{ "type": "bundle", "id": "bundle--5c7e072d-50b1-444e-a547-3e1264b2deff", "objects": [ { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6988081-a9f3-4014-9b23-d825810a4db9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: avads.live", "pattern": "[domain-name:value = 'avads.live']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "152 Chrome Extensions Hide Ad Tracking and Fake Google Searc", "url": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72c3b64a-d100-4100-8677-48c1e2795fd8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: chromewallpaper.com", "pattern": "[domain-name:value = 'chromewallpaper.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "152 Chrome Extensions Hide Ad Tracking and Fake Google Searc", "url": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e53393b6-4b93-40e9-a139-2cad40f1e8e7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: owhit.com", "pattern": "[domain-name:value = 'owhit.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "152 Chrome Extensions Hide Ad Tracking and Fake Google Searc", "url": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f4225867-a223-4638-86aa-ac119b99ca1e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: tabplugins.com", "pattern": "[domain-name:value = 'tabplugins.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "152 Chrome Extensions Hide Ad Tracking and Fake Google Searc", "url": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2663ae68-76e2-4931-83e8-003ce7066fc8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: yowgames.com", "pattern": "[domain-name:value = 'yowgames.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "152 Chrome Extensions Hide Ad Tracking and Fake Google Searc", "url": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6fbc2c72-aaf8-4689-81c8-0d6b6e1d3562", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 147.79.120.202", "pattern": "[ipv4-addr:value = '147.79.120.202']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "152 Chrome Extensions Hide Ad Tracking and Fake Google Searc", "url": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2de7b95d-804e-46ba-96d6-7a15c18797a7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 92.112.198.22", "pattern": "[ipv4-addr:value = '92.112.198.22']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "152 Chrome Extensions Hide Ad Tracking and Fake Google Searc", "url": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c1beeb2b-b1dd-4625-b7f0-2a50c2b3b1aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-20399", "pattern": "[vulnerability:name = 'CVE-2024-20399']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chinese hackers hijack auth flow, spy on isolated network fo", "url": "https://www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/" }, { "source_name": "China-Linked Hackers Backdoored Linux Login Software to Hide", "url": "https://thehackernews.com/2026/06/china-linked-hackers-backdoored-linux.html" }, { "source_name": "CISA KEV: CVE-2024-20399 \u2014 Cisco NX-OS Command Injection Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d2dde35-8625-4fd0-9658-ff41146f6cbb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20253", "pattern": "[vulnerability:name = 'CVE-2026-20253']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Critical Splunk Enterprise Flaw Lets Attackers Run Code With", "url": "https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92b9ef54-63ee-44cb-a720-74306d614d81", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: github.com/fardewoak/nodejs-argo", "pattern": "[domain-name:value = 'github.com/fardewoak/nodejs-argo']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "400+ AUR Packages Hijacked: What the \u201cAtomic Arch\u201d Campaign ", "url": "https://www.stepsecurity.io/blog/400-aur-packages-hijacked-atomic-arch-campaign" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ba2123c-c3ba-469e-a3f4-bb2f231caaa9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gs.thc.org", "pattern": "[domain-name:value = 'gs.thc.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chinese hackers hijack auth flow, spy on isolated network fo", "url": "https://www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2120e01b-ebe6-4668-bf86-f95144e168f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: temp.sh", "pattern": "[domain-name:value = 'temp.sh']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "400+ AUR Packages Hijacked: What the \u201cAtomic Arch\u201d Campaign ", "url": "https://www.stepsecurity.io/blog/400-aur-packages-hijacked-atomic-arch-campaign" }, { "source_name": "Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostea", "url": "https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html" }, { "source_name": "Over 400 Arch Linux packages compromised to push rootkit, in", "url": "https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "The Hacker News", "BleepingComputer" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--afdaf53b-2b79-42db-bf92-d0d26714d1d0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: advisory-tracker.com", "pattern": "[domain-name:value = 'advisory-tracker.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "New Agentjacking Attack Hijacks Your AI Coding Agent to Run ", "url": "https://cybersecuritynews.com/agentjacking-attack-hijacks-ai-coding-agent/" }, { "source_name": "Agentjacking Attack Tricks AI Coding Agents Into Running Mal", "url": "https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html" } ], "x_severity": "high", "x_sources": [ "Cyber Security News", "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--84519bf8-827f-4fda-8cd4-c108c55e31a3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-50224", "pattern": "[vulnerability:name = 'CVE-2023-50224']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" }, { "source_name": "CISA KEV: CVE-2023-50224 \u2014 TP-Link TL-WR841N Authentication ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-9377 \u2014 TP-Link Archer C7(EU) and TL-WR841", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "Cyber Security News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ea7d852e-5c10-473f-89c7-327cfa781cff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-67644", "pattern": "[vulnerability:name = 'CVE-2025-67644']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote", "url": "https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bb74976-ce09-4905-8264-0963485d8003", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-10520", "pattern": "[vulnerability:name = 'CVE-2026-10520']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA orders feds to patch actively exploited Ivanti flaw by ", "url": "https://www.bleepingcomputer.com/news/security/cisa-gives-feds-3-days-to-patch-ivanti-flaw-exploited-in-attacks/" }, { "source_name": "CISA KEV: CVE-2026-10520 \u2014 Ivanti Sentry OS Command Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Ivanti, Fortinet, and SAP Release Patches for Multiple Criti", "url": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "CISA KEV", "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62d1abff-ba46-42db-a596-ee846f3dd2d8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-10523", "pattern": "[vulnerability:name = 'CVE-2026-10523']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA orders feds to patch actively exploited Ivanti flaw by ", "url": "https://www.bleepingcomputer.com/news/security/cisa-gives-feds-3-days-to-patch-ivanti-flaw-exploited-in-attacks/" }, { "source_name": "CISA KEV: CVE-2026-10520 \u2014 Ivanti Sentry OS Command Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Ivanti, Fortinet, and SAP Release Patches for Multiple Criti", "url": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "CISA KEV", "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--be9d94a6-3715-43f2-923a-94b00e5e10fa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-21509", "pattern": "[vulnerability:name = 'CVE-2026-21509']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" }, { "source_name": "CISA KEV: CVE-2026-21509 \u2014 Microsoft Office Security Feature", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "Cyber Security News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf397427-ba2b-40ab-899a-8b75301e3426", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-27022", "pattern": "[vulnerability:name = 'CVE-2026-27022']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote", "url": "https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee181166-8c8c-4c4a-b6d1-5c3767991bb1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-28277", "pattern": "[vulnerability:name = 'CVE-2026-28277']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote", "url": "https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df68fef-f7de-4fc6-a78d-1eace362dcac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-33634", "pattern": "[vulnerability:name = 'CVE-2026-33634']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Early Warning Signs of Supply-Chain Attacks Live in the Dark", "url": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/" }, { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" }, { "source_name": "Popular telnyx package compromised on PyPI by TeamPCP", "url": "https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "StepSecurity", "Aikido", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--29d07d58-a07d-47cb-96fe-64e226e7c3e5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-35273", "pattern": "[vulnerability:name = 'CVE-2026-35273']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-3", "url": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d8cda5a-2e50-4bd9-96da-b6256328b4aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48150", "pattern": "[vulnerability:name = 'CVE-2026-48150']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-48150: Budibase: Workspace-scoped", "url": "https://github.com/advisories/GHSA-6xp4-cf37-ppjh" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--47db7df0-e2c3-4b6e-ab7f-b50fa8924457", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: azurenetfiles.net", "pattern": "[domain-name:value = 'azurenetfiles.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-3", "url": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bf771e3-b215-4093-96cd-2f83059225ea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: webhook.site", "pattern": "[domain-name:value = 'webhook.site']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Early Warning Signs of Supply-Chain Attacks Live in the Dark", "url": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/" }, { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "kubernetes-el Compromised: How a Pwn Request Exploited a Pop", "url": "https://www.stepsecurity.io/blog/kubernetes-el-compromised-how-a-pwn-request-exploited-a-popular-emacs-package" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0872643-348a-49ef-b747-f621c3d9c96b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 108.174.202.99", "pattern": "[ipv4-addr:value = '108.174.202.99']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-3", "url": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c6fb2bc8-b733-4fc0-8d06-e8d2ef8673e1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 142.11.200.186", "pattern": "[ipv4-addr:value = '142.11.200.186']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-3", "url": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--09bb42bd-48c4-43ed-abde-e8474a3f1fbc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 142.11.200.187", "pattern": "[ipv4-addr:value = '142.11.200.187']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-3", "url": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ecd4f470-55d2-4025-868a-62f45403a00b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 142.11.200.188", "pattern": "[ipv4-addr:value = '142.11.200.188']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-3", "url": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2160265-b6f1-41df-9015-0d8a0f210088", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 142.11.200.189", "pattern": "[ipv4-addr:value = '142.11.200.189']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-3", "url": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--41cd2597-6a95-4315-957d-336ac78e6514", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 142.11.200.190", "pattern": "[ipv4-addr:value = '142.11.200.190']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-3", "url": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf0e332b-f8e7-467c-998f-06e41ca8ee6e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 176.120.22.24", "pattern": "[ipv4-addr:value = '176.120.22.24']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-3", "url": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7abfe414-a13f-4e9e-923a-f33ddedc7765", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09", "pattern": "[file:hashes.'SHA-256' = '46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Early Warning Signs of Supply-Chain Attacks Live in the Dark", "url": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/" }, { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Securing Vibe Coding and AI Coding Agents: An End-to-End App", "url": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--19131287-19a2-4984-aef5-bfd6c65bda57", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4b2399646573bb737c4969563303d8ee2e9ddbd1b271f1ca9e35ea78062538db", "pattern": "[file:hashes.'SHA-256' = '4b2399646573bb737c4969563303d8ee2e9ddbd1b271f1ca9e35ea78062538db']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Early Warning Signs of Supply-Chain Attacks Live in the Dark", "url": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/" }, { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Securing Vibe Coding and AI Coding Agents: An End-to-End App", "url": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23a71d7f-4302-4f89-ba46-5760c9552061", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0", "pattern": "[file:hashes.'SHA-256' = '62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Early Warning Signs of Supply-Chain Attacks Live in the Dark", "url": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/" }, { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Securing Vibe Coding and AI Coding Agents: An End-to-End App", "url": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28e475ff-a4fb-4e67-ab0d-c5e4fbb95648", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901a", "pattern": "[file:hashes.'SHA-256' = 'a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Early Warning Signs of Supply-Chain Attacks Live in the Dark", "url": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/" }, { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Securing Vibe Coding and AI Coding Agents: An End-to-End App", "url": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ddfc6f68-1b04-4fa1-a138-80170779a94e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b74caeaa75e077c99f7d44f46daaf9796a3be43ecf24f2a1fd381844669da777", "pattern": "[file:hashes.'SHA-256' = 'b74caeaa75e077c99f7d44f46daaf9796a3be43ecf24f2a1fd381844669da777']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Early Warning Signs of Supply-Chain Attacks Live in the Dark", "url": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/" }, { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Securing Vibe Coding and AI Coding Agents: An End-to-End App", "url": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--651bb0c5-1e4f-471e-ac9c-50ce66d97879", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: cbb9bc5a8496243e02f3cc080efbe3e4a1430ba0671f2e43a202bf45b05479cd", "pattern": "[file:hashes.'SHA-256' = 'cbb9bc5a8496243e02f3cc080efbe3e4a1430ba0671f2e43a202bf45b05479cd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Early Warning Signs of Supply-Chain Attacks Live in the Dark", "url": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/" }, { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Securing Vibe Coding and AI Coding Agents: An End-to-End App", "url": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1a519ac-117e-4aa7-812c-f754e30b065e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: dc67467a39b70d1cd4c1f7f7a459b35058163592f4a9e8fb4dffcbba98ef210c", "pattern": "[file:hashes.'SHA-256' = 'dc67467a39b70d1cd4c1f7f7a459b35058163592f4a9e8fb4dffcbba98ef210c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Early Warning Signs of Supply-Chain Attacks Live in the Dark", "url": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/" }, { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Securing Vibe Coding and AI Coding Agents: An End-to-End App", "url": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa604773-29f2-4eb6-a8be-d92dec61a888", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f099c5d9ec417d4445a0328ac0ada9cde79fc37410914103ae9c609cbc0ee068", "pattern": "[file:hashes.'SHA-256' = 'f099c5d9ec417d4445a0328ac0ada9cde79fc37410914103ae9c609cbc0ee068']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Early Warning Signs of Supply-Chain Attacks Live in the Dark", "url": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/" }, { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Securing Vibe Coding and AI Coding Agents: An End-to-End App", "url": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity" } ], "x_severity": "crit", "x_sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a03080c6-8922-4de0-8333-cd352bbff6ca", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: automaticgiveaway.000webhostapp.com", "pattern": "[domain-name:value = 'automaticgiveaway.000webhostapp.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--49b41a9b-95bf-47ba-a1dc-91518bd633d8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: climbing-green-botany.glitch.me", "pattern": "[domain-name:value = 'climbing-green-botany.glitch.me']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1a7da12-81bd-4fc0-a069-45a9f307d322", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: deliverlett.com", "pattern": "[domain-name:value = 'deliverlett.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--048ac890-6224-44dc-8244-3c56bd5642b0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: deliverly.top", "pattern": "[domain-name:value = 'deliverly.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5824e8f-c2fc-44ee-8ed7-53419cc24d48", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: designli.pictures", "pattern": "[domain-name:value = 'designli.pictures']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--baed18dc-f76b-4e6e-a124-8b1bcb9a9fc1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: dev-cdn370.pantheonsite.io", "pattern": "[domain-name:value = 'dev-cdn370.pantheonsite.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85d7cf0f-840b-4902-a719-cab4ef15ab9b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: facebookbusiness0078.blogspot.be", "pattern": "[domain-name:value = 'facebookbusiness0078.blogspot.be']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cd63bb94-d29c-4ff6-9d70-219d49ad779f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ff-rewards-redeem-codes-org.github.io", "pattern": "[domain-name:value = 'ff-rewards-redeem-codes-org.github.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--99ccbba8-486a-416d-bc93-232d238a6878", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: flowcomm.click", "pattern": "[domain-name:value = 'flowcomm.click']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80bc3071-288b-4f3a-a646-1119afb35f89", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: free-fire-reward-garena-bd-nepazl.epizy.com", "pattern": "[domain-name:value = 'free-fire-reward-garena-bd-nepazl.epizy.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a77a73ce-3629-49b5-9e80-9a6c74868fe5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: freefirefff.github.io", "pattern": "[domain-name:value = 'freefirefff.github.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9de2ff47-8361-4f6b-aeb6-2bfce0138895", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: freefoodaid.com", "pattern": "[domain-name:value = 'freefoodaid.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1bbad41b-6d29-418f-8037-55ba0007a4b7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: inboxally.agency", "pattern": "[domain-name:value = 'inboxally.agency']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bef87aee-4ec4-4dba-9de5-189f65bc1709", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: inboxly.top", "pattern": "[domain-name:value = 'inboxly.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1631494b-c2a2-422c-a79d-1ad7cc7e6f4e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: instagram-cutequeen57.netlify.app", "pattern": "[domain-name:value = 'instagram-cutequeen57.netlify.app']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f00e04d-a432-423d-a113-dd33826320e3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: lett.email", "pattern": "[domain-name:value = 'lett.email']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--deda4c5a-ec37-4a08-9603-d66089e48336", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: lettermail.eu", "pattern": "[domain-name:value = 'lettermail.eu']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5216ec31-afcf-4957-b3fe-26271a85db00", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: longsauce.com", "pattern": "[domain-name:value = 'longsauce.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a8b89d6-991c-4a72-bec2-37c4c8ad7452", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: mailora.eu", "pattern": "[domain-name:value = 'mailora.eu']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07173d84-3b9f-424f-b875-25ce4ba871df", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: olrh4mibs62l6kkuvvjyc5lrercqg5tz543r4lsw3o6mh5qb7g7sneid.onion", "pattern": "[domain-name:value = 'olrh4mibs62l6kkuvvjyc5lrercqg5tz543r4lsw3o6mh5qb7g7sneid.onion']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostea", "url": "https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html" }, { "source_name": "Over 400 Arch Linux packages compromised to push rootkit, in", "url": "https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/" } ], "x_severity": "high", "x_sources": [ "The Hacker News", "BleepingComputer" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6456f0ea-c308-4bfa-bc86-5353c8980234", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pastefy.app", "pattern": "[domain-name:value = 'pastefy.app']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" }, { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News", "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f271877-6c6a-4e80-ab6a-639f2109c57f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pheontx.eu", "pattern": "[domain-name:value = 'pheontx.eu']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a452f5cb-2619-4f3f-b4d7-2fb92f37161e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: postfast.eu", "pattern": "[domain-name:value = 'postfast.eu']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--988297c7-39b9-4858-b80e-b92798ca1543", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: postify.email", "pattern": "[domain-name:value = 'postify.email']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05212aba-fc9a-48f5-ada8-2aa672109d48", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: postino.click", "pattern": "[domain-name:value = 'postino.click']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--244a0260-0d82-46c7-97e6-96c93ab33c7a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pro.riccardomalisano.com", "pattern": "[domain-name:value = 'pro.riccardomalisano.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d501fb3-68b4-4d70-a47d-692f88f80ef4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pubg-tournament-official.github.io", "pattern": "[domain-name:value = 'pubg-tournament-official.github.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--395e5f59-1e07-4b3e-aab7-718fa8920347", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: qube.black", "pattern": "[domain-name:value = 'qube.black']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--504a9d89-7b40-44a9-916b-a08a59b761e1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: quix.express", "pattern": "[domain-name:value = 'quix.express']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2540870-e2c7-467e-aa74-d3f489361925", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: raviral.com", "pattern": "[domain-name:value = 'raviral.