a", "target_ref": "malware--f383de46-b81b-5f39-adf4-e224863dcf17", "source_ref": "campaign--d1289a13-0f69-5edc-baef-87e956a8a04a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--074bfa60-8ea3-5ed8-b80f-3f703d4fadcc", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--d1289a13-0f69-5edc-baef-87e956a8a04a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d817a39b-a18b-5b33-aafb-e5d14c72e73d", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--2b74c3bf-6492-59db-8231-9488a99b0434", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4273d928-e863-5158-9332-b83c2e2bc824", "target_ref": "malware--d082380b-482b-5c5c-b737-d33fb320d9da", "source_ref": "campaign--2b74c3bf-6492-59db-8231-9488a99b0434", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3f13a309-9afb-58c8-b5b4-3e3d77df6b6d", "target_ref": "tool--6b4b7b9d-748c-59a5-83a6-7ee2251bbf00", "source_ref": "campaign--2b74c3bf-6492-59db-8231-9488a99b0434", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6d5551ad-d3dd-5ee4-9d64-0790ba65495c", "target_ref": "malware--5d4c6c66-aca7-567a-b0c4-111c49ab87f4", "source_ref": "campaign--2b74c3bf-6492-59db-8231-9488a99b0434", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b7ec09fc-3cf5-5209-96bc-694f2611356e", "target_ref": "malware--525e7ae2-cd66-56f9-9ce3-9c88f3211c2b", "source_ref": "campaign--2b74c3bf-6492-59db-8231-9488a99b0434", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3f0e7ab7-cc3e-5079-906e-b145ca2098ba", "target_ref": "malware--9ea1de22-01e0-5d78-a6ed-0baf5c7013ae", "source_ref": "campaign--2b74c3bf-6492-59db-8231-9488a99b0434", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5091a2ae-b835-5851-9a1a-18817d070091", "target_ref": "malware--2bcc0a17-06a1-5072-9e8a-359a0ec46a9c", "source_ref": "campaign--2b74c3bf-6492-59db-8231-9488a99b0434", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0b55a771-3688-54cf-9baf-8c7e6f8b4501", "target_ref": "malware--d0931843-3e38-58eb-a8c2-e76f9aa3c4a6", "source_ref": "campaign--2b74c3bf-6492-59db-8231-9488a99b0434", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--79a03c65-bcc2-5266-8dc2-94354fb58627", "target_ref": "threat-actor--b2842f49-a7f7-50e1-a1ff-a6b653882288", "source_ref": "campaign--2b74c3bf-6492-59db-8231-9488a99b0434", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--008f2796-0ba6-5634-a4be-6c9e1fb019b6", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--eba81e9c-690a-56a0-8f2f-927769988763", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--616df10e-79d1-56c3-b6a8-e6746736dfe9", "target_ref": "malware--d082380b-482b-5c5c-b737-d33fb320d9da", "source_ref": "campaign--eba81e9c-690a-56a0-8f2f-927769988763", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--8a3657b7-c29a-5a01-b059-6848deda2045", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--eba81e9c-690a-56a0-8f2f-927769988763", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--da5ac6ad-c48b-5d8d-81a1-dac387265c98", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--80e31b10-a729-50f5-ad2b-5e001892feeb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6d102e6f-80b6-50a0-ab4b-d9bae28b958b", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--80e31b10-a729-50f5-ad2b-5e001892feeb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--6d9ed8a2-5c27-5eeb-870d-343d04e6687d", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--80e31b10-a729-50f5-ad2b-5e001892feeb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7ad82e20-d243-57c1-aeef-3730bdcf16dd", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--49058e39-e2cb-5c2a-8003-bb96af57a4d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e8f3f77d-3507-5204-8711-cb61194aee80", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--49058e39-e2cb-5c2a-8003-bb96af57a4d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5b88c7bc-3f11-5966-84a1-138d8bac8425", "target_ref": "attack-pattern--859f8a54-93ec-589f-b18a-88c6b8565682", "source_ref": "campaign--49058e39-e2cb-5c2a-8003-bb96af57a4d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bee065ab-fbcd-5c65-af2d-2b6d0c5f4235", "target_ref": "malware--b0a3848f-d370-5101-b455-2c4dc64c6f1a", "source_ref": "campaign--49058e39-e2cb-5c2a-8003-bb96af57a4d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a749c198-c3c1-5522-8f37-6d72debbada5", "target_ref": "malware--ba2c3cbe-abb8-5e3f-ac63-1c94eef77785", "source_ref": "campaign--49058e39-e2cb-5c2a-8003-bb96af57a4d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--59c543c9-af19-5665-a040-85291f371e28", "target_ref": "threat-actor--d083a682-3a37-51ad-9787-4978d9041f7c", "source_ref": "campaign--49058e39-e2cb-5c2a-8003-bb96af57a4d2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f4e40ea5-4e05-5a14-82b0-f667f9f884bc", "target_ref": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "source_ref": "campaign--53e57ce9-f80f-520f-b59b-820d7fe0716d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--279331eb-62c9-5ace-ad56-c6becbef6ea1", "target_ref": "attack-pattern--e948084b-6a67-51c7-93b3-a937832fed2a", "source_ref": "campaign--53e57ce9-f80f-520f-b59b-820d7fe0716d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f4b44fec-6427-5f15-9ac9-35c3aa6c40b2", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--53e57ce9-f80f-520f-b59b-820d7fe0716d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--01ff32d7-7506-5ca2-80dc-b7d85180b367", "target_ref": "threat-actor--8978fcfe-e6d2-5ada-96d4-23b14ee0dd75", "source_ref": "campaign--53e57ce9-f80f-520f-b59b-820d7fe0716d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9e462606-139b-5390-a790-815755ee30ef", "target_ref": "attack-pattern--e31639b2-f244-523a-a8b5-021004b4a2ed", "source_ref": "campaign--e5c78518-794f-5980-a397-2f7eaa5c10b8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--87a900ec-6bd4-5338-a4b4-350eab45441b", "target_ref": "malware--edb5eeeb-9ff9-5f4e-ba67-cc34706f5f10", "source_ref": "campaign--e5c78518-794f-5980-a397-2f7eaa5c10b8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c33ee961-e4da-534a-b42b-4cd59492b804", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--e5c78518-794f-5980-a397-2f7eaa5c10b8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fc79cf12-4b8a-5a60-a09f-35be5db2005d", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--a77d8491-2ffd-5e45-bef7-0661440daae6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--63a47abd-7ce4-59be-9ac5-b21f362cc32d", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--a77d8491-2ffd-5e45-bef7-0661440daae6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--73ee0e76-afc5-5426-8bdf-3dbeb2c33439", "target_ref": "malware--f6fd491f-8bf4-50ab-a698-96e422b613f1", "source_ref": "campaign--a77d8491-2ffd-5e45-bef7-0661440daae6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ce584c75-be2c-506e-acfd-ae25046e94d4", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--a77d8491-2ffd-5e45-bef7-0661440daae6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0b531ea0-6b01-5ac4-b8ed-e3a4d8416e0c", "target_ref": "attack-pattern--0954f27a-cb10-54f4-bc22-b12ac06b001a", "source_ref": "campaign--66c24416-465b-5585-a625-ae989dfae3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3f38563b-7659-508a-9b6a-0a789a95c2cb", "target_ref": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "source_ref": "campaign--66c24416-465b-5585-a625-ae989dfae3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--893265a1-0235-542d-999e-df5268219ca6", "target_ref": "malware--3e44ba93-4db3-5107-ac57-d2932854c55b", "source_ref": "campaign--66c24416-465b-5585-a625-ae989dfae3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d1ce8744-ba70-528a-a6ce-cff07fe8bca1", "target_ref": "threat-actor--8ef0b19b-a195-595d-a44f-e6fdc538e364", "source_ref": "campaign--66c24416-465b-5585-a625-ae989dfae3d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--78676058-18b9-565f-bc5b-41dc9eb3077f", "target_ref": "attack-pattern--9dfb7492-228b-57b2-8c58-c3f8276622dd", "source_ref": "campaign--c5f96644-3a0a-5061-b1dc-84ba7d004f95", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a7b1ba09-1c03-5a18-9e33-f450e597be8d", "target_ref": "attack-pattern--1b20466b-e861-531c-9d54-980fb6e811b1", "source_ref": "campaign--c5f96644-3a0a-5061-b1dc-84ba7d004f95", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d86b68f2-6564-59f4-8b34-d2d795534727", "target_ref": "malware--fdf47818-becb-5e3c-988b-7b2b936e7fe1", "source_ref": "campaign--c5f96644-3a0a-5061-b1dc-84ba7d004f95", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e1c89ef2-d614-544a-bad3-192e69cdf0aa", "target_ref": "malware--a1beb180-482d-5990-b3fb-000162f2f142", "source_ref": "campaign--c5f96644-3a0a-5061-b1dc-84ba7d004f95", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c6a55ca5-16c0-5653-ab06-bcdcc3577470", "target_ref": "threat-actor--32b38aaa-d60e-5922-9aec-374d4624e280", "source_ref": "campaign--c5f96644-3a0a-5061-b1dc-84ba7d004f95", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a4fbadfc-2b6a-5999-a975-d527579d49e1", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--eb2dc06a-5fae-54fd-a9ca-42f574808603", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--52154955-75a9-51c8-8f42-50296fd2fe2b", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--eb2dc06a-5fae-54fd-a9ca-42f574808603", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ff42ff08-b7af-5694-bd3f-3c8730008b4c", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--eb2dc06a-5fae-54fd-a9ca-42f574808603", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0535ed32-b16e-53d7-964d-1a3b8751a5dd", "target_ref": "malware--0e18201e-377c-5e82-9bbf-38c8e73c8c49", "source_ref": "campaign--eb2dc06a-5fae-54fd-a9ca-42f574808603", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--b8e20d1b-d9ef-5dc1-950b-1221e2815025", "target_ref": "threat-actor--6884df7a-cb54-5436-b071-d5d65caafa53", "source_ref": "campaign--eb2dc06a-5fae-54fd-a9ca-42f574808603", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--64607ea0-92c3-551e-83de-606d90b66e9c", "target_ref": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "source_ref": "campaign--20a41a82-e265-52b0-bd84-fb3805e5af9d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--956e9997-605c-5ddb-96a9-3b0b54cf5f27", "target_ref": "malware--d082380b-482b-5c5c-b737-d33fb320d9da", "source_ref": "campaign--20a41a82-e265-52b0-bd84-fb3805e5af9d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bdace7ba-0ba8-5619-9332-0b1dbfab652f", "target_ref": "malware--e37d38bc-8515-5ef7-90bf-7f636ffbd06b", "source_ref": "campaign--20a41a82-e265-52b0-bd84-fb3805e5af9d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6fc66bbd-9d26-5b86-aaea-cce9b87cb652", "target_ref": "malware--2d91ffd9-943a-5b86-b04b-2c2d1fd69606", "source_ref": "campaign--20a41a82-e265-52b0-bd84-fb3805e5af9d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3a1f25e2-b506-55b5-b6fd-49dae0f1763a", "target_ref": "malware--afb23e50-5b4a-5dd8-9b29-ea39d6a34bd8", "source_ref": "campaign--20a41a82-e265-52b0-bd84-fb3805e5af9d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--28d820af-73b7-5a1b-9f92-205f2481336b", "target_ref": "malware--cc3c386c-a299-5bbc-bf14-54844fe6d63f", "source_ref": "campaign--20a41a82-e265-52b0-bd84-fb3805e5af9d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--54e66a2a-1f13-5964-94f5-dc89afe3f4c4", "target_ref": "malware--7d10b61e-5b63-5210-ae47-0a5b06866980", "source_ref": "campaign--20a41a82-e265-52b0-bd84-fb3805e5af9d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--2fcb09dc-9626-5ebe-999b-c26ad03ea8b5", "target_ref": "threat-actor--1d705fbd-fd86-5ed6-a4b7-320e8adfa19f", "source_ref": "campaign--20a41a82-e265-52b0-bd84-fb3805e5af9d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d5d4945e-163d-5a1d-8e21-b92ba34ee4c7", "target_ref": "attack-pattern--c1d02b3e-d05f-5339-be7e-9bf784ba3df1", "source_ref": "campaign--f939f46c-d0f4-55a8-bd3e-5cf3f8bcf166", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c9c6011f-5b0c-5896-bd6c-6926e05be41d", "target_ref": "malware--5a9ccff0-58ce-5c94-86f3-ae8e747c03cf", "source_ref": "campaign--f939f46c-d0f4-55a8-bd3e-5cf3f8bcf166", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--565a649d-cc09-5303-bb09-7d386f0b7daf", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--f939f46c-d0f4-55a8-bd3e-5cf3f8bcf166", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2ed7a9c1-40d8-5185-bb7c-9b4e307eedb3", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--30a8ecd0-0982-5f01-be5f-591ed06da8e5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0fec1d49-8bfa-554d-86e3-83973c35eb88", "target_ref": "malware--96444b6d-7a1c-5671-9e18-b445a13a6fcf", "source_ref": "campaign--30a8ecd0-0982-5f01-be5f-591ed06da8e5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--271888ea-8258-5c46-aff3-31f38fe71fa3", "target_ref": "threat-actor--8d55a5d9-3b23-5cd0-8ea5-2d7d2d218bcd", "source_ref": "campaign--30a8ecd0-0982-5f01-be5f-591ed06da8e5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2afa7270-62cd-514f-a32f-8b9ea2676d8a", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4eb383e3-560c-54fb-af61-73161cd3bed5", "target_ref": "attack-pattern--1b20466b-e861-531c-9d54-980fb6e811b1", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--35cf4066-c299-59f5-91bb-a3b15115c8bb", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--206290d0-d582-5f92-b6c2-fac513d99106", "target_ref": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--315ad1e7-74b9-545a-8a57-eb3aade5e88d", "target_ref": "malware--30c43110-a0e8-5fb3-9da2-9f97acd41f9c", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ab280b73-ff8d-56e1-962d-db134ea2eb56", "target_ref": "malware--8234f515-4078-5423-a1af-2d24794f11ab", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--96190ab0-723e-5fd7-b273-581d36ca3c10", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--495a0518-18b6-5345-a3f4-3818ee285326", "target_ref": "malware--ed0a0a3d-cb8b-5ce8-b2c6-3dbb1ed0d4c1", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--95d0bc34-4349-5d71-a7c6-fe8ad52171be", "target_ref": "malware--688e33e2-4941-5953-b571-b3cb73b4017f", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d2dfdf44-5023-5987-881e-7a24b5b112b8", "target_ref": "threat-actor--b86b855d-4d73-584e-bc46-8ac69d633635", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--0cb439f2-616f-5ab4-a72d-097e5048ab52", "target_ref": "threat-actor--5aa29091-7972-5e60-887d-91a9df25d464", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e9b64f89-a461-5392-84ed-ae76e78dd6a9", "target_ref": "threat-actor--b7e938f7-8118-5627-a3dd-ab48cbe3d42a", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3d39ea87-1560-5d89-840b-2cff1b159acc", "target_ref": "threat-actor--6884df7a-cb54-5436-b071-d5d65caafa53", "source_ref": "campaign--cb6ae0e9-2dfe-565b-b099-e8055eae9b35", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7e3ed2af-cb18-5259-9161-0cff530756a1", "target_ref": "attack-pattern--1e003297-a91d-5c42-8b00-ca0f359ba398", "source_ref": "campaign--14878912-a1e2-5a16-865c-a1d4635addb4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--54c0c742-3b0a-5cf8-b2b8-93115a9cb952", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--14878912-a1e2-5a16-865c-a1d4635addb4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ca64d41a-523e-57fa-bd88-2bac3608d7e7", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--14878912-a1e2-5a16-865c-a1d4635addb4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--10871e66-8536-5ce5-bee1-8ffaf4249218", "target_ref": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2627601b-4a92-5ee0-a207-627ea6986ca4", "target_ref": "attack-pattern--1b20466b-e861-531c-9d54-980fb6e811b1", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e0558140-45eb-566c-843c-df26e781ab70", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fa1c302f-4d35-5078-9f60-6f2a45907176", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8270ffa4-b791-55c3-af5d-bda7e7f227c3", "target_ref": "tool--859cf403-45d1-500b-9b27-63555c426ec7", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6812737a-b0da-51b0-ab21-e9c1556aa39c", "target_ref": "malware--455effcf-8baa-52e6-8762-ffcfab4b2c8d", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2e9254b3-fc97-5303-9769-638f2b4d7d93", "target_ref": "tool--8df668f2-0945-5eca-9056-945eaa946ab7", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1520171c-852b-5776-9fda-6ac8474185d6", "target_ref": "malware--2dee52f5-16af-5bde-a75a-6ccf21344efe", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--31858bfa-91a3-5fc1-b564-c20af407959b", "target_ref": "malware--329e738e-b3b2-528d-8db4-949040d15c09", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b515bd06-a369-58a5-a8ba-adc82fbac6c8", "target_ref": "malware--7e9f571c-500c-57d4-9f36-610172bc6329", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cd7529a8-56a9-5b03-943c-6d2b3b9cb845", "target_ref": "malware--453ab004-f29f-5c22-9b88-4906e8f80ff9", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f27d337d-8bbc-5d52-83a2-58c29b133ca1", "target_ref": "threat-actor--00555557-9375-595f-8afa-57298f10d611", "source_ref": "campaign--71119768-3226-5476-b00e-d787de1cf02d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--864654ec-2035-5be0-83c0-9521c18b3311", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--e27e47dc-f06b-508b-a1ff-554ab3a2dc7f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3b04222d-aa46-5461-ae68-2527bc0f7665", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--99ff35e3-5980-592f-9428-6740d0ba2c28", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1daa8ed3-5dd7-5747-a1f9-7bfd8dce07be", "target_ref": "malware--c1efbaca-2638-5072-91d1-60ca71db3bb8", "source_ref": "campaign--99ff35e3-5980-592f-9428-6740d0ba2c28", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--84126b2f-6754-53a1-b69b-b058531e46a6", "target_ref": "malware--7b7c4ae4-ef29-5b77-947b-839c43d59a35", "source_ref": "campaign--99ff35e3-5980-592f-9428-6740d0ba2c28", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--6dfcaf74-28f7-5262-8219-93d8a1624fff", "target_ref": "threat-actor--1d3c7da6-db96-52e2-8e37-9467f22043ea", "source_ref": "campaign--99ff35e3-5980-592f-9428-6740d0ba2c28", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d308c821-c037-58ac-97bb-0d55f648df07", "target_ref": "threat-actor--60d480e2-9f0a-5246-9581-ac445b6fcdbe", "source_ref": "campaign--02cbb801-8506-5893-98a9-dadaa086522e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--89daee99-ebd3-5b51-b55e-85af6579b3d5", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--01424f86-96a8-51f2-a205-7301fa8fc6a1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f06bc69c-1b91-5aa9-a41d-a09a3d35bcbd", "target_ref": "attack-pattern--86e9b2ff-550c-524c-82c9-f5c99d7f9799", "source_ref": "campaign--01424f86-96a8-51f2-a205-7301fa8fc6a1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--eebe6f0b-2779-5060-b4d8-da91d7fb8f6b", "target_ref": "malware--c794b6e7-0c76-5b50-b4b2-d445ebeb48fe", "source_ref": "campaign--01424f86-96a8-51f2-a205-7301fa8fc6a1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--15791d5a-e44d-5e3e-9148-c39130b2d00a", "target_ref": "malware--d082380b-482b-5c5c-b737-d33fb320d9da", "source_ref": "campaign--01424f86-96a8-51f2-a205-7301fa8fc6a1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2c2f4a5e-b63f-5c6f-8d1d-db43a71a32db", "target_ref": "malware--601885c3-e672-5ebd-afc5-d81c5eba280f", "source_ref": "campaign--01424f86-96a8-51f2-a205-7301fa8fc6a1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c4a3cafe-f9e1-5e2f-a1e5-17819af72f77", "target_ref": "malware--b4580449-3a52-5a8f-893c-ac9f651d9fe4", "source_ref": "campaign--01424f86-96a8-51f2-a205-7301fa8fc6a1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ebbb41c6-a875-5fe2-b091-b3a37215f5b5", "target_ref": "threat-actor--281c6972-f595-5e9a-bb85-29ceed0f4b1a", "source_ref": "campaign--01424f86-96a8-51f2-a205-7301fa8fc6a1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--562f18f4-3d1f-501a-90e1-a52e48265338", "target_ref": "attack-pattern--86e9b2ff-550c-524c-82c9-f5c99d7f9799", "source_ref": "campaign--12e366ea-3896-54d1-826e-d11d1424987b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--dd219f8a-f932-57de-b804-faa6cd86ec4a", "target_ref": "threat-actor--732b382b-5221-5c14-ace3-fd8a17ebecf4", "source_ref": "campaign--12e366ea-3896-54d1-826e-d11d1424987b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5366f3b1-5ebe-5714-aeaa-a57a8a8409ad", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--77d935e0-4629-5885-b6f5-3ca193b95ccd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0eb6d412-2132-5f75-963c-30c69b259c32", "target_ref": "attack-pattern--b396e7e8-3a42-5301-a61f-e29d5e57a2a7", "source_ref": "campaign--77d935e0-4629-5885-b6f5-3ca193b95ccd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e140d29a-0825-5816-8eb2-39e6eceb11e6", "target_ref": "attack-pattern--27cb9b56-6d2e-5ed3-bde9-cba89227197f", "source_ref": "campaign--77d935e0-4629-5885-b6f5-3ca193b95ccd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5c3bd9df-eb8b-5426-92c2-22bfdd9bd0ab", "target_ref": "tool--6b4b7b9d-748c-59a5-83a6-7ee2251bbf00", "source_ref": "campaign--77d935e0-4629-5885-b6f5-3ca193b95ccd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bec92b79-41d8-543c-bf82-797ee4623b43", "target_ref": "malware--69409277-ac9c-5503-aa1f-25d4e92482d7", "source_ref": "campaign--77d935e0-4629-5885-b6f5-3ca193b95ccd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--49f1d5ab-947d-596b-8784-d455a1d11c03", "target_ref": "tool--50775061-da02-5b4b-82af-83ccda7e1ee3", "source_ref": "campaign--77d935e0-4629-5885-b6f5-3ca193b95ccd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--278753a0-9bc6-52a4-85f7-94daf624cc3a", "target_ref": "threat-actor--6884df7a-cb54-5436-b071-d5d65caafa53", "source_ref": "campaign--77d935e0-4629-5885-b6f5-3ca193b95ccd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--65321ffb-b5ae-5dc9-8376-7427f16a62fe", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--67547770-529a-5caa-9726-a0a6ddcb46f9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--af886a06-55a1-5c7c-9b7b-98df7adc0087", "target_ref": "malware--1492a761-61f5-54d4-9d42-a2c9e8527dce", "source_ref": "campaign--67547770-529a-5caa-9726-a0a6ddcb46f9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4ce4e96d-4663-5e39-9cd8-4d8a8dd7c448", "target_ref": "threat-actor--5628d06d-4e87-5558-acf1-587c68c38fd9", "source_ref": "campaign--67547770-529a-5caa-9726-a0a6ddcb46f9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7ad131c2-f86f-524c-8085-3d6d5898c21f", "target_ref": "attack-pattern--6db95ab3-33a0-5b6f-8be1-2440192b8182", "source_ref": "campaign--e2eccf73-a53f-52c4-80ae-ab051186580d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--dbac5916-3058-55af-ad57-3fe4b659e16b", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--e2eccf73-a53f-52c4-80ae-ab051186580d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--8300a8c4-bba9-52e9-a2e9-32815bd0654f", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--e2eccf73-a53f-52c4-80ae-ab051186580d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3e0dac69-ab90-5aad-a18c-d99cdef21fff", "target_ref": "attack-pattern--66ed8ccc-72fd-57cd-8d5e-c6002d119f83", "source_ref": "campaign--5a1ffecb-d5ed-5865-a7c0-a4c0b7957cdd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--83fa7b34-9b4b-576e-ae48-197f4c9a15b4", "target_ref": "attack-pattern--08b0ca9c-45fd-575d-97a0-68f97a7a8bb8", "source_ref": "campaign--5a1ffecb-d5ed-5865-a7c0-a4c0b7957cdd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ec3d08b3-5ee5-56e3-81bc-f4b924393375", "target_ref": "attack-pattern--c9de7186-5f46-5b15-ae29-9cc935634a31", "source_ref": "campaign--5a1ffecb-d5ed-5865-a7c0-a4c0b7957cdd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--07aeaf1e-b1ca-5b3f-b979-c31bd70e2d2e", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--5a1ffecb-d5ed-5865-a7c0-a4c0b7957cdd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a264e0e8-8942-5ee4-bdec-2c0e3fcee9e9", "target_ref": "attack-pattern--d5baf3e5-b763-54b0-a050-9f9f029aa5b5", "source_ref": "campaign--4d57cbc5-f223-5a39-9863-f410d1661308", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--93459763-2f34-5667-836d-d62248b45878", "target_ref": "threat-actor--39fb90a4-3d95-5414-ace9-529c4ce98e29", "source_ref": "campaign--4d57cbc5-f223-5a39-9863-f410d1661308", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7d875b32-74c0-58da-a46e-517182aede88", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--c5002cb7-e8ad-59d8-9d1a-02342631e08a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--75b6fe91-24cd-5af7-84b9-77fa28e710a4", "target_ref": "malware--b218d1a2-d0fa-5008-a635-35218e7300c5", "source_ref": "campaign--c5002cb7-e8ad-59d8-9d1a-02342631e08a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c7cdf5b0-2da2-5a0b-b903-e02e3aa58031", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--c5002cb7-e8ad-59d8-9d1a-02342631e08a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--978d28f7-9a0e-5421-bc52-fc14f7921e00", "target_ref": "attack-pattern--0954f27a-cb10-54f4-bc22-b12ac06b001a", "source_ref": "campaign--633165cd-e155-5de6-8a1f-8e81ea05eac3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--be633d11-5e45-5951-8db0-ebab7d31cb77", "target_ref": "threat-actor--a61095c9-d185-5f15-9937-25d6690f3bdc", "source_ref": "campaign--633165cd-e155-5de6-8a1f-8e81ea05eac3", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3a94cb06-73d8-58d3-8843-9d3ffd56785e", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--86f12b21-149f-5395-abe1-a231105a689c", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--48680e8c-a324-5d0b-8c52-be4438087314", "target_ref": "malware--cf299975-6d05-5d87-8ac4-f00c1f97561b", "source_ref": "campaign--86f12b21-149f-5395-abe1-a231105a689c", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ceb41758-9669-554b-85df-77ed099b14e4", "target_ref": "threat-actor--ca0722c0-953c-5867-9686-785b70df27b4", "source_ref": "campaign--86f12b21-149f-5395-abe1-a231105a689c", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0bf7ea59-6388-537c-894b-1da82d65bdc8", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--93b2a63f-8927-5b9c-b948-d033e01c71c2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--efc4e01e-df66-55db-9ad6-2467bf2f82b6", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--93b2a63f-8927-5b9c-b948-d033e01c71c2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1e2ca172-34b0-5e49-a322-92342ab4d1e7", "target_ref": "malware--d30be92e-e139-54c8-aec3-530e60747f95", "source_ref": "campaign--93b2a63f-8927-5b9c-b948-d033e01c71c2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4ac57ce3-a505-5211-ad0e-7fcc3bb42158", "target_ref": "threat-actor--83b939fa-99f5-598f-b2b9-1000a9179e7f", "source_ref": "campaign--93b2a63f-8927-5b9c-b948-d033e01c71c2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--80bbcd8d-5d5a-571c-b5e2-f75fbf7a5962", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--5891f6fa-2ae6-54dc-afcb-3e6980f31e60", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c8ff38bb-96fa-5dc8-b859-f0e4b3b413b7", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--5891f6fa-2ae6-54dc-afcb-3e6980f31e60", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--bca2cb83-9611-5086-8c39-39d469f6de2a", "target_ref": "threat-actor--0daf573e-37af-57e2-b350-4d34e4a9aec8", "source_ref": "campaign--5891f6fa-2ae6-54dc-afcb-3e6980f31e60", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8a29c507-e8e6-5eb1-8c1e-c789c5f33be3", "target_ref": "malware--96444b6d-7a1c-5671-9e18-b445a13a6fcf", "source_ref": "campaign--e3fe1c91-028c-55d2-81a6-f5e1e0d6f201", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ba80418e-407b-5226-8e7b-8903221b9f57", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--e3fe1c91-028c-55d2-81a6-f5e1e0d6f201", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f0b71dc3-21f4-591a-aeec-f05da2678b20", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--ec06b922-5b6f-5660-9820-fccb3f2bad94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--71e1bbf1-ae83-501c-8d36-d4cf58de419f", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--ec06b922-5b6f-5660-9820-fccb3f2bad94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ef6ed9ee-30f9-54f4-9d46-a8fa6af66104", "target_ref": "attack-pattern--27cb9b56-6d2e-5ed3-bde9-cba89227197f", "source_ref": "campaign--ec06b922-5b6f-5660-9820-fccb3f2bad94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8219eea4-3c14-52eb-930a-80b1f20105ea", "target_ref": "attack-pattern--e8605090-b15d-5201-9313-79abf2ca5567", "source_ref": "campaign--ec06b922-5b6f-5660-9820-fccb3f2bad94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d0ff8c4b-3485-5e36-b919-044412c97d0b", "target_ref": "attack-pattern--2d947478-a6e9-575d-9205-2cb52a6ce0ac", "source_ref": "campaign--ec06b922-5b6f-5660-9820-fccb3f2bad94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9b85491a-5d94-5ac8-be85-3e38c538c0b0", "target_ref": "threat-actor--c8927914-822e-5b3d-a464-3c273a7fcf54", "source_ref": "campaign--ec06b922-5b6f-5660-9820-fccb3f2bad94", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b41835ce-902a-5528-893b-de200bbfb334", "target_ref": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "source_ref": "campaign--66ce1b0a-4c43-5766-8646-90331c01382d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e72ff548-075a-5e3c-a7c5-b354e1422e08", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--66ce1b0a-4c43-5766-8646-90331c01382d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6dee4cbc-25d0-582a-ad0f-ee688c916069", "target_ref": "malware--f383de46-b81b-5f39