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86332b34-2783-4411-b1ed-191aa7568f48", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: raviral.com/host_style/style/js-track/track.js", "pattern": "[domain-name:value = 'raviral.com/host_style/style/js-track/track.js']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3fc91124-aa15-4af1-bcb9-6822585a4806", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: raviral.com/k_fac.php", "pattern": "[domain-name:value = 'raviral.com/k_fac.php']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cae4881a-47f0-4c85-885b-887c1496d1ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: smplfy.in", "pattern": "[domain-name:value = 'smplfy.in']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d8584e0-e319-410d-a8c4-01f2a9ac2e8d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sniperdz.com", "pattern": "[domain-name:value = 'sniperdz.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff9ac3f5-19bf-48b6-b8a7-36074e793892", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sumato-soft.org", "pattern": "[domain-name:value = 'sumato-soft.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c88e0b9-347d-48e0-adea-1c08a2f00e1a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: t.me/JokerDzV2", "pattern": "[domain-name:value = 't.me/JokerDzV2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c15152d4-de32-4711-9512-d42b75204a54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: technobrains.dev", "pattern": "[domain-name:value = 'technobrains.dev']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4cde876e-c82f-4a19-922e-15cedd1a7a1a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: trayo.app", "pattern": "[domain-name:value = 'trayo.app']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ra", "url": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9bf0633-b4b7-4de0-a07c-96df922f40ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: v0tingsystem.github.io", "pattern": "[domain-name:value = 'v0tingsystem.github.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, A", "url": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--adffd1ab-93f3-4692-8f62-d47b016bdc95", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: wellnesscaremed.com", "pattern": "[domain-name:value = 'wellnesscaremed.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4fe1a32-4a9b-4200-868d-6588834fbc45", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: wellnessmedcare.org", "pattern": "[domain-name:value = 'wellnessmedcare.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34c0de2a-24b2-460c-83ae-d0d03cf6a79b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.233.201.21", "pattern": "[ipv4-addr:value = '193.233.201.21']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5e550de-e178-441e-882e-35fc0d5958ac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 42b59fdbe1b72895b2951412222ebf40", "pattern": "[file:hashes.MD5 = '42b59fdbe1b72895b2951412222ebf40']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostea", "url": "https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html" }, { "source_name": "Over 400 Arch Linux packages compromised to push rootkit, in", "url": "https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/" } ], "x_severity": "high", "x_sources": [ "The Hacker News", "BleepingComputer" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c5ab214d-0445-4164-9d07-d9f6f82aa27f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 53b91117db931d3acbbfd15aa8400bb6691e023d", "pattern": "[file:hashes.'SHA-1' = '53b91117db931d3acbbfd15aa8400bb6691e023d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f5aec6d4-eb8e-448f-891e-e077abcbfae1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 63154cd9c79f9d14eb9be6c4efc2a778d31646ec", "pattern": "[file:hashes.'SHA-1' = '63154cd9c79f9d14eb9be6c4efc2a778d31646ec']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c50c9391-e54f-45d8-9901-0ed0642562f4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 70842cfc27b116d0db2fd7aa33d53a3faf510993", "pattern": "[file:hashes.'SHA-1' = '70842cfc27b116d0db2fd7aa33d53a3faf510993']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0ea414d-c3da-4211-887d-52797b659fab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 74d3d5ab6d0fa4c6a5860598231728a6a893ecf7", "pattern": "[file:hashes.'SHA-1' = '74d3d5ab6d0fa4c6a5860598231728a6a893ecf7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28245de2-06dc-4ff6-bc9a-35fb5b574a26", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: e1bdcd1a7157f7d047a88ab4573723fe1e861951", "pattern": "[file:hashes.'SHA-1' = 'e1bdcd1a7157f7d047a88ab4573723fe1e861951']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61a0ae13-1e69-4e94-a70e-7112c4d2b08e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: fcc8a542aad41e758cf6c18571048890be53808e", "pattern": "[file:hashes.'SHA-1' = 'fcc8a542aad41e758cf6c18571048890be53808e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f1a7d0-1962-488c-86d8-2bedbd279660", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0bb0d54033767f081cae775e3cf9ede7ae6bea75f35fbfb748ccba9325e28e5e", "pattern": "[file:hashes.'SHA-256' = '0bb0d54033767f081cae775e3cf9ede7ae6bea75f35fbfb748ccba9325e28e5e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ac2e952-5fa4-4be4-bec6-1d2f5c3cd21c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 17bad5ae5b2ac262f5f18854853869840245c344105aa38c7f550ef51d2e5f26", "pattern": "[file:hashes.'SHA-256' = '17bad5ae5b2ac262f5f18854853869840245c344105aa38c7f550ef51d2e5f26']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff783a05-9f71-4d36-9b7d-4a081cba645a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1ed863a32372160b3a25549aad25d48d5352d9b4f58d4339408c4eea69807f50", "pattern": "[file:hashes.'SHA-256' = '1ed863a32372160b3a25549aad25d48d5352d9b4f58d4339408c4eea69807f50']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5928b5a8-e76c-468e-8919-2eeacf6dde5e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2822c72a59b58c00fc088aa551cdeeb92ca10fd23e23745610ff207f53118db9", "pattern": "[file:hashes.'SHA-256' = '2822c72a59b58c00fc088aa551cdeeb92ca10fd23e23745610ff207f53118db9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54519419-90c6-4ba2-b688-5959531f94bf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2fa5b0475c3b70a3ba14c6a3938baf441a08b11841493b85e087d1d5e01eba49", "pattern": "[file:hashes.'SHA-256' = '2fa5b0475c3b70a3ba14c6a3938baf441a08b11841493b85e087d1d5e01eba49']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c77da2c3-e240-4b28-a0b7-42dd7e712579", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3f476d316efe2514efd70c975d0c87e12357db9fca54a25834d60b28192c6a69", "pattern": "[file:hashes.'SHA-256' = '3f476d316efe2514efd70c975d0c87e12357db9fca54a25834d60b28192c6a69']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9fa447f-596d-4fde-8ec4-498955f2890d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5a17cfaea0cc3a82242fdd11b53140c0b56256d769b07c33757d61e0a0a6ec02", "pattern": "[file:hashes.'SHA-256' = '5a17cfaea0cc3a82242fdd11b53140c0b56256d769b07c33757d61e0a0a6ec02']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f816054-0a92-46be-b5c5-d4c5ab0be0f9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5c50f79038b31aa8a3a68b24d8b783dfbd2e15fff7586c5609e544a717ef7d05", "pattern": "[file:hashes.'SHA-256' = '5c50f79038b31aa8a3a68b24d8b783dfbd2e15fff7586c5609e544a717ef7d05']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03148aaf-8c35-4b45-bd90-bd8b5e9b6304", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6144d433f8a0316869877b5f834c801251bbb936e5f1577c5680878c7443c98b", "pattern": "[file:hashes.'SHA-256' = '6144d433f8a0316869877b5f834c801251bbb936e5f1577c5680878c7443c98b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostea", "url": "https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html" }, { "source_name": "Over 400 Arch Linux packages compromised to push rootkit, in", "url": "https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/" } ], "x_severity": "high", "x_sources": [ "The Hacker News", "BleepingComputer" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d34672cf-a456-45ae-b557-9d41400c61e0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6585ca0d3e26c20ced638f46f4a89eea924d411b8753d3fcf434663593c7cf0b", "pattern": "[file:hashes.'SHA-256' = '6585ca0d3e26c20ced638f46f4a89eea924d411b8753d3fcf434663593c7cf0b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0a8b3796-1db2-4b56-a366-e8eb075a08db", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7269c00a6164fd01dd516e0a72b2bd84c82e78feb552e06964e4992ff0479dda", "pattern": "[file:hashes.'SHA-256' = '7269c00a6164fd01dd516e0a72b2bd84c82e78feb552e06964e4992ff0479dda']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--809ee5ac-fc7c-482f-863d-ac9e219669b3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9f4672c1374034ac4556264f0d4bf96ee242c0b5a9edaa4715b5e61fe8d55cc8", "pattern": "[file:hashes.'SHA-256' = '9f4672c1374034ac4556264f0d4bf96ee242c0b5a9edaa4715b5e61fe8d55cc8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a2a16667-f789-4b73-8dae-e57d72cb88c1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a876f648991711e44a8dcf888a271880c6c930e5138f284cd6ca6128eca56ba1", "pattern": "[file:hashes.'SHA-256' = 'a876f648991711e44a8dcf888a271880c6c930e5138f284cd6ca6128eca56ba1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--575809de-f61b-43bb-903b-3eb86366be75", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a944a09783023a2c6c62d3601cbd5392a03d808a6a51728e07a3270861c2a8ee", "pattern": "[file:hashes.'SHA-256' = 'a944a09783023a2c6c62d3601cbd5392a03d808a6a51728e07a3270861c2a8ee']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bad20c04-73e9-4dac-9cad-a1ac714fec42", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b2ba51b4491da8604ff9410d6e004971e3cd9a321390d0258e294ac42010b546", "pattern": "[file:hashes.'SHA-256' = 'b2ba51b4491da8604ff9410d6e004971e3cd9a321390d0258e294ac42010b546']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9f0e51b-1f08-4b33-976a-84ecda15fb22", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bab96257018df49ace8fe8adfadc74cf8327fcf9a9dc8a3a7c9ac8e18881df5f", "pattern": "[file:hashes.'SHA-256' = 'bab96257018df49ace8fe8adfadc74cf8327fcf9a9dc8a3a7c9ac8e18881df5f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--318e95b4-a05a-4d4e-b67d-176af937b565", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bb23545380fde9f48ad070f88fe0afd695da5fcae8c5274814858c5a681d8c4e", "pattern": "[file:hashes.'SHA-256' = 'bb23545380fde9f48ad070f88fe0afd695da5fcae8c5274814858c5a681d8c4e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8969f55-3f55-4bf2-ac4d-2676c89170a6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c91183175ce77360006f964841eb4048cf37cb82103f2573e262927be4c7607f", "pattern": "[file:hashes.'SHA-256' = 'c91183175ce77360006f964841eb4048cf37cb82103f2573e262927be4c7607f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8dee5f53-1e5c-4505-b670-3049b1b59534", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d6abc7003b580472d808b338adef0b28eacc698cd4692f76cb2a91718ab78d88", "pattern": "[file:hashes.'SHA-256' = 'd6abc7003b580472d808b338adef0b28eacc698cd4692f76cb2a91718ab78d88']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cfa383db-b90e-4708-8fb7-acb0120bdb11", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d7ec660a2a29c1aabcbe9bff1ef29be9a9fab8c7fe7c40df4772dd2b5bdf9666", "pattern": "[file:hashes.'SHA-256' = 'd7ec660a2a29c1aabcbe9bff1ef29be9a9fab8c7fe7c40df4772dd2b5bdf9666']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7f51352-a449-44c6-b6bb-bc3e24ad60bc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d94a2444268b339dfda2615f7800322fb318e0a484414bb17016cfcd5eb07c44", "pattern": "[file:hashes.'SHA-256' = 'd94a2444268b339dfda2615f7800322fb318e0a484414bb17016cfcd5eb07c44']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1fdcc8fd-d8c9-4fe3-858a-f198df2c3a5d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e848d73a68e4e8aea00a6257552b5872907dfaf7cce3d94636d7e59d286edeab", "pattern": "[file:hashes.'SHA-256' = 'e848d73a68e4e8aea00a6257552b5872907dfaf7cce3d94636d7e59d286edeab']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7ea6d564-103f-49d0-a48e-00da75e18f4e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fd3f13db41cd5b442fa26ba8bc0e9703ed243b3516374e3ef89be71cbf07436b", "pattern": "[file:hashes.'SHA-256' = 'fd3f13db41cd5b442fa26ba8bc0e9703ed243b3516374e3ef89be71cbf07436b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to L", "url": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c9b66cb-7d18-4eb9-92e9-51eeffc5a40f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: feabf10c8a9ba2775bb0f7f9d0b20203112b7df8e6d333a44d5a11eae0e38e86", "pattern": "[file:hashes.'SHA-256' = 'feabf10c8a9ba2775bb0f7f9d0b20203112b7df8e6d333a44d5a11eae0e38e86']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Cr", "url": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/" } ], "x_severity": "high", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11deeec9-d7c5-4453-8763-51c5f06ba952", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: hairdb.com", "pattern": "[domain-name:value = 'hairdb.