-adf4-e224863dcf17", "source_ref": "campaign--66ce1b0a-4c43-5766-8646-90331c01382d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6fe558f4-0b31-50a2-8dea-f84df00d3fe2", "target_ref": "tool--48087600-1c22-5071-bc6c-0cc6130e700d", "source_ref": "campaign--66ce1b0a-4c43-5766-8646-90331c01382d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3191b533-68d7-5893-b36b-243aa05c0ebe", "target_ref": "malware--0bee46d2-16e2-5c76-9339-3019f5fbd7f1", "source_ref": "campaign--66ce1b0a-4c43-5766-8646-90331c01382d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9dcde3a7-d961-58b7-a5da-7f8efa545887", "target_ref": "threat-actor--f180e21f-86c1-5c9b-9334-76b97417f1f8", "source_ref": "campaign--66ce1b0a-4c43-5766-8646-90331c01382d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ab559b73-3cae-5e99-bb25-72df5520a855", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--a6f6908b-b4c3-5e45-8cda-652b4ad842b7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bf334b2e-b3a2-5443-ad38-566779682d0e", "target_ref": "malware--814b6e77-94e1-5649-9114-80c31c4aa56d", "source_ref": "campaign--a6f6908b-b4c3-5e45-8cda-652b4ad842b7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a6a631fa-6856-530a-a022-607a8edbbba2", "target_ref": "malware--8c97a7d6-468b-5b2d-815a-5b2da25c9c1d", "source_ref": "campaign--a6f6908b-b4c3-5e45-8cda-652b4ad842b7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4e32021a-05e5-5178-be81-fa094bdb47b6", "target_ref": "threat-actor--c3d956b4-9222-53c1-9395-3f1d1c94dd68", "source_ref": "campaign--a6f6908b-b4c3-5e45-8cda-652b4ad842b7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0d93a535-46c1-5ddb-b7a1-ac533b7fb17e", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--f4b23eb0-c694-5b9f-91fe-9894d34dfe78", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7cd5f969-f89e-5e0d-900f-ed28900d9637", "target_ref": "attack-pattern--ccab1da0-1617-5485-92c5-15abceb3948a", "source_ref": "campaign--f4b23eb0-c694-5b9f-91fe-9894d34dfe78", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e1608e83-65ae-56b7-a154-9316f020b1a4", "target_ref": "tool--2dcc1e6f-0136-5ac5-b05d-aa265473f2f9", "source_ref": "campaign--f4b23eb0-c694-5b9f-91fe-9894d34dfe78", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--46223d55-004a-5f7f-948b-1d90b54e8271", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--f4b23eb0-c694-5b9f-91fe-9894d34dfe78", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--be6e1119-9118-55d9-a118-f8dc1e7efd21", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--98174b70-bb3b-5dbb-b0bf-d8554a2cb462", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--700d3b18-95c1-58bd-9a78-98130d070493", "target_ref": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "source_ref": "campaign--98174b70-bb3b-5dbb-b0bf-d8554a2cb462", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--498d850e-0617-5168-866a-fdceab67daa4", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--98174b70-bb3b-5dbb-b0bf-d8554a2cb462", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b4f6286b-2f4e-569c-b7eb-da0f5c810767", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--98174b70-bb3b-5dbb-b0bf-d8554a2cb462", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ae110cb8-5451-5ea2-b709-7074d417dff4", "target_ref": "malware--adbe2bbc-94ab-5d0b-ac74-4a379fb2a696", "source_ref": "campaign--98174b70-bb3b-5dbb-b0bf-d8554a2cb462", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--40a4e767-1107-5fb3-bddd-4442e52e8c07", "target_ref": "malware--c48c4e70-c8e8-5092-8bc7-0c9da8ac06c7", "source_ref": "campaign--98174b70-bb3b-5dbb-b0bf-d8554a2cb462", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--679e13e4-ba0d-5ee5-aef6-cd3babfd7635", "target_ref": "threat-actor--b3f40036-e3b1-58fd-a10f-7cb61fd745e6", "source_ref": "campaign--98174b70-bb3b-5dbb-b0bf-d8554a2cb462", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fed4e619-2a4f-59e0-bf79-4004cf381de8", "target_ref": "attack-pattern--594634b9-7dab-5882-811f-c607e895c5ab", "source_ref": "campaign--b425407d-b0fa-5806-aad6-1de6d5b71901", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4b26e1eb-c0a9-5c00-942f-54865396cd89", "target_ref": "attack-pattern--e2a03fcf-7100-5cd8-bef4-27e6cee28690", "source_ref": "campaign--b425407d-b0fa-5806-aad6-1de6d5b71901", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bfde3653-1a5f-5517-b04e-3c02a775c917", "target_ref": "attack-pattern--c9de7186-5f46-5b15-ae29-9cc935634a31", "source_ref": "campaign--b425407d-b0fa-5806-aad6-1de6d5b71901", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--1272bae8-a980-5e33-821b-b4d9d1212681", "target_ref": "threat-actor--6884df7a-cb54-5436-b071-d5d65caafa53", "source_ref": "campaign--b425407d-b0fa-5806-aad6-1de6d5b71901", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0c29fd08-ae0d-55ae-bb72-8e69a16e194e", "target_ref": "attack-pattern--0c8c740a-112c-5acd-a1b8-f38eb2714d7b", "source_ref": "campaign--b34a42f8-62b4-508a-ad6a-225e4b3d6dec", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--df3d0b9b-1ea4-5ee3-9058-f9d80ca0d054", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--b34a42f8-62b4-508a-ad6a-225e4b3d6dec", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c81e739d-50fa-5797-889e-71bed785c337", "target_ref": "tool--8d117263-b763-5a38-8543-25b13ddc82b7", "source_ref": "campaign--b34a42f8-62b4-508a-ad6a-225e4b3d6dec", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--947f5d27-2236-5dde-ae25-f1fc0e8b5d6a", "target_ref": "tool--b3069e3e-d8d4-557b-9a6b-c81bf35c3728", "source_ref": "campaign--b34a42f8-62b4-508a-ad6a-225e4b3d6dec", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--78f86671-06c7-54b3-a5b8-620b6ea863cc", "target_ref": "threat-actor--942361b0-e10d-51e6-bce2-a0c12cac72a6", "source_ref": "campaign--b34a42f8-62b4-508a-ad6a-225e4b3d6dec", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3d759956-52a7-5147-b6e2-722ab0dd0232", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--adbbc9d8-4967-5707-b824-8258f5048c8f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--17ecbb28-40a3-5c95-90d2-862a7acaf929", "target_ref": "malware--efc8a1be-2e4b-5dd5-bb83-c20fa9ff8376", "source_ref": "campaign--adbbc9d8-4967-5707-b824-8258f5048c8f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d11820e2-2f0f-5dee-bfaa-52427d7075e2", "target_ref": "malware--12c6aa23-6ad0-5954-9c37-4289f2dc7772", "source_ref": "campaign--adbbc9d8-4967-5707-b824-8258f5048c8f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--49036eec-5660-5f26-92cb-1e0e5c98fac0", "target_ref": "malware--7ca684bb-f70b-5dd3-a478-11cfb6659ba1", "source_ref": "campaign--adbbc9d8-4967-5707-b824-8258f5048c8f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4f3d8da2-52fb-5698-b81a-0c3e4e100133", "target_ref": "threat-actor--59582752-5104-56c4-b809-83f1d0aaa754", "source_ref": "campaign--adbbc9d8-4967-5707-b824-8258f5048c8f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f20e2145-753e-5d5e-847e-9721377b9289", "target_ref": "attack-pattern--4e544995-b16f-5bbf-ae8f-08f05163b329", "source_ref": "campaign--81431f24-3c94-5d59-b0e7-aaa38d39c683", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d58c830d-9e1e-56e3-9d61-0d1ba3fdc3b7", "target_ref": "malware--583c2b9a-355d-5746-82b0-cc5bc61ebb5c", "source_ref": "campaign--81431f24-3c94-5d59-b0e7-aaa38d39c683", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--636a8d1f-3df6-536e-81b5-51c35d9c3e42", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--81431f24-3c94-5d59-b0e7-aaa38d39c683", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f127cc86-cecc-597e-8197-67d34ce9234a", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--81431f24-3c94-5d59-b0e7-aaa38d39c683", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--50e2957f-0651-5c12-af37-a5412a6a71ad", "target_ref": "malware--5965c1fc-eeb6-566a-9bef-3fd29c8d507b", "source_ref": "campaign--81431f24-3c94-5d59-b0e7-aaa38d39c683", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--26d075b0-e333-5758-8913-412753b1bb49", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--81431f24-3c94-5d59-b0e7-aaa38d39c683", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--94d881ee-8ec6-5f7a-9edd-53d240ac777f", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--c36275be-46e7-5172-855d-b0aa52edce6e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--36a84a6c-24d7-56e7-b082-ec5462b92a84", "target_ref": "threat-actor--c10fb8e3-1408-5a1d-920e-2407199e77aa", "source_ref": "campaign--c36275be-46e7-5172-855d-b0aa52edce6e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ec9c2cee-3ee3-5399-8b90-f639739f39c0", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--8dc0f680-a596-5321-8e74-99fd2ce3b58e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e19d0a7c-19ff-528d-9af1-bf8652d06c1e", "target_ref": "attack-pattern--cda7338b-3fe8-5426-9b96-c463412b7689", "source_ref": "campaign--8dc0f680-a596-5321-8e74-99fd2ce3b58e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8ca21ed7-1188-5080-9d7d-5db8de308640", "target_ref": "malware--b475d082-b4d5-5e0a-8d58-15b6e473aefe", "source_ref": "campaign--8dc0f680-a596-5321-8e74-99fd2ce3b58e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--b4a9dfbc-b739-5457-8b96-c06251ca2f54", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--8dc0f680-a596-5321-8e74-99fd2ce3b58e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cc225617-cb75-5ae0-a4c0-63cad493fec4", "target_ref": "malware--25b9da29-ba1c-5d2c-9762-443c3e3d5f7b", "source_ref": "campaign--2b153f83-170b-5419-b4a6-81b442608f72", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--dbc35a9a-17df-5ea3-b733-844c65711995", "target_ref": "tool--48087600-1c22-5071-bc6c-0cc6130e700d", "source_ref": "campaign--2b153f83-170b-5419-b4a6-81b442608f72", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--48c75e66-be92-50eb-beb3-042a9e58463a", "target_ref": "malware--9c9f5f9e-8add-5b40-abc6-0b0c1a661ce7", "source_ref": "campaign--2b153f83-170b-5419-b4a6-81b442608f72", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d25c0daf-3e6f-5cb0-ae3e-940e09e34be8", "target_ref": "malware--a9d3c0f1-6316-51fc-8483-099452f0d18c", "source_ref": "campaign--2b153f83-170b-5419-b4a6-81b442608f72", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9145cc00-cbf4-53ed-b5a8-a97a52eca99a", "target_ref": "tool--8470b13d-ad4b-5f4b-b3a4-50039d94f52c", "source_ref": "campaign--2b153f83-170b-5419-b4a6-81b442608f72", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--96cc5800-188a-53c4-8d4b-fdb914e32b1d", "target_ref": "malware--b822461c-c90b-58d4-8ff2-5e41c6358478", "source_ref": "campaign--2b153f83-170b-5419-b4a6-81b442608f72", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--05afe1cc-968b-515a-a39b-fe8ffcc38dad", "target_ref": "threat-actor--552d73c3-91f2-5411-bf24-d9d47473fbdd", "source_ref": "campaign--2b153f83-170b-5419-b4a6-81b442608f72", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6a4e8b3e-9075-546f-b548-8599285803f0", "target_ref": "attack-pattern--ebada0bc-2296-5195-9af9-ef7b54067b2d", "source_ref": "campaign--f174a9b6-3c28-57a6-abb2-e8d0b04cb772", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--98601d11-4beb-5354-8079-4dd708805238", "target_ref": "attack-pattern--a3e6ba12-4e2a-5a12-ba9f-6a873af14df2", "source_ref": "campaign--f174a9b6-3c28-57a6-abb2-e8d0b04cb772", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--af1ac7cd-5b57-55e0-b7b9-a4ce00041e52", "target_ref": "attack-pattern--b736d0bd-e82e-5c5f-aa25-9906e9eb79ba", "source_ref": "campaign--f174a9b6-3c28-57a6-abb2-e8d0b04cb772", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--96c84bcc-8424-54ac-88a6-71e004e9088a", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--f174a9b6-3c28-57a6-abb2-e8d0b04cb772", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5cebb2cd-fa79-52f4-81fa-12c5329bc4b4", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--4693dd1c-2465-57c8-bbd7-c63c27340466", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6664b211-d12b-576f-819c-d32be9eec48d", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--4693dd1c-2465-57c8-bbd7-c63c27340466", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2fc9cef3-d5e1-5975-9fc1-0813daa04644", "target_ref": "tool--2dcc1e6f-0136-5ac5-b05d-aa265473f2f9", "source_ref": "campaign--4693dd1c-2465-57c8-bbd7-c63c27340466", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b6381ee2-5cf4-5548-b34f-e40212ec3a91", "target_ref": "malware--43eccb9b-0ae5-506a-a4dc-ecec1f013bd6", "source_ref": "campaign--4693dd1c-2465-57c8-bbd7-c63c27340466", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--124903fd-c0cd-58cc-b21f-ff2c77d9b0d4", "target_ref": "threat-actor--43454ef7-d48b-5107-af7b-682442b0833d", "source_ref": "campaign--4693dd1c-2465-57c8-bbd7-c63c27340466", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--481e1648-9829-518c-b4c6-dd2235bc00ce", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--27b33137-800d-5e18-9b32-f236da924b9b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--38cbfdbd-f0fb-5eef-a3cf-f52d45beb25c", "target_ref": "attack-pattern--a3e6ba12-4e2a-5a12-ba9f-6a873af14df2", "source_ref": "campaign--27b33137-800d-5e18-9b32-f236da924b9b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9844a37f-fca5-5858-a4ea-69d581a9f263", "target_ref": "malware--45aa8a47-f0af-5d8f-b001-ee175102874d", "source_ref": "campaign--27b33137-800d-5e18-9b32-f236da924b9b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ef03a8c2-5e27-5196-af61-1a2d3804d9bb", "target_ref": "malware--1ce0716e-f523-5de5-a6b5-6da2485d0c9c", "source_ref": "campaign--27b33137-800d-5e18-9b32-f236da924b9b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--953baf39-5bb2-5d75-b122-55f46c3c836c", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--27b33137-800d-5e18-9b32-f236da924b9b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f493e6a9-6e6e-55db-a6c5-774d4f47e873", "target_ref": "threat-actor--7fdefa69-e7ab-5aca-b26d-1c0cb9ae124e", "source_ref": "campaign--27b33137-800d-5e18-9b32-f236da924b9b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d6bb60e0-6dff-5ad6-971c-f4a1efada2dc", "target_ref": "attack-pattern--ebada0bc-2296-5195-9af9-ef7b54067b2d", "source_ref": "campaign--835ff793-583d-5556-9dc1-6ed09686a06a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--894fc070-7c03-5adb-b03e-c3af9ff14045", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--835ff793-583d-5556-9dc1-6ed09686a06a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--717ce8e2-23f4-5925-97da-715e25bca445", "target_ref": "threat-actor--1dfe1db8-b3f7-5074-a55d-66eeac30dbc3", "source_ref": "campaign--835ff793-583d-5556-9dc1-6ed09686a06a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c85948c4-9a31-53d2-a0ae-c9da3a1099cb", "target_ref": "attack-pattern--42f6b8af-c1ff-51e2-85ad-6b1d88a09dee", "source_ref": "campaign--054eaf63-69bc-5fea-9718-858d017542c1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c9d1c928-66ef-5b1d-87ce-444e278d7b6c", "target_ref": "tool--859cf403-45d1-500b-9b27-63555c426ec7", "source_ref": "campaign--054eaf63-69bc-5fea-9718-858d017542c1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a7a98d9d-c738-5291-b1b4-94686d36f3cd", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--054eaf63-69bc-5fea-9718-858d017542c1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--de02d16e-c894-57c5-a9c0-451341408a5a", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--e117c5dd-a1fc-5e07-8040-e2b6d954d852", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--89ac4540-8ba8-5b89-89a3-b8dcd0bc4626", "target_ref": "tool--e4ea1a47-2cc7-5b40-ae04-25bfd7351dbb", "source_ref": "campaign--e117c5dd-a1fc-5e07-8040-e2b6d954d852", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9022221c-b82f-5bcf-9ef1-0bc8b37ed49e", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--e117c5dd-a1fc-5e07-8040-e2b6d954d852", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--04e898fb-9a02-557d-9777-53e1d4bc2769", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--33e7587c-0720-52f6-bb10-2b4d128f3edf", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6903d6ea-839b-52f1-8ec8-bc8ab196878e", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--33e7587c-0720-52f6-bb10-2b4d128f3edf", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--53c1c041-a9e5-5a82-950f-2646c23479e8", "target_ref": "malware--0bc64092-8b37-5231-9d0b-7b6b2c0b14ae", "source_ref": "campaign--33e7587c-0720-52f6-bb10-2b4d128f3edf", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--980ad844-0703-5e68-bcb3-ccfb23ee7dcc", "target_ref": "threat-actor--73ca4d63-7fae-5bd6-a7eb-ac06c92b6352", "source_ref": "campaign--33e7587c-0720-52f6-bb10-2b4d128f3edf", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--50d9db98-c471-5ef0-81bf-4c74cfc28beb", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--2b4033c4-57d2-5402-82f1-086ec1a1f60d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8c7d15a7-efca-58ae-82ac-4e2e6b591dd4", "target_ref": "malware--4580988d-5482-511d-940d-961ddacba928", "source_ref": "campaign--2b4033c4-57d2-5402-82f1-086ec1a1f60d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--297ed09e-27c3-5bdb-8770-797fd0ad9201", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--2b4033c4-57d2-5402-82f1-086ec1a1f60d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a610ecc2-e300-5c59-8421-4ae4dc8ed798", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--f5991678-8844-5807-aa5e-2b31bc0e6efb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--dc402871-2368-55ef-872e-e386f335b8ca", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--f5991678-8844-5807-aa5e-2b31bc0e6efb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ec6c7fef-7e9f-57e6-bbfc-a242a7290484", "target_ref": "malware--664491d5-a4d3-5499-a193-57ab33b34f7c", "source_ref": "campaign--f5991678-8844-5807-aa5e-2b31bc0e6efb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--cbb99dd6-a693-5916-85ff-2c12af7734a2", "target_ref": "threat-actor--a89573bb-2141-5f58-be68-c06c3300d0da", "source_ref": "campaign--f5991678-8844-5807-aa5e-2b31bc0e6efb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b4087be3-bb16-5e3c-b41f-46d0c8179359", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--681febe4-2f41-5ae3-94fe-9c16478e560e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--55edf627-03b0-5628-adb5-84cc889205e6", "target_ref": "attack-pattern--642bb222-f4e6-5881-834d-967e52c506c3", "source_ref": "campaign--681febe4-2f41-5ae3-94fe-9c16478e560e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4bbe4e26-631c-5c72-9822-efabb8074bb5", "target_ref": "attack-pattern--45c6154a-9151-5c4c-96df-b8f602d00b9c", "source_ref": "campaign--681febe4-2f41-5ae3-94fe-9c16478e560e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--71ca5fda-ed9c-5794-ba23-c310b9022142", "target_ref": "attack-pattern--46590cb1-5bae-54b8-8c36-2b2853abe5cf", "source_ref": "campaign--681febe4-2f41-5ae3-94fe-9c16478e560e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d47c7968-6488-57e6-a63a-12f17b13a7c8", "target_ref": "attack-pattern--c1e9add3-a6ef-5ece-b671-569745c0c324", "source_ref": "campaign--681febe4-2f41-5ae3-94fe-9c16478e560e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f0f843cb-fa9c-5e63-a244-21c1720431b5", "target_ref": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "source_ref": "campaign--681febe4-2f41-5ae3-94fe-9c16478e560e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fdd7f603-aab6-5e17-b8f2-6711d9889376", "target_ref": "malware--545a0b8d-dda7-5f25-bde4-e00153ffc8ce", "source_ref": "campaign--681febe4-2f41-5ae3-94fe-9c16478e560e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--279f877a-e225-5040-94fa-20516995828a", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--681febe4-2f41-5ae3-94fe-9c16478e560e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--1a1b76a6-f265-5494-8c4b-25ea6d3341b5", "target_ref": "threat-actor--1a052803-0f1b-51f6-8e75-5445d0ca807a", "source_ref": "campaign--681febe4-2f41-5ae3-94fe-9c16478e560e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f26209b7-2fa6-56c7-b34e-45085a1d5ee1", "target_ref": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "source_ref": "campaign--18fe4f29-f3ae-5743-bf58-ad791f8c68f8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e5b24f04-40eb-58da-8742-320abb8c130a", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--18fe4f29-f3ae-5743-bf58-ad791f8c68f8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9c23d40b-33b9-5851-967e-7231eb94fec0", "target_ref": "malware--934e5329-322b-5269-b7c7-7f9f6c417fdd", "source_ref": "campaign--18fe4f29-f3ae-5743-bf58-ad791f8c68f8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--20ac565a-f315-59c5-abcf-84c8c8c557ea", "target_ref": "malware--a5a3c712-c5d6-51d2-99e1-f0de35a49947", "source_ref": "campaign--18fe4f29-f3ae-5743-bf58-ad791f8c68f8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--14c9621a-39f7-574b-a32d-03c1cc7f9322", "target_ref": "malware--54e6d5b2-b389-5c64-9e04-e4f261e475a3", "source_ref": "campaign--18fe4f29-f3ae-5743-bf58-ad791f8c68f8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--65169d6a-01dc-59d2-9f80-9ac47efca621", "target_ref": "threat-actor--7b674ebc-3e05-5748-a0c7-ab587d9d21f6", "source_ref": "campaign--18fe4f29-f3ae-5743-bf58-ad791f8c68f8", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2a743d0b-02e8-5f6d-99c5-e2e18c78e1a3", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--fd045333-e867-5335-ad70-f759e78e39e1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cb525225-4a50-512e-bf5a-1bea35dd89be", "target_ref": "attack-pattern--de1b06cf-8261-55d2-a3bb-d385ababfb4c", "source_ref": "campaign--fd045333-e867-5335-ad70-f759e78e39e1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7e709f29-f291-5040-9a31-e5b775199aab", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--fd045333-e867-5335-ad70-f759e78e39e1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--530885aa-3177-548d-b1d9-7c5b600ae3e5", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--fd045333-e867-5335-ad70-f759e78e39e1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6ba27454-74e0-538f-b41d-0dbe60b4b111", "target_ref": "malware--d082380b-482b-5c5c-b737-d33fb320d9da", "source_ref": "campaign--052191b8-2b9c-5616-b610-ebb413ea1d1b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--40703d89-4e93-5819-b949-194f33bffdf3", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--052191b8-2b9c-5616-b610-ebb413ea1d1b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--72fcf411-0d58-5795-b805-5fef30cd8bf3", "target_ref": "malware--8a1996d0-c446-5cca-ad9a-41ced58682d0", "source_ref": "campaign--06ac02a3-db87-53bd-8e58-a666273565ee", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ac3fcb46-c482-5fea-9542-19a52e16f17e", "target_ref": "malware--51d6cdf1-6b83-5a97-aacb-0e459018df85", "source_ref": "campaign--06ac02a3-db87-53bd-8e58-a666273565ee", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b71d5f67-70d3-57a1-b024-d58deb457022", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--06ac02a3-db87-53bd-8e58-a666273565ee", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2322c8cc-e743-5a58-94d4-fc66ff488a4b", "target_ref": "malware--0e2af487-9277-5ef0-ae4b-855402090b00", "source_ref": "campaign--06ac02a3-db87-53bd-8e58-a666273565ee", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ef6e88a0-d2b3-5800-bd7b-59ce4f222307", "target_ref": "tool--b1820b5b-658f-56b7-bb13-c5d5dbbaf582", "source_ref": "campaign--06ac02a3-db87-53bd-8e58-a666273565ee", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3a4e822f-7aab-5ff9-936a-52a750badb08", "target_ref": "threat-actor--addd8af1-f2fc-5ccd-8407-78dcd90fc363", "source_ref": "campaign--06ac02a3-db87-53bd-8e58-a666273565ee", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3edcf38f-13f8-5c8a-a1e8-da1a4bbf956c", "target_ref": "attack-pattern--676a526b-c3ad-5907-a397-e6741447ca95", "source_ref": "campaign--acadb9c3-ba64-52ab-bddf-337b6e7f9eeb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f4342c2f-dd21-58d8-a5ad-11dc371ef514", "target_ref": "tool--c16a1387-5dd9-5b49-a489-8091219d3115", "source_ref": "campaign--acadb9c3-ba64-52ab-bddf-337b6e7f9eeb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--71dda71b-e1b8-59d4-8316-0f3c389c9e62", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--acadb9c3-ba64-52ab-bddf-337b6e7f9eeb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a21b860c-3e77-57a6-ae71-805dc86d30ca", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--acadb9c3-ba64-52ab-bddf-337b6e7f9eeb", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--24f106c2-7f31-5dd1-877f-d59c869aa859", "target_ref": "attack-pattern--16ec325a-a112-5451-b003-df337aae8ee0", "source_ref": "campaign--152a629d-2127-5185-8923-4b03d8c51bf4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c102b555-e30d-51f7-a160-cdf5d5ca3275", "target_ref": "malware--26bb6270-fcf0-591b-8eb6-5f212bd11e7a", "source_ref": "campaign--152a629d-2127-5185-8923-4b03d8c51bf4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--41244d29-2600-5fca-8fe2-410e878680ec", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--152a629d-2127-5185-8923-4b03d8c51bf4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fae0160e-c5b8-5195-b752-c38b7a6a437b", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--ee296d32-43b4-532d-a814-4d2bcac8224a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a29a5287-0c37-5445-973a-b18268fdcf64", "target_ref": "threat-actor--7f98da2d-4734-5ba4-a2b7-89e15377c9e7", "source_ref": "campaign--ee296d32-43b4-532d-a814-4d2bcac8224a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--02180069-7948-5cc4-8ad8-dde1dc3c3282", "target_ref": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "source_ref": "campaign--44ccfa8b-280d-538c-8806-426337417da6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8458936e-6ccc-57f0-bcb4-acb65c29b707", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--44ccfa8b-280d-538c-8806-426337417da6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--310b91e7-d1fd-524e-a667-4e005e077813", "target_ref": "malware--fb3b2247-7e1e-5d96-81e7-ce2f4d19dbb4", "source_ref": "campaign--44ccfa8b-280d-538c-8806-426337417da6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--02ae6968-2f21-53c3-8df1-e49e87e5666e", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--44ccfa8b-280d-538c-8806-426337417da6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bf872bea-f5cb-596b-93aa-e7cd9d91fcf6", "target_ref": "tool--c1d24482-73f3-5489-bf90-4d22ec929bb9", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9dad7279-527e-517a-aa19-bc363031d954", "target_ref": "malware--f2ce35bf-0c91-55d2-9ac0-fd50a98bb983", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--76f6e3b8-7ec6-5044-b646-5ea97fd64055", "target_ref": "malware--253ad949-b180-56f6-beb7-824e28f68712", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0d733ad3-b065-51f4-abe6-258153af1ab1", "target_ref": "malware--9c9f5f9e-8add-5b40-abc6-0b0c1a661ce7", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--06319cd2-2356-5501-ab39-64f48656b26c", "target_ref": "malware--bc67bbd5-8d36-5e1c-b602-9e9a8d8e7164", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--361f0796-4b55-5b5b-970c-5cdf59e2cfd2", "target_ref": "tool--a7088638-33f7-522c-9e38-e88758043fee", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cdf20f62-7f27-5f82-9211-a8db94bdb80b", "target_ref": "malware--ce73c73d-4e5f-5fda-8d8e-8200029cbc38", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--79d72a87-41f9-5323-966a-eaf04e1147a3", "target_ref": "malware--2985d677-1deb-520b-b1b6-fcbf1e940cd1", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ea603a46-6d7e-591c-be84-f6dfe5832bd4", "target_ref": "malware--a97c3d22-405d-513f-96af-ab40f7b49cfd", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--04e2e6e9-a06e-5dd0-b24d-329c4f83392c", "target_ref": "malware--9ca1679f-ddec-5b32-9dd2-b226551f72b3", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--76b6a424-d0bc-5b35-8c37-fe00114de3f9", "target_ref": "tool--50775061-da02-5b4b-82af-83ccda7e1ee3", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7f5e4f48-7e5d-5107-9209-bf9b9323d6c8", "target_ref": "tool--82a521b2-eb90-592e-a483-aa57f2c38301", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2fcd0223-2823-5c3c-a7c9-68bc055c64d9", "target_ref": "tool--18a5ddb6-5480-5a28-912b-3d284d9ee559", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--418b8c9b-fce7-5b0f-8586-1e1f6986d696", "target_ref": "malware--5c69400f-83a7-58cf-9cc3-ea9a58c9ace5", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--6b35f95a-b1e9-5d68-b350-8a513b019058", "target_ref": "threat-actor--82494930-131b-5754-8de7-233c22554b02", "source_ref": "campaign--fa429a2b-1536-5246-855d-f5390c6ff93e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8f866a41-c119-5185-bfdf-02be1d1a475e", "target_ref": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "source_ref": "campaign--dd874265-9037-53b3-adce-2a3d8253253a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c39684a5-55ee-55c6-9ec8-77d276a764b1", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--dd874265-9037-53b3-adce-2a3d8253253a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9ce590f6-95ad-5688-8357-4a0c85454a67", "target_ref": "malware--a5a3c712-c5d6-51d2-99e1-f0de35a49947", "source_ref": "campaign--dd874265-9037-53b3-adce-2a3d8253253a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--615aa4f8-d222-5e70-ae40-83e19ad2c165", "target_ref": "tool--6b4b7b9d-748c-59a5-83a6-7ee2251bbf00", "source_ref": "campaign--dd874265-9037-53b3-adce-2a3d8253253a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