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Tra", "url": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06c401bd-90c9-4c34-b5ef-fe69566a64aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: lazybearpottery.net", "pattern": "[domain-name:value = 'lazybearpottery.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Tra", "url": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c355a16-473c-4d13-a858-52dab5cc3843", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: matrix.agent.education.tchap.gouv.fr", "pattern": "[domain-name:value = 'matrix.agent.education.tchap.gouv.fr']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Over 73,000 French govt employees affected in Tchap messenge", "url": "https://www.bleepingcomputer.com/news/security/french-govt-says-tchap-breach-affected-over-73-000-accounts/" } ], "x_severity": "med", "x_sources": [ "BleepingComputer" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f84385b7-d05b-4dac-99c4-5e4a95904f97", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: r64.org", "pattern": "[domain-name:value = 'r64.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Tra", "url": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0a268ff-8f58-4d65-8588-1e7eefbec247", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: reclameaqui.services", "pattern": "[domain-name:value = 'reclameaqui.services']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Tra", "url": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b1e2420c-f04a-4f1b-8d7d-903647f9d6db", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: rectalmania.com", "pattern": "[domain-name:value = 'rectalmania.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Tra", "url": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70aacdea-6497-4d91-82a3-f10ca2a61c7a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sefaz.services", "pattern": "[domain-name:value = 'sefaz.services']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Tra", "url": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/" } ], "x_severity": "med", "x_sources": [ "Cyber Security News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cae0c94c-8b42-4aa3-a628-ec0f4ea58dc2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: tchap.gouv.fr", "pattern": "[domain-name:value = 'tchap.gouv.fr']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Over 73,000 French govt employees affected in Tchap messenge", "url": "https://www.bleepingcomputer.com/news/security/french-govt-says-tchap-breach-affected-over-73-000-accounts/" } ], "x_severity": "med", "x_sources": [ "BleepingComputer" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bbc925dd-3bcc-4f3b-8b85-a7e757a68a00", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-55591", "pattern": "[vulnerability:name = 'CVE-2024-55591']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like", "url": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html" }, { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0097ba32-e501-4289-a040-7e7ce35e35d0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-32433", "pattern": "[vulnerability:name = 'CVE-2025-32433']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like", "url": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html" }, { "source_name": "CISA KEV: CVE-2025-32433 \u2014 Erlang Erlang/OTP SSH Server Miss", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06a45db7-2939-4dde-a79d-00b2243e4d6e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-33073", "pattern": "[vulnerability:name = 'CVE-2025-33073']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like", "url": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html" }, { "source_name": "CISA KEV: CVE-2025-33073 \u2014 Microsoft Windows SMB Client Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5486540-3a8d-442c-a08f-4bd313a1b60a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-11645", "pattern": "[vulnerability:name = 'CVE-2026-11645']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like", "url": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html" }, { "source_name": "Langflow Vulnerability CVE-2026-5027 Exploited for Unauthent", "url": "https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html" }, { "source_name": "CISA KEV: CVE-2026-11645 \u2014 Google Chromium V8 Out-of-Bounds ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--29a70425-853f-4ba4-8336-5e3befe11aac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20230", "pattern": "[vulnerability:name = 'CVE-2026-20230']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like", "url": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ddbdfca7-26e8-48b1-8e96-810f2c5631af", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-23479", "pattern": "[vulnerability:name = 'CVE-2026-23479']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like", "url": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed592cd0-ab14-4305-b2a8-6c4454c0dbff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45585", "pattern": "[vulnerability:name = 'CVE-2026-45585']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "New GreatXML Exploit Bypasses Windows BitLocker via Recovery", "url": "https://thehackernews.com/2026/06/new-greatxml-exploit-bypasses-windows.html" }, { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a5ca5ab-8bb9-474f-b74f-efa6d7207923", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48039", "pattern": "[vulnerability:name = 'CVE-2026-48039']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-48039: Meta Ads MCP: Unauthentica", "url": "https://github.com/advisories/GHSA-9gw6-46qc-99vr" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9610bffb-0d60-442e-b88b-544333fb55ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48062", "pattern": "[vulnerability:name = 'CVE-2026-48062']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-48062: CodeIgniter4 has a validat", "url": "https://github.com/advisories/GHSA-2gr4-ppc7-7mhx" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--09d3ab62-c0f8-4ab8-958a-d03aff65500f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: coachcybersecurity.com", "pattern": "[domain-name:value = 'coachcybersecurity.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee73e949-d40b-4d70-bbf7-79565573c9a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: financemachinelearning.com", "pattern": "[domain-name:value = 'financemachinelearning.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--254626fb-a909-4ad4-beec-9eeb34907638", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gatewayrvcenter.com", "pattern": "[domain-name:value = 'gatewayrvcenter.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8c44efbb-a8fe-4eec-af6f-00787df8c16d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: leadingfilipinoteams.com", "pattern": "[domain-name:value = 'leadingfilipinoteams.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02b0a2ee-6504-4bf2-ae7a-55c1f5903f38", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: mxprodesign.com", "pattern": "[domain-name:value = 'mxprodesign.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--333c1901-8018-4b9b-9c13-3ecbc4e97064", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: power-sync-services.com", "pattern": "[domain-name:value = 'power-sync-services.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3c32bc13-8b0d-4c5b-a711-1b57cabfb1e3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sfrclak.com", "pattern": "[domain-name:value = 'sfrclak.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Code is being written everywhere, and the device is the only", "url": "https://www.aikido.dev/blog/code-is-written-everywhere" }, { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" } ], "x_severity": "crit", "x_sources": [ "Aikido", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7a0fea37-6457-4a90-8b92-e5c50910bf9e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.119.47.104", "pattern": "[ipv4-addr:value = '103.119.47.104']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--297982a9-92f0-4120-89c9-236f776ba81e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 139.162.11.152", "pattern": "[ipv4-addr:value = '139.162.11.152']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a3cbf285-03dc-4d4e-acba-56846f862529", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 139.180.128.42", "pattern": "[ipv4-addr:value = '139.180.128.42']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--181b2d93-29b9-4cf4-bd5c-b871b5d15fa5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 139.99.33.239", "pattern": "[ipv4-addr:value = '139.99.33.239']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d98a5d22-65e6-46ba-911c-74823b945097", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 142.91.98.77", "pattern": "[ipv4-addr:value = '142.91.98.77']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--990c4529-7bfb-44f1-bad3-fff7ebef5e66", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 166.88.77.186", "pattern": "[ipv4-addr:value = '166.88.77.186']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ab8e2fa-6dbc-4874-9e13-fe8d2da6e541", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 176.120.22.127", "pattern": "[ipv4-addr:value = '176.120.22.127']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like", "url": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e6e7898-5464-43c5-9997-4051f2791d41", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.68.26.241", "pattern": "[ipv4-addr:value = '194.68.26.241']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c70ce2c-eb4d-4377-a1f8-4fe92454bd2c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.60.245.37", "pattern": "[ipv4-addr:value = '38.60.245.37']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--22272f94-9d77-4f17-ada4-cef05a6bbd27", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 7bdbd180c081fa63ca94f9c22c457376", "pattern": "[file:hashes.MD5 = '7bdbd180c081fa63ca94f9c22c457376']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A tale of two eras", "url": "https://blog.talosintelligence.com/a-tale-of-two-eras/" }, { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" }, { "source_name": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf7fe4e7-215e-415b-acb1-c69d286ace5e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 0037DBB0FEA981D02F6F76DE81EBAEFCB68B7D20", "pattern": "[file:hashes.'SHA-1' = '0037DBB0FEA981D02F6F76DE81EBAEFCB68B7D20']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd6dd4c7-8fad-4bb9-8e26-46750bcf6537", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 19A69F856EFA811C376F68E4FEB0997B4724F8BD", "pattern": "[file:hashes.'SHA-1' = '19A69F856EFA811C376F68E4FEB0997B4724F8BD']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9b73b9c-5f36-48bd-bc3a-a52223aef0a0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 41CB8CD78B8DB76563E4F972ABE817CEEE9CF9B0", "pattern": "[file:hashes.'SHA-1' = '41CB8CD78B8DB76563E4F972ABE817CEEE9CF9B0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c3abaac-71a5-43e5-8f8e-052613b218fc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 48FEBB91A10D1462461A012FAFC0918BB028E947", "pattern": "[file:hashes.'SHA-1' = '48FEBB91A10D1462461A012FAFC0918BB028E947']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0d9d85e-b4d6-45a6-8802-4839e2cd5260", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 490194E9BB5128ECA8693AD9E610891C2ED185AF", "pattern": "[file:hashes.'SHA-1' = '490194E9BB5128ECA8693AD9E610891C2ED185AF']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7d2ee98c-8923-4175-bc5c-1a22ccc9add2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 4AD36AD6C165B5174967020CB1A3358F78D7A283", "pattern": "[file:hashes.'SHA-1' = '4AD36AD6C165B5174967020CB1A3358F78D7A283']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3b3b0915-a6ed-4bc4-845c-47537b0bce51", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 51176139B0B2220B802C1578A4994DF68DF5BCD1", "pattern": "[file:hashes.'SHA-1' = '51176139B0B2220B802C1578A4994DF68DF5BCD1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae355a50-f718-4bcf-8a30-f218f5c12b24", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 511B77459673EC42163F19E300FF1D233B6C39FB", "pattern": "[file:hashes.'SHA-1' = '511B77459673EC42163F19E300FF1D233B6C39FB']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--319e4034-b966-442c-b86d-a3052dc9c653", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 57352B3CEEE32216E5AA20BAA848483D7AB5A6FB", "pattern": "[file:hashes.'SHA-1' = '57352B3CEEE32216E5AA20BAA848483D7AB5A6FB']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aac9d1c7-92a4-47cf-93ca-2f6a1fe02aa7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 59A8553A4F8130F576AB234E0B220BE4D4DA0E98", "pattern": "[file:hashes.'SHA-1' = '59A8553A4F8130F576AB234E0B220BE4D4DA0E98']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c756b84-5677-48c9-b352-0511add49d22", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 5D6194BB48FEBB91A10D1462461A012FAFC0918B", "pattern": "[file:hashes.'SHA-1' = '5D6194BB48FEBB91A10D1462461A012FAFC0918B']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c26d4e03-778a-43aa-8e24-5bef1fc0a02e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 865A1739337D3303B3AB02C5E694C22B79C42B7D", "pattern": "[file:hashes.'SHA-1' = '865A1739337D3303B3AB02C5E694C22B79C42B7D']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" }, { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5a4c445-88ec-444c-8b91-638439a8859f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 8CD78B8DB76563E4F972ABE817CEEE9CF9B00037", "pattern": "[file:hashes.'SHA-1' = '8CD78B8DB76563E4F972ABE817CEEE9CF9B00037']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9edeebd-b50e-4232-9ac9-404c86b1b804", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 91F042F59BE4BDCB6E5EA21B91DECD731C175B54", "pattern": "[file:hashes.'SHA-1' = '91F042F59BE4BDCB6E5EA21B91DECD731C175B54']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94465d1a-fdfd-4fc5-832b-d8f89fd4059c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 9BC06DF9F932746A05EE728C8B103BD3BA6BF395", "pattern": "[file:hashes.'SHA-1' = '9BC06DF9F932746A05EE728C8B103BD3BA6BF395']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9bef665-52a6-44ec-8d89-b0a8274ba8c5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 9CA1A5C7F79882DB913534C1E62B26BCDCB9F6DD", "pattern": "[file:hashes.'SHA-1' = '9CA1A5C7F79882DB913534C1E62B26BCDCB9F6DD']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--440141b2-eff4-413e-8dab-86248a6a55fd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: A177ED0BFFEB1EFE1D9D31D72A82EF2625AE646D", "pattern": "[file:hashes.'SHA-1' = 'A177ED0BFFEB1EFE1D9D31D72A82EF2625AE646D']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d8615fb-b9b5-489b-83dd-01616b6279cc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: A8E2BBBFCB86500322D2367744FA12755AB0C165", "pattern": "[file:hashes.'SHA-1' = 'A8E2BBBFCB86500322D2367744FA12755AB0C165']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--08f69bc5-b5e8-4302-bf46-423b542b5b8c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: B028E947150764A71DEEF498DE6F8C95ECCCB445", "pattern": "[file:hashes.'SHA-1' = 'B028E947150764A71DEEF498DE6F8C95ECCCB445']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7f86806-fc3b-4d74-bc1c-467e69fad8e1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: B0FEA981D02F6F76DE81EBAEFCB68B7D205D6194", "pattern": "[file:hashes.'SHA-1' = 'B0FEA981D02F6F76DE81EBAEFCB68B7D205D6194']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in Fire", "url": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--332dc3f7-0081-4f51-b4ca-c63f2e32e298", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: B7B2D2DB544F9EEA74453CDF2B8BEEA58CF07C48", "pattern": "[file:hashes.'SHA-1' = 'B7B2D2DB544F9EEA74453CDF2B8BEEA58CF07C48']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17fe2f1d-c340-4d89-8865-020dc5e7d20e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: D511B77459673EC42163F19E300FF1D233B6C39F", "pattern": "[file:hashes.'SHA-1' = 'D511B77459673EC42163F19E300FF1D233B6C39F']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3491cf47-53b8-456e-9983-8cd8a76f922d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: F74F1FEB62B662CDA489FDB2453727824E55ACB9", "pattern": "[file:hashes.'SHA-1' = 'F74F1FEB62B662CDA489FDB2453727824E55ACB9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3bc0a53d-0984-4243-b041-24f2b8545dd3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: F8F8209987CA7F139DE6A62F9E6EE21BD2AE93A9", "pattern": "[file:hashes.'SHA-1' = 'F8F8209987CA7F139DE6A62F9E6EE21BD2AE93A9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "OceanLotus: From external espionage to domestic targeting", "url": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--954189ed-85ee-4f64-a314-4eea2f138fb8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7069e28a5806db4ab0273639667d203f5e31b401d403af7e36d9f360c1f6d655", "pattern": "[file:hashes.'SHA-256' = '7069e28a5806db4ab0273639667d203f5e31b401d403af7e36d9f360c1f6d655']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Miasma and Hades Are Spreading Now: Detect Them on Developer", "url": "https://www.stepsecurity.io/blog/miasma-and-hades-are-spreading-now-detect-them-on-developer-machines-with-suspicious-files" }, { "source_name": "Preinstall to persistence: Inside the Red Hat npm Miasma cre", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3d232e3-a807-4f0d-b803-2ab846c7d7a7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91", "pattern": "[file:hashes.'SHA-256' = 'a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A tale of two eras", "url": "https://blog.talosintelligence.com/a-tale-of-two-eras/" }, { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" }, { "source_name": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8e3ff151-b4c9-4c17-862b-750812c9b1e4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b86c5ae9e95bd841a595440faa3eb6317441e746f241ae8fd641ab59ed1d1966", "pattern": "[file:hashes.'SHA-256' = 'b86c5ae9e95bd841a595440faa3eb6317441e746f241ae8fd641ab59ed1d1966']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Miasma and Hades Are Spreading Now: Detect Them on Developer", "url": "https://www.stepsecurity.io/blog/miasma-and-hades-are-spreading-now-detect-them-on-developer-machines-with-suspicious-files" }, { "source_name": "Preinstall to persistence: Inside the Red Hat npm Miasma cre", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1a20d720-24a6-4806-88a6-a315e62e8b51", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: imperva_artifactory.com", "pattern": "[domain-name:value = 'imperva_artifactory.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "New Attacks Trick OpenClaw AI Agent Into Running Code and Le", "url": "https://thehackernews.com/2026/06/new-attacks-trick-openclaw-ai-agent.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5669b4e7-e6a0-4326-9fec-8fd0efed5ebe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: zerodayclock.com", "pattern": "[domain-name:value = 'zerodayclock.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI Broke Vulnerability Management. That's Why CISOs Are Movi", "url": "https://thehackernews.com/2026/06/ai-broke-vulnerability-management-thats.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c485582-0fae-48ce-9a8a-4c325245ba87", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 142.11.206.73", "pattern": "[ipv4-addr:value = '142.11.206.73']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Code is being written everywhere, and the device is the only", "url": "https://www.aikido.dev/blog/code-is-written-everywhere" }, { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" } ], "x_severity": "high", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dcb965f1-5db3-4579-9427-b7cbc8d25305", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 2915b3f8b703eb744fc54c81f4a9c67f", "pattern": "[file:hashes.MD5 = '2915b3f8b703eb744fc54c81f4a9c67f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A tale of two eras", "url": "https://blog.talosintelligence.com/a-tale-of-two-eras/" }, { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" }, { "source_name": "Less panic patching, more precision", "url": "https://blog.talosintelligence.com/less-panic-patching-more-precision/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cb568a9a-89e9-428b-89a6-aa5a25d3a24f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 38de5b216c33833af710e88f7f64fc98", "pattern": "[file:hashes.MD5 = '38de5b216c33833af710e88f7f64fc98']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A tale of two eras", "url": "https://blog.talosintelligence.com/a-tale-of-two-eras/" }, { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" }, { "source_name": "Less panic patching, more precision", "url": "https://blog.talosintelligence.com/less-panic-patching-more-precision/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a64030d-0d78-41e5-be05-51a110603f24", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: aac3165ece2959f39ff98334618d10d9", "pattern": "[file:hashes.MD5 = 'aac3165ece2959f39ff98334618d10d9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A tale of two eras", "url": "https://blog.talosintelligence.com/a-tale-of-two-eras/" }, { "source_name": "The art of being ungovernable", "url": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/" }, { "source_name": "The time of much patching is coming", "url": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--84bba63e-a8bb-4695-8459-ef21880cdbe7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 07d889e2dadce6f3910dcbc253317d28ca61c766", "pattern": "[file:hashes.'SHA-1' = '07d889e2dadce6f3910dcbc253317d28ca61c766']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Code is being written everywhere, and the device is the only", "url": "https://www.aikido.dev/blog/code-is-written-everywhere" }, { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" } ], "x_severity": "high", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f33ee75-9e97-42ce-a1ba-b384981abc65", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2553649f2322049666871cea80a5d0d6adc700ca", "pattern": "[file:hashes.'SHA-1' = '2553649f2322049666871cea80a5d0d6adc700ca']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Code is being written everywhere, and the device is the only", "url": "https://www.aikido.dev/blog/code-is-written-everywhere" }, { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" } ], "x_severity": "high", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7cb5ebd5-8726-4496-b97b-794d340372c3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71", "pattern": "[file:hashes.'SHA-1' = 'd6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm v12 delivers one of the biggest security improvements in", "url": "https://www.aikido.dev/blog/npm-v12-block-postinstall" }, { "source_name": "Code is being written everywhere, and the device is the only", "url": "https://www.aikido.dev/blog/code-is-written-everywhere" }, { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" } ], "x_severity": "high", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f48b92a2-34bb-41b7-899f-8659fdc2a9ed", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974", "pattern": "[file:hashes.'SHA-256' = '96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A