--7a712c70-0eee-58e6-b801-37a8948b3d65", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--dd874265-9037-53b3-adce-2a3d8253253a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--738bfb4f-6c97-5e45-956a-0372e2bf66ef", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--a7abf7d6-139f-57f8-9f48-f2b7ede70eef", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--32ed32d2-0e22-50b3-9f3a-6bf96c26b3bc", "target_ref": "attack-pattern--fd96456c-2c63-5f07-93a9-7e1dee32e261", "source_ref": "campaign--235d85c1-d436-547d-9a76-2d38bf054db4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8e836735-56fa-572b-8053-246eb2c4df8c", "target_ref": "attack-pattern--cc24199e-924f-5166-a20a-72db75936096", "source_ref": "campaign--235d85c1-d436-547d-9a76-2d38bf054db4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--b260d18a-29c1-5229-adba-44134d9183a3", "target_ref": "threat-actor--ce44472f-cd97-5ef9-9a93-aca86e770d8e", "source_ref": "campaign--235d85c1-d436-547d-9a76-2d38bf054db4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--17cfe1e0-19af-5118-8bea-b41925859b97", "target_ref": "attack-pattern--86e9b2ff-550c-524c-82c9-f5c99d7f9799", "source_ref": "campaign--a3f244de-5a10-5bbd-a8da-a47e2cbed8f5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--354caf74-3406-5f07-bc8e-9338dc8c9d8e", "target_ref": "threat-actor--9af81023-9771-57e7-ae3f-ac2c94ac2bf3", "source_ref": "campaign--a3f244de-5a10-5bbd-a8da-a47e2cbed8f5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--92f340b8-0961-5c8c-b9a8-d425f72ca07d", "target_ref": "threat-actor--08a5cf5b-b37e-5247-9f2b-3a315a20004d", "source_ref": "campaign--14c9ff66-2d65-5e80-b09f-ecda9cbffadc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--43f1d507-1264-54f0-b8ca-bdfadda8dc22", "target_ref": "attack-pattern--b6e7902d-f9e8-5852-bc4e-d8690c1c2385", "source_ref": "campaign--c0bcaede-27f5-5a19-9643-6e710ebcbddd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8c736b34-c05a-5e6d-97df-fb37cafe9154", "target_ref": "attack-pattern--bf7e6191-9504-5964-89d4-fc612fdc5ea8", "source_ref": "campaign--c0bcaede-27f5-5a19-9643-6e710ebcbddd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f107f432-f289-5d8f-a707-2703e5d6d846", "target_ref": "threat-actor--30689c86-aeae-5cbc-80e4-01485dbbace8", "source_ref": "campaign--c0bcaede-27f5-5a19-9643-6e710ebcbddd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--172d5db2-8a93-5c9b-bb3d-b17d0e90dc25", "target_ref": "malware--f829e283-b79c-51b8-847e-b62e39d3f1ec", "source_ref": "campaign--0104f36a-ba94-5a50-b35b-a29760e5d1a7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--811fcd8e-970e-5358-9597-d1ea4306e044", "target_ref": "threat-actor--8f02a1ee-ec5b-55c1-85eb-7cc8805c3723", "source_ref": "campaign--0104f36a-ba94-5a50-b35b-a29760e5d1a7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0e8a3d9d-47ff-5eef-b626-2354470813a8", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--56eb9b45-5fe2-51d1-ad68-4228d9b067ca", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0e184a7d-0d79-5c49-ac45-bf4bb24216b2", "target_ref": "malware--89de4076-849d-5d78-ab38-0bbf7b34eb6b", "source_ref": "campaign--56eb9b45-5fe2-51d1-ad68-4228d9b067ca", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3c46e16f-b7c2-5490-8fbd-56a0c4714d51", "target_ref": "threat-actor--f8833b33-0f5f-5786-81ef-1e66dba2515e", "source_ref": "campaign--56eb9b45-5fe2-51d1-ad68-4228d9b067ca", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1b668172-24c0-58a4-836b-8b80418bf556", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--d5e5694c-81e3-5972-8d75-fb44f1b73842", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2bd8b7d3-2566-50e4-88bd-f5af68e47960", "target_ref": "malware--fd350baf-c0a4-5e2e-83c5-4b64ff36f440", "source_ref": "campaign--d5e5694c-81e3-5972-8d75-fb44f1b73842", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cd0bffc7-5299-5b32-9835-670a0054e736", "target_ref": "tool--b26e72fa-edd0-5a23-97b8-941e19b1e22c", "source_ref": "campaign--d5e5694c-81e3-5972-8d75-fb44f1b73842", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c63b44ae-e17c-5c52-9659-5aa7786837cc", "target_ref": "threat-actor--00b7f434-773d-5f4a-8d6b-c93cd1940495", "source_ref": "campaign--d5e5694c-81e3-5972-8d75-fb44f1b73842", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e54611a3-4873-54ae-aaec-164a0e5ecf33", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--9d07fbeb-a438-5746-aa8c-3bdb28d5387d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--85c899fe-db7a-5fda-99db-558b95f6056e", "target_ref": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "source_ref": "campaign--9d07fbeb-a438-5746-aa8c-3bdb28d5387d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--634cae5c-9f52-5c92-8669-f1b58c50001c", "target_ref": "malware--0a6a5de1-2be7-554d-a7aa-a4ec9aac27e8", "source_ref": "campaign--9d07fbeb-a438-5746-aa8c-3bdb28d5387d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1473c34b-16f1-5db5-a6e6-d0238fb4a177", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--9d07fbeb-a438-5746-aa8c-3bdb28d5387d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--eda51982-ba85-584c-9900-a001cc096039", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--9d07fbeb-a438-5746-aa8c-3bdb28d5387d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--34675dcf-260f-5167-bcbe-b97d08f4132d", "target_ref": "malware--1a4aca1e-9171-5008-b499-31e848737fc7", "source_ref": "campaign--f142a4ec-2e6c-580d-8e93-36272cbc6253", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--2a2dc7c3-4b6a-5e23-b61a-5473afef42b6", "target_ref": "threat-actor--c4ff44db-dadb-55ca-a9ae-d6c4ec2846de", "source_ref": "campaign--f142a4ec-2e6c-580d-8e93-36272cbc6253", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--42fb9037-e696-5f1a-b0f8-d112b319928c", "target_ref": "attack-pattern--11f5ec5a-0e3d-5e33-8e4e-08e2c02e7deb", "source_ref": "campaign--7c0aa995-5191-5e30-aef6-34fad89463ab", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2504b21c-bf12-5318-8278-368e6d3b6ed9", "target_ref": "malware--c84c0a63-776b-55a5-b2ab-1b12b6170d31", "source_ref": "campaign--7c0aa995-5191-5e30-aef6-34fad89463ab", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9d5e4dd7-c837-5103-86b5-1a66e8cef098", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--7c0aa995-5191-5e30-aef6-34fad89463ab", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1ce0ab85-6dbf-56bb-b328-51ad20a889c6", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--c6f020df-4e0f-5095-9afd-50986fa3636f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--92ec5bcb-5f34-54fc-b090-24bb0a936623", "target_ref": "attack-pattern--859f8a54-93ec-589f-b18a-88c6b8565682", "source_ref": "campaign--c6f020df-4e0f-5095-9afd-50986fa3636f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--2859266b-4b9a-59f1-a614-03da9b234b44", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--c6f020df-4e0f-5095-9afd-50986fa3636f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8b9216ad-4ff2-5860-8bb2-228b36481392", "target_ref": "attack-pattern--c4d72aac-f9f3-5871-9410-0bb7eb42a62d", "source_ref": "campaign--3b68bb31-36e0-540e-8f79-a81b1e7920a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--055c2a3c-5ece-52cc-9ab0-84c8dbb66d35", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--3b68bb31-36e0-540e-8f79-a81b1e7920a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0fbd33dd-7f19-5857-9a2c-10e1b836791b", "target_ref": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "source_ref": "campaign--3b68bb31-36e0-540e-8f79-a81b1e7920a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--36fcd8eb-5715-558e-a575-4d4837c7efee", "target_ref": "malware--b1938fcf-622a-508f-9d24-b6b135518d53", "source_ref": "campaign--3b68bb31-36e0-540e-8f79-a81b1e7920a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--04da1a48-8f44-51cb-9254-51e8adb7381b", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--3b68bb31-36e0-540e-8f79-a81b1e7920a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1b74014d-32fb-5ba7-9b38-6107007c675b", "target_ref": "attack-pattern--c288c362-49e2-5a1c-84a4-5c6dcb21102e", "source_ref": "campaign--b389c318-014c-52f3-89fd-2089337aad45", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--61598998-9c0a-5787-b614-ab63d7bb7668", "target_ref": "attack-pattern--656a9086-487c-57f9-8a05-a9d16c821361", "source_ref": "campaign--b389c318-014c-52f3-89fd-2089337aad45", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--5c3bc027-ce2b-5c48-b0f8-2affd41d9b4d", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--b389c318-014c-52f3-89fd-2089337aad45", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f91bba40-5bef-5483-bed3-8cfc2a18c073", "target_ref": "attack-pattern--86e9b2ff-550c-524c-82c9-f5c99d7f9799", "source_ref": "campaign--57761641-629b-5d73-a3a6-b483364baff7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a3d70b34-f92a-503b-b5bc-ae2438cd15f2", "target_ref": "attack-pattern--e897f6c7-12ab-549a-a458-a274ee41bd4e", "source_ref": "campaign--57761641-629b-5d73-a3a6-b483364baff7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bf657955-3170-5e5f-b4fa-2b78370df475", "target_ref": "attack-pattern--45c6154a-9151-5c4c-96df-b8f602d00b9c", "source_ref": "campaign--57761641-629b-5d73-a3a6-b483364baff7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7d6ef0c5-513d-585b-8bb0-c9dcd812e271", "target_ref": "attack-pattern--7a5ba079-8eed-5d05-bf40-bcd1ea0fae6e", "source_ref": "campaign--57761641-629b-5d73-a3a6-b483364baff7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--dd2aed6b-352d-5863-9c5a-ef67e414a61d", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--57761641-629b-5d73-a3a6-b483364baff7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7053dc18-e01c-513f-978c-10ccc66b2230", "target_ref": "attack-pattern--27cb9b56-6d2e-5ed3-bde9-cba89227197f", "source_ref": "campaign--71ae8bc5-1544-587a-bafa-20758366bdde", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1b95baa5-2d32-51b5-bec9-6b3ca799f455", "target_ref": "attack-pattern--bf9f512a-bae4-5cc2-993a-6d395c4801ba", "source_ref": "campaign--71ae8bc5-1544-587a-bafa-20758366bdde", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fd39368b-fd84-508e-a513-e9cb7705053e", "target_ref": "attack-pattern--e8605090-b15d-5201-9313-79abf2ca5567", "source_ref": "campaign--71ae8bc5-1544-587a-bafa-20758366bdde", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7907228d-bef2-5ed1-8137-d1483b6a7bb5", "target_ref": "attack-pattern--5ab8f232-2e54-5fe7-bcba-87f5d5569351", "source_ref": "campaign--71ae8bc5-1544-587a-bafa-20758366bdde", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f2a5ad20-f1bc-5167-bdbb-6213c82f9cd6", "target_ref": "attack-pattern--b396e7e8-3a42-5301-a61f-e29d5e57a2a7", "source_ref": "campaign--71ae8bc5-1544-587a-bafa-20758366bdde", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8fafed12-9e15-5982-a716-1696f7b10e1e", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--71ae8bc5-1544-587a-bafa-20758366bdde", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9ce32479-e156-548c-ad88-76f0d9cde851", "target_ref": "threat-actor--6884df7a-cb54-5436-b071-d5d65caafa53", "source_ref": "campaign--71ae8bc5-1544-587a-bafa-20758366bdde", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f05d88af-f8bd-52e3-af2a-6ad100d104f6", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--d7bb859a-3c30-5c3b-873b-8090faa0566d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--33354ea2-a0b9-5e52-8b8f-b00db42a1d16", "target_ref": "threat-actor--69651dda-8a84-5af2-b49e-038df494bfb4", "source_ref": "campaign--d7bb859a-3c30-5c3b-873b-8090faa0566d", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ec2000b4-908f-5909-a095-5624188b3d69", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--b10411a5-414f-50c4-8c7d-27b565744e87", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7a9f9f30-7894-5149-bfd4-0935de2257ed", "target_ref": "attack-pattern--fbb64e96-fc1f-551a-a857-bd75d395ca22", "source_ref": "campaign--b10411a5-414f-50c4-8c7d-27b565744e87", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e9bcfd7f-3bd3-59af-be7e-f718ccbb5f42", "target_ref": "threat-actor--4c4b7cfe-397f-5bb9-b525-8568f64c0605", "source_ref": "campaign--b10411a5-414f-50c4-8c7d-27b565744e87", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9c0c2873-d8db-5422-8547-dca0d0dcefc0", "target_ref": "attack-pattern--c8cffad4-b4a1-5ab2-9dad-327e36e73d0b", "source_ref": "campaign--6f974368-3041-5cf5-8823-94c26681d5a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f7acb074-f3cf-5039-b55a-3a2e632ffb18", "target_ref": "attack-pattern--4e544995-b16f-5bbf-ae8f-08f05163b329", "source_ref": "campaign--6f974368-3041-5cf5-8823-94c26681d5a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--93a2fe86-9db6-5609-a5e9-1553c30f6e88", "target_ref": "attack-pattern--f931047d-5be2-5384-834f-028a8f0b767f", "source_ref": "campaign--6f974368-3041-5cf5-8823-94c26681d5a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1f4226b6-70ae-5d3c-8f22-920c404b6084", "target_ref": "attack-pattern--fd96456c-2c63-5f07-93a9-7e1dee32e261", "source_ref": "campaign--6f974368-3041-5cf5-8823-94c26681d5a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f42e6d41-8ca6-57db-94ee-e4b098eb1b50", "target_ref": "attack-pattern--41497bd8-4007-5838-95c1-f17920a7e956", "source_ref": "campaign--6f974368-3041-5cf5-8823-94c26681d5a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f542e3c9-6c57-5dfc-8420-e2aeeb5b077c", "target_ref": "tool--5db280ed-d748-5f6c-8551-96ccd4ed701f", "source_ref": "campaign--6f974368-3041-5cf5-8823-94c26681d5a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6ea2d09f-47b0-591a-8ad9-15e4f631b379", "target_ref": "tool--d8e9692d-fa6a-567a-b581-2439fe3e633f", "source_ref": "campaign--6f974368-3041-5cf5-8823-94c26681d5a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4eb2fcc2-697f-5274-8e48-ef3e5a716c20", "target_ref": "malware--b72663a2-6e83-59b2-9002-692712e4ffbe", "source_ref": "campaign--6f974368-3041-5cf5-8823-94c26681d5a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--37cf420c-dbd4-581e-a84d-a3adaf31ac43", "target_ref": "tool--48087600-1c22-5071-bc6c-0cc6130e700d", "source_ref": "campaign--6f974368-3041-5cf5-8823-94c26681d5a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--be885799-8096-58ee-b93a-031b4aff1264", "target_ref": "threat-actor--be0cb573-ab8d-58e4-b682-8c8b06e74cc6", "source_ref": "campaign--6f974368-3041-5cf5-8823-94c26681d5a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--62d39902-5a9d-5ae1-8c86-5c1d53f6724d", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--35f09c8d-7338-5660-ad53-c951f2213bdd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--0d3e87e2-8431-59ef-8f21-db821478d757", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--bf3d19ba-8209-5a5e-b0b8-49a7178cd9ce", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c4c94ca4-33d5-5dab-a14e-8588e50a3a53", "target_ref": "attack-pattern--e948084b-6a67-51c7-93b3-a937832fed2a", "source_ref": "campaign--a0403a69-8ef9-52a6-ac27-39c503d0f30b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--462860be-e7a9-5f73-8b3b-4d1ebc85723b", "target_ref": "threat-actor--0daf573e-37af-57e2-b350-4d34e4a9aec8", "source_ref": "campaign--a0403a69-8ef9-52a6-ac27-39c503d0f30b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e2d95215-1f3f-50a4-8fde-d11aa44a9c33", "target_ref": "threat-actor--73308bdd-62e4-580d-8bd8-597c4ddb6a38", "source_ref": "campaign--80ad655a-0185-5580-a1ad-959b76eed5d4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--50370b53-c39b-55dc-b52e-7a9f765df0fe", "target_ref": "attack-pattern--676a526b-c3ad-5907-a397-e6741447ca95", "source_ref": "campaign--1a38971b-dda2-5afc-bdf6-fa2154ff25d7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--53fcefd8-8ad4-5390-9e57-2eefefab3422", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--1a38971b-dda2-5afc-bdf6-fa2154ff25d7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6aa9a48a-6c87-55f6-96ae-39482c27a654", "target_ref": "tool--f1d95eb0-4b64-5f31-9156-243c2a6c9cc5", "source_ref": "campaign--1a38971b-dda2-5afc-bdf6-fa2154ff25d7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--356a9bdc-ed60-54d1-a249-c9897d207da6", "target_ref": "tool--0ead71ad-02a1-55bf-bb80-01f4a6b7f6d5", "source_ref": "campaign--1a38971b-dda2-5afc-bdf6-fa2154ff25d7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1f6dddc4-9ca2-5725-ba3e-09d38bba3fde", "target_ref": "tool--dd5f9bc0-42aa-519c-94bf-4c2a074ded89", "source_ref": "campaign--1a38971b-dda2-5afc-bdf6-fa2154ff25d7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--b605adcd-ff1e-5ea0-b56b-28c950c0ecbe", "target_ref": "threat-actor--b6a1370b-2454-5c9c-86d3-459c23d5042b", "source_ref": "campaign--1a38971b-dda2-5afc-bdf6-fa2154ff25d7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cc60e508-4b68-58d3-9706-e0fc8252e4d7", "target_ref": "attack-pattern--f6b43d7a-5047-5b06-846b-1fd2a6c194ce", "source_ref": "campaign--69528297-a2e6-5bba-a9f8-d0ac9baa5893", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3ca3017b-00c8-5ba0-8c20-6e517e550e3d", "target_ref": "threat-actor--6884df7a-cb54-5436-b071-d5d65caafa53", "source_ref": "campaign--69528297-a2e6-5bba-a9f8-d0ac9baa5893", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3d6c25bc-0a68-526a-a469-0ca028b5f8fd", "target_ref": "tool--896b498a-0409-5cef-8776-84af072ead70", "source_ref": "campaign--a65a7239-846b-5caa-be17-7328b5493838", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9b59dfca-f832-5a27-ab33-d9523a444df5", "target_ref": "tool--2a713a69-2e1e-5629-8087-46986e3121c5", "source_ref": "campaign--a65a7239-846b-5caa-be17-7328b5493838", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d609e865-ee6f-5888-881d-d3d249d06a56", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--a65a7239-846b-5caa-be17-7328b5493838", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b9b3a33f-129e-5b98-9311-cd993ec244fa", "target_ref": "attack-pattern--ebada0bc-2296-5195-9af9-ef7b54067b2d", "source_ref": "campaign--c6cff913-c8b6-5f2f-af93-cdd9ad744779", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--15aa95eb-3f24-546d-8d10-2be0b5f22e1a", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--c6cff913-c8b6-5f2f-af93-cdd9ad744779", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--fc5440fe-53af-5634-9fd0-1de3ed04e70e", "target_ref": "threat-actor--ffcd01f4-872f-5a30-b5e0-92aa466d2fae", "source_ref": "campaign--c6cff913-c8b6-5f2f-af93-cdd9ad744779", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2f0f1beb-1c17-5995-afa0-87bbed555e14", "target_ref": "attack-pattern--c1d02b3e-d05f-5339-be7e-9bf784ba3df1", "source_ref": "campaign--95eea450-d581-53c4-822a-cce7c30d6029", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--bd9b60fb-ce5b-5891-bcb2-f5c90b296572", "target_ref": "threat-actor--937980fa-5efd-5b25-99b6-05854c082371", "source_ref": "campaign--95eea450-d581-53c4-822a-cce7c30d6029", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c0960719-f6c1-52d5-b9aa-bb3974244981", "target_ref": "attack-pattern--ebada0bc-2296-5195-9af9-ef7b54067b2d", "source_ref": "campaign--39fc9918-448e-5e85-9a57-0eecdef5d7dc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9610b503-f178-5dc5-af1f-2b00a8f481c3", "target_ref": "malware--1edbf32f-e94f-5406-8ca3-ed783f311402", "source_ref": "campaign--39fc9918-448e-5e85-9a57-0eecdef5d7dc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--18c0c322-c46c-5f10-a96b-22e6767e9635", "target_ref": "threat-actor--9fb97e7b-be99-5c4b-8333-6fd0e21760d9", "source_ref": "campaign--39fc9918-448e-5e85-9a57-0eecdef5d7dc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--96d1f2cf-38f3-5e0c-9dde-2189ac371417", "target_ref": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ac01426e-d689-5b55-989d-c4f0216fe38f", "target_ref": "attack-pattern--a4c2d305-d399-5a4a-8379-cf24b94e8e95", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5f7e133d-381f-5632-9245-0ed11582acae", "target_ref": "attack-pattern--45c6154a-9151-5c4c-96df-b8f602d00b9c", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d62e902e-7c58-5872-bf46-53567e921473", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3fcd0e5e-8cb3-58e8-8b82-c8a80c499330", "target_ref": "tool--4fc9176b-52db-5d36-b1b1-eae2cec9cb23", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--30001822-233d-55c7-a1a8-e74d3d724230", "target_ref": "tool--c28c3b1d-ab5e-507d-a269-4e7a449f0528", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--58d8e732-cba7-575d-82a4-d01e6f42c684", "target_ref": "tool--f1d95eb0-4b64-5f31-9156-243c2a6c9cc5", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f5dca497-334a-575b-82a3-71669ed0f384", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3a5a408a-3fe5-593f-be82-a611b6164b52", "target_ref": "tool--896b498a-0409-5cef-8776-84af072ead70", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9aa2af9e-928a-5a37-b9b4-9f8c8d7fb7d4", "target_ref": "tool--ce2e8712-96e5-51dc-acce-0e94cbe4d7bb", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--57ae63ec-df60-5beb-af08-5f8876ccd666", "target_ref": "malware--15d768bb-f2f6-5ea7-871a-6995fc48ada6", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5c039d32-b3b9-507d-91b3-f9f8619ce6b2", "target_ref": "tool--0a425dd3-da8d-5cd1-a598-ae2a7e4aa3f5", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--036ad549-7d15-553a-b1e2-d75d3f2ec20c", "target_ref": "tool--30b2de50-1e49-5f95-ae05-1052cccde4f5", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--b9fad236-defa-5325-8d2c-231ff630ae6a", "target_ref": "threat-actor--aeb670b6-8087-566b-93e7-fa8672970a08", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9186f679-66c5-553c-947f-de6d033dbeac", "target_ref": "threat-actor--78db9843-979c-56d0-af37-a9eb8ae4a62f", "source_ref": "campaign--97931193-dcac-5d32-b38b-54d09581f389", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--35d0cc88-cfa6-5d98-af26-34a5185ccf97", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--e35f7378-c306-52ca-867a-e20b1f3e3927", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--00e56be5-2e7b-5fde-8603-25aa31371aa4", "target_ref": "attack-pattern--f6aa59d5-6d35-5287-8615-0d9e2effa5de", "source_ref": "campaign--e35f7378-c306-52ca-867a-e20b1f3e3927", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4491f1bf-0090-5144-aac5-5fa0bf8fa195", "target_ref": "malware--df94130b-ad72-5bc7-bc8e-20e61665f901", "source_ref": "campaign--e35f7378-c306-52ca-867a-e20b1f3e3927", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9ba82c25-6d2b-5fc0-a698-3b76dcd5510b", "target_ref": "malware--c794b6e7-0c76-5b50-b4b2-d445ebeb48fe", "source_ref": "campaign--e35f7378-c306-52ca-867a-e20b1f3e3927", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--35b8a67b-3e25-5372-83e2-0fe7e65461fb", "target_ref": "threat-actor--8c3df759-08ab-5906-b0eb-875ab465a29e", "source_ref": "campaign--e35f7378-c306-52ca-867a-e20b1f3e3927", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--8d71cbdb-a7f0-56f3-b9eb-b54cb04ab416", "target_ref": "threat-actor--3c7918ca-a06f-565d-99c1-d5ca3790bb90", "source_ref": "campaign--a0a66279-0ef7-59ba-abb7-9033f0409d93", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--70b675a4-2c93-5932-9115-23c0b5999bca", "target_ref": "malware--b095668e-c239-5b4c-bc11-43d614feb8d5", "source_ref": "campaign--e9b7dcf6-dbb2-5563-ba7d-1e7751df6bcf", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--c44c1e81-dc2a-5bf3-9812-2411aab6ed8a", "target_ref": "threat-actor--ef93db5d-442c-51aa-a2bc-3da4c1da0d4a", "source_ref": "campaign--e9b7dcf6-dbb2-5563-ba7d-1e7751df6bcf", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ced499bd-2552-5e18-813c-c6afd06519f6", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--7ed65aa1-b286-547d-8753-7a5e50ae1301", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4e486dd5-c2f1-5103-90b3-4195446a498b", "target_ref": "attack-pattern--5ab8f232-2e54-5fe7-bcba-87f5d5569351", "source_ref": "campaign--7ed65aa1-b286-547d-8753-7a5e50ae1301", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9673c8b3-70ad-584b-9c8d-624f9139b2b6", "target_ref": "attack-pattern--6612b6c0-ec73-575b-9a6d-b3f4a23b8f8d", "source_ref": "campaign--7ed65aa1-b286-547d-8753-7a5e50ae1301", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6cff969d-a538-51cf-92f9-c270b94af8d8", "target_ref": "attack-pattern--45c6154a-9151-5c4c-96df-b8f602d00b9c", "source_ref": "campaign--7ed65aa1-b286-547d-8753-7a5e50ae1301", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--14346782-1712-5146-8d06-a60e23935607", "target_ref": "attack-pattern--ccab1da0-1617-5485-92c5-15abceb3948a", "source_ref": "campaign--7ed65aa1-b286-547d-8753-7a5e50ae1301", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--80866a1e-a6af-5ac4-948c-9bf9c85af9a7", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--7ed65aa1-b286-547d-8753-7a5e50ae1301", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--04de84a1-b098-51ea-8084-bce005393049", "target_ref": "threat-actor--ef5ce6ce-a6d3-5431-877b-5d3897a434d8", "source_ref": "campaign--7ed65aa1-b286-547d-8753-7a5e50ae1301", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9c1d9948-52fa-52e2-ad2b-072b5e70975f", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--e7d94680-1648-51e1-8104-06bfeac4bece", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2b0ff3d8-1fba-5f1a-91a3-72c8d3069e84", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--e7d94680-1648-51e1-8104-06bfeac4bece", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5db45e6c-90e1-540b-aea8-f12d8971a376", "target_ref": "malware--9d1cb345-8af2-53ef-906a-cf4e7d96fcab", "source_ref": "campaign--e7d94680-1648-51e1-8104-06bfeac4bece", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--59040a0d-4d2d-5c7c-a550-d0c5b6a304d5", "target_ref": "threat-actor--d35fcfc4-45eb-5cb8-9fdb-e972731be285", "source_ref": "campaign--e7d94680-1648-51e1-8104-06bfeac4bece", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--64439646-d7e3-59ac-ad2d-0d6c7335f204", "target_ref": "attack-pattern--0954f27a-cb10-54f4-bc22-b12ac06b001a", "source_ref": "campaign--05cff386-860f-5d4a-b581-90567477a46b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c51da293-8564-5c0d-b846-8a0068b5ad9c", "target_ref": "attack-pattern--3779cb0e-c75c-537f-ba69-2ed84be73c0a", "source_ref": "campaign--05cff386-860f-5d4a-b581-90567477a46b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fefb9735-ab3f-5beb-a595-7bbecfc8ceaa", "target_ref": "attack-pattern--3526a872-e04b-5ffe-9f46-bea52f146528", "source_ref": "campaign--05cff386-860f-5d4a-b581-90567477a46b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--adee2032-283d-597e-be4c-1aba4d65a73d", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--05cff386-860f-5d4a-b581-90567477a46b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a96b3090-4fe0-542f-840a-130b6cc46fed", "target_ref": "malware--455effcf-8baa-52e6-8762-ffcfab4b2c8d", "source_ref": "campaign--05cff386-860f-5d4a-b581-90567477a46b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--cbc4a594-bea5-5f91-80ab-a2a4d13898f8", "target_ref": "threat-actor--22ad1745-fe03-5a0c-83e2-fd01da11a394", "source_ref": "campaign--05cff386-860f-5d4a-b581-90567477a46b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--885bd171-7475-5786-b0a0-0b0bd87729ca", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--29aee6f3-500a-57b2-8154-8a47e3488472", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d4040f9c-d803-5ebf-b9d1-3c8efb1af640", "target_ref": "malware--f14a387d-b153-5b0b-9e57-43f15ddcd390", "source_ref": "campaign--29aee6f3-500a-57b2-8154-8a47e3488472", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--3021e85e-b46a-5847-ad01-39af2d70c227", "target_ref": "threat-actor--1d3c7da6-db96-52e2-8e37-9467f22043ea", "source_ref": "campaign--29aee6f3-500a-57b2-8154-8a47e3488472", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e54274b2-d5d5-5089-8278-a8e906f1a198", "target_ref": "threat-actor--1d3c7da6-db96-52e2-8e37-9467f22043ea", "source_ref": "campaign--7448b409-3f1c-5d5e-acd8-40932320b6b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a5b45e1e-d174-5da3-8038-9570a0f7d6c9", "target_ref": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "source_ref": "campaign--d615d0bf-c03e-5771-98d2-da0dc41e4493", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e557b9c5-083f-57c3-84f4-8eeb3cd7a64a", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--d615d0bf-c03e-5771-98d2-da0dc41e4493", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a853d92e-ab2e-57b7-82c2-3c81a224435c", "target_ref": "malware--934e5329-322b-5269-b7c7-7f9f6c417fdd", "source_ref": "campaign--d615d0bf-c03e-5771-98d2-da0dc41e4493", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d25f0143-69f9-52f3-83df-826b5ba3e9bb", "target_ref": "threat-actor--7b674ebc-3e05-5748-a0c7-ab587d9d21f6", "source_ref": "campaign--d615d0bf-c03e-5771-98d2-da0dc41e4493", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--17577243-3838-59dd-ad8a-4527dce206b2", "target_ref": "attack-pattern--0954f27a-cb10-54f4-bc22-b12ac06b001a", "source_ref": "campaign--1c3f4a53-6ecc-5c0e-9190-d8e736f70df2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2f70de19-4c1f-5ef4-ae31-8dbc60f37fe7", "target_ref": "attack-pattern--3526a872-e04b-5ffe-9f46-bea52f146528", "source_ref": "campaign--1c3f4a53-6ecc-5c0e-9190-d8e736f70df2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4be1aaad-5f7b-5be6-b98f-9a1454ce04c0", "target_ref": "attack-pattern--3779cb0e-c75c-537f-ba69-2ed84be73c0a", "source_ref": "campaign--1c3f4a53-6ecc-5c0e-9190-d8e736f70df2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b5ce877e-cff3-5134-86e5-883dd2407705", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--1c3f4a53-6ecc-5c0e-9190-d8e736f70df2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--6e199473-659f-58ba-915b-2497000fff37", "target_ref": "threat-actor--22ad1745-fe03-5a0c-83e2-fd01da11a394", "source_ref": "campaign--1c3f4a53-6ecc-5c0e-9190-d8e736f70df2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3028622c-7345-5253-93f8-6f8ecffc1ae8", "target_ref": "malware--09eaaa71-65ed-5473-aa71-6d07bbcfb1ae", "source_ref": "campaign--25151717-0bd8-5cdf-b8ea-40bbee396aa5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--8d45b088-544e-5474-bb7f-f9c48f4c4383", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--25151717-0bd8-5cdf-b8ea-40bbee396aa5", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--63f007e4-5637-578c-9f54-91260e60bdb0", "target_ref": "attack-pattern--1630d698-b728-52d8-91d0-31408527bc0f", "source_ref": "campaign--a6d3c29f-c8dc-5baa-a5c4-bab3ec9337c2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f8da0d9b-758c-5dbc-bdac-15518a438d25", "target_ref": "threat-actor--6ceb9d41-d9eb-5b60-aa85-10d3706a27fc", "source_ref": "campaign--a6d3c29f-c8dc-5baa-a5c4-bab3ec9337c2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--03c43b69-8194-56fe-98c4-278eedf3b760", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--1bf8c769-bb66-5337-95a2-a54540e61219", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--53007e11-26d0-55af-bc94-6174eb88de8c", "target_ref": "malware--25c2c750-3e58-5680-a136-6e5c83cd218a", "source_ref": "campaign--46b800c6-434a-564f-9025-d8440163d0e2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9c5acefb-023c-5353-8f27-d9c18ff4ba7e", "target_ref": "threat-actor--cb1ef317-cde1-52d4-928b-4f399e88fbab", "source_ref": "campaign--46b800c6-434a-564f-9025-d8440163d0e2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1a10d916-06db-5b6c-8c7d-b0c89ad806d7", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--4c818218-703d-5c8f-be90-b15fd7ad0510", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--10b820d8-3e24-53ee-bd20-fcb9e70e7c5f", "target_ref": "attack-pattern--6db95ab3-33a0-5b6f-8be1-2440192b8182", "source_ref": "campaign--4c818218-703d-5c8f-be90-b15fd7ad0510", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c72fa4b3-8ecf-5814-a631-c7fb571df077", "target_ref": "malware--027f80d9-8121-5db5-bb41-449da4a29b4e", "source_ref": "campaign--4c818218-703d-5c8f-be90-b15fd7ad0510", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4d22f187-1101-550f-834a-e89b6a40a5e5", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--4c818218-703d-5c8f-be90-b15fd7ad0510", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0c2b6ede-eb5a-51b6-9e23-2cfcb12fc536", "target_ref": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "source_ref": "campaign--60b34afc-9756-52ae-99d5-1707c8c11d78", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8239fe14-5ff5-548c-943b-1fd935fd99a0", "target_ref": "malware--78abce16-8a00-5dbc-85b8-612c83acf469", "source_ref": "campaign--60b34afc-9756-52ae-99d5-1707c8c11d78", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--40292764-c712-5bc8-a11c-cd39c43958c1", "target_ref": "threat-actor--712cebb0-71a4-550b-9aa6-de55f653e57e", "source_ref": "campaign--60b34afc-9756-52ae-99d5-1707c8c11d78", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--264c8c38-9830-5aa7-bbd0-b4fc8806a5be", "target_ref": "malware--82c95973-0985-547f-a3f2-8a37e492fe27", "source_ref": "campaign--250a8d45-e9c8-5794-81d6-39269a0cd1ff", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--b487b6f1-b661-5b5d-bf3c-2fa0a1811599", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--250a8d45-e9c8-5794-81d6-39269a0cd1ff", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--98d78639-687a-5f61-aaf7-ebdebcc61510", "target_ref": "attack-pattern--6a203bcb-80b8-52db-8b7f-f737da1891d2", "source_ref": "campaign--8737d2a0-e157-561e-b348-2d25c338b2a2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--dc9b8511-1e3f-586a-ba85-338d19d6f92f", "target_ref": "attack-pattern--225b4e14-d431-5d39-b2e2-b2c2420cf4fe", "source_ref": "campaign--8737d2a0-e157-561e-b348-2d25c338b2a2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--131bf72c-a0e9-51cd-a0b4-1a59f2ec0d19", "target_ref": "threat-actor--477d538c-2f40-5258-ae2d-f941d76dab72", "source_ref": "campaign--8737d2a0-e157-561e-b348-2d25c338b2a2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2fcc65b9-1bba-5a8f-8f08-7f64883c063f", "target_ref": "attack-pattern--5ab8f232-2e54-5fe7-bcba-87f5d5569351", "source_ref": "campaign--e818ed0a-1b9a-52e3-8061-745276db4910", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2d0db3a1-5afc-5da1-962b-6f6787bd7246", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--e818ed0a-1b9a-52e3-8061-745276db4910", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--05895eef-31ce-5cb4-8f7e-83d5b9ed8d0c", "target_ref": "attack-pattern--6612b6c0-ec73-575b-9a6d-b3f4a23b8f8d", "source_ref": "campaign--e818ed0a-1b9a-52e3-8061-745276db4910", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--4ab0628a-1f3e-51df-9fca-c2a5a15c5f22", "target_ref": "attack-pattern--45c6154a-9151-5c4c-96df-b8f602d00b9c", "source_ref": "campaign--e818ed0a-1b9a-52e3-8061-745276db4910", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e3c23643-b3f7-5b67-98ca-d3ae093ebcbc", "target_ref": "attack-pattern--ccab1da0-1617-5485-92c5-15abceb3948a", "source_ref": "campaign--e818ed0a-1b9a-52e3-8061-745276db4910", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3c24e0a4-f7bc-5324-8f30-01e675235ce3", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--e818ed0a-1b9a-52e3-8061-745276db4910", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e5338c83-75f1-5a03-bbb6-df75c249ef99", "target_ref": "threat-actor--ef5ce6ce-a6d3-5431-877b-5d3897a434d8", "source_ref": "campaign--e818ed0a-1b9a-52e3-8061-745276db4910", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--af2a9fa3-8d15-5188-99a2-816d0eca78ee", "target_ref": "malware--a948fad0-8a00-56ec-a37b-512289cddbf1", "source_ref": "campaign--dccf8e0e-d372-5d63-82d8-e352a0ee63a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--26532453-daa5-57e1-9e7d-abbcde3b6c52", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--dccf8e0e-d372-5d63-82d8-e352a0ee63a9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--fc087531-b6a1-5f44-96d3-178c7a444a83", "target_ref": "attack-pattern--ebada0bc-2296-5195-9af9-ef7b54067b2d", "source_ref": "campaign--3ad482f8-bda8-536b-88a9-7756a86df376", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c1384a7d-6010-57d1-9927-8f4bd54abedc", "target_ref": "malware--77f2cca6-6f24-5067-bde2-f39d20da08aa", "source_ref": "campaign--3ad482f8-bda8-536b-88a9-7756a86df376", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--7d3cf236-4260-5b77-9fb2-c928f6de257e", "target_ref": "threat-actor--4159de52-e1e5-58ed-bcc7-44940d8a2efe", "source_ref": "campaign--3ad482f8-bda8-536b-88a9-7756a86df376", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2f0c1b2d-e879-5dd9-86de-c9850e8f9a77", "target_ref": "attack-pattern--c1d02b3e-d05f-5339-be7e-9bf784ba3df1", "source_ref": "campaign--eaa29b5d-4ced-5cf6-a156-5600668d63a0", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e5ff3eab-a73f-5cf9-a0f3-3d9e5c7b2677", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--eaa29b5d-4ced-5cf6-a156-5600668d63a0", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--818d323c-bd3d-5225-a52d-2b31d5d9575f", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--ffff57ea-6f99-5b30-b5bb-e3f36eeefd97", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--1e8c0ba9-31e9-5c0a-bdf0-5000c356672d", "target_ref": "malware--3f0788d9-799e-5ab8-a99d-d43f2bf76efc", "source_ref": "campaign--ffff57ea-6f99-5b30-b5bb-e3f36eeefd97", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f88442d2-ff07-5032-af33-6c7e53bb9833", "target_ref": "threat-actor--510bb9cb-ecb1-5518-a76a-f23bddafc3db", "source_ref": "campaign--ffff57ea-6f99-5b30-b5bb-e3f36eeefd97", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--fe288755-963f-50c2-b24d-dca1ffd4209d", "target_ref": "threat-actor--43a7c0e5-554c-5149-b605-fd21076e4894", "source_ref": "campaign--354b316b-8e2e-5564-aa46-ef674c0d4984", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--2c84c4f6-6300-527f-880c-5a47d6169e3c", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--8bfcb3d3-1d63-552a-a4c5-368442438435", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f78b79ed-efe1-56e7-b878-2dd43d22e191", "target_ref": "attack-pattern--f88be281-4ccd-5325-90c3-5ebb2e1f283b", "source_ref": "campaign--e0153fc6-aeb5-5877-a8a9-822ac6ce5fbd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--edbf4a32-5a49-5163-bfa3-e3d774ebe392", "target_ref": "attack-pattern--11f5ec5a-0e3d-5e33-8e4e-08e2c02e7deb", "source_ref": "campaign--e0153fc6-aeb5-5877-a8a9-822ac6ce5fbd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--80c65101-d6b9-5831-aa0c-5cf1907dc919", "target_ref": "attack-pattern--91d92bfc-5906-5d4a-9eab-7a3ceec34314", "source_ref": "campaign--e0153fc6-aeb5-5877-a8a9-822ac6ce5fbd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c96dcdd6-7899-5c1d-9c95-4740e486ff41", "target_ref": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "source_ref": "campaign--e0153fc6-aeb5-5877-a8a9-822ac6ce5fbd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a676ffd8-3470-581c-a296-8d91fb4c65d7", "target_ref": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "source_ref": "campaign--e0153fc6-aeb5-5877-a8a9-822ac6ce5fbd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--44eb3b1d-f15b-531f-9586-4aa3ced068e8", "target_ref": "threat-actor--43a7c0e5-554c-5149-b605-fd21076e4894", "source_ref": "campaign--e0153fc6-aeb5-5877-a8a9-822ac6ce5fbd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3916e232-9224-586c-94d4-3766117cd80d", "target_ref": "attack-pattern--16d1a177-7c6e-5f14-bf9e-06276c515f1e", "source_ref": "campaign--352b94fd-ccaa-5d06-9abf-f06325d7b586", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--49c18a2b-4afe-5738-a020-24cde1024858", "target_ref": "attack-pattern--6612b6c0-ec73-575b-9a6d-b3f4a23b8f8d", "source_ref": "campaign--352b94fd-ccaa-5d06-9abf-f06325d7b586", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7edd5625-793b-5e4d-8b41-6bfb69861113", "target_ref": "attack-pattern--e8605090-b15d-5201-9313-79abf2ca5567", "source_ref": "campaign--352b94fd-ccaa-5d06-9abf-f06325d7b586", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a4938254-e1f6-5d12-aaa9-9101f7457ed9", "target_ref": "attack-pattern--f931047d-5be2-5384-834f-028a8f0b767f", "source_ref": "campaign--352b94fd-ccaa-5d06-9abf-f06325d7b586", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6380158c-7d1a-5540-853f-ed534833cd2e", "target_ref": "attack-pattern--5dc92c2f-cf91-5db5-bb52-8fb611863e2a", "source_ref": "campaign--352b94fd-ccaa-5d06-9abf-f06325d7b586", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--d3c86baa-2ed1-5ade-9e7b-cbb7fedc4d02", "target_ref": "threat-actor--08a5cf5b-b37e-5247-9f2b-3a315a20004d", "source_ref": "campaign--352b94fd-ccaa-5d06-9abf-f06325d7b586", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--632a632c-8402-53da-91b7-01ef50a9e061", "target_ref": "threat-actor--db42e54c-fde3-5db8-901d-eb38a45151c7", "source_ref": "campaign--402c1f9b-c434-5028-8715-e69e2237444b", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--87f73b22-ca51-54b3-bcbd-ab4b741bd66e", "target_ref": "threat-actor--1d3c7da6-db96-52e2-8e37-9467f22043ea", "source_ref": "campaign--722a53a9-d464-5325-a8b1-e60aec782280", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--de822bfb-8298-58c2-9585-7a3a29c8011c", "target_ref": "attack-pattern--b6b39100-b617-5d48-81f8-e8c3b5d7d97a", "source_ref": "campaign--0871ee8d-729c-5ab0-813a-172c76926051", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b5bb7cf3-0036-5647-a4c5-4aeb012a36cc", "target_ref": "attack-pattern--c24d194a-fef6-5c13-b9fe-fe48736bffca", "source_ref": "campaign--0871ee8d-729c-5ab0-813a-172c76926051", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7bf96600-ebc6-5732-8875-9d2ae7792847", "target_ref": "attack-pattern--f2cdd1c4-1e6f-53d7-b573-560a0ec0af10", "source_ref": "campaign--0871ee8d-729c-5ab0-813a-172c76926051", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--be0a7d26-b12b-5fff-a1ef-75896f80bc56", "target_ref": "attack-pattern--43c1233f-a912-5b06-8e03-45c0f7db5d1e", "source_ref": "campaign--0871ee8d-729c-5ab0-813a-172c76926051", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--8bb76c6b-1e71-58dd-8e6c-c4f2d4f72622", "target_ref": "threat-actor--211d0f3b-f43c-5a73-8497-bc71120e1695", "source_ref": "campaign--0871ee8d-729c-5ab0-813a-172c76926051", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--617b8fb0-690a-51ec-929a-f82dc2f017a7", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--3e53e935-716a-593d-b6eb-5df5c286c2ed", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ed6566ad-661f-54db-a6af-0cf25fe39cbe", "target_ref": "attack-pattern--45c6154a-9151-5c4c-96df-b8f602d00b9c", "source_ref": "campaign--ca66c765-25cf-5721-9ab7-b118498e763e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--be20cd69-c29c-52a1-af78-58205e56aae4", "target_ref": "attack-pattern--f607fe38-b435-598f-bb98-c6f3e731e355", "source_ref": "campaign--ca66c765-25cf-5721-9ab7-b118498e763e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--7c2fd228-c7f9-50e6-8bfb-01c296581888", "target_ref": "threat-actor--492a1af1-dc47-5686-b29e-3f104ca28405", "source_ref": "campaign--ca66c765-25cf-5721-9ab7-b118498e763e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a25c65d5-7095-577c-a61b-303214a8613f", "target_ref": "threat-actor--ef7f343c-a217-5fa3-953d-4ba3a614b5be", "source_ref": "campaign--1270a24e-1884-59fb-ac7e-a233635002fd", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--22bb5dc8-c298-5f84-9f97-d90c14881210", "target_ref": "attack-pattern--d31800a3-c7ea-5107-aa57-cb90c9e8df87", "source_ref": "campaign--94999ee3-645b-5f31-90ea-8ff855f87fd7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6b28aa8a-cfb8-577a-9d9a-187adcda4512", "target_ref": "attack-pattern--8a41d77a-4c26-5456-babc-4bbabd3e9bb8", "source_ref": "campaign--94999ee3-645b-5f31-90ea-8ff855f87fd7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--f2bf4610-f6b5-52ae-96d9-cd0dfd34aeb3", "target_ref": "malware--af8b4039-2afb-5bc3-81ac-e050ff3a7666", "source_ref": "campaign--94999ee3-645b-5f31-90ea-8ff855f87fd7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6a4fd470-8c78-5887-ad9f-ec9f6fff8777", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--94999ee3-645b-5f31-90ea-8ff855f87fd7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--faa0b4c5-29f9-5672-b528-81f294bb973e", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--94999ee3-645b-5f31-90ea-8ff855f87fd7", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--92e84789-1056-55bb-b8ee-540d76e513f2", "target_ref": "threat-actor--ca0722c0-953c-5867-9686-785b70df27b4", "source_ref": "campaign--05eb0674-38c5-5ba1-a877-f11a82d82ae9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--98cd149d-e75f-525a-ae41-f8b6daee3fb3", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--df15e4d9-2a8c-58d2-9ee3-54a48d8de8c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d97f3709-206d-5a4e-bca1-37351ef07f39", "target_ref": "attack-pattern--c9de7186-5f46-5b15-ae29-9cc935634a31", "source_ref": "campaign--df15e4d9-2a8c-58d2-9ee3-54a48d8de8c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--67367d70-2dde-51ec-adcf-22c65677e0db", "target_ref": "attack-pattern--c2f99463-83bd-57d1-b61d-48a61f59f658", "source_ref": "campaign--df15e4d9-2a8c-58d2-9ee3-54a48d8de8c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e6dbeab8-43dc-503e-9097-0c051e5c72c3", "target_ref": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "source_ref": "campaign--df15e4d9-2a8c-58d2-9ee3-54a48d8de8c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--7536b243-d4b2-51e6-81c4-19a90a09e286", "target_ref": "threat-actor--c45ee075-3bc4-5f9a-9861-71e9b7408b53", "source_ref": "campaign--df15e4d9-2a8c-58d2-9ee3-54a48d8de8c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--bfe4782e-cf52-5e1d-bf72-d0d47bf5a405", "target_ref": "attack-pattern--60de47f6-fbe6-561f-ad67-d747e1fa655e", "source_ref": "campaign--47b1ba29-df78-5e43-a5ee-a66217b15e40", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--51801055-1f97-574a-b71e-b6d1c581c4c6", "target_ref": "attack-pattern--d14fabf9-910b-5fac-969d-9be1b154fac8", "source_ref": "campaign--47b1ba29-df78-5e43-a5ee-a66217b15e40", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--5cb3943d-2e8b-511f-930b-337e69ec6988", "target_ref": "attack-pattern--3526a872-e04b-5ffe-9f46-bea52f146528", "source_ref": "campaign--47b1ba29-df78-5e43-a5ee-a66217b15e40", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--deb3db78-b941-5236-a597-460a254c7d38", "target_ref": "malware--145c2b66-343f-56c5-99f5-4b3eae4fa097", "source_ref": "campaign--47b1ba29-df78-5e43-a5ee-a66217b15e40", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--e4871997-f6c2-593a-836b-3cb16aa32a20", "target_ref": "threat-actor--c80cb0f1-6a55-5e1a-be74-1af536cff645", "source_ref": "campaign--47b1ba29-df78-5e43-a5ee-a66217b15e40", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--d1cf4469-b38c-587b-9f78-b349d1f8c7ba", "target_ref": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "source_ref": "campaign--038979b9-596f-56ce-bfd7-ff67e4a623d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a24edd84-6979-5231-bb29-bd0bcfddf438", "target_ref": "threat-actor--0cc02f94-998c-53d5-9fe2-2b9f18f38bde", "source_ref": "campaign--038979b9-596f-56ce-bfd7-ff67e4a623d1", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b883495d-75e7-50a5-bd23-5dd2ed3fc8fc", "target_ref": "malware--15d768bb-f2f6-5ea7-871a-6995fc48ada6", "source_ref": "campaign--99b17f44-6b2a-5061-b359-671ffd4fa6bc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ce9f0156-75b9-5683-bb83-24e01179551d", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--99b17f44-6b2a-5061-b359-671ffd4fa6bc", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--55549b52-7eaa-5bc1-b643-5d8ec6cefebc", "target_ref": "tool--a7694eb7-f020-5e3e-9259-36836b18999a", "source_ref": "campaign--dfb7b61e-fa22-5845-9e09-86984b6671c6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--a027fef9-2f08-5dea-b185-7aeac2fafc08", "target_ref": "threat-actor--f2afec7b-ef0b-5b2a-b4cf-e038e6faaf4b", "source_ref": "campaign--dfb7b61e-fa22-5845-9e09-86984b6671c6", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--ecd27b12-e3f9-52e3-aac5-ca7fd23ebf29", "target_ref": "attack-pattern--fd96456c-2c63-5f07-93a9-7e1dee32e261", "source_ref": "campaign--4176e9f3-4c1c-545f-a568-1c582bc348a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c431cbd6-180a-5460-be9e-441bf1647cde", "target_ref": "attack-pattern--6abee9fa-f6e6-57f6-b38d-5902061bc29a", "source_ref": "campaign--4176e9f3-4c1c-545f-a568-1c582bc348a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--2fafcfb3-432c-5632-adcc-ff2935ea70e2", "target_ref": "malware--bd24ca42-88d4-5c5f-a483-0d562037dea7", "source_ref": "campaign--4176e9f3-4c1c-545f-a568-1c582bc348a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--6a0580c8-9146-5482-ae3c-b2ff5a99e2a0", "target_ref": "threat-actor--66205d7e-83ba-5e0e-ad5c-73e0f9cf5e99", "source_ref": "campaign--4176e9f3-4c1c-545f-a568-1c582bc348a4", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--38d7e7e3-5b04-5bab-8e55-c57c34312ce3", "target_ref": "attack-pattern--8388a256-5e10-5226-8ad0-7908e8a29928", "source_ref": "campaign--12dc43e8-0f8c-5af8-917e-fb2874146235", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4a1b355d-d55a-5668-a4f4-fb8e66fc86bf", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--12dc43e8-0f8c-5af8-917e-fb2874146235", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--cd5c7a36-b7fe-5e0f-a634-a310e5e765d3", "target_ref": "tool--ce2e8712-96e5-51dc-acce-0e94cbe4d7bb", "source_ref": "campaign--8a0b09ea-8446-506d-a50e-a5d159164e23", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3c9db8bd-d329-5d8c-9bdc-1da65da6a024", "target_ref": "malware--5d8b5dbd-92da-5f50-afd5-8e08fe880d1c", "source_ref": "campaign--8a0b09ea-8446-506d-a50e-a5d159164e23", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--4c6263af-967d-577d-8571-09abd0e7c525", "target_ref": "threat-actor--78db9843-979c-56d0-af37-a9eb8ae4a62f", "source_ref": "campaign--8a0b09ea-8446-506d-a50e-a5d159164e23", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--51fbd7a9-574e-5a7c-b86d-3d65ccc57028", "target_ref": "attack-pattern--42f6b8af-c1ff-51e2-85ad-6b1d88a09dee", "source_ref": "campaign--b035196a-c1c2-59c2-b289-20c21614003e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--3b31b341-b4f3-5f2c-901c-81eef88fbd55", "target_ref": "attack-pattern--ebada0bc-2296-5195-9af9-ef7b54067b2d", "source_ref": "campaign--b035196a-c1c2-59c2-b289-20c21614003e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e84ad367-2a25-59f0-93ad-04b228fc01bf", "target_ref": "attack-pattern--e948084b-6a67-51c7-93b3-a937832fed2a", "source_ref": "campaign--b035196a-c1c2-59c2-b289-20c21614003e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--c6e2a93f-5ac6-537b-8dfb-a7a510ed8e28", "target_ref": "attack-pattern--a3e6ba12-4e2a-5a12-ba9f-6a873af14df2", "source_ref": "campaign--b035196a-c1c2-59c2-b289-20c21614003e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--a8fb5833-eaad-552e-b70c-4e0d75d033ef", "target_ref": "attack-pattern--c4d72aac-f9f3-5871-9410-0bb7eb42a62d", "source_ref": "campaign--b035196a-c1c2-59c2-b289-20c21614003e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--9c428904-4a81-5ec6-ad20-820f3e967197", "target_ref": "malware--f6e42306-d839-5156-8762-611aadab107d", "source_ref": "campaign--b035196a-c1c2-59c2-b289-20c21614003e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f906d381-c588-5340-8917-603371c94999", "target_ref": "threat-actor--7f98da2d-4734-5ba4-a2b7-89e15377c9e7", "source_ref": "campaign--b035196a-c1c2-59c2-b289-20c21614003e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--36637e63-3205-53f1-914f-dbd5a7f9208f", "target_ref": "attack-pattern--f931047d-5be2-5384-834f-028a8f0b767f", "source_ref": "campaign--67383f5f-e9a8-589b-afbd-4641315d184f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e9314445-96fd-573f-beab-383b3a8b9831", "target_ref": "malware--106056ba-67b0-5750-af04-4839d4ba01ef", "source_ref": "campaign--67383f5f-e9a8-589b-afbd-4641315d184f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--0f6aae15-83f7-53e0-8c86-b7cd20b5faa6", "target_ref": "malware--d77dc349-90b9-5632-9987-f7fc05cd3aa8", "source_ref": "campaign--67383f5f-e9a8-589b-afbd-4641315d184f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--24098bcc-a685-5a10-ba7d-7ef8284c5ff6", "target_ref": "threat-actor--08a5cf5b-b37e-5247-9f2b-3a315a20004d", "source_ref": "campaign--67383f5f-e9a8-589b-afbd-4641315d184f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--8b1709a9-ce41-5f96-967f-61d866557362", "target_ref": "malware--bf73c629-fe7c-5da5-9c5c-d67cba452425", "source_ref": "campaign--8a36673d-e464-5a6d-a9e2-16a5328b6f2a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--49a318cf-db14-52dd-9e25-711332aba984", "target_ref": "threat-actor--f2afec7b-ef0b-5b2a-b4cf-e038e6faaf4b", "source_ref": "campaign--8a36673d-e464-5a6d-a9e2-16a5328b6f2a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e5ae3603-a60c-54f6-ac40-ddacfc28fe6c", "target_ref": "malware--c1168371-3a25-57cb-a392-530ef49a49a7", "source_ref": "campaign--069fc1fc-dc5f-5a9d-bcf5-390c48ea8e08", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--7c1300a3-23f9-5ab3-9971-dfede90abc0c", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--069fc1fc-dc5f-5a9d-bcf5-390c48ea8e08", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--db73d8eb-52cc-5da2-ab87-bf7720582ddf", "target_ref": "attack-pattern--f88be281-4ccd-5325-90c3-5ebb2e1f283b", "source_ref": "campaign--76d1504f-5988-5497-9998-f06c0e91484e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--0c2d4a4c-ab66-5172-90ec-417298757fa1", "target_ref": "threat-actor--fdc77e35-e36d-5215-b4e4-dac3b4f5d303", "source_ref": "campaign--76d1504f-5988-5497-9998-f06c0e91484e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--74abf11b-53ce-541e-9417-3bd808ec1f82", "target_ref": "attack-pattern--8c258779-e7ce-5b8f-a90d-cfd65eafe0d6", "source_ref": "campaign--acb3e603-6cd7-5b56-ae8b-d7c5df5815b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--22c93ea4-55b2-5a0c-b755-66a06213603e", "target_ref": "attack-pattern--4b1b35a5-7626-50a3-87b6-9c4087061a87", "source_ref": "campaign--acb3e603-6cd7-5b56-ae8b-d7c5df5815b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--9ecaf18a-b417-5dcb-af46-62ac9b7d8338", "target_ref": "threat-actor--937980fa-5efd-5b25-99b6-05854c082371", "source_ref": "campaign--acb3e603-6cd7-5b56-ae8b-d7c5df5815b2", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--24446b2a-ee16-5cdd-b1ee-13e02ccf8ea0", "target_ref": "threat-actor--50cec33d-1025-5665-bce4-7429b0d0555f", "source_ref": "campaign--ddaf7816-1449-5a80-a65c-afdc778ba908", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--ffe5c924-d318-5a61-a9a3-c07c6fd17b8c", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--882da77e-3f2b-5e01-96dc-dce8b05b2a1c", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--b958b31f-677c-55de-b5ce-b8aae6b6d7cd", "target_ref": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "source_ref": "campaign--e88ac94c-b58e-58b1-b04b-39ba8e49c33e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--e1fda895-1b6d-5288-8e02-5805de51f610", "target_ref": "attack-pattern--b736d0bd-e82e-5c5f-aa25-9906e9eb79ba", "source_ref": "campaign--e88ac94c-b58e-58b1-b04b-39ba8e49c33e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--7dec1c8e-1afb-5f48-a472-5641c8ce7fa3", "target_ref": "malware--0f6f1189-9368-5588-a32d-b5a8d221fc85", "source_ref": "campaign--e88ac94c-b58e-58b1-b04b-39ba8e49c33e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--8fba9791-4725-54c8-b090-66d74c5d82f5", "target_ref": "threat-actor--0daf573e-37af-57e2-b350-4d34e4a9aec8", "source_ref": "campaign--e88ac94c-b58e-58b1-b04b-39ba8e49c33e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6d70ed18-fad0-52a7-9300-2fa867077465", "target_ref": "malware--afa09c9e-658b-5965-b973-7a384ea38066", "source_ref": "campaign--6f03c534-b94f-5057-976a-70d2c944287f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--5f5b01e8-8598-556d-9b37-2d26cb813ec6", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--6f03c534-b94f-5057-976a-70d2c944287f", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--03c538a8-9094-5c17-8aed-852c3d2a48d1", "target_ref": "tool--4fc9176b-52db-5d36-b1b1-eae2cec9cb23", "source_ref": "campaign--4147d606-6d89-5522-8cda-c88207686025", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--f9ccf035-0918-5425-a892-9c901388d2d6", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--4147d606-6d89-5522-8cda-c88207686025", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6385ba01-30d3-5820-a315-833a317b9c92", "target_ref": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "source_ref": "campaign--10a54d17-fa41-5b22-b927-c70827a4b58a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--6421f419-3258-5cc4-aeb3-ce6973ebd0f4", "target_ref": "malware--b421fc95-718e-5244-90ef-93b37c831083", "source_ref": "campaign--10a54d17-fa41-5b22-b927-c70827a4b58a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--dc17a5fb-923f-5987-8ec2-2d9effb03761", "target_ref": "threat-actor--7e55417d-b1be-500e-80a1-0887724f92a3", "source_ref": "campaign--10a54d17-fa41-5b22-b927-c70827a4b58a", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "uses", "type": "relationship", "id": "relationship--590dd89f-ed73-5655-a301-61d9e05334de", "target_ref": "malware--5692874a-5728-5849-9095-124954ebb74b", "source_ref": "campaign--c64cf421-af04-5a95-b77d-0f6472dde8c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "relationship_type": "attributed-to", "type": "relationship", "id": "relationship--73299857-cc46-56af-890d-da3ab316f1fb", "target_ref": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "source_ref": "campaign--c64cf421-af04-5a95-b77d-0f6472dde8c9", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--f11f263c-cd1a-5a40-a424-7d2c690c523e", "type": "attack-pattern", "created": "2024-01-04T13:58:00.000Z", "modified": "2025-03-05T10:46:00.000Z", "name": "Phishing", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--d67cfbc4-eaa5-56fd-9977-fad36dd00a61", "type": "attack-pattern", "created": "2023-07-18T19:36:00.000Z", "modified": "2024-05-20T06:49:00.000Z", "name": "Credential theft", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--784d2d19-fa9a-5d1d-b9ed-eacc0f6bd0b8", "type": "attack-pattern", "created": "2024-01-25T12:36:00.000Z", "modified": "2024-01-28T12:57:00.000Z", "name": "CI/CD system enumeration", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--77c9068f-40a3-53cf-a89f-92c26c4eb8ae", "type": "attack-pattern", "created": "2024-05-19T09:58:00.000Z", "modified": "2024-12-11T08:22:00.000Z", "name": "Script injection into CICD workflow", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--f2f3c7c0-2b15-554d-988e-7ee87b70252d", "type": "attack-pattern", "created": "2024-06-02T08:47:00.000Z", "modified": "2024-06-02T08:47:00.000Z", "name": "Supply Chain Compromise", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--1fb7547a-975b-59fd-90ff-e28444f98778", "type": "attack-pattern", "created": "2025-01-19T20:08:00.000Z", "modified": "2025-01-19T20:08:00.000Z", "name": "Credential