tale of two eras", "url": "https://blog.talosintelligence.com/a-tale-of-two-eras/" }, { "source_name": "The art of being ungovernable", "url": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/" }, { "source_name": "The time of much patching is coming", "url": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--82742aab-ad34-4fb6-a948-2160d244408b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9896a6fcb9bb5ac1ec5297b4a65be3f647589adf7c37b45f3f7466decd6a4a7f", "pattern": "[file:hashes.'SHA-256' = '9896a6fcb9bb5ac1ec5297b4a65be3f647589adf7c37b45f3f7466decd6a4a7f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A tale of two eras", "url": "https://blog.talosintelligence.com/a-tale-of-two-eras/" }, { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" }, { "source_name": "Less panic patching, more precision", "url": "https://blog.talosintelligence.com/less-panic-patching-more-precision/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a82386ac-8357-4261-92e3-49764586eb9a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507", "pattern": "[file:hashes.'SHA-256' = '9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A tale of two eras", "url": "https://blog.talosintelligence.com/a-tale-of-two-eras/" }, { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" }, { "source_name": "Less panic patching, more precision", "url": "https://blog.talosintelligence.com/less-panic-patching-more-precision/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d70366c6-1871-4bcf-8f52-cec0d839192d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c539766062555d47716f8432e73adbe3a0c0c954a0b6c4005017a668975e275c", "pattern": "[file:hashes.'SHA-256' = 'c539766062555d47716f8432e73adbe3a0c0c954a0b6c4005017a668975e275c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Miasma and Hades Are Spreading Now: Detect Them on Developer", "url": "https://www.stepsecurity.io/blog/miasma-and-hades-are-spreading-now-detect-them-on-developer-machines-with-suspicious-files" }, { "source_name": "Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Cred", "url": "https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html" } ], "x_severity": "high", "x_sources": [ "StepSecurity", "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--baa0c9ec-a106-4a86-a968-cb81d4fffe18", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: dc48b09b2a5954f7ff79ab8a2fd80202bd3b59c08c7cdbc6025aa923cb4c0efe", "pattern": "[file:hashes.'SHA-256' = 'dc48b09b2a5954f7ff79ab8a2fd80202bd3b59c08c7cdbc6025aa923cb4c0efe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Miasma and Hades Are Spreading Now: Detect Them on Developer", "url": "https://www.stepsecurity.io/blog/miasma-and-hades-are-spreading-now-detect-them-on-developer-machines-with-suspicious-files" }, { "source_name": "Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Cred", "url": "https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html" } ], "x_severity": "high", "x_sources": [ "StepSecurity", "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e312f3a9-ecc8-4a68-a46f-67cce4a18fb5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e1342a80d4b5e83d2c7c22e1e0aaa95f2d88e3dbf0d853a4994b180c93a4b17d", "pattern": "[file:hashes.'SHA-256' = 'e1342a80d4b5e83d2c7c22e1e0aaa95f2d88e3dbf0d853a4994b180c93a4b17d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Miasma and Hades Are Spreading Now: Detect Them on Developer", "url": "https://www.stepsecurity.io/blog/miasma-and-hades-are-spreading-now-detect-them-on-developer-machines-with-suspicious-files" }, { "source_name": "Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Cred", "url": "https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html" } ], "x_severity": "high", "x_sources": [ "StepSecurity", "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1aba1e82-a5a1-48d2-a58b-ad57489d579d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-17103", "pattern": "[vulnerability:name = 'CVE-2020-17103']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5707bb32-4340-4347-a321-269f87e8b78a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-10263", "pattern": "[vulnerability:name = 'CVE-2025-10263']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--48a7e67c-2e03-4230-9b7d-d03529a020b1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20245", "pattern": "[vulnerability:name = 'CVE-2026-20245']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Langflow Vulnerability CVE-2026-5027 Exploited for Unauthent", "url": "https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html" }, { "source_name": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Imp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b257843-6d6b-4775-a9b1-565f896efda0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-22732", "pattern": "[vulnerability:name = 'CVE-2026-22732']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ivanti, Fortinet, and SAP Release Patches for Multiple Criti", "url": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a42d1557-f7a4-48e1-a965-ac5d9f7771bb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-25089", "pattern": "[vulnerability:name = 'CVE-2026-25089']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ivanti, Fortinet, and SAP Release Patches for Multiple Criti", "url": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17b9225b-07a4-473f-924a-5a1e12423b24", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-27671", "pattern": "[vulnerability:name = 'CVE-2026-27671']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ivanti, Fortinet, and SAP Release Patches for Multiple Criti", "url": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e34bc3ba-bbb9-401d-90db-871fc279dbd8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-33825", "pattern": "[vulnerability:name = 'CVE-2026-33825']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access", "url": "https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html" }, { "source_name": "CISA KEV: CVE-2026-33825 \u2014 Microsoft Defender Insufficient G", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b6a8082-1bf3-43bd-a596-76a36182ac2e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-35616", "pattern": "[vulnerability:name = 'CVE-2026-35616']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber ", "url": "https://thehackernews.com/2026/06/china-linked-jdy-botnet-expands-to-1500.html" }, { "source_name": "CISA KEV: CVE-2026-35616 \u2014 Fortinet FortiClient EMS Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfccaa5-087c-4d18-a311-7f09ec4e1a5d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-40128", "pattern": "[vulnerability:name = 'CVE-2026-40128']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ivanti, Fortinet, and SAP Release Patches for Multiple Criti", "url": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd0a6577-75e9-4b12-98a1-1239420e0b21", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-41091", "pattern": "[vulnerability:name = 'CVE-2026-41091']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access", "url": "https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html" }, { "source_name": "CISA KEV: CVE-2026-41091 \u2014 Microsoft Defender Link Following", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a63c7686-4b25-445b-8fd4-504849cd9a07", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44748", "pattern": "[vulnerability:name = 'CVE-2026-44748']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ivanti, Fortinet, and SAP Release Patches for Multiple Criti", "url": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9036c34-3f58-4e44-9c4d-36a66a45ea60", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44815", "pattern": "[vulnerability:name = 'CVE-2026-44815']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" }, { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d9c961-1a39-4326-a3c1-1196b3c05bcc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45498", "pattern": "[vulnerability:name = 'CVE-2026-45498']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access", "url": "https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html" }, { "source_name": "CISA KEV: CVE-2026-45498 \u2014 Microsoft Defender Denial of Serv", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e2afba9-27bc-4636-8083-aef58e591c75", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45586", "pattern": "[vulnerability:name = 'CVE-2026-45586']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05f54ee3-e27c-40a5-badb-0d49bd0e2eb8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45655", "pattern": "[vulnerability:name = 'CVE-2026-45655']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2303e885-c9e5-4ece-9728-264ec029f0c9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45657", "pattern": "[vulnerability:name = 'CVE-2026-45657']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" }, { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f35e1c4-94cc-4295-b305-44a2543e8356", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45658", "pattern": "[vulnerability:name = 'CVE-2026-45658']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a226b85a-2846-46dd-a4a9-962628b19e14", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47291", "pattern": "[vulnerability:name = 'CVE-2026-47291']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" }, { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa690989-ddb0-4fb1-b7dd-6f72af14763e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48031", "pattern": "[vulnerability:name = 'CVE-2026-48031']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-48031: Go Restful API Boilerplate", "url": "https://github.com/advisories/GHSA-mqq6-462x-jxmm" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--47248f6a-79e0-44d5-8bf3-74128d8e5c0b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48063", "pattern": "[vulnerability:name = 'CVE-2026-48063']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-48063: Baileys has message upsert", "url": "https://github.com/advisories/GHSA-qvv5-jq5g-4cgg" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1e868ba4-3883-441e-a2ec-c6420b6dac37", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-49160", "pattern": "[vulnerability:name = 'CVE-2026-49160']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--542eb398-c749-442c-81af-3e5513652106", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-50507", "pattern": "[vulnerability:name = 'CVE-2026-50507']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7810d516-9f8c-4cb0-9f3c-2071cb1f0402", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-7473", "pattern": "[vulnerability:name = 'CVE-2026-7473']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Langflow Vulnerability CVE-2026-5027 Exploited for Unauthent", "url": "https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html" }, { "source_name": "CISA KEV: CVE-2026-7473 \u2014 Arista Extensible Operating System", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--069245c3-ffd0-4c72-9d7e-1da01f6a4016", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-8863", "pattern": "[vulnerability:name = 'CVE-2026-8863']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patches Record 206 Flaws, Including Three Zero-Day", "url": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--949b74bc-a36b-4d76-ac7b-75e739cafd55", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: o4511539639222272.ingest.de.sentry.io", "pattern": "[domain-name:value = 'o4511539639222272.ingest.de.sentry.