compromise via Infostealer infection", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--c181a996-c857-5590-baf2-d96984736617", "type": "attack-pattern", "created": "2025-11-30T14:51:00.000Z", "modified": "2026-05-20T11:58:00.000Z", "name": "Publishing trojanized packages", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--fd04f468-aebe-5ed2-8048-a16ae7fd15bf", "type": "attack-pattern", "created": "2024-01-02T08:29:00.000Z", "modified": "2024-01-23T18:33:00.000Z", "name": "Package hijacking", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--cae2dbe5-ea8c-5dd9-b485-c072165549c4", "type": "attack-pattern", "created": "2023-09-18T07:08:00.000Z", "modified": "2024-05-19T11:14:00.000Z", "name": "Valid creds abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--692bfeab-5698-5131-842c-577b24bb2606", "type": "attack-pattern", "created": "2025-07-16T13:36:00.000Z", "modified": "2025-07-16T13:36:00.000Z", "name": "Exposed resource abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--8128ef78-d790-56a1-96a7-e2861e19be99", "type": "attack-pattern", "created": "2024-10-01T05:49:00.000Z", "modified": "2024-10-01T05:49:00.000Z", "name": "DDoS attack", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--9aab113e-2245-5db2-885a-5671bc74ca5c", "type": "attack-pattern", "created": "2025-08-05T09:02:00.000Z", "modified": "2025-08-05T09:02:00.000Z", "name": "Malicious pull request submission", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--611de76c-1598-50fa-8727-960b5e8b81f0", "type": "attack-pattern", "created": "2023-01-20T06:38:00.000Z", "modified": "2024-05-19T09:42:00.000Z", "name": "Vulnerability exploitation", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--cf7639aa-2732-525e-a991-524955855cbd", "type": "attack-pattern", "created": "2025-04-23T10:58:00.000Z", "modified": "2025-04-23T10:58:00.000Z", "name": "Resource enumeration", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--ce6abf1c-a506-5efe-a91c-34115e8f9b18", "type": "attack-pattern", "created": "2025-04-29T09:22:00.000Z", "modified": "2025-04-29T09:22:00.000Z", "name": "Misconfigured GitHub Action abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--1a947c3c-aacd-5259-85ab-ce51657fd153", "type": "attack-pattern", "created": "2026-04-29T12:23:00.000Z", "modified": "2026-04-29T12:23:00.000Z", "name": "Third party compromise", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--2aa946c6-0396-5c00-9bf9-9908c062c0b4", "type": "attack-pattern", "created": "2026-04-29T12:13:00.000Z", "modified": "2026-04-29T12:13:00.000Z", "name": "Device Code Exploitation", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--5e45525a-8869-5496-b37a-d46883876081", "type": "attack-pattern", "created": "2023-04-20T11:15:00.000Z", "modified": "2024-01-23T18:33:00.000Z", "name": "MFA bypass", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--b199c800-d532-5048-bcba-8f0b8c3915b5", "type": "attack-pattern", "created": "2024-01-28T06:48:00.000Z", "modified": "2025-05-20T06:10:00.000Z", "name": "Package dependency confusion", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--c288c362-49e2-5a1c-84a4-5c6dcb21102e", "type": "attack-pattern", "created": "2023-10-17T14:00:00.000Z", "modified": "2024-01-23T18:33:00.000Z", "name": "Package typosquatting", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--b736d0bd-e82e-5c5f-aa25-9906e9eb79ba", "type": "attack-pattern", "created": "2024-03-07T16:13:00.000Z", "modified": "2024-05-19T09:44:00.000Z", "name": "Misconfigured Docker abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--ebada0bc-2296-5195-9af9-ef7b54067b2d", "type": "attack-pattern", "created": "2022-09-13T11:53:00.000Z", "modified": "2024-05-19T09:44:00.000Z", "name": "Misconfigured Redis abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--407cdfc4-3be1-5674-b877-bc35982865cf", "type": "attack-pattern", "created": "2023-12-31T13:23:00.000Z", "modified": "2024-05-19T10:04:00.000Z", "name": "LLM Prompt Injection", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--5ab8f232-2e54-5fe7-bcba-87f5d5569351", "type": "attack-pattern", "created": "2022-09-18T08:36:00.000Z", "modified": "2024-05-19T10:07:00.000Z", "name": "Create new cloud user", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--13869276-e957-566f-b5ca-21a1a80dedbe", "type": "attack-pattern", "created": "2025-11-19T11:41:00.000Z", "modified": "2025-11-19T11:41:00.000Z", "name": "Custom ELF loaders", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--29968e6e-8877-55e1-b538-10d848d9bfb3", "type": "attack-pattern", "created": "2025-11-30T14:50:00.000Z", "modified": "2025-11-30T14:50:00.000Z", "name": "Malicious Github Runner", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--859f8a54-93ec-589f-b18a-88c6b8565682", "type": "attack-pattern", "created": "2022-09-18T08:33:00.000Z", "modified": "2024-06-30T09:57:00.000Z", "name": "Credential harvesting from code repository", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--d14fabf9-910b-5fac-969d-9be1b154fac8", "type": "attack-pattern", "created": "2023-05-02T07:17:00.000Z", "modified": "2024-05-20T06:56:00.000Z", "name": "Reverse shell", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--c9f845f3-99d6-5e16-ae4b-f04d0ac5547a", "type": "attack-pattern", "created": "2024-08-08T11:48:00.000Z", "modified": "2024-09-22T10:12:00.000Z", "name": "IAM privilege escalation", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--6585da51-52e8-5fc7-83c6-968a415c1a19", "type": "attack-pattern", "created": "2023-07-18T19:31:00.000Z", "modified": "2024-01-23T18:32:00.000Z", "name": "Create SSH backdoor", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--3526a872-e04b-5ffe-9f46-bea52f146528", "type": "attack-pattern", "created": "2023-05-02T07:20:00.000Z", "modified": "2024-01-23T18:32:00.000Z", "name": "Cron persistence", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--ab1432f1-5ed7-55a2-81dc-6667a1175df3", "type": "attack-pattern", "created": "2024-04-21T08:54:00.000Z", "modified": "2024-05-19T09:42:00.000Z", "name": "Webshell deployment", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--2f16b62a-4e07-534c-bb1a-eb33a69d445a", "type": "attack-pattern", "created": "2025-03-27T13:28:00.000Z", "modified": "2025-03-27T13:28:00.000Z", "name": "Subdomain takeover", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--ef72daf1-b0a0-5c12-89dd-5311bc0caab5", "type": "attack-pattern", "created": "2025-05-08T12:21:00.000Z", "modified": "2025-05-08T12:21:00.000Z", "name": "IIS native module malware", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--f63326da-bb77-576a-9389-b635595c857f", "type": "attack-pattern", "created": "2022-09-18T08:37:00.000Z", "modified": "2024-05-19T11:38:00.000Z", "name": "Erase logs", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--66b124ea-b293-5ca9-82ac-5c7f52981b89", "type": "attack-pattern", "created": "2025-02-19T09:22:00.000Z", "modified": "2025-02-19T09:22:00.000Z", "name": "Process injection", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--fbb64e96-fc1f-551a-a857-bd75d395ca22", "type": "attack-pattern", "created": "2022-09-13T12:46:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "Backdoor Docker image", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--e31639b2-f244-523a-a8b5-021004b4a2ed", "type": "attack-pattern", "created": "2024-08-21T09:28:00.000Z", "modified": "2024-08-21T09:28:00.000Z", "name": "DNS tunneling", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--49f22301-6915-5e0b-ae99-6cb3496d7157", "type": "attack-pattern", "created": "2025-02-09T08:33:00.000Z", "modified": "2025-02-09T08:33:00.000Z", "name": "On-prem to cloud lateral movement", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--45c6154a-9151-5c4c-96df-b8f602d00b9c", "type": "attack-pattern", "created": "2022-09-07T09:36:00.000Z", "modified": "2024-01-15T14:41:00.000Z", "name": "IMDS abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--f6aa59d5-6d35-5287-8615-0d9e2effa5de", "type": "attack-pattern", "created": "2024-01-04T14:00:00.000Z", "modified": "2024-05-20T06:54:00.000Z", "name": "LSASS dumping", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--e948084b-6a67-51c7-93b3-a937832fed2a", "type": "attack-pattern", "created": "2024-05-23T09:58:00.000Z", "modified": "2024-05-23T09:58:00.000Z", "name": "Misconfigured PostgreSQL abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--1b20466b-e861-531c-9d54-980fb6e811b1", "type": "attack-pattern", "created": "2024-06-25T10:41:00.000Z", "modified": "2024-06-25T10:41:00.000Z", "name": "Network lateral movement", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--e8605090-b15d-5201-9313-79abf2ca5567", "type": "attack-pattern", "created": "2024-01-21T07:23:00.000Z", "modified": "2024-01-28T12:59:00.000Z", "name": "MFA enrollment", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--3eadf9d5-5f42-52c3-921c-25d5e829ef9d", "type": "attack-pattern", "created": "2024-01-04T14:00:00.000Z", "modified": "2024-01-23T18:34:00.000Z", "name": "Token forgery", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--8fc73d88-b65b-518c-a965-8ffb0232e836", "type": "attack-pattern", "created": "2024-02-11T14:53:00.000Z", "modified": "2024-02-28T08:10:00.000Z", "name": "VPN anonymization", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--0954f27a-cb10-54f4-bc22-b12ac06b001a", "type": "attack-pattern", "created": "2024-08-21T09:57:00.000Z", "modified": "2024-08-21T09:57:00.000Z", "name": "SSH bruteforcing", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--c8cffad4-b4a1-5ab2-9dad-327e36e73d0b", "type": "attack-pattern", "created": "2024-01-04T12:43:00.000Z", "modified": "2024-05-19T09:44:00.000Z", "name": "Password spraying", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--11c0afea-08ec-5094-b2c2-3146ed3a2b2c", "type": "attack-pattern", "created": "2025-05-28T11:21:00.000Z", "modified": "2025-05-28T11:21:00.000Z", "name": "Misconfigured Gitea Abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--fb33827d-4085-54e8-a37e-8c7fef65de05", "type": "attack-pattern", "created": "2025-06-04T15:53:00.000Z", "modified": "2025-06-04T15:53:00.000Z", "name": "Misconfigured Nomad abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--8348c017-d784-5a98-add3-7b1551d89dc1", "type": "attack-pattern", "created": "2024-02-06T12:59:00.000Z", "modified": "2024-02-28T08:09:00.000Z", "name": "Create new application user", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--16f8f2c2-b5e2-5461-80ed-f31aea4c2f5f", "type": "attack-pattern", "created": "2023-10-04T13:16:00.000Z", "modified": "2024-05-19T09:44:00.000Z", "name": "Password bruteforcing", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--6452dcbd-9672-5023-939e-0a54a6f9e42d", "type": "attack-pattern", "created": "2025-05-11T12:04:00.000Z", "modified": "2025-05-11T12:04:00.000Z", "name": "Exposed ComfyUI abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--dc81f9e4-fd5e-5446-849e-ada664037e12", "type": "attack-pattern", "created": "2023-01-17T17:26:00.000Z", "modified": "2024-01-02T13:03:00.000Z", "name": "Cloud compute cryptojacking", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--de1b06cf-8261-55d2-a3bb-d385ababfb4c", "type": "attack-pattern", "created": "2024-02-06T09:28:00.000Z", "modified": "2024-05-20T06:55:00.000Z", "name": "Public malicious container image", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--0c8c740a-112c-5acd-a1b8-f38eb2714d7b", "type": "attack-pattern", "created": "2024-03-28T12:28:00.000Z", "modified": "2024-04-10T06:26:00.000Z", "name": "Bring Your Own Vulnerable Driver", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--94e99384-66fb-5c8d-bfde-b97d75d432b9", "type": "attack-pattern", "created": "2025-03-27T13:39:00.000Z", "modified": "2025-03-27T13:39:00.000Z", "name": "Trojanized DLLs", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--3779cb0e-c75c-537f-ba69-2ed84be73c0a", "type": "attack-pattern", "created": "2024-09-17T09:33:00.000Z", "modified": "2024-09-17T09:33:00.000Z", "name": "UPX packing", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--c1d02b3e-d05f-5339-be7e-9bf784ba3df1", "type": "attack-pattern", "created": "2023-04-20T12:21:00.000Z", "modified": "2024-05-19T09:44:00.000Z", "name": "Jupyter Notebook misconfig abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--9e6c1533-f27c-55dd-a221-e5428f8d63c2", "type": "attack-pattern", "created": "2024-02-02T14:09:00.000Z", "modified": "2025-03-02T08:19:00.000Z", "name": "SES abuse for spam or phishing", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--08b0ca9c-45fd-575d-97a0-68f97a7a8bb8", "type": "attack-pattern", "created": "2024-02-15T16:23:00.000Z", "modified": "2025-03-02T08:19:00.000Z", "name": "Cloud key compromise", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--3e0c46c3-e492-59d7-9450-954aa045d239", "type": "attack-pattern", "created": "2025-03-27T13:28:00.000Z", "modified": "2025-03-27T13:28:00.000Z", "name": "XML injection", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--86e9b2ff-550c-524c-82c9-f5c99d7f9799", "type": "attack-pattern", "created": "2023-12-14T09:51:00.000Z", "modified": "2024-05-19T09:45:00.000Z", "name": "SQL injection", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--fede1e9a-5a5c-5d74-94a0-cef9b3bc6bc7", "type": "attack-pattern", "created": "2023-09-18T07:43:00.000Z", "modified": "2024-01-23T18:34:00.000Z", "name": "Spearphishing", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--69cb5a21-6cd0-5767-bbbf-dfe1f0e18211", "type": "attack-pattern", "created": "2024-11-19T15:52:00.000Z", "modified": "2024-11-19T15:52:00.000Z", "name": "DLL Side-Loading", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--ccab1da0-1617-5485-92c5-15abceb3948a", "type": "attack-pattern", "created": "2022-11-29T10:00:00.000Z", "modified": "2024-05-19T09:45:00.000Z", "name": "Public exposure abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--e13593b3-f905-5fd9-8542-f475167d1661", "type": "attack-pattern", "created": "2025-01-23T11:40:00.000Z", "modified": "2025-01-23T11:40:00.000Z", "name": "Disable anti-virus", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--fddd711e-b77c-50f9-9efa-7c823f8c68c0", "type": "attack-pattern", "created": "2024-06-06T11:04:00.000Z", "modified": "2024-06-06T11:04:00.000Z", "name": "Cloud to on-prem lateral movement", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--92cd678d-5f7d-55ab-b280-60bd6e60bc71", "type": "attack-pattern", "created": "2022-09-20T12:09:00.000Z", "modified": "2025-03-27T13:04:00.000Z", "name": "Bucket / storage ransomware", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--7c35ce67-e609-5819-a3e4-9c4c2401d20c", "type": "attack-pattern", "created": "2023-12-21T07:06:00.000Z", "modified": "2024-01-23T18:32:00.000Z", "name": "Create or modify firewall or security group rules", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--3c778cf2-767e-568f-bc8f-8e1486b6b9a7", "type": "attack-pattern", "created": "2025-01-08T10:42:00.000Z", "modified": "2025-01-08T10:42:00.000Z", "name": "Cloud account password reset", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--1630d698-b728-52d8-91d0-31408527bc0f", "type": "attack-pattern", "created": "2023-05-03T07:19:00.000Z", "modified": "2024-01-02T13:04:00.000Z", "name": "Misconfigured SSH abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--19043398-df82-56d0-8cde-d35050a71a8d", "type": "attack-pattern", "created": "2022-09-07T09:33:00.000Z", "modified": "2024-05-20T06:53:00.000Z", "name": "Linux fileless malware", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--66ed8ccc-72fd-57cd-8d5e-c6002d119f83", "type": "attack-pattern", "created": "2024-05-12T11:26:00.000Z", "modified": "2024-06-02T10:21:00.000Z", "name": "LLMjacking", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--aa55d7d6-fd5e-5c83-a582-8c8d4d858628", "type": "attack-pattern", "created": "2024-12-16T14:41:00.000Z", "modified": "2024-12-16T14:41:00.000Z", "name": "OverPass-The-Hash", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--d8539932-9e1c-5821-8b9c-6230c35a0ba5", "type": "attack-pattern", "created": "2024-12-11T14:52:00.000Z", "modified": "2024-12-11T14:52:00.000Z", "name": "Trusted technologies abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--c04892fa-fe4f-5498-84fb-171191f4cae9", "type": "attack-pattern", "created": "2024-11-03T13:33:00.000Z", "modified": "2025-05-18T05:38:00.000Z", "name": "Exposed git config files abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--1e003297-a91d-5c42-8b00-ca0f359ba398", "type": "attack-pattern", "created": "2024-07-18T09:27:00.000Z", "modified": "2024-07-18T09:36:00.000Z", "name": "Misconfigured Selenium Grid abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--676a526b-c3ad-5907-a397-e6741447ca95", "type": "attack-pattern", "created": "2023-05-20T17:14:00.000Z", "modified": "2024-01-23T18:34:00.000Z", "name": "Proxyjacking", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--102026e4-ad60-528c-9099-c766f01da475", "type": "attack-pattern", "created": "2024-09-16T14:26:00.000Z", "modified": "2024-09-16T14:26:00.000Z", "name": "Misconfigured WebLogic abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--9dfb7492-228b-57b2-8c58-c3f8276622dd", "type": "attack-pattern", "created": "2024-09-03T11:26:00.000Z", "modified": "2024-09-03T11:26:00.000Z", "name": "DCSync attack", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--b396e7e8-3a42-5301-a61f-e29d5e57a2a7", "type": "attack-pattern", "created": "2023-07-11T13:35:00.000Z", "modified": "2024-01-23T18:34:00.000Z", "name": "SIM swap scam", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--27cb9b56-6d2e-5ed3-bde9-cba89227197f", "type": "attack-pattern", "created": "2024-02-15T16:33:00.000Z", "modified": "2024-05-19T10:59:00.000Z", "name": "Smishing (SMS phishing)", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--6db95ab3-33a0-5b6f-8be1-2440192b8182", "type": "attack-pattern", "created": "2024-01-28T12:56:00.000Z", "modified": "2024-05-19T10:04:00.000Z", "name": "K8s anonymous auth abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--c9de7186-5f46-5b15-ae29-9cc935634a31", "type": "attack-pattern", "created": "2022-11-27T14:41:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "Cloud API e", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--d5baf3e5-b763-54b0-a050-9f9f029aa5b5", "type": "attack-pattern", "created": "2024-06-09T10:55:00.000Z", "modified": "2024-06-09T10:56:00.000Z", "name": "Repo encryption for extortion", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--2d947478-a6e9-575d-9205-2cb52a6ce0ac", "type": "attack-pattern", "created": "2024-05-26T19:55:00.000Z", "modified": "2024-05-26T19:55:00.000Z", "name": "Gift card fraud", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--594634b9-7dab-5882-811f-c607e895c5ab", "type": "attack-pattern", "created": "2024-04-10T06:26:00.000Z", "modified": "2024-04-10T06:26:00.000Z", "name": "Exfiltration via AWS Transfer", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--e2a03fcf-7100-5cd8-bef4-27e6cee28690", "type": "attack-pattern", "created": "2024-04-10T06:25:00.000Z", "modified": "2024-04-10T06:26:00.000Z", "name": "Exfiltration via AWS DataSync", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--4e544995-b16f-5bbf-ae8f-08f05163b329", "type": "attack-pattern", "created": "2024-01-04T12:48:00.000Z", "modified": "2024-01-18T13:31:00.000Z", "name": "LOLBin abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--cda7338b-3fe8-5426-9b96-c463412b7689", "type": "attack-pattern", "created": "2024-03-13T12:58:00.000Z", "modified": "2024-05-19T09:44:00.000Z", "name": "Misconfigured Wordpress abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--a3e6ba12-4e2a-5a12-ba9f-6a873af14df2", "type": "attack-pattern", "created": "2024-02-25T12:49:00.000Z", "modified": "2024-05-19T09:44:00.000Z", "name": "Misconfigured Apache Hadoop abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--42f6b8af-c1ff-51e2-85ad-6b1d88a09dee", "type": "attack-pattern", "created": "2023-11-26T18:02:00.000Z", "modified": "2024-01-23T18:34:00.000Z", "name": "SSH propagation", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--642bb222-f4e6-5881-834d-967e52c506c3", "type": "attack-pattern", "created": "2024-02-02T13:48:00.000Z", "modified": "2024-02-02T13:51:00.000Z", "name": "Container enumeration", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--46590cb1-5bae-54b8-8c36-2b2853abe5cf", "type": "attack-pattern", "created": "2024-02-02T13:47:00.000Z", "modified": "2024-02-02T13:50:00.000Z", "name": "Global socket communication", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--c1e9add3-a6ef-5ece-b671-569745c0c324", "type": "attack-pattern", "created": "2024-02-02T13:45:00.000Z", "modified": "2024-05-19T10:07:00.000Z", "name": "Create new local user", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--16ec325a-a112-5451-b003-df337aae8ee0", "type": "attack-pattern", "created": "2023-08-02T08:26:00.000Z", "modified": "2024-01-23T18:33:00.000Z", "name": "Exposed environment config abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--fd96456c-2c63-5f07-93a9-7e1dee32e261", "type": "attack-pattern", "created": "2024-01-04T12:43:00.000Z", "modified": "2024-01-23T18:34:00.000Z", "name": "TOR anonymization", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--cc24199e-924f-5166-a20a-72db75936096", "type": "attack-pattern", "created": "2024-01-28T06:46:00.000Z", "modified": "2024-01-28T12:58:00.000Z", "name": "Email server hijacking", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--b6e7902d-f9e8-5852-bc4e-d8690c1c2385", "type": "attack-pattern", "created": "2024-01-01T15:21:00.000Z", "modified": "2024-01-23T18:33:00.000Z", "name": "OAuth app creation", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--bf7e6191-9504-5964-89d4-fc612fdc5ea8", "type": "attack-pattern", "created": "2024-01-01T15:21:00.000Z", "modified": "2024-01-23T18:33:00.000Z", "name": "OAuth app hijack", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--11f5ec5a-0e3d-5e33-8e4e-08e2c02e7deb", "type": "attack-pattern", "created": "2023-01-19T10:05:00.000Z", "modified": "2024-05-19T09:41:00.000Z", "name": "Abusing exposed Docker socket", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--c4d72aac-f9f3-5871-9410-0bb7eb42a62d", "type": "attack-pattern", "created": "2022-09-07T11:20:00.000Z", "modified": "2024-05-19T09:44:00.000Z", "name": "Misconfigured Consul abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--656a9086-487c-57f9-8a05-a9d16c821361", "type": "attack-pattern", "created": "2023-10-17T14:01:00.000Z", "modified": "2024-01-23T18:33:00.000Z", "name": "Package Starjacking", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--e897f6c7-12ab-549a-a458-a274ee41bd4e", "type": "attack-pattern", "created": "2022-09-11T06:16:00.000Z", "modified": "2024-01-21T07:16:00.000Z", "name": "Use DNS for exfiltration", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--7a5ba079-8eed-5d05-bf40-bcd1ea0fae6e", "type": "attack-pattern", "created": "2023-12-21T09:00:00.000Z", "modified": "2024-03-10T07:53:00.000Z", "name": "SQL commands", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--bf9f512a-bae4-5cc2-993a-6d395c4801ba", "type": "attack-pattern", "created": "2023-05-18T10:28:00.000Z", "modified": "2024-01-18T13:31:00.000Z", "name": "Serial port abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--f931047d-5be2-5384-834f-028a8f0b767f", "type": "attack-pattern", "created": "2022-09-13T12:11:00.000Z", "modified": "2024-01-04T13:15:00.000Z", "name": "Auth token signing via Golden SAML", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--41497bd8-4007-5838-95c1-f17920a7e956", "type": "attack-pattern", "created": "2024-01-04T12:43:00.000Z", "modified": "2024-01-31T07:31:00.000Z", "name": "Azure Arc abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--f6b43d7a-5047-5b06-846b-1fd2a6c194ce", "type": "attack-pattern", "created": "2023-09-14T06:43:00.000Z", "modified": "2025-05-18T05:59:00.000Z", "name": "Azure Run Commands abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--a4c2d305-d399-5a4a-8379-cf24b94e8e95", "type": "attack-pattern", "created": "2022-10-30T11:19:00.000Z", "modified": "2024-06-24T07:57:00.000Z", "name": "Steal EC2 Instance Credentials", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--6612b6c0-ec73-575b-9a6d-b3f4a23b8f8d", "type": "attack-pattern", "created": "2022-09-18T08:37:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "Disable logging", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--6a203bcb-80b8-52db-8b7f-f737da1891d2", "type": "attack-pattern", "created": "2023-05-15T10:58:00.000Z", "modified": "2025-05-18T05:59:00.000Z", "name": "Azure AD abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--225b4e14-d431-5d39-b2e2-b2c2420cf4fe", "type": "attack-pattern", "created": "2023-05-15T10:59:00.000Z", "modified": "2024-01-23T18:33:00.000Z", "name": "Intune abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--f88be281-4ccd-5325-90c3-5ebb2e1f283b", "type": "attack-pattern", "created": "2023-01-19T09:57:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "Exploiting host mount to escape to host", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--91d92bfc-5906-5d4a-9eab-7a3ceec34314", "type": "attack-pattern", "created": "2023-01-20T03:55:00.000Z", "modified": "2024-01-21T07:16:00.000Z", "name": "Redis-as-a-backdoor", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--16d1a177-7c6e-5f14-bf9e-06276c515f1e", "type": "attack-pattern", "created": "2022-09-13T12:12:00.000Z", "modified": "2024-05-19T11:15:00.000Z", "name": "Add attacker-controlled IdP via ADFS access", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--5dc92c2f-cf91-5db5-bb52-8fb611863e2a", "type": "attack-pattern", "created": "2022-09-13T12:11:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "Auth token signing via ADFS access", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--b6b39100-b617-5d48-81f8-e8c3b5d7d97a", "type": "attack-pattern", "created": "2022-09-13T11:41:00.000Z", "modified": "2024-05-19T10:51:00.000Z", "name": "Database ransomware", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--c24d194a-fef6-5c13-b9fe-fe48736bffca", "type": "attack-pattern", "created": "2023-03-01T09:52:00.000Z", "modified": "2024-01-18T13:31:00.000Z", "name": "Disk Wipe", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--f2cdd1c4-1e6f-53d7-b573-560a0ec0af10", "type": "attack-pattern", "created": "2023-02-13T15:56:00.000Z", "modified": "2024-05-19T09:46:00.000Z", "name": "Remotely execute commands or scripts on a VM ", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--43c1233f-a912-5b06-8e03-45c0f7db5d1e", "type": "attack-pattern", "created": "2023-03-01T09:56:00.000Z", "modified": "2024-05-20T07:04:00.000Z", "name": "Rootkit - LD_PRELOAD", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--f607fe38-b435-598f-bb98-c6f3e731e355", "type": "attack-pattern", "created": "2023-11-06T06:37:00.000Z", "modified": "2024-05-19T09:43:00.000Z", "name": "SSRF", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--d31800a3-c7ea-5107-aa57-cb90c9e8df87", "type": "attack-pattern", "created": "2023-05-02T07:23:00.000Z", "modified": "2024-01-18T13:31:00.000Z", "name": "DNS-over-HTTPS (DoH)", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--8a41d77a-4c26-5456-babc-4bbabd3e9bb8", "type": "attack-pattern", "created": "2023-05-02T07:24:00.000Z", "modified": "2024-05-19T09:43:00.000Z", "name": "Serverless execution", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--c2f99463-83bd-57d1-b61d-48a61f59f658", "type": "attack-pattern", "created": "2022-09-11T06:15:00.000Z", "modified": "2024-05-19T11:15:00.000Z", "name": "Abuse trust and privileges across accounts", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--60de47f6-fbe6-561f-ad67-d747e1fa655e", "type": "attack-pattern", "created": "2023-05-02T07:16:00.000Z", "modified": "2024-01-23T18:34:00.000Z", "name": "Timestomping", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--6abee9fa-f6e6-57f6-b38d-5902061bc29a", "type": "attack-pattern", "created": "2024-03-14T12:22:00.000Z", "modified": "2024-04-10T06:29:00.000Z", "name": "Thread impersonation to escape to host", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--8388a256-5e10-5226-8ad0-7908e8a29928", "type": "attack-pattern", "created": "2024-03-14T14:32:00.000Z", "modified": "2024-04-10T06:27:00.000Z", "name": "Escape to host via cgroups release_agent", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--8c258779-e7ce-5b8f-a90d-cfd65eafe0d6", "type": "attack-pattern", "created": "2023-11-29T17:33:00.000Z", "modified": "2024-01-23T18:33:00.000Z", "name": "FTP access", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "attack-pattern--4b1b35a5-7626-50a3-87b6-9c4087061a87", "type": "attack-pattern", "created": "2022-09-13T16:26:00.000Z", "modified": "2024-05-19T09:44:00.000Z", "name": "Misconfigured DB abuse", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--e4ea1a47-2cc7-5b40-ae04-25bfd7351dbb", "type": "tool", "created": "2023-09-14T06:48:00.000Z", "modified": "2024-06-20T12:29:00.000Z", "name": "Sliver", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--5509c610-320e-51af-9ea5-4ea2bf80f647", "type": "tool", "created": "2022-09-07T11:22:00.000Z", "modified": "2024-06-20T12:29:00.000Z", "name": "TruffleHog", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--48087600-1c22-5071-bc6c-0cc6130e700d", "type": "tool", "created": "2024-01-04T12:47:00.000Z", "modified": "2024-06-20T12:17:00.000Z", "name": "AnyDesk", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--6b4b7b9d-748c-59a5-83a6-7ee2251bbf00", "type": "tool", "created": "2024-01-30T14:17:00.000Z", "modified": "2024-06-20T12:27:00.000Z", "name": "Mimikatz", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--5db280ed-d748-5f6c-8551-96ccd4ed701f", "type": "tool", "created": "2024-01-04T12:35:00.000Z", "modified": "2024-06-20T12:18:00.000Z", "name": "AzureHound", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--50775061-da02-5b4b-82af-83ccda7e1ee3", "type": "tool", "created": "2024-02-02T14:43:00.000Z", "modified": "2024-06-20T12:23:00.000Z", "name": "Impacket", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--bbc5dbc6-e6b8-5ded-baab-b6dc4ad1a2e5", "type": "tool", "created": "2023-11-22T08:00:00.000Z", "modified": "2024-06-20T12:19:00.000Z", "name": "Cobalt Strike", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--8dcec46b-edf3-5cea-90b8-e42be4dad172", "type": "tool", "created": "2024-01-04T14:01:00.000Z", "modified": "2024-06-20T12:29:00.000Z", "name": "SoftEther proxy", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--efecb91b-be85-5a50-b44a-3462cf2e75d9", "type": "tool", "created": "2024-01-18T09:55:00.000Z", "modified": "2024-06-20T12:22:00.000Z", "name": "fscan", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--dd5f9bc0-42aa-519c-94bf-4c2a074ded89", "type": "tool", "created": "2023-12-31T17:50:00.000Z", "modified": "2024-01-21T07:55:00.000Z", "name": "IPRoyal", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--b1820b5b-658f-56b7-bb13-c5d5dbbaf582", "type": "tool", "created": "2024-01-21T09:49:00.000Z", "modified": "2024-01-21T09:52:00.000Z", "name": "Peer2Profit", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--4fc9176b-52db-5d36-b1b1-eae2cec9cb23", "type": "tool", "created": "2023-07-18T19:30:00.000Z", "modified": "2024-06-20T12:27:00.000Z", "name": "ngrok", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--f1d95eb0-4b64-5f31-9156-243c2a6c9cc5", "type": "tool", "created": "2023-07-18T19:30:00.000Z", "modified": "2024-06-20T12:23:00.000Z", "name": "Gsocket", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--30b2de50-1e49-5f95-ae05-1052cccde4f5", "type": "tool", "created": "2023-07-18T19:36:00.000Z", "modified": "2024-06-20T12:27:00.000Z", "name": "Masscan", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--0a425dd3-da8d-5cd1-a598-ae2a7e4aa3f5", "type": "tool", "created": "2023-07-18T19:35:00.000Z", "modified": "2024-06-20T12:30:00.000Z", "name": "Zgrab", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--859cf403-45d1-500b-9b27-63555c426ec7", "type": "tool", "created": "2024-02-21T08:07:00.000Z", "modified": "2024-06-20T12:29:00.000Z", "name": "SSH-Snake", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--8df668f2-0945-5eca-9056-945eaa946ab7", "type": "tool", "created": "2024-07-18T15:17:00.000Z", "modified": "2024-12-25T12:18:00.000Z", "name": "ASN", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--2dcc1e6f-0136-5ac5-b05d-aa265473f2f9", "type": "tool", "created": "2024-03-07T16:04:00.000Z", "modified": "2024-06-20T12:27:00.000Z", "name": "netcat", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--8d117263-b763-5a38-8543-25b13ddc82b7", "type": "tool", "created": "2024-03-28T12:26:00.000Z", "modified": "2024-06-20T12:28:00.000Z", "name": "PsExec", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--b3069e3e-d8d4-557b-9a6b-c81bf35c3728", "type": "tool", "created": "2024-03-28T12:27:00.000Z", "modified": "2024-06-20T12:28:00.000Z", "name": "SecureShell", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--8470b13d-ad4b-5f4b-b3a4-50039d94f52c", "type": "tool", "created": "2024-03-10T07:39:00.000Z", "modified": "2024-06-20T12:28:00.000Z", "name": "ScreenConnect", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--c16a1387-5dd9-5b49-a489-8091219d3115", "type": "tool", "created": "2024-01-18T12:17:00.000Z", "modified": "2024-06-20T12:17:00.000Z", "name": "9hits", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--c1d24482-73f3-5489-bf90-4d22ec929bb9", "type": "tool", "created": "2024-02-02T14:38:00.000Z", "modified": "2024-06-20T12:28:00.000Z", "name": "PySoxy", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--a7088638-33f7-522c-9e38-e88758043fee", "type": "tool", "created": "2024-02-02T14:44:00.000Z", "modified": "2024-06-20T12:22:00.000Z", "name": "enum4Linux", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--82a521b2-eb90-592e-a483-aa57f2c38301", "type": "tool", "created": "2024-02-02T14:43:00.000Z", "modified": "2024-06-20T12:19:00.000Z", "name": "CrackMapExec", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--18a5ddb6-5480-5a28-912b-3d284d9ee559", "type": "tool", "created": "2024-02-02T14:44:00.000Z", "modified": "2024-06-20T12:23:00.000Z", "name": "iodine", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--b26e72fa-edd0-5a23-97b8-941e19b1e22c", "type": "tool", "created": "2022-09-07T08:12:00.000Z", "modified": "2024-06-20T12:27:00.000Z", "name": "Metasploit", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--d8e9692d-fa6a-567a-b581-2439fe3e633f", "type": "tool", "created": "2022-09-07T11:24:00.000Z", "modified": "2025-03-27T13:28:00.000Z", "name": "ROADtools", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--0ead71ad-02a1-55bf-bb80-01f4a6b7f6d5", "type": "tool", "created": "2023-12-31T17:50:00.000Z", "modified": "2024-01-21T07:55:00.000Z", "name": "ProxyLite", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--896b498a-0409-5cef-8776-84af072ead70", "type": "tool", "created": "2022-09-07T11:25:00.000Z", "modified": "2024-06-20T12:27:00.000Z", "name": "Pacu", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--2a713a69-2e1e-5629-8087-46986e3121c5", "type": "tool", "created": "2022-09-07T11:23:00.000Z", "modified": "2024-06-20T12:28:00.000Z", "name": "ScoutSuite", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--c28c3b1d-ab5e-507d-a269-4e7a449f0528", "type": "tool", "created": "2023-07-05T06:53:00.000Z", "modified": "2024-06-20T12:29:00.000Z", "name": "tmate", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--ce2e8712-96e5-51dc-acce-0e94cbe4d7bb", "type": "tool", "created": "2022-09-07T10:39:00.000Z", "modified": "2024-06-20T12:27:00.000Z", "name": "Peirates", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "tool--a7694eb7-f020-5e3e-9259-36836b18999a", "type": "tool", "created": "2024-01-04T14:17:00.000Z", "modified": "2024-06-20T12:23:00.000Z", "name": "Kunpeng", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--c84ee96b-0e1b-5d8f-813f-6bd936461cfd", "type": "threat-actor", "created": "2026-05-28T11:44:00.000Z", "modified": "2026-05-28T11:44:00.000Z", "name": "JINX-0164", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--bf98e1db-6065-5b9d-b2c6-27eb1875e005", "type": "threat-actor", "created": "2023-04-20T11:10:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "Unknown", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--73187952-0eef-5c18-bc0e-713ea0679872", "type": "threat-actor", "created": "2026-02-09T14:41:00.000Z", "modified": "2026-05-20T10:47:00.000Z", "name": "TeamPCP", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--0071e9af-b4ae-5d34-b345-5081e4148ab2", "type": "threat-actor", "created": "2024-08-21T09:20:00.000Z", "modified": "2024-10-14T13:50:00.000Z", "name": "Lazarus Group", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--d083a682-3a37-51ad-9787-4978d9041f7c", "type": "threat-actor", "created": "2024-09-04T09:09:00.000Z", "modified": "2024-09-19T12:11:00.000Z", "name": "Bling Libra", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--f666cb03-c4d9-5121-8117-f47021b14aee", "type": "threat-actor", "created": "2026-04-29T12:15:00.000Z", "modified": "2026-04-29T12:15:00.000Z", "name": "UAT-10608", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--c9798d74-c763-515d-8956-6a76e0f1d2f5", "type": "threat-actor", "created": "2026-02-13T19:10:00.000Z", "modified": "2026-02-13T19:10:00.000Z", "name": "SSHStalker", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--86534d91-ac96-5d59-93fa-ad75a5f24799", "type": "threat-actor", "created": "2026-02-01T13:39:00.000Z", "modified": "2026-02-01T13:39:00.000Z", "name": "Hecker", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--af86dfc2-7bd8-56be-8b18-e13e7ed185b8", "type": "threat-actor", "created": "2026-01-15T10:52:00.000Z", "modified": "2026-01-18T09:52:00.000Z", "name": "VoidLink operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--4b827fef-0961-574e-975d-8167e370e318", "type": "threat-actor", "created": "2025-03-02T08:18:00.000Z", "modified": "2026-01-30T08:51:00.000Z", "name": "JavaGhost", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--5516296e-2ab7-5589-b188-b76b8e8919b1", "type": "threat-actor", "created": "2025-12-21T12:09:00.000Z", "modified": "2025-12-21T12:09:00.000Z", "name": "UAT-9686", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--998880f6-bf25-5078-99a7-2e658d4b2c1a", "type": "threat-actor", "created": "2025-11-19T11:32:00.000Z", "modified": "2025-11-19T11:33:00.000Z", "name": "IronErn440", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--d5d52ddc-1aa5-52d9-97db-34e61b51316e", "type": "threat-actor", "created": "2025-11-16T12:44:00.000Z", "modified": "2025-11-16T12:44:00.000Z", "name": "UNC6485", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--1d705fbd-fd86-5ed6-a4b7-320e8adfa19f", "type": "threat-actor", "created": "2024-08-14T08:21:00.000Z", "modified": "2024-10-14T13:44:00.000Z", "name": "APT41", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--5103b4e8-f6e9-525f-8cf1-473cb803d6ef", "type": "threat-actor", "created": "2025-10-27T14:28:00.000Z", "modified": "2025-10-27T14:28:00.000Z", "name": "REF3927", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--fdb1ebfc-7fb3-5593-82c0-65036511a8bf", "type": "threat-actor", "created": "2025-10-09T09:51:00.000Z", "modified": "2025-10-09T09:51:00.000Z", "name": "Crimson Collective", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--759f0092-5a60-5059-8a6c-850a7b0946aa", "type": "threat-actor", "created": "2024-12-16T14:38:00.000Z", "modified": "2025-10-09T09:53:00.000Z", "name": "Cl0p", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--c3d956b4-9222-53c1-9395-3f1d1c94dd68", "type": "threat-actor", "created": "2024-08-07T08:04:00.000Z", "modified": "2024-10-14T13:57:00.000Z", "name": "STORM-1849", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--82494930-131b-5754-8de7-233c22554b02", "type": "threat-actor", "created": "2024-02-02T14:35:00.000Z", "modified": "2024-03-11T17:40:00.000Z", "name": "UNC5221", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--9829dcdc-09e9-504a-ad5b-2218c569fcc5", "type": "threat-actor", "created": "2025-09-15T12:48:00.000Z", "modified": "2025-09-15T12:48:00.000Z", "name": "UNC6395", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--8f0db9e2-8318-515d-9447-72aa092c946e", "type": "threat-actor", "created": "2024-10-08T14:44:00.000Z", "modified": "2024-10-27T07:59:00.000Z", "name": "Storm-0501", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--71f56ff3-397c-56d9-8fea-8010d04f078f", "type": "threat-actor", "created": "2025-08-25T13:22:00.000Z", "modified": "2025-08-25T13:26:00.000Z", "name": "Genesis Panda", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--c11b3e4a-16f6-5d49-87a3-25211b14f212", "type": "threat-actor", "created": "2025-03-05T13:25:00.000Z", "modified": "2025-08-26T07:54:00.000Z", "name": "Silk Typhoon", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--70a5f37e-3615-5049-b423-939fe4430247", "type": "threat-actor", "created": "2025-08-21T12:57:00.000Z", "modified": "2025-08-21T12:57:00.000Z", "name": "Warlock operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--b19c6b6b-580c-52fe-9007-392378cdb0dd", "type": "threat-actor", "created": "2025-08-19T11:00:00.000Z", "modified": "2025-08-19T11:07:00.000Z", "name": "UAT-7237", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--addd8af1-f2fc-5ccd-8407-78dcd90fc363", "type": "threat-actor", "created": "2024-01-21T09:41:00.000Z", "modified": "2024-03-11T17:06:00.000Z", "name": "Mimo operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--69362ca5-21b2-5593-88ec-0a154ba2ea23", "type": "threat-actor", "created": "2025-07-09T13:17:00.000Z", "modified": "2025-07-09T13:17:00.000Z", "name": "TGR-CRI-0045", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--59582752-5104-56c4-b809-83f1d0aaa754", "type": "threat-actor", "created": "2024-03-27T14:23:00.000Z", "modified": "2024-04-30T06:42:00.000Z", "name": "UNC5174", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--f9eca988-547b-5ced-8a6c-6d46066ad6f8", "type": "threat-actor", "created": "2025-06-04T15:30:00.000Z", "modified": "2025-06-04T15:30:00.000Z", "name": "JINX-0132", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--4924e4e6-f97f-50ce-891d-50aee4edb492", "type": "threat-actor", "created": "2025-05-29T13:36:00.000Z", "modified": "2025-05-29T13:36:00.000Z", "name": "Earth Lamia", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--f593753b-35d1-502b-9846-ce59be9e35de", "type": "threat-actor", "created": "2025-05-29T11:03:00.000Z", "modified": "2025-05-29T11:03:00.000Z", "name": "DragonForce", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--ae6299f7-67f4-55e3-9aaa-2e2be1c951fc", "type": "threat-actor", "created": "2025-06-04T14:55:00.000Z", "modified": "2025-06-04T14:55:00.000Z", "name": "UTG-Q-015", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--7284147c-3dfa-5892-8edf-b9c1da56d80c", "type": "threat-actor", "created": "2025-05-13T14:50:00.000Z", "modified": "2025-05-13T14:50:00.000Z", "name": "Storm-1977", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--7fdefa69-e7ab-5aca-b26d-1c0cb9ae124e", "type": "threat-actor", "created": "2024-02-25T12:46:00.000Z", "modified": "2024-04-30T06:46:00.000Z", "name": "Lucifer operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--b2c6f777-7092-5939-938a-cbf2730f337c", "type": "threat-actor", "created": "2025-04-27T11:10:00.000Z", "modified": "2025-04-27T11:10:00.000Z", "name": "Sysrv botnet operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--cc0811ae-7246-5daf-98de-5103fa15d8e0", "type": "threat-actor", "created": "2025-04-16T13:38:00.000Z", "modified": "2025-04-16T13:40:00.000Z", "name": "CrazyHunter operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--a1f142d8-fa9d-5b7b-b76c-040faf6c271d", "type": "threat-actor", "created": "2025-04-14T12:17:00.000Z", "modified": "2025-04-14T12:17:00.000Z", "name": "Red Menshen", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--c8927914-822e-5b3d-a464-3c273a7fcf54", "type": "threat-actor", "created": "2024-05-26T19:52:00.000Z", "modified": "2024-05-26T19:56:00.000Z", "name": "Atlas Lion", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--dad471f1-740d-511b-8bca-bb0d229fb46e", "type": "threat-actor", "created": "2025-03-27T13:36:00.000Z", "modified": "2025-03-27T13:36:00.000Z", "name": "Weaver Ant", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--0c9aafa1-2ed4-5ebd-90f0-86cf724a3d56", "type": "threat-actor", "created": "2025-05-08T09:51:00.000Z", "modified": "2025-05-08T09:51:00.000Z", "name": "Albabat operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--2424d3b7-f772-5290-97b3-80655bb13c86", "type": "threat-actor", "created": "2024-12-18T14:14:00.000Z", "modified": "2024-12-25T12:03:00.000Z", "name": "Winnti", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--bd8bb7d4-e2c5-513e-9b7c-46f1f67852b6", "type": "threat-actor", "created": "2025-02-19T09:19:00.000Z", "modified": "2025-02-19T09:35:00.000Z", "name": "Mustang Panda", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--cf06485e-2659-5dd5-8daa-551edce1d1f9", "type": "threat-actor", "created": "2025-02-18T14:26:00.000Z", "modified": "2025-02-18T14:26:00.000Z", "name": "Seashell Blizzard", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--4088d423-8b48-5bb1-bce6-4fc1596e59b6", "type": "threat-actor", "created": "2025-02-24T13:07:00.000Z", "modified": "2025-08-03T07:20:00.000Z", "name": "Black Basta operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--df853f3e-dfd0-5de2-aed7-5cee3f00c05b", "type": "threat-actor", "created": "2025-01-23T15:00:00.000Z", "modified": "2025-01-23T15:00:00.000Z", "name": "TRIPLESTRENGTH", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--93c168f9-3b32-5560-a38b-902458eb03c2", "type": "threat-actor", "created": "2025-01-23T09:31:00.000Z", "modified": "2025-01-23T09:31:00.000Z", "name": "UNC2165", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--3354a135-6001-547c-b2e1-68d2ae8659c7", "type": "threat-actor", "created": "2025-01-27T11:41:00.000Z", "modified": "2025-01-27T12:27:00.000Z", "name": "Bapak", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--ee343e39-01d1-56ad-8e78-af03ac0396ec", "type": "threat-actor", "created": "2025-02-06T09:54:00.000Z", "modified": "2025-02-06T09:54:00.000Z", "name": "Codefinger", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--043f5267-da65-598b-ad4b-130d54b13b17", "type": "threat-actor", "created": "2025-01-06T08:17:00.000Z", "modified": "2025-01-06T08:17:00.000Z", "name": "EC2 Grouper", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--22ad1745-fe03-5a0c-83e2-fd01da11a394", "type": "threat-actor", "created": "2024-05-23T09:23:00.000Z", "modified": "2025-01-06T08:20:00.000Z", "name": "Diicot", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--797c05c7-bdcf-59d2-877c-70602f877dbf", "type": "threat-actor", "created": "2024-12-18T14:07:00.000Z", "modified": "2024-12-25T11:46:00.000Z", "name": "JINX-2401", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--8ef0b19b-a195-595d-a44f-e6fdc538e364", "type": "threat-actor", "created": "2024-08-21T09:56:00.000Z", "modified": "2024-12-25T12:09:00.000Z", "name": "Gafgyt operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--d8f2f35d-a05b-5f82-8fb0-cb53861840ef", "type": "threat-actor", "created": "2024-11-24T14:46:00.000Z", "modified": "2024-11-24T15:22:00.000Z", "name": "Gelsemium", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--f703c021-5ae6-57b0-94b1-c08e541ec20a", "type": "threat-actor", "created": "2024-11-19T15:46:00.000Z", "modified": "2024-11-19T16:00:00.000Z", "name": "Earth Kasha", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--bdca3605-c4c8-5024-a782-c2a664149f9e", "type": "threat-actor", "created": "2024-11-17T15:22:00.000Z", "modified": "2024-11-19T15:59:00.000Z", "name": "BrazenBamboo", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--23f09ef2-4762-5afa-bbf0-aad7f750a6b2", "type": "threat-actor", "created": "2024-11-14T13:20:00.000Z", "modified": "2024-11-19T16:00:00.000Z", "name": "Silent Skimmer", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--14f61c28-082b-5e1a-82dd-6c9a916187d9", "type": "threat-actor", "created": "2024-11-13T09:10:00.000Z", "modified": "2024-12-25T11:58:00.000Z", "name": "Mozi Botnet operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--56d28b28-81fe-5e74-8878-ad148a4a6faa", "type": "threat-actor", "created": "2024-11-03T13:28:00.000Z", "modified": "2024-11-03T13:28:00.000Z", "name": "EMERALDWHALE", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--78db9843-979c-56d0-af37-a9eb8ae4a62f", "type": "threat-actor", "created": "2022-09-07T10:33:00.000Z", "modified": "2024-10-27T08:51:00.000Z", "name": "TeamTNT", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--2dcd09e3-f931-5404-9952-dfd86596dda7", "type": "threat-actor", "created": "2024-10-28T13:38:00.000Z", "modified": "2024-10-28T13:41:00.000Z", "name": "UNC5820", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--d870a59e-a98f-5c14-89ed-01465fcdc8e7", "type": "threat-actor", "created": "2024-10-27T07:56:00.000Z", "modified": "2024-10-27T07:58:00.000Z", "name": "Prometei operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--60d480e2-9f0a-5246-9581-ac445b6fcdbe", "type": "threat-actor", "created": "2024-06-30T09:06:00.000Z", "modified": "2024-08-25T07:47:00.000Z", "name": "Funnull", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--8489644b-4db4-54da-9138-4fa6b1523276", "type": "threat-actor", "created": "2024-10-14T11:26:00.000Z", "modified": "2024-10-27T07:58:00.000Z", "name": "APT34", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--08a5cf5b-b37e-5247-9f2b-3a315a20004d", "type": "threat-actor", "created": "2022-09-07T09:31:00.000Z", "modified": "2024-10-14T13:40:00.000Z", "name": "APT29", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--7797ec4c-b4cc-5d17-9d62-eb01f8d2c885", "type": "threat-actor", "created": "2024-10-01T05:49:00.000Z", "modified": "2024-10-01T05:52:00.000Z", "name": "REF6138", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--7037c579-ac08-50d1-baff-3edbbde9fbd7", "type": "threat-actor", "created": "2024-09-24T13:26:00.000Z", "modified": "2025-06-24T10:49:00.000Z", "name": "UNC1860", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--b2842f49-a7f7-50e1-a1ff-a6b653882288", "type": "threat-actor", "created": "2024-09-16T15:09:00.000Z", "modified": "2024-09-19T13:14:00.000Z", "name": "DragonRank", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--8978fcfe-e6d2-5ada-96d4-23b14ee0dd75", "type": "threat-actor", "created": "2025-02-27T14:26:00.000Z", "modified": "2025-02-27T14:39:00.000Z", "name": "JINX-0126", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--32b38aaa-d60e-5922-9aec-374d4624e280", "type": "threat-actor", "created": "2024-09-03T11:25:00.000Z", "modified": "2024-10-28T13:41:00.000Z", "name": "Horde Panda", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--6884df7a-cb54-5436-b071-d5d65caafa53", "type": "threat-actor", "created": "2023-04-20T12:05:00.000Z", "modified": "2025-06-30T13:25:00.000Z", "name": "0ktapus", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--8d55a5d9-3b23-5cd0-8ea5-2d7d2d218bcd", "type": "threat-actor", "created": "2024-08-04T15:17:00.000Z", "modified": "2024-08-28T06:36:00.000Z", "name": "Mirai", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--b86b855d-4d73-584e-bc46-8ac69d633635", "type": "threat-actor", "created": "2024-08-01T09:45:00.000Z", "modified": "2024-08-28T06:37:00.000Z", "name": "Storm-0506", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--5aa29091-7972-5e60-887d-91a9df25d464", "type": "threat-actor", "created": "2024-08-01T09:46:00.000Z", "modified": "2024-08-28T06:37:00.000Z", "name": "Storm-1175", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--b7e938f7-8118-5627-a3dd-ab48cbe3d42a", "type": "threat-actor", "created": "2024-08-01T09:47:00.000Z", "modified": "2024-08-28T06:36:00.000Z", "name": "Manatee Tempest", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--00555557-9375-595f-8afa-57298f10d611", "type": "threat-actor", "created": "2024-07-18T15:09:00.000Z", "modified": "2024-08-28T06:35:00.000Z", "name": "CRYSTALRAY", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--1d3c7da6-db96-52e2-8e37-9467f22043ea", "type": "threat-actor", "created": "2022-09-07T09:30:00.000Z", "modified": "2024-10-14T12:59:00.000Z", "name": "8220 Gang", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--281c6972-f595-5e9a-bb85-29ceed0f4b1a", "type": "threat-actor", "created": "2024-06-24T15:09:00.000Z", "modified": "2024-08-28T06:37:00.000Z", "name": "RedJuliett", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--732b382b-5221-5c14-ace3-fd8a17ebecf4", "type": "threat-actor", "created": "2024-07-03T11:29:00.000Z", "modified": "2024-08-25T07:47:00.000Z", "name": "Boolka", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--5628d06d-4e87-5558-acf1-587c68c38fd9", "type": "threat-actor", "created": "2024-08-07T10:31:00.000Z", "modified": "2024-08-07T10:42:00.000Z", "name": "TellYouThePass Gang", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--39fb90a4-3d95-5414-ace9-529c4ce98e29", "type": "threat-actor", "created": "2024-06-09T10:55:00.000Z", "modified": "2024-08-25T07:47:00.000Z", "name": "Gitloker", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--a61095c9-d185-5f15-9937-25d6690f3bdc", "type": "threat-actor", "created": "2024-09-09T06:32:00.000Z", "modified": "2024-09-09T06:32:00.000Z", "name": "UTG-Q-008", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--ca0722c0-953c-5867-9686-785b70df27b4", "type": "threat-actor", "created": "2024-06-06T17:00:00.000Z", "modified": "2025-01-30T19:50:00.000Z", "name": "Muhstik operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--83b939fa-99f5-598f-b2b9-1000a9179e7f", "type": "threat-actor", "created": "2024-06-04T08:36:00.000Z", "modified": "2024-08-25T07:46:00.000Z", "name": "RedTail operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--0daf573e-37af-57e2-b350-4d34e4a9aec8", "type": "threat-actor", "created": "2022-09-07T10:34:00.000Z", "modified": "2024-06-02T10:19:00.000Z", "name": "Kinsing operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--f180e21f-86c1-5c9b-9334-76b97417f1f8", "type": "threat-actor", "created": "2024-05-07T11:44:00.000Z", "modified": "2024-05-26T19:57:00.000Z", "name": "TargetCompany", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--b3f40036-e3b1-58fd-a10f-7cb61fd745e6", "type": "threat-actor", "created": "2024-04-11T11:03:00.000Z", "modified": "2024-04-11T13:05:00.000Z", "name": "RUBYCARP", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--942361b0-e10d-51e6-bce2-a0c12cac72a6", "type": "threat-actor", "created": "2024-03-28T12:25:00.000Z", "modified": "2024-10-14T13:40:00.000Z", "name": "Agenda operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--c10fb8e3-1408-5a1d-920e-2407199e77aa", "type": "threat-actor", "created": "2024-03-17T15:56:00.000Z", "modified": "2024-03-19T11:46:00.000Z", "name": "ShadowSyndicate", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--552d73c3-91f2-5411-bf24-d9d47473fbdd", "type": "threat-actor", "created": "2024-03-10T07:37:00.000Z", "modified": "2024-04-30T06:46:00.000Z", "name": "Magnet Goblin", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--43454ef7-d48b-5107-af7b-682442b0833d", "type": "threat-actor", "created": "2024-03-07T16:02:00.000Z", "modified": "2024-04-30T06:46:00.000Z", "name": "z0miner", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--1dfe1db8-b3f7-5074-a55d-66eeac30dbc3", "type": "threat-actor", "created": "2024-02-22T17:07:00.000Z", "modified": "2024-03-11T17:35:00.000Z", "name": "Migo operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--73ca4d63-7fae-5bd6-a7eb-ac06c92b6352", "type": "threat-actor", "created": "2024-08-06T15:04:00.000Z", "modified": "2024-08-06T15:58:00.000Z", "name": "Water Hydra", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--a89573bb-2141-5f58-be68-c06c3300d0da", "type": "threat-actor", "created": "2024-08-07T07:48:00.000Z", "modified": "2024-10-14T13:51:00.000Z", "name": "Mispadu operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--1a052803-0f1b-51f6-8e75-5445d0ca807a", "type": "threat-actor", "created": "2024-02-02T13:42:00.000Z", "modified": "2024-03-11T17:34:00.000Z", "name": "Commando Cat", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--7b674ebc-3e05-5748-a0c7-ab587d9d21f6", "type": "threat-actor", "created": "2023-12-21T08:57:00.000Z", "modified": "2024-02-06T09:31:00.000Z", "name": "Trigona operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--7f98da2d-4734-5ba4-a2b7-89e15377c9e7", "type": "threat-actor", "created": "2022-09-07T08:02:00.000Z", "modified": "2024-01-18T09:29:00.000Z", "name": "Dreambus operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--ce44472f-cd97-5ef9-9a93-aca86e770d8e", "type": "threat-actor", "created": "2024-01-28T06:43:00.000Z", "modified": "2024-02-06T09:33:00.000Z", "name": "Cyber Toufan", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--9af81023-9771-57e7-ae3f-ac2c94ac2bf3", "type": "threat-actor", "created": "2023-12-14T09:49:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "GambleForce", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--30689c86-aeae-5cbc-80e4-01485dbbace8", "type": "threat-actor", "created": "2024-01-01T15:20:00.000Z", "modified": "2024-03-11T17:37:00.000Z", "name": "Storm-1283", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--8f02a1ee-ec5b-55c1-85eb-7cc8805c3723", "type": "threat-actor", "created": "2023-12-12T13:21:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "Krasue operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--f8833b33-0f5f-5786-81ef-1e66dba2515e", "type": "threat-actor", "created": "2023-11-29T16:48:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "GoTitan operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--00b7f434-773d-5f4a-8d6b-c93cd1940495", "type": "threat-actor", "created": "2023-11-27T08:46:00.000Z", "modified": "2024-10-14T13:01:00.000Z", "name": "Andariel", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--c4ff44db-dadb-55ca-a9ae-d6c4ec2846de", "type": "threat-actor", "created": "2024-02-18T14:53:00.000Z", "modified": "2024-04-30T06:42:00.000Z", "name": "C3RB3R operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--69651dda-8a84-5af2-b49e-038df494bfb4", "type": "threat-actor", "created": "2023-11-19T19:01:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "Prophet Spider", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--4c4b7cfe-397f-5bb9-b525-8568f64c0605", "type": "threat-actor", "created": "2023-09-21T09:03:00.000Z", "modified": "2024-03-11T17:34:00.000Z", "name": "AmberSquid", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--be0cb573-ab8d-58e4-b682-8c8b06e74cc6", "type": "threat-actor", "created": "2023-09-18T11:05:00.000Z", "modified": "2025-06-24T10:23:00.000Z", "name": "Peach