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Compromised Rust crate onering performs code exfiltration", "url": "https://www.aikido.dev/blog/compromised-rust-crate-onering-performs-code-exfiltration" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b060d6a-c176-465d-9296-d3d3a791c1d0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: projectnightcrawler.dev", "pattern": "[domain-name:value = 'projectnightcrawler.dev']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access", "url": "https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--82789cfe-ddb3-46fb-abf8-c48bdea18da0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.32.150.251", "pattern": "[ipv4-addr:value = '45.32.150.251']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Code is being written everywhere, and the device is the only", "url": "https://www.aikido.dev/blog/code-is-written-everywhere" }, { "source_name": "GlassWorm Hides a RAT Inside a Malicious Chrome Extension", "url": "https://www.aikido.dev/blog/glassworm-chrome-extension-rat" }, { "source_name": "Glassworm Strikes Popular React Native Phone Number Packages", "url": "https://www.aikido.dev/blog/glassworm-strikes-react-packages-phone-numbers" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcc714ab-5c40-4f96-83c3-a9da788d6c9e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-29199", "pattern": "[vulnerability:name = 'CVE-2026-29199']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "10 year old critical vulnerability in phpBB affecting tens o", "url": "https://www.aikido.dev/blog/phpbb-authentication-bypass-rce" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1289b9fe-b14f-4aeb-9570-c41309889a89", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: giftshop.club", "pattern": "[domain-name:value = 'giftshop.club']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Code is being written everywhere, and the device is the only", "url": "https://www.aikido.dev/blog/code-is-written-everywhere" }, { "source_name": "What MDM can't protect on developer machines (and what to do", "url": "https://www.aikido.dev/blog/what-mdm-cant-protect" }, { "source_name": "Malicious MCP Server on npm postmark-mcp Harvests Emails", "url": "https://snyk.io/blog/malicious-mcp-server-on-npm-postmark-mcp-harvests-emails/" } ], "x_severity": "high", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--922fe836-6b9c-4e64-bc1a-5d0bf2388aaa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.32.151.157", "pattern": "[ipv4-addr:value = '45.32.151.157']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Code is being written everywhere, and the device is the only", "url": "https://www.aikido.dev/blog/code-is-written-everywhere" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--616b0768-c7f0-47ea-a0ea-d5d49d250850", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 70.34.242.255", "pattern": "[ipv4-addr:value = '70.34.242.255']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Code is being written everywhere, and the device is the only", "url": "https://www.aikido.dev/blog/code-is-written-everywhere" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dbb66489-a6f1-4120-bd8c-95ec5496eb38", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-21182", "pattern": "[vulnerability:name = 'CVE-2024-21182']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Researchers Build Self-Replicating AI Worm That Operates Ent", "url": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html" }, { "source_name": "CISA KEV: CVE-2024-21182 \u2014 Oracle WebLogic Server Unspecifie", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7cf11b3b-e934-46f2-b5c5-6ce1e30a2812", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-8088", "pattern": "[vulnerability:name = 'CVE-2025-8088']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" }, { "source_name": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "url": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/" }, { "source_name": "ESET APT Activity Report Q2 2025\u2013Q3 2025", "url": "https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2025-q3-2025/" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "ESET WeLiveSecurity", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef4d0b23-ba6e-4527-8e10-6eacdf187658", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-0257", "pattern": "[vulnerability:name = 'CVE-2026-0257']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" }, { "source_name": "Researchers Build Self-Replicating AI Worm That Operates Ent", "url": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html" }, { "source_name": "CISA KEV: CVE-2026-0257 \u2014 Palo Alto Networks PAN-OS Authenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9880b4d-9a5e-4d88-940c-42ab10cb12a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20122", "pattern": "[vulnerability:name = 'CVE-2026-20122']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Imp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" }, { "source_name": "CISA KEV: CVE-2026-20122 \u2014 Cisco Catalyst SD-WAN Manager Inc", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aaf46d47-962e-483e-baf7-cf0ab600743d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20127", "pattern": "[vulnerability:name = 'CVE-2026-20127']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Imp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" }, { "source_name": "CISA KEV: CVE-2026-20127 \u2014 Cisco Catalyst SD-WAN Controller ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef1e6c5d-4105-4950-8d7b-506da29fbee5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20128", "pattern": "[vulnerability:name = 'CVE-2026-20128']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Imp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" }, { "source_name": "CISA KEV: CVE-2026-20128 \u2014 Cisco Catalyst SD-WAN Manager Sto", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--382f7188-71bd-45a1-a3e2-7b642d16b0fc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20133", "pattern": "[vulnerability:name = 'CVE-2026-20133']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Imp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" }, { "source_name": "CISA KEV: CVE-2026-20133 \u2014 Cisco Catalyst SD-WAN Manager Exp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--720978bb-eb75-460a-80ed-055d7771c962", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20182", "pattern": "[vulnerability:name = 'CVE-2026-20182']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Imp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" }, { "source_name": "CISA KEV: CVE-2026-20182 \u2014 Cisco Catalyst SD-WAN Controller ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--883ad4cb-ccd9-4e0b-b491-05b7d3fae548", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-26142", "pattern": "[vulnerability:name = 'CVE-2026-26142']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--326a8ed1-9169-4609-b851-4872b5958954", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-31431", "pattern": "[vulnerability:name = 'CVE-2026-31431']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Researchers Build Self-Replicating AI Worm That Operates Ent", "url": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html" }, { "source_name": "CISA KEV: CVE-2026-31431 \u2014 Linux Kernel Incorrect Resource T", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1656179c-82d4-438b-bd0d-1fc20f2109d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-32193", "pattern": "[vulnerability:name = 'CVE-2026-32193']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--677fd3c7-2962-4d12-a9dc-c8c2facc2df1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-39987", "pattern": "[vulnerability:name = 'CVE-2026-39987']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Researchers Build Self-Replicating AI Worm That Operates Ent", "url": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html" }, { "source_name": "CISA KEV: CVE-2026-39987 \u2014 Marimo Remote Code Execution Vuln", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--359d66c1-ee53-4d2b-bdc9-fceb186c3755", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-42208", "pattern": "[vulnerability:name = 'CVE-2026-42208']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to", "url": "https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html" }, { "source_name": "CISA KEV: CVE-2026-42208 \u2014 BerriAI LiteLLM SQL Injection Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b47bc604-bdef-4d77-8fe6-4a9ca1c9dff7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-42271", "pattern": "[vulnerability:name = 'CVE-2026-42271']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to", "url": "https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html" }, { "source_name": "CISA KEV: CVE-2026-42271 \u2014 BerriAI LiteLLM Command Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7178f27e-5501-4fd9-81ce-7b08cd6092c6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-42985", "pattern": "[vulnerability:name = 'CVE-2026-42985']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80565a56-40ef-4d16-8b08-bfabd147552b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-42987", "pattern": "[vulnerability:name = 'CVE-2026-42987']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94ae7e2a-4cfa-4a65-9219-ed2b55c77645", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-42992", "pattern": "[vulnerability:name = 'CVE-2026-42992']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6975817e-c0b7-41ef-b565-25779f367b22", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-43284", "pattern": "[vulnerability:name = 'CVE-2026-43284']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Researchers Build Self-Replicating AI Worm That Operates Ent", "url": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45b2b96a-ccc8-4a4c-a054-54251edb62f6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-43500", "pattern": "[vulnerability:name = 'CVE-2026-43500']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Researchers Build Self-Replicating AI Worm That Operates Ent", "url": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1bfa24ad-644f-409b-9333-c027cb7ff3ab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44799", "pattern": "[vulnerability:name = 'CVE-2026-44799']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b66313f1-a0f1-4c05-b5fc-d11ed14b5b1b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44801", "pattern": "[vulnerability:name = 'CVE-2026-44801']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44b5dbcd-992a-44b4-94f9-3f3a15416bce", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44803", "pattern": "[vulnerability:name = 'CVE-2026-44803']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1aadeaf4-de2b-4609-a38e-59520ad9dafc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44810", "pattern": "[vulnerability:name = 'CVE-2026-44810']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a20a4aba-5931-47e5-be41-c3f1967076a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44812", "pattern": "[vulnerability:name = 'CVE-2026-44812']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cdd26a49-abdb-42d1-908d-6616d150cbc3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45321", "pattern": "[vulnerability:name = 'CVE-2026-45321']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Miasma Worm Hits Microsoft Again: Azure Functions Action and", "url": "https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents" }, { "source_name": "Out of the Crypt: The Evolving Cyber Extortion Economy", "url": "https://unit42.paloaltonetworks.com/cyber-extortion-economy/" }, { "source_name": "CISA KEV: CVE-2026-48027 \u2014 Nx Console Embedded Malicious Cod", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Unit 42 (Palo Alto)", "CISA KEV", "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--640eaaf9-77d2-45d4-91bf-83e43fc49a9e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45456", "pattern": "[vulnerability:name = 'CVE-2026-45456']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c222c382-fc00-43ff-8a01-d49b09b7a7b2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45458", "pattern": "[vulnerability:name = 'CVE-2026-45458']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0c86d6c6-2644-4ead-85e0-d9fea1065037", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45461", "pattern": "[vulnerability:name = 'CVE-2026-45461']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c92bfea-6e8b-48cf-8628-a198d103c655", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45463", "pattern": "[vulnerability:name = 'CVE-2026-45463']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--63cbc780-546c-472d-be97-a7b883702839", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45472", "pattern": "[vulnerability:name = 