Sandstorm", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--73308bdd-62e4-580d-8bd8-597c4ddb6a38", "type": "threat-actor", "created": "2023-12-27T08:43:00.000Z", "modified": "2024-01-23T18:30:00.000Z", "name": "UNC4841", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--b6a1370b-2454-5c9c-86d3-459c23d5042b", "type": "threat-actor", "created": "2023-12-31T17:49:00.000Z", "modified": "2024-03-11T17:06:00.000Z", "name": "Labrat operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--ffcd01f4-872f-5a30-b5e0-92aa466d2fae", "type": "threat-actor", "created": "2023-10-31T13:00:00.000Z", "modified": "2024-01-04T12:40:00.000Z", "name": "P2PInfect", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--937980fa-5efd-5b25-99b6-05854c082371", "type": "threat-actor", "created": "2023-08-06T11:39:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "Meow", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--9fb97e7b-be99-5c4b-8333-6fd0e21760d9", "type": "threat-actor", "created": "2023-12-12T08:47:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "SkidMap operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--aeb670b6-8087-566b-93e7-fa8672970a08", "type": "threat-actor", "created": "2023-08-02T08:29:00.000Z", "modified": "2024-03-11T17:36:00.000Z", "name": "SilentBob", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--8c3df759-08ab-5906-b0eb-875ab465a29e", "type": "threat-actor", "created": "2023-10-03T09:39:00.000Z", "modified": "2024-04-06T18:10:00.000Z", "name": "Storm-0558", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--3c7918ca-a06f-565d-99c1-d5ca3790bb90", "type": "threat-actor", "created": "2023-12-13T17:19:00.000Z", "modified": "2024-01-18T13:28:00.000Z", "name": "PyLoose operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--ef93db5d-442c-51aa-a2bc-3da4c1da0d4a", "type": "threat-actor", "created": "2023-07-18T08:43:00.000Z", "modified": "2025-01-27T12:57:00.000Z", "name": "APT31", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--ef5ce6ce-a6d3-5431-877b-5d3897a434d8", "type": "threat-actor", "created": "2023-09-21T09:04:00.000Z", "modified": "2024-03-11T17:36:00.000Z", "name": "ScarletEel", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--d35fcfc4-45eb-5cb8-9fdb-e972731be285", "type": "threat-actor", "created": "2024-08-06T11:54:00.000Z", "modified": "2024-08-25T07:45:00.000Z", "name": "RomCom", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--6ceb9d41-d9eb-5b60-aa85-10d3706a27fc", "type": "threat-actor", "created": "2023-05-03T07:19:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "ChinaZ", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--cb1ef317-cde1-52d4-928b-4f399e88fbab", "type": "threat-actor", "created": "2023-07-31T10:02:00.000Z", "modified": "2024-01-23T18:30:00.000Z", "name": "UNC3886", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--712cebb0-71a4-550b-9aa6-de55f653e57e", "type": "threat-actor", "created": "2023-04-20T12:02:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "GoBruteforcer operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--477d538c-2f40-5258-ae2d-f941d76dab72", "type": "threat-actor", "created": "2023-05-15T10:57:00.000Z", "modified": "2024-03-11T17:38:00.000Z", "name": "UNC2970", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--4159de52-e1e5-58ed-bcc7-44940d8a2efe", "type": "threat-actor", "created": "2024-04-30T06:36:00.000Z", "modified": "2024-04-30T06:46:00.000Z", "name": "HeadCrab operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--510bb9cb-ecb1-5518-a76a-f23bddafc3db", "type": "threat-actor", "created": "2024-04-30T06:43:00.000Z", "modified": "2024-04-30T06:45:00.000Z", "name": "Redigo operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--43a7c0e5-554c-5149-b605-fd21076e4894", "type": "threat-actor", "created": "2022-09-07T10:34:00.000Z", "modified": "2024-01-18T13:29:00.000Z", "name": "WatchDog", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--db42e54c-fde3-5db8-901d-eb38a45151c7", "type": "threat-actor", "created": "2024-06-13T12:20:00.000Z", "modified": "2024-06-13T12:22:00.000Z", "name": "Bondnet", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--211d0f3b-f43c-5a73-8497-bc71120e1695", "type": "threat-actor", "created": "2023-05-23T07:43:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "DarkRadiation operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--492a1af1-dc47-5686-b29e-3f104ca28405", "type": "threat-actor", "created": "2022-09-07T09:36:00.000Z", "modified": "2024-03-11T17:39:00.000Z", "name": "UNC2903", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--ef7f343c-a217-5fa3-953d-4ba3a614b5be", "type": "threat-actor", "created": "2022-09-07T09:36:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "LemonDuck", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--c45ee075-3bc4-5f9a-9861-71e9b7408b53", "type": "threat-actor", "created": "2022-09-07T09:31:00.000Z", "modified": "2024-03-19T09:56:00.000Z", "name": "LAPSUS$", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--c80cb0f1-6a55-5e1a-be74-1af536cff645", "type": "threat-actor", "created": "2023-05-02T07:16:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "CoinStomp operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--0cc02f94-998c-53d5-9fe2-2b9f18f38bde", "type": "threat-actor", "created": "2025-10-08T13:41:00.000Z", "modified": "2025-10-08T13:54:00.000Z", "name": "UNC3379", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--f2afec7b-ef0b-5b2a-b4cf-e038e6faaf4b", "type": "threat-actor", "created": "2023-05-02T07:25:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "Abcbot operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--66205d7e-83ba-5e0e-ad5c-73e0f9cf5e99", "type": "threat-actor", "created": "2024-03-14T12:21:00.000Z", "modified": "2024-04-30T06:41:00.000Z", "name": "Siloscape operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--fdc77e35-e36d-5215-b4e4-dac3b4f5d303", "type": "threat-actor", "created": "2024-03-14T14:26:00.000Z", "modified": "2024-04-30T06:46:00.000Z", "name": "Doki operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--50cec33d-1025-5665-bce4-7429b0d0555f", "type": "threat-actor", "created": "2023-10-01T13:20:00.000Z", "modified": "2024-01-18T13:25:00.000Z", "name": "Sandworm", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "threat-actor--7e55417d-b1be-500e-80a1-0887724f92a3", "type": "threat-actor", "created": "2024-11-03T06:58:00.000Z", "modified": "2024-11-03T06:58:00.000Z", "name": "Windigo operator", "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--ff2b4da7-c90a-5f4e-8b7b-da3c23bf1750", "type": "malware", "created": "2026-05-28T11:45:00.000Z", "modified": "2026-05-28T11:45:00.000Z", "name": "MINIRAT", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--c9a24dca-814c-588a-8929-02f9adb49b1e", "type": "malware", "created": "2026-05-28T11:45:00.000Z", "modified": "2026-05-28T11:45:00.000Z", "name": "AUDIODFX", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--771355de-8cb7-5ee9-b16d-886bbcb4d8a1", "type": "malware", "created": "2026-05-11T15:03:00.000Z", "modified": "2026-05-11T15:03:00.000Z", "name": "Mini Shai Hulud", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--d06b3214-99f4-5579-9ce5-ed8d1ba28db2", "type": "malware", "created": "2026-04-29T12:19:00.000Z", "modified": "2026-04-29T12:19:00.000Z", "name": "Beavertail", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--86a3683e-a1f0-5cd1-a97d-ff4c50a0d199", "type": "malware", "created": "2026-01-15T12:41:00.000Z", "modified": "2026-01-15T12:44:00.000Z", "name": "VoidLink", "malware_types": [ "Cloud", "Malware", "Enumeration", "Toolkit", "Rootkit" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--c2f855cd-c105-542a-9f04-4430c53e8e32", "type": "malware", "created": "2026-01-12T11:33:00.000Z", "modified": "2026-01-12T11:33:00.000Z", "name": "CoinMiner", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--f6e42306-d839-5156-8762-611aadab107d", "type": "malware", "created": "2022-09-07T08:03:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "XMRig", "malware_types": [ "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--af49becb-ec90-566e-8bbc-4a04374e9342", "type": "malware", "created": "2025-12-21T12:14:00.000Z", "modified": "2025-12-21T12:14:00.000Z", "name": "StealC", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--8ce63afe-95f4-5c7f-9c2e-9f78907f53d1", "type": "malware", "created": "2025-12-21T12:14:00.000Z", "modified": "2025-12-21T12:14:00.000Z", "name": "Amadey loader", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--389ab4ac-130c-5349-ba18-83e0caeb3c3c", "type": "malware", "created": "2025-12-21T12:09:00.000Z", "modified": "2025-12-21T12:09:00.000Z", "name": "AquaShell", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--57c56437-7425-5c3b-ab16-f9d9783fc672", "type": "malware", "created": "2025-12-21T12:09:00.000Z", "modified": "2025-12-21T12:09:00.000Z", "name": "AquaPurge", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--14088d01-218c-5a8c-aed8-ba8ac82a0038", "type": "malware", "created": "2025-12-21T12:09:00.000Z", "modified": "2025-12-21T12:09:00.000Z", "name": "AquaTunnel", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--d0d0dcfa-b521-51b9-9316-ffb6735fd0db", "type": "malware", "created": "2024-01-18T10:01:00.000Z", "modified": "2024-01-22T09:13:00.000Z", "name": "Chisel", "malware_types": [ "Proxy" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--192ed40a-cf7a-55e5-99f3-abcf59a2412f", "type": "malware", "created": "2025-11-19T11:39:00.000Z", "modified": "2025-11-19T11:39:00.000Z", "name": "Rigel", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--9e8260a2-b4da-56d4-adc3-211441820744", "type": "malware", "created": "2025-11-19T11:40:00.000Z", "modified": "2025-11-19T11:40:00.000Z", "name": "sockstress", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--d082380b-482b-5c5c-b737-d33fb320d9da", "type": "malware", "created": "2024-01-18T09:55:00.000Z", "modified": "2024-01-21T07:58:00.000Z", "name": "Godzilla", "malware_types": [ "Webshell" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--91ac8b41-7deb-5eab-b31b-662b5dad5409", "type": "malware", "created": "2025-10-27T14:38:00.000Z", "modified": "2025-10-27T14:38:00.000Z", "name": "NeuralExecutor", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--2efb396f-738b-52b5-8ef8-60e5a64c6240", "type": "malware", "created": "2025-10-27T14:38:00.000Z", "modified": "2025-10-27T14:38:00.000Z", "name": "Neursite", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--61230a00-fb63-5580-aeac-9dd7ccbc36ee", "type": "malware", "created": "2025-04-16T13:45:00.000Z", "modified": "2025-04-16T13:46:00.000Z", "name": "VShell", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--765eaa59-d6f1-5a50-858b-e1f54c503703", "type": "malware", "created": "2025-10-15T11:47:00.000Z", "modified": "2025-10-15T11:47:00.000Z", "name": "vGet", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--76e20690-3430-5744-a1a3-78a0efb79a84", "type": "malware", "created": "2025-10-15T11:47:00.000Z", "modified": "2025-10-15T11:47:00.000Z", "name": "LinkPro", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--1eeb085a-70e7-544e-b154-1fd5ea87296b", "type": "malware", "created": "2024-12-16T14:40:00.000Z", "modified": "2024-12-25T12:29:00.000Z", "name": "Cl0p ransomware", "malware_types": [ "Ransomware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--137d45d5-3cea-51f3-bedb-c7b146691826", "type": "malware", "created": "2025-09-30T13:54:00.000Z", "modified": "2025-09-30T13:54:00.000Z", "name": "RayInitiator", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--49a8eb92-06e5-5f2b-8f5f-1896d102ae47", "type": "malware", "created": "2025-09-30T13:54:00.000Z", "modified": "2025-09-30T13:54:00.000Z", "name": "LINE VIPER", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--ec22f54f-1673-5986-bc0b-d124215f9f80", "type": "malware", "created": "2025-09-30T13:27:00.000Z", "modified": "2025-09-30T13:27:00.000Z", "name": "BRICKSTORM backdoor", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--45d12326-18b7-51d1-9542-cb846f4459a9", "type": "malware", "created": "2025-09-30T13:29:00.000Z", "modified": "2025-09-30T13:29:00.000Z", "name": "BRICKSTEAL", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--7f2b8aec-f97d-5f49-8239-fb172fe77246", "type": "malware", "created": "2025-08-28T14:13:00.000Z", "modified": "2025-08-28T14:13:00.000Z", "name": "Evil-WinRM", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--a8c25b6d-852a-5c7f-9030-a876c2173b37", "type": "malware", "created": "2025-08-28T14:13:00.000Z", "modified": "2025-08-28T14:13:00.000Z", "name": "AADInternals", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--8bc1fd9b-f0b4-59be-8333-077cd059a1e8", "type": "malware", "created": "2025-08-28T14:14:00.000Z", "modified": "2025-08-28T14:14:00.000Z", "name": "AzCopy", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--d08d9fa7-5873-5c45-b726-3b09c12bae07", "type": "malware", "created": "2025-07-03T10:15:00.000Z", "modified": "2025-07-03T10:15:00.000Z", "name": "Neo-reGeorg", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--f2ac792a-101d-55a9-8a7c-9d7c3d0feac7", "type": "malware", "created": "2025-08-25T13:06:00.000Z", "modified": "2025-08-25T13:06:00.000Z", "name": "CloudedHope", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--9d3ca539-0f5f-5027-bfe6-bfeb7cf98551", "type": "malware", "created": "2025-08-21T12:58:00.000Z", "modified": "2025-08-21T12:58:00.000Z", "name": "Warlock ransomware", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--370d5662-98d9-5c73-86c7-33b3c145f76b", "type": "malware", "created": "2025-09-01T08:42:00.000Z", "modified": "2025-09-01T08:42:00.000Z", "name": "DripDropper", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--d079b785-7f75-5aeb-8223-2cad129e7b09", "type": "malware", "created": "2025-08-19T10:59:00.000Z", "modified": "2025-08-19T10:59:00.000Z", "name": "SoundBill", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b33924bc-79ae-519f-a83a-cb4770fc4e93", "type": "malware", "created": "2025-05-29T13:55:00.000Z", "modified": "2025-05-29T13:55:00.000Z", "name": "JuicyPotato", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--cd628afa-97c8-5dd9-ac67-031475f351ab", "type": "malware", "created": "2025-08-19T10:59:00.000Z", "modified": "2025-08-19T10:59:00.000Z", "name": "SharpWMI", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--6d081008-925c-5835-9956-891d5f776b78", "type": "malware", "created": "2025-08-19T10:59:00.000Z", "modified": "2025-08-19T10:59:00.000Z", "name": "WMICmd", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--92b01d1c-da0f-5a34-9874-9d683b8242ca", "type": "malware", "created": "2024-10-14T11:17:00.000Z", "modified": "2024-10-14T11:58:00.000Z", "name": "Akira ransomware", "malware_types": [ "Ransomware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--be4fecd6-b7da-52e8-b268-c2e777d3a21e", "type": "malware", "created": "2025-08-05T09:08:00.000Z", "modified": "2025-08-05T09:08:00.000Z", "name": "Plague backdoor", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--be537e63-2a06-53dd-9196-3a99e1cd7f69", "type": "malware", "created": "2025-08-19T11:12:00.000Z", "modified": "2025-08-19T11:12:00.000Z", "name": "Auto-Color malware", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--efc8a1be-2e4b-5dd5-bb83-c20fa9ff8376", "type": "malware", "created": "2024-03-27T14:27:00.000Z", "modified": "2024-10-01T05:44:00.000Z", "name": "SUPERSHELL", "malware_types": [ "Backdoor", "OffSec" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--df0f2f4f-67f0-52c1-8dea-bdf6a013c1ea", "type": "malware", "created": "2025-07-22T11:38:00.000Z", "modified": "2025-07-22T11:38:00.000Z", "name": "4l4md4r loader and stager", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--e53abbf2-c78f-59de-878f-15a942f8a886", "type": "malware", "created": "2025-07-22T11:38:00.000Z", "modified": "2025-07-22T11:38:00.000Z", "name": "alamdar.so rootkit", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--5f1d74f5-7752-52be-949e-d964b276172e", "type": "malware", "created": "2025-07-24T11:07:00.000Z", "modified": "2025-07-24T11:07:00.000Z", "name": "spinstall0 webshell", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--dcbd5480-9e38-5513-b882-f974233d7e88", "type": "malware", "created": "2025-07-22T11:31:00.000Z", "modified": "2025-07-22T11:31:00.000Z", "name": "Linuxsys coinminer", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--ef4251de-c4a4-5de5-bdcc-0ea40f1b7cfe", "type": "malware", "created": "2025-07-09T13:20:00.000Z", "modified": "2025-07-09T13:20:00.000Z", "name": "TXPortMap", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--7c40060f-a38b-5cc0-9b78-ec05af98b7de", "type": "malware", "created": "2025-07-03T10:14:00.000Z", "modified": "2025-07-03T10:14:00.000Z", "name": "GOREVERSE", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--302102d5-a560-5789-a909-46e01d6da0c7", "type": "malware", "created": "2025-07-02T08:21:00.000Z", "modified": "2025-07-02T08:21:00.000Z", "name": "TinyProxy", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--c794b6e7-0c76-5b50-b4b2-d445ebeb48fe", "type": "malware", "created": "2024-01-04T13:58:00.000Z", "modified": "2024-05-30T15:42:00.000Z", "name": "China Chopper", "malware_types": [ "Webshell" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--d176818b-b58b-5591-b5cb-b7999f88ee8d", "type": "malware", "created": "2025-06-22T13:14:00.000Z", "modified": "2025-06-22T13:14:00.000Z", "name": "Flodrix botnet", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--311ba078-6109-5e7f-969c-b69363efedef", "type": "malware", "created": "2025-06-22T13:18:00.000Z", "modified": "2025-06-22T13:18:00.000Z", "name": "JSFuck", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b2a64edd-93f8-554b-9638-a31abfd12b13", "type": "malware", "created": "2025-06-16T06:46:00.000Z", "modified": "2025-06-16T06:46:00.000Z", "name": "TeamFiltration", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--70cbd8d4-7823-529d-b78b-b40f01710de7", "type": "malware", "created": "2025-06-04T16:01:00.000Z", "modified": "2025-06-04T16:01:00.000Z", "name": "TRex", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--525e7ae2-cd66-56f9-9ce3-9c88f3211c2b", "type": "malware", "created": "2024-09-16T15:14:00.000Z", "modified": "2024-09-16T15:14:00.000Z", "name": "GodPotato", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--7c5766dd-4e1c-50fc-9676-2f369cb4b6a4", "type": "malware", "created": "2025-05-29T13:55:00.000Z", "modified": "2025-05-29T13:55:00.000Z", "name": "BypassBoss", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--53773b5d-7c28-5c96-bfa7-83a3068abcdc", "type": "malware", "created": "2025-05-29T11:05:00.000Z", "modified": "2025-05-29T11:05:00.000Z", "name": "DragonForce ransomware", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--8a1996d0-c446-5cca-ad9a-41ced58682d0", "type": "malware", "created": "2024-01-21T09:42:00.000Z", "modified": "2024-01-21T09:51:00.000Z", "name": "Mimo", "malware_types": [ "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--33a33440-e1e2-5b16-a2de-882966be7116", "type": "malware", "created": "2025-06-04T15:02:00.000Z", "modified": "2025-06-04T15:02:00.000Z", "name": "Ghost", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--afc1e1c3-37e7-5894-bfc3-c52806951f1e", "type": "malware", "created": "2025-06-04T15:02:00.000Z", "modified": "2025-06-04T15:02:00.000Z", "name": "Xnote", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--0a6a5de1-2be7-554d-a7aa-a4ec9aac27e8", "type": "malware", "created": "2024-01-07T09:39:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "Gh0st RAT", "malware_types": [ "Malware", "RAT" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--9e9b7036-e1e4-55e2-ab01-1fb0a2548100", "type": "malware", "created": "2025-05-08T12:20:00.000Z", "modified": "2025-05-08T12:20:00.000Z", "name": "HijackDriverManager", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--df26afdc-bca3-5940-8f5e-e851dbb886e1", "type": "malware", "created": "2025-05-13T14:55:00.000Z", "modified": "2025-05-13T14:55:00.000Z", "name": "AzureChecker", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--9a02d2fa-d4d7-587f-9b4a-3825453d708f", "type": "malware", "created": "2023-10-09T10:22:00.000Z", "modified": "2025-04-27T11:13:00.000Z", "name": "Sysrv", "malware_types": [ "Cryptominer", "Botnet" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--45e2ee08-fe7f-56f9-aaca-5c9d4fa0c705", "type": "malware", "created": "2025-04-29T09:26:00.000Z", "modified": "2025-04-29T09:26:00.000Z", "name": "Brute Ratel", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--106d9bf0-00dd-5126-b5e8-269211462460", "type": "malware", "created": "2025-04-29T09:26:00.000Z", "modified": "2025-04-29T09:26:00.000Z", "name": "Heaven’s Gate", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--12c6aa23-6ad0-5954-9c37-4289f2dc7772", "type": "malware", "created": "2024-03-27T14:27:00.000Z", "modified": "2024-03-27T14:27:00.000Z", "name": "SNOWLIGHT", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--bd192e0d-b855-5af3-8077-ab81f7890692", "type": "malware", "created": "2025-04-16T13:39:00.000Z", "modified": "2025-04-16T13:39:00.000Z", "name": "Prince ransomware", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--76ac0792-d6b4-5f0f-a533-161d0dc28c58", "type": "malware", "created": "2025-04-16T13:40:00.000Z", "modified": "2025-04-16T13:40:00.000Z", "name": "ZammoCide", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--3df2b13b-cc41-5062-bfbc-21ebaf63cd4d", "type": "malware", "created": "2025-04-16T13:40:00.000Z", "modified": "2025-04-16T13:40:00.000Z", "name": "CrazyHunter", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--65e4e7a0-cd1a-54b3-8bda-edb13ddf4a0d", "type": "malware", "created": "2022-09-07T09:35:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "BPFDoor", "malware_types": [ "Malware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--f1c9296a-bbd3-5d6e-aa98-47d862405b4e", "type": "malware", "created": "2025-04-06T13:27:00.000Z", "modified": "2025-04-06T13:27:00.000Z", "name": "TRAILBLAZE", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--5d01b4a4-9cb0-5e06-9fa7-3c37ac5d0e0f", "type": "malware", "created": "2025-04-06T13:27:00.000Z", "modified": "2025-04-06T13:27:00.000Z", "name": "BRUSHFIRE", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--92227a1b-b911-5ef5-b03f-7240d2f04a1e", "type": "malware", "created": "2025-04-06T13:28:00.000Z", "modified": "2025-04-06T13:28:00.000Z", "name": "SPAWNSLOTH", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--3af9f3f1-6b4e-5862-b067-7d60944c08e1", "type": "malware", "created": "2025-04-06T13:28:00.000Z", "modified": "2025-04-06T13:28:00.000Z", "name": "SPAWNSNARE", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--426b7b01-4b04-562a-9944-01aef5e21b22", "type": "malware", "created": "2025-04-06T13:28:00.000Z", "modified": "2025-04-06T13:28:00.000Z", "name": "SPAWNWAVE", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--52c1e5d9-83e9-52e6-8eeb-52614654a168", "type": "malware", "created": "2025-03-27T13:37:00.000Z", "modified": "2025-03-27T13:37:00.000Z", "name": "INMemory webshell", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--68c8e5f3-6043-5a41-92ab-ca743d60ece8", "type": "malware", "created": "2025-03-30T14:09:00.000Z", "modified": "2025-03-30T14:09:00.000Z", "name": "Albabat ransomware", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--4580988d-5482-511d-940d-961ddacba928", "type": "malware", "created": "2024-03-05T10:46:00.000Z", "modified": "2025-02-19T14:12:00.000Z", "name": "C3Pool", "malware_types": [ "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--43bbd2db-f773-53b4-9a28-9359e0fab397", "type": "malware", "created": "2025-03-27T13:26:00.000Z", "modified": "2025-03-27T13:26:00.000Z", "name": "Boto3", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--e7cf0d34-548f-5f1e-b151-855b7fde1555", "type": "malware", "created": "2025-02-19T09:42:00.000Z", "modified": "2025-02-20T15:02:00.000Z", "name": "Behinder", "malware_types": [ "Webshell" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--4804f062-b552-5946-be5b-11bbb23901f3", "type": "malware", "created": "2025-02-19T09:42:00.000Z", "modified": "2025-02-20T15:37:00.000Z", "name": "DEATHLOTUS", "malware_types": [ "Backdoor" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--8981a940-5c20-5c01-a13b-97421331bae8", "type": "malware", "created": "2025-02-19T09:42:00.000Z", "modified": "2025-02-19T09:42:00.000Z", "name": "UNAPIMON", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--7f0dab2b-e358-584f-8f19-a3173eb437bd", "type": "malware", "created": "2025-02-19T09:42:00.000Z", "modified": "2025-02-19T09:42:00.000Z", "name": "PRIVATELOG", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--1c5c965d-235c-5aae-b2b9-b38699c20acb", "type": "malware", "created": "2025-02-19T09:42:00.000Z", "modified": "2025-02-19T09:42:00.000Z", "name": "Winnti RAT", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--76864ecf-4022-5ca7-a9e0-41d9080380ea", "type": "malware", "created": "2025-02-19T09:43:00.000Z", "modified": "2025-02-20T15:04:00.000Z", "name": "CUNNINGPIGEON", "malware_types": [ "Backdoor", "Malware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--7a92e1d2-991b-5b7f-8e20-0df80474b76d", "type": "malware", "created": "2025-02-19T09:43:00.000Z", "modified": "2025-02-19T09:43:00.000Z", "name": "WINDJAMMER", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--35b5a993-a560-51bd-b886-6214c7fafe56", "type": "malware", "created": "2025-02-19T09:43:00.000Z", "modified": "2025-02-19T09:43:00.000Z", "name": "SHADOWGAZE", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b9285cfb-c489-5633-9ca1-386637801c00", "type": "malware", "created": "2025-02-19T09:20:00.000Z", "modified": "2025-02-19T09:20:00.000Z", "name": "TONESHELL", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--6769308a-3d78-5cf5-9c73-1276dea72b25", "type": "malware", "created": "2025-02-18T14:28:00.000Z", "modified": "2025-02-18T14:28:00.000Z", "name": "rsockstun", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--313c6c52-1a9d-52cf-b648-05ee3945d3d1", "type": "malware", "created": "2025-02-18T14:29:00.000Z", "modified": "2025-02-18T14:29:00.000Z", "name": "LocalOlive shell", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--8234f515-4078-5423-a1af-2d24794f11ab", "type": "malware", "created": "2024-09-22T10:52:00.000Z", "modified": "2024-09-22T10:53:00.000Z", "name": "BlackBasta ransomware", "malware_types": [ "Ransomware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--271bbd4b-c076-597a-a4db-268053cfb6e7", "type": "malware", "created": "2025-02-06T14:16:00.000Z", "modified": "2025-02-06T14:16:00.000Z", "name": "Phobos", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--730efe3d-dd7a-5ee9-910b-0531c1faec8e", "type": "malware", "created": "2025-02-06T14:16:00.000Z", "modified": "2025-02-06T14:16:00.000Z", "name": "RCRU64", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--77c91ef3-b0ff-561b-9511-e622f8527abc", "type": "malware", "created": "2025-02-06T14:16:00.000Z", "modified": "2025-02-06T14:16:00.000Z", "name": "LokiLocker", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--570faeb3-ceef-5acf-b3ec-1a8fe0181614", "type": "malware", "created": "2024-09-09T08:32:00.000Z", "modified": "2024-09-09T08:32:00.000Z", "name": "unMiner", "malware_types": [ "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--9ed3bf22-3245-5b26-b080-ef1b5185d368", "type": "malware", "created": "2025-02-06T14:17:00.000Z", "modified": "2025-02-06T14:17:00.000Z", "name": "Raccoon stealer", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--dd13a25b-1ade-5d1b-99fe-8a88aad69223", "type": "malware", "created": "2025-01-23T09:35:00.000Z", "modified": "2025-01-23T09:35:00.000Z", "name": "RANSOMHUB", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--db9e39b5-4475-56f0-a2b5-61fbab3a1e9e", "type": "malware", "created": "2025-01-23T09:36:00.000Z", "modified": "2025-02-19T14:34:00.000Z", "name": "FAKEUPDATES", "malware_types": [ "Dropper" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--47b674df-38b3-51de-b409-7f07efe5a181", "type": "malware", "created": "2025-01-23T09:36:00.000Z", "modified": "2025-01-23T09:36:00.000Z", "name": "VIPERTUNNEL", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--76fac17a-5d12-502d-9d07-a7a76c489d42", "type": "malware", "created": "2025-02-06T15:20:00.000Z", "modified": "2025-02-20T15:29:00.000Z", "name": "DCSync", "malware_types": [ "Malware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--689141b3-380d-5866-9693-333d261016f4", "type": "malware", "created": "2025-01-06T08:18:00.000Z", "modified": "2025-01-06T08:18:00.000Z", "name": "AWS tools for PowerShell", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--da500529-bbb3-5c34-bff6-249f50b0ac6e", "type": "malware", "created": "2025-01-08T13:28:00.000Z", "modified": "2025-01-08T13:28:00.000Z", "name": "HubSpot Free Form Builder", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--cbface8b-0247-5aa3-8145-cf807b1963cb", "type": "malware", "created": "2024-12-18T14:16:00.000Z", "modified": "2024-12-18T14:16:00.000Z", "name": "Glutton backdoor", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--2ed45be8-30b3-5fc6-bc4c-68083433ef5c", "type": "malware", "created": "2024-12-18T14:11:00.000Z", "modified": "2024-12-18T14:11:00.000Z", "name": "ProtonVPN", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--1ef1c04c-3c17-5fed-aaeb-cc07ff3cbc8d", "type": "malware", "created": "2024-12-11T14:34:00.000Z", "modified": "2024-12-11T14:34:00.000Z", "name": "sqlmap", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--3e44ba93-4db3-5107-ac57-d2932854c55b", "type": "malware", "created": "2024-08-21T09:58:00.000Z", "modified": "2024-08-21T09:58:00.000Z", "name": "Gafgyt botnet", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--080d4180-64ce-5794-b74f-4458703144ce", "type": "malware", "created": "2024-12-11T14:59:00.000Z", "modified": "2024-12-25T11:51:00.000Z", "name": "Mauri ransomware", "malware_types": [ "Ransomware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--43eccb9b-0ae5-506a-a4dc-ecec1f013bd6", "type": "malware", "created": "2024-03-07T16:05:00.000Z", "modified": "2025-02-19T14:44:00.000Z", "name": "frp", "malware_types": [ "Proxy" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--072de0f2-2b12-57a3-944c-d71a6fd9a43f", "type": "malware", "created": "2024-11-24T14:48:00.000Z", "modified": "2024-11-24T14:48:00.000Z", "name": "WolfsBane", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--8a62ca26-11ed-5926-992a-31cafbb0e084", "type": "malware", "created": "2024-11-24T14:48:00.000Z", "modified": "2025-02-19T14:40:00.000Z", "name": "FireWood", "malware_types": [ "Backdoor", "Linux", "Rootkit" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--9a948e0e-fd85-5c5e-9848-90876c09d5d5", "type": "malware", "created": "2024-11-21T15:54:00.000Z", "modified": "2024-12-25T12:37:00.000Z", "name": "ffmpeg", "malware_types": [ "Commercial" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--d1a5f3b8-e9bf-56c7-9fe1-e0ca5845e764", "type": "malware", "created": "2024-11-19T15:50:00.000Z", "modified": "2024-11-19T15:50:00.000Z", "name": "LODEINFO", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--3f8a347b-aed9-5b7b-98b2-7d4a08d731ab", "type": "malware", "created": "2024-11-19T15:50:00.000Z", "modified": "2024-11-19T15:50:00.000Z", "name": "NOOPDOOR", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--e7d3d7c2-3dcf-5e03-a123-be18e016efbe", "type": "malware", "created": "2024-11-19T15:50:00.000Z", "modified": "2024-11-19T15:50:00.000Z", "name": "MirrorStealer", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--dd65e0ef-bb94-50a2-8540-b0dc27c42022", "type": "malware", "created": "2024-11-17T15:24:00.000Z", "modified": "2024-11-17T15:28:00.000Z", "name": "DEEPDATA", "malware_types": [ "Malware", "Windows" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--1b214a0a-8ae6-52a4-bf42-6c45682245d2", "type": "malware", "created": "2024-11-17T15:25:00.000Z", "modified": "2025-02-19T14:28:00.000Z", "name": "DEEPPOST", "malware_types": [ "Malware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--aba255be-37dd-544c-a4d9-8f7cfaf78a5a", "type": "malware", "created": "2024-11-17T15:25:00.000Z", "modified": "2024-11-17T15:38:00.000Z", "name": "LIGHTSPY", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--789acffc-e87c-5693-98de-9f5a10e03959", "type": "malware", "created": "2024-11-14T13:21:00.000Z", "modified": "2024-11-14T13:21:00.000Z", "name": "Fuso", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--f17446e5-14f2-50bf-8709-33f083f6140e", "type": "malware", "created": "2024-11-14T13:23:00.000Z", "modified": "2024-11-14T13:23:00.000Z", "name": "RingQ loader", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--26bb6270-fcf0-591b-8eb6-5f212bd11e7a", "type": "malware", "created": "2023-02-26T13:57:00.000Z", "modified": "2024-05-30T14:00:00.000Z", "name": "AndroxGh0st", "malware_types": [ "Toolkit" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--42190a8f-70ac-51b9-afc9-7f79846b1644", "type": "malware", "created": "2024-11-03T13:32:00.000Z", "modified": "2024-11-03T13:32:00.000Z", "name": "MIZARU", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--4c73be0c-7c83-5295-9f29-f91307ad6682", "type": "malware", "created": "2024-11-03T13:36:00.000Z", "modified": "2024-11-03T13:36:00.000Z", "name": "git-dumper", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--15d768bb-f2f6-5ea7-871a-6995fc48ada6", "type": "malware", "created": "2023-07-18T19:33:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "Tsunami", "malware_types": [ "Backdoor" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--70799f7e-14b3-5480-ad26-5cea7aefaa48", "type": "malware", "created": "2024-10-27T07:57:00.000Z", "modified": "2024-10-27T07:57:00.000Z", "name": "Prometei", "malware_types": [ "Botnet" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--0264a4f8-7fdc-5e2c-8a8d-b261e3e139ac", "type": "malware", "created": "2024-10-27T18:39:00.000Z", "modified": "2024-10-27T18:39:00.000Z", "name": "perfctl", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--f6fd491f-8bf4-50ab-a698-96e422b613f1", "type": "malware", "created": "2024-09-04T09:16:00.000Z", "modified": "2024-09-04T09:16:00.000Z", "name": "Tor", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--0a3518a8-ee1e-595c-ad97-7b161e420655", "type": "malware", "created": "2024-10-14T11:17:00.000Z", "modified": "2024-12-25T13:12:00.000Z", "name": "Fog ransomware", "malware_types": [ "Ransomware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--e5353a3d-09d9-537f-9ba8-9ca4ed4d2380", "type": "malware", "created": "2024-10-01T05:50:00.000Z", "modified": "2024-10-01T05:50:00.000Z", "name": "KAIJI", "malware_types": [ "DDoS" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--3142ff6f-1a41-5790-a5b0-b2e004702320", "type": "malware", "created": "2024-10-01T05:50:00.000Z", "modified": "2024-10-01T05:50:00.000Z", "name": "RUDEDEVIL", "malware_types": [ "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--4d0c8f15-3f53-5b04-ad56-f98003ff1ad1", "type": "malware", "created": "2024-10-08T14:46:00.000Z", "modified": "2024-10-08T14:46:00.000Z", "name": "Rclone", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--e72459e7-781a-5d18-a86f-6070af1c67d7", "type": "malware", "created": "2024-09-24T13:28:00.000Z", "modified": "2024-09-24T13:28:00.000Z", "name": "TEMPLEPLAY", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--fb76817e-830b-5c6e-bd01-e9cf10f7f87e", "type": "malware", "created": "2024-09-24T13:28:00.000Z", "modified": "2024-09-24T13:28:00.000Z", "name": "VIROGREEN", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--3d816537-d829-53d8-a0db-10adfbc33cfe", "type": "malware", "created": "2024-09-24T13:28:00.000Z", "modified": "2024-09-24T13:28:00.000Z", "name": "STAYSHANTE", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--570295ca-57b5-5fe2-ad25-ea88c2ce9847", "type": "malware", "created": "2024-09-24T13:28:00.000Z", "modified": "2024-09-24T13:28:00.000Z", "name": "SASHEYAWAY", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--f383de46-b81b-5f39-adf4-e224863dcf17", "type": "malware", "created": "2024-05-07T12:28:00.000Z", "modified": "2024-05-07T12:28:00.000Z", "name": "Mallox ransomware", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--5d4c6c66-aca7-567a-b0c4-111c49ab87f4", "type": "malware", "created": "2024-09-16T15:13:00.000Z", "modified": "2024-12-25T12:21:00.000Z", "name": "ASPXSpy", "malware_types": [ "Webshell" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--9ea1de22-01e0-5d78-a6ed-0baf5c7013ae", "type": "malware", "created": "2024-09-16T15:14:00.000Z", "modified": "2024-09-16T15:14:00.000Z", "name": "PrintNotifyPotato", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--2bcc0a17-06a1-5072-9e8a-359a0ec46a9c", "type": "malware", "created": "2024-09-16T15:14:00.000Z", "modified": "2025-01-27T13:08:00.000Z", "name": "PlugX", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--d0931843-3e38-58eb-a8c2-e76f9aa3c4a6", "type": "malware", "created": "2024-09-16T15:14:00.000Z", "modified": "2024-12-25T12:23:00.000Z", "name": "BadIIS", "malware_types": [ "Malware", "Backdoor" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b0a3848f-d370-5101-b455-2c4dc64c6f1a", "type": "malware", "created": "2024-09-04T09:12:00.000Z", "modified": "2024-09-04T09:12:00.000Z", "name": "S3 Browser", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--ba2c3cbe-abb8-5e3f-ac63-1c94eef77785", "type": "malware", "created": "2024-09-04T09:12:00.000Z", "modified": "2024-09-04T09:12:00.000Z", "name": "WinSCP", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--edb5eeeb-9ff9-5f4e-ba67-cc34706f5f10", "type": "malware", "created": "2024-08-21T09:29:00.000Z", "modified": "2024-08-21T09:29:00.000Z", "name": "Msupedge backdoor", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--fdf47818-becb-5e3c-988b-7b2b936e7fe1", "type": "malware", "created": "2024-09-19T13:04:00.000Z", "modified": "2024-09-19T13:04:00.000Z", "name": "LuaPlug", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--a1beb180-482d-5990-b3fb-000162f2f142", "type": "malware", "created": "2024-09-19T13:05:00.000Z", "modified": "2024-09-19T13:05:00.000Z", "name": "KEYPLUG", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--0e18201e-377c-5e82-9bbf-38c8e73c8c49", "type": "malware", "created": "2024-09-03T10:59:00.000Z", "modified": "2024-12-25T13:11:00.000Z", "name": "FleetDeck", "malware_types": [ "Commercial" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--e37d38bc-8515-5ef7-90bf-7f636ffbd06b", "type": "malware", "created": "2024-08-14T08:24:00.000Z", "modified": "2024-08-14T08:24:00.000Z", "name": "StealthVector", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--2d91ffd9-943a-5b86-b04b-2c2d1fd69606", "type": "malware", "created": "2024-08-14T08:24:00.000Z", "modified": "2024-08-14T08:24:00.000Z", "name": "StealthReacher", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--afb23e50-5b4a-5dd8-9b29-ea39d6a34bd8", "type": "malware", "created": "2024-08-14T08:24:00.000Z", "modified": "2024-08-14T08:24:00.000Z", "name": "SneakCross", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--cc3c386c-a299-5bbc-bf14-54844fe6d63f", "type": "malware", "created": "2024-08-14T08:25:00.000Z", "modified": "2024-08-14T08:25:00.000Z", "name": "Rakshasa", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--7d10b61e-5b63-5210-ae47-0a5b06866980", "type": "malware", "created": "2024-08-14T08:25:00.000Z", "modified": "2024-08-14T08:25:00.000Z", "name": "Tailscale", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--5a9ccff0-58ce-5c94-86f3-ae8e747c03cf", "type": "malware", "created": "2024-08-05T07:13:00.000Z", "modified": "2024-08-05T07:13:00.000Z", "name": "Mineping", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--96444b6d-7a1c-5671-9e18-b445a13a6fcf", "type": "malware", "created": "2024-05-09T12:06:00.000Z", "modified": "2024-05-09T12:06:00.000Z", "name": "Mirai", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--30c43110-a0e8-5fb3-9da2-9f97acd41f9c", "type": "malware", "created": "2024-08-01T10:53:00.000Z", "modified": "2024-08-01T10:53:00.000Z", "name": "Qakbot", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--ed0a0a3d-cb8b-5ce8-b2c6-3dbb1ed0d4c1", "type": "malware", "created": "2024-08-01T10:53:00.000Z", "modified": "2024-08-01T10:53:00.000Z", "name": "Pypikatz", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--688e33e2-4941-5953-b571-b3cb73b4017f", "type": "malware", "created": "2024-08-01T10:54:00.000Z", "modified": "2024-08-01T10:54:00.000Z", "name": "SystemBC", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--455effcf-8baa-52e6-8762-ffcfab4b2c8d", "type": "malware", "created": "2024-07-18T15:16:00.000Z", "modified": "2024-07-18T15:16:00.000Z", "name": "zmap", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--2dee52f5-16af-5bde-a75a-6ccf21344efe", "type": "malware", "created": "2024-07-18T15:17:00.000Z", "modified": "2024-07-18T15:17:00.000Z", "name": "nuclei", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--329e738e-b3b2-528d-8db4-949040d15c09", "type": "malware", "created": "2024-07-18T15:17:00.000Z", "modified": "2024-07-18T15:17:00.000Z", "name": "Platypus", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--7e9f571c-500c-57d4-9f36-610172bc6329", "type": "malware", "created": "2024-07-18T15:17:00.000Z", "modified": "2024-12-25T12:34:00.000Z", "name": "emp3ror", "malware_types": [ "Toolkit", "Windows", "Linux", "Malware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--453ab004-f29f-5c22-9b88-4906e8f80ff9", "type": "malware", "created": "2024-07-18T15:17:00.000Z", "modified": "2024-07-18T15:17:00.000Z", "name": "Silver", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--c1efbaca-2638-5072-91d1-60ca71db3bb8", "type": "malware", "created": "2024-06-30T13:34:00.000Z", "modified": "2024-06-30T13:34:00.000Z", "name": "PureCrypter", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--7b7c4ae4-ef29-5b77-947b-839c43d59a35", "type": "malware", "created": "2024-06-30T13:35:00.000Z", "modified": "2024-06-30T13:35:00.000Z", "name": "WireGuard", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--601885c3-e672-5ebd-afc5-d81c5eba280f", "type": "malware", "created": "2024-06-24T15:34:00.000Z", "modified": "2024-12-25T12:33:00.000Z", "name": "devilzshell", "malware_types": [ "Webshell" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b4580449-3a52-5a8f-893c-ac9f651d9fe4", "type": "malware", "created": "2024-06-24T15:34:00.000Z", "modified": "2024-12-25T12:13:00.000Z", "name": "AntSword", "malware_types": [ "Toolkit" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--69409277-ac9c-5503-aa1f-25d4e92482d7", "type": "malware", "created": "2024-06-17T11:03:00.000Z", "modified": "2024-08-21T15:12:00.000Z", "name": "ADRecon", "malware_types": [ "Enumeration", "Active Directory" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--1492a761-61f5-54d4-9d42-a2c9e8527dce", "type": "malware", "created": "2024-08-07T10:36:00.000Z", "modified": "2024-08-07T10:39:00.000Z", "name": "TellYouThePass ransomware", "malware_types": [ "Ransomware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b218d1a2-d0fa-5008-a635-35218e7300c5", "type": "malware", "created": "2024-06-09T10:42:00.000Z", "modified": "2024-12-25T12:31:00.000Z", "name": "Dama", "malware_types": [ "Webshell" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--cf299975-6d05-5d87-8ac4-f00c1f97561b", "type": "malware", "created": "2024-06-06T17:00:00.000Z", "modified": "2024-06-06T17:00:00.000Z", "name": "Muhstik", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--d30be92e-e139-54c8-aec3-530e60747f95", "type": "malware", "created": "2024-06-04T08:36:00.000Z", "modified": "2024-06-04T08:36:00.000Z", "name": "RedTail", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--0bee46d2-16e2-5c76-9339-3019f5fbd7f1", "type": "malware", "created": "2024-05-07T12:29:00.000Z", "modified": "2024-05-07T12:29:00.000Z", "name": "Remcos RAT", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--814b6e77-94e1-5649-9114-80c31c4aa56d", "type": "malware", "created": "2024-08-07T08:39:00.000Z", "modified": "2024-08-07T09:19:00.000Z", "name": "Line Dancer", "malware_types": [ "Malware", "RAT", "Reverse shell" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--8c97a7d6-468b-5b2d-815a-5b2da25c9c1d", "type": "malware", "created": "2024-08-07T08:39:00.000Z", "modified": "2024-08-07T09:21:00.000Z", "name": "Line Runner", "malware_types": [ "Malware", "Backdoor" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--adbe2bbc-94ab-5d0b-ac74-4a379fb2a696", "type": "malware", "created": "2023-12-31T07:46:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "ShellBot / PerlBot", "malware_types": [ "Botnet" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--c48c4e70-c8e8-5092-8bc7-0c9da8ac06c7", "type": "malware", "created": "2024-04-11T12:57:00.000Z", "modified": "2024-12-25T12:28:00.000Z", "name": "C3Bash", "malware_types": [ "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--7ca684bb-f70b-5dd3-a478-11cfb6659ba1", "type": "malware", "created": "2024-03-27T14:27:00.000Z", "modified": "2024-03-27T14:27:00.000Z", "name": "GOHEAVY", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--583c2b9a-355d-5746-82b0-cc5bc61ebb5c", "type": "malware", "created": "2024-03-26T07:43:00.000Z", "modified": "2024-03-26T07:43:00.000Z", "name": "Jasmin", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--5965c1fc-eeb6-566a-9bef-3fd29c8d507b", "type": "malware", "created": "2024-03-26T07:43:00.000Z", "modified": "2024-03-26T07:43:00.000Z", "name": "SparkRAT", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b475d082-b4d5-5e0a-8d58-15b6e473aefe", "type": "malware", "created": "2024-03-13T13:00:00.000Z", "modified": "2024-03-13T13:00:00.000Z", "name": "Meson CDN", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--25b9da29-ba1c-5d2c-9762-443c3e3d5f7b", "type": "malware", "created": "2024-03-10T07:38:00.000Z", "modified": "2024-03-10T07:38:00.000Z", "name": "NerbianRAT", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--9c9f5f9e-8add-5b40-abc6-0b0c1a661ce7", "type": "malware", "created": "2024-02-02T14:40:00.000Z", "modified": "2024-02-02T14:40:00.000Z", "name": "WARPWIRE", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--a9d3c0f1-6316-51fc-8483-099452f0d18c", "type": "malware", "created": "2024-03-10T07:38:00.000Z", "modified": "2024-03-10T07:38:00.000Z", "name": "MiniNerbian", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b822461c-c90b-58d4-8ff2-5e41c6358478", "type": "malware", "created": "2024-03-10T07:40:00.000Z", "modified": "2024-03-10T07:40:00.000Z", "name": "Ligolo", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--45aa8a47-f0af-5d8f-b001-ee175102874d", "type": "malware", "created": "2024-02-25T12:49:00.000Z", "modified": "2024-02-25T12:49:00.000Z", "name": "Monero miner", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--1ce0716e-f523-5de5-a6b5-6da2485d0c9c", "type": "malware", "created": "2024-02-25T12:49:00.000Z", "modified": "2024-02-25T12:52:00.000Z", "name": "Lucifer", "malware_types": [ "Botnet" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--0bc64092-8b37-5231-9d0b-7b6b2c0b14ae", "type": "malware", "created": "2024-08-06T15:55:00.000Z", "modified": "2024-12-25T12:32:00.000Z", "name": "DarkMe", "malware_types": [ "Malware", "RAT" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--664491d5-a4d3-5499-a193-57ab33b34f7c", "type": "malware", "created": "2024-08-07T07:50:00.000Z", "modified": "2024-08-07T07:57:00.000Z", "name": "Mispadu stealer", "malware_types": [ "Malware", "Trojan", "RAT", "Backdoor" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--545a0b8d-dda7-5f25-bde4-e00153ffc8ce", "type": "malware", "created": "2024-02-02T13:45:00.000Z", "modified": "2024-02-02T13:49:00.000Z", "name": "TinyShell", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--934e5329-322b-5269-b7c7-7f9f6c417fdd", "type": "malware", "created": "2023-12-21T08:57:00.000Z", "modified": "2024-01-30T14:23:00.000Z", "name": "Trigona", "malware_types": [ "Ransomware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--a5a3c712-c5d6-51d2-99e1-f0de35a49947", "type": "malware", "created": "2024-01-30T14:15:00.000Z", "modified": "2024-01-30T14:25:00.000Z", "name": "Mimic ransomware", "malware_types": [ "Ransomware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--54e6d5b2-b389-5c64-9e04-e4f261e475a3", "type": "malware", "created": "2024-01-30T14:20:00.000Z", "modified": "2025-02-19T14:24:00.000Z", "name": "CLR shell", "malware_types": [ "Reverse shell", "Malware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--51d6cdf1-6b83-5a97-aacb-0e459018df85", "type": "malware", "created": "2024-01-21T09:50:00.000Z", "modified": "2024-01-21T09:52:00.000Z", "name": "NHAS reverse_ssh", "malware_types": [ "Reverse shell" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--0e2af487-9277-5ef0-ae4b-855402090b00", "type": "malware", "created": "2024-01-21T09:42:00.000Z", "modified": "2024-01-21T09:51:00.000Z", "name": "Mimus", "malware_types": [ "Ransomware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--fb3b2247-7e1e-5d96-81e7-ce2f4d19dbb4", "type": "malware", "created": "2024-09-22T10:37:00.000Z", "modified": "2024-09-22T10:37:00.000Z", "name": "FBot", "malware_types": [ "Toolkit", "Malware", "Attacker-side" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--f2ce35bf-0c91-55d2-9ac0-fd50a98bb983", "type": "malware", "created": "2024-02-02T14:40:00.000Z", "modified": "2024-02-02T14:40:00.000Z", "name": "LIGHTWIRE", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--253ad949-b180-56f6-beb7-824e28f68712", "type": "malware", "created": "2024-02-02T14:40:00.000Z", "modified": "2024-02-02T14:40:00.000Z", "name": "THINSPOOL", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--bc67bbd5-8d36-5e1c-b602-9e9a8d8e7164", "type": "malware", "created": "2024-02-02T14:40:00.000Z", "modified": "2024-02-02T14:40:00.000Z", "name": "WIREFIRE", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--ce73c73d-4e5f-5fda-8d8e-8200029cbc38", "type": "malware", "created": "2024-02-02T14:40:00.000Z", "modified": "2024-02-02T14:40:00.000Z", "name": "ZIPLINE", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--2985d677-1deb-520b-b1b6-fcbf1e940cd1", "type": "malware", "created": "2024-02-02T14:41:00.000Z", "modified": "2024-05-30T14:08:00.000Z", "name": "BUSHWALK", "malware_types": [ "Malware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--a97c3d22-405d-513f-96af-ab40f7b49cfd", "type": "malware", "created": "2024-02-02T14:41:00.000Z", "modified": "2024-05-30T15:41:00.000Z", "name": "CHAINLINE", "malware_types": [ "Backdoor" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--9ca1679f-ddec-5b32-9dd2-b226551f72b3", "type": "malware", "created": "2024-02-02T14:43:00.000Z", "modified": "2025-02-19T14:42:00.000Z", "name": "FRAMESTING", "malware_types": [ "Webshell" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--5c69400f-83a7-58cf-9cc3-ea9a58c9ace5", "type": "malware", "created": "2024-02-13T07:41:00.000Z", "modified": "2025-02-19T14:30:00.000Z", "name": "DSLog", "malware_types": [ "Backdoor" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--f829e283-b79c-51b8-847e-b62e39d3f1ec", "type": "malware", "created": "2023-12-12T13:19:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "Krasue", "malware_types": [ "RAT" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--89de4076-849d-5d78-ab38-0bbf7b34eb6b", "type": "malware", "created": "2023-11-29T16:49:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "GoTitan", "malware_types": [ "Botnet" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--fd350baf-c0a4-5e2e-83c5-4b64ff36f440", "type": "malware", "created": "2023-11-27T08:47:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "NukeSped", "malware_types": [ "RAT" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--1a4aca1e-9171-5008-b499-31e848737fc7", "type": "malware", "created": "2024-02-18T14:57:00.000Z", "modified": "2024-05-30T15:32:00.000Z", "name": "C3RB3R Ransomware", "malware_types": [ "Ransomware", "Malware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--c84c0a63-776b-55a5-b2ab-1b12b6170d31", "type": "malware", "created": "2024-01-21T07:12:00.000Z", "modified": "2024-01-21T07:13:00.000Z", "name": "OracleIV", "malware_types": [ "DDoS", "Botnet" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b1938fcf-622a-508f-9d24-b6b135518d53", "type": "malware", "created": "2024-01-04T13:59:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "Diamorphine rootkit", "malware_types": [ "Rootkit" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b72663a2-6e83-59b2-9002-692712e4ffbe", "type": "malware", "created": "2024-01-04T12:44:00.000Z", "modified": "2024-01-21T07:57:00.000Z", "name": "EagleRelay", "malware_types": [ "Proxy" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--1edbf32f-e94f-5406-8ca3-ed783f311402", "type": "malware", "created": "2023-08-06T11:46:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "SkidMap", "malware_types": [ "Cryptominer", "Malware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--df94130b-ad72-5bc7-bc8e-20e61665f901", "type": "malware", "created": "2024-01-04T13:58:00.000Z", "modified": "2024-01-22T09:14:00.000Z", "name": "Cigril", "malware_types": [ "Trojan" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b095668e-c239-5b4c-bc11-43d614feb8d5", "type": "malware", "created": "2023-07-18T08:42:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "Rekoobe", "malware_types": [ "Malware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--9d1cb345-8af2-53ef-906a-cf4e7d96fcab", "type": "malware", "created": "2024-08-06T12:34:00.000Z", "modified": "2024-08-06T12:34:00.000Z", "name": "RomCom backdoor", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--f14a387d-b153-5b0b-9e57-43f15ddcd390", "type": "malware", "created": "2023-12-21T18:56:00.000Z", "modified": "2024-05-30T13:51:00.000Z", "name": "AgentTesla", "malware_types": [ "RAT" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--09eaaa71-65ed-5473-aa71-6d07bbcfb1ae", "type": "malware", "created": "2024-05-23T09:30:00.000Z", "modified": "2024-05-30T13:58:00.000Z", "name": "AlienFox", "malware_types": [ "Attacker-side", "Toolkit" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--25c2c750-3e58-5680-a136-6e5c83cd218a", "type": "malware", "created": "2023-07-31T10:00:00.000Z", "modified": "2024-01-23T18:37:00.000Z", "name": "Reptile", "malware_types": [ "Rootkit" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--027f80d9-8121-5db5-bb41-449da4a29b4e", "type": "malware", "created": "2024-05-28T18:39:00.000Z", "modified": "2024-05-29T05:20:00.000Z", "name": "DERO miner", "malware_types": [ "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--78abce16-8a00-5dbc-85b8-612c83acf469", "type": "malware", "created": "2023-04-20T12:04:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "GoBruteforcer", "malware_types": [ "Botnet" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--82c95973-0985-547f-a3f2-8a37e492fe27", "type": "malware", "created": "2023-12-21T07:26:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "IceFire", "malware_types": [ "Ransomware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--a948fad0-8a00-56ec-a37b-512289cddbf1", "type": "malware", "created": "2023-12-12T08:23:00.000Z", "modified": "2024-05-30T14:03:00.000Z", "name": "Babuk", "malware_types": [ "Ransomware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--77f2cca6-6f24-5067-bde2-f39d20da08aa", "type": "malware", "created": "2024-04-30T06:38:00.000Z", "modified": "2024-04-30T06:38:00.000Z", "name": "HeadCrab", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--3f0788d9-799e-5ab8-a99d-d43f2bf76efc", "type": "malware", "created": "2024-04-30T06:43:00.000Z", "modified": "2024-04-30T06:43:00.000Z", "name": "Redigo", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--af8b4039-2afb-5bc3-81ac-e050ff3a7666", "type": "malware", "created": "2023-05-02T07:21:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "Denonia", "malware_types": [ "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--145c2b66-343f-56c5-99f5-4b3eae4fa097", "type": "malware", "created": "2023-05-02T07:19:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "CoinStomp", "malware_types": [ "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--bd24ca42-88d4-5c5f-a483-0d562037dea7", "type": "malware", "created": "2022-09-13T11:54:00.000Z", "modified": "2024-03-14T12:20:00.000Z", "name": "Siloscape", "malware_types": [ "Malware" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--5d8b5dbd-92da-5f50-afd5-8e08fe880d1c", "type": "malware", "created": "2022-09-14T06:42:00.000Z", "modified": "2024-01-10T09:35:00.000Z", "name": "Hildegard", "malware_types": [ "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--106056ba-67b0-5750-af04-4839d4ba01ef", "type": "malware", "created": "2024-01-01T14:02:00.000Z", "modified": "2024-01-22T07:12:00.000Z", "name": "SUNBURST", "malware_types": [ "Backdoor" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--d77dc349-90b9-5632-9987-f7fc05cd3aa8", "type": "malware", "created": "2024-01-02T06:34:00.000Z", "modified": "2024-01-22T07:13:00.000Z", "name": "TEARDROP", "malware_types": [ "Dropper" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--bf73c629-fe7c-5da5-9c5c-d67cba452425", "type": "malware", "created": "2024-01-04T14:19:00.000Z", "modified": "2024-01-21T07:58:00.000Z", "name": "Loggerminer", "malware_types": [ "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--c1168371-3a25-57cb-a392-530ef49a49a7", "type": "malware", "created": "2022-09-07T10:41:00.000Z", "modified": "2024-05-30T15:40:00.000Z", "name": "Cetus", "malware_types": [ "Worm", "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--0f6f1189-9368-5588-a32d-b5a8d221fc85", "type": "malware", "created": "2024-04-30T06:31:00.000Z", "modified": "2024-04-30T06:34:00.000Z", "name": "Kinsing", "malware_types": [ "" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--afa09c9e-658b-5965-b973-7a384ea38066", "type": "malware", "created": "2022-09-07T10:41:00.000Z", "modified": "2024-02-28T11:58:00.000Z", "name": "Graboid", "malware_types": [ "Worm", "Cryptominer" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--b421fc95-718e-5244-90ef-93b37c831083", "type": "malware", "created": "2024-08-19T06:50:00.000Z", "modified": "2024-08-19T06:51:00.000Z", "name": "Ebury", "malware_types": [ "Botnet" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" }, { "spec_version": "2.1", "id": "malware--5692874a-5728-5849-9095-124954ebb74b", "type": "malware", "created": "2024-11-03T07:04:00.000Z", "modified": "2025-02-19T14:15:00.000Z", "name": "Cdorked", "malware_types": [ "Backdoor", "Linux" ], "created_by_ref": "identity--91352396-6279-52ac-9619-7c2f544373d1" } ] }