'CVE-2026-45472']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79d123a0-4903-45d9-af93-69bc5727b5ba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45474", "pattern": "[vulnerability:name = 'CVE-2026-45474']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7acdfa3b-22df-443d-bf79-61d8895a1b5a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45476", "pattern": "[vulnerability:name = 'CVE-2026-45476']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef88b841-a4fc-463e-9cca-64ca7411aec0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45607", "pattern": "[vulnerability:name = 'CVE-2026-45607']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd9c631d-83d7-4f20-a944-8cc2d7441f2f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45641", "pattern": "[vulnerability:name = 'CVE-2026-45641']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0a88eecf-3100-49f9-abef-8da649c412a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45648", "pattern": "[vulnerability:name = 'CVE-2026-45648']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1338547b-557d-46f9-87ee-07199c5f90a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45659", "pattern": "[vulnerability:name = 'CVE-2026-45659']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Researchers Build Self-Replicating AI Worm That Operates Ent", "url": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef9f5f58-3961-45a3-82fd-1a5a363b9a48", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47288", "pattern": "[vulnerability:name = 'CVE-2026-47288']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--30f4b175-bf54-46d5-9873-c464c8191e6d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47289", "pattern": "[vulnerability:name = 'CVE-2026-47289']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ce1d0ca-77a4-45ac-9d7c-b9d49e349037", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47635", "pattern": "[vulnerability:name = 'CVE-2026-47635']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--29ea80ef-0570-41c8-97ac-113b879cade3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47644", "pattern": "[vulnerability:name = 'CVE-2026-47644']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5b4c15c-43d8-46dc-ba44-56478ebf643b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47652", "pattern": "[vulnerability:name = 'CVE-2026-47652']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2de4cdb-36c7-4d18-b2f6-b44bf66a8bee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48030", "pattern": "[vulnerability:name = 'CVE-2026-48030']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-48030: Pheditor: OS Command Injec", "url": "https://github.com/advisories/GHSA-jvc5-6g7q-c843" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f71e920-12d6-4cde-8d55-25560c61a43f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48563", "pattern": "[vulnerability:name = 'CVE-2026-48563']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--29ee07bf-83c7-4863-82b8-41c6b525b564", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48574", "pattern": "[vulnerability:name = 'CVE-2026-48574']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prom", "url": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e72125c-ffbd-4913-a072-33526c4e1b87", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48710", "pattern": "[vulnerability:name = 'CVE-2026-48710']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to", "url": "https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html" }, { "source_name": "CISA KEV: CVE-2026-42271 \u2014 BerriAI LiteLLM Command Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c67bea4-8e4c-4fad-895d-1896e77fc1c4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-8467", "pattern": "[vulnerability:name = 'CVE-2026-8467']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-8467: PhoenixStorybook: Unauthent", "url": "https://github.com/advisories/GHSA-55hg-8qxv-qj4p" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--710fcedb-2b0d-46b2-83f2-e0efb976c39e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: check.git-service.com", "pattern": "[domain-name:value = 'check.git-service.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Miasma Worm Hits Microsoft Again: Azure Functions Action and", "url": "https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents" }, { "source_name": "Microsoft Restores Some GitHub Repos, Keeps Others Offline a", "url": "https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html" }, { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "The Hacker News", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--870e19c5-d0bc-4bd2-99c6-86c4d1b0d03a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: csxvl00328.workers.dev", "pattern": "[domain-name:value = 'csxvl00328.workers.dev']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4490ee6-8c83-414e-8cde-cc08be0e517c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: dayobtvoyu.ru", "pattern": "[domain-name:value = 'dayobtvoyu.ru']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db192453-7a0d-40e6-af37-87f906ee4643", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: e097.yggjf81487.workers.dev", "pattern": "[domain-name:value = 'e097.yggjf81487.workers.dev']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--69a49485-217a-4815-957f-25e3be1236fc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: git-service.com", "pattern": "[domain-name:value = 'git-service.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Miasma Worm Hits Microsoft Again: Azure Functions Action and", "url": "https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents" }, { "source_name": "Microsoft Restores Some GitHub Repos, Keeps Others Offline a", "url": "https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html" }, { "source_name": "Microsoft's durabletask package on PyPi Compromised. Mini Sh", "url": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "The Hacker News", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba0d3bfa-63f4-4a48-b6c7-9f5a1acf2e0a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: https://malicious.app", "pattern": "[domain-name:value = 'https://malicious.app']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "New FROST Attack Lets Websites Track What Sites and Apps You", "url": "https://thehackernews.com/2026/06/new-frost-attack-lets-websites-track.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72e04ce1-8b88-4253-80d0-375c8cd498da", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: https://receiver.app", "pattern": "[domain-name:value = 'https://receiver.app']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "New FROST Attack Lets Websites Track What Sites and Apps You", "url": "https://thehackernews.com/2026/06/new-frost-attack-lets-websites-track.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0db10fd-0db8-4c0b-8d8c-dcff853df0f0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: https://sender.app", "pattern": "[domain-name:value = 'https://sender.app']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "New FROST Attack Lets Websites Track What Sites and Apps You", "url": "https://thehackernews.com/2026/06/new-frost-attack-lets-websites-track.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c4d4020-fe15-422e-aaae-ff47452253ad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: https://victim.com", "pattern": "[domain-name:value = 'https://victim.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "New FROST Attack Lets Websites Track What Sites and Apps You", "url": "https://thehackernews.com/2026/06/new-frost-attack-lets-websites-track.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e3b9a56-8128-4fac-92d0-aed45c74a030", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: insight-sweet-drainage-appreciated.trycloudflare.com", "pattern": "[domain-name:value = 'insight-sweet-drainage-appreciated.trycloudflare.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--386ba0f8-5937-41ef-b4d0-d014f93e687b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: snterval.selltosell.ru", "pattern": "[domain-name:value = 'snterval.selltosell.ru']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7153ed4e-bfae-493b-a53b-44b6af87c139", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sweet.csxvl00328.workers.dev", "pattern": "[domain-name:value = 'sweet.csxvl00328.workers.dev']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--068ac368-f348-4880-9265-6ee55e46f4a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: t.m-kosche.com", "pattern": "[domain-name:value = 't.m-kosche.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Miasma Worm Hits Microsoft Again: Azure Functions Action and", "url": "https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents" }, { "source_name": "Microsoft Restores Some GitHub Repos, Keeps Others Offline a", "url": "https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html" }, { "source_name": "[GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromi", "url": "https://github.com/advisories/GHSA-jpvj-wpmj-h7rv" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "The Hacker News", "GitHub Security Advisories", "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1833f7f6-d6bc-43f8-93c6-98f9e596cf27", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: vids-road-christina-guards.trycloudflare.com", "pattern": "[domain-name:value = 'vids-road-christina-guards.trycloudflare.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f7b5c75-4814-410e-b8d7-457d5fdf3fb7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.207.144.154", "pattern": "[ipv4-addr:value = '104.207.144.154']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--acb52f63-8037-41f4-abe9-6f10ef7bc568", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 144.172.88.24", "pattern": "[ipv4-addr:value = '144.172.88.24']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad4bfa63-9a18-44a5-8f1a-2c87484a2012", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.19.216.119", "pattern": "[ipv4-addr:value = '146.19.216.119']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--159e21cc-bb7d-4550-89f0-85a56dc02ed8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.19.216.120", "pattern": "[ipv4-addr:value = '146.19.216.120']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ec41578-c9c9-4a48-91d3-b5edf4b0efa7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.19.216.125", "pattern": "[ipv4-addr:value = '146.19.216.125']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce9720f4-3a92-44a1-a870-56915d422812", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 172.86.72.243", "pattern": "[ipv4-addr:value = '172.86.72.243']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--682b2c70-d2a0-4969-bb8a-b98d4965a994", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 172.86.76.132", "pattern": "[ipv4-addr:value = '172.86.76.132']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--63ce4d2c-0d3b-4b3e-be58-619c471249d1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 179.43.172.213", "pattern": "[ipv4-addr:value = '179.43.172.213']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--808b6049-837f-4624-8bb2-3b4bab23ff43", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.195.232.139", "pattern": "[ipv4-addr:value = '185.195.232.139']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1ae9ae7-f50d-4e46-ba9d-0ce6d0f436cf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 198.12.106.60", "pattern": "[ipv4-addr:value = '198.12.106.60']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b24890c4-c237-4be6-af22-317ac2440b76", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 202.144.192.47", "pattern": "[ipv4-addr:value = '202.144.192.47']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bde09682-fd05-49e2-8328-5510e806730f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 209.99.191.137", "pattern": "[ipv4-addr:value = '209.99.191.137']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02087755-78f2-4d86-9207-0268b3f7a550", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 23.128.228.6", "pattern": "[ipv4-addr:value = '23.128.228.6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d3c0c65e-de08-4b9c-be7e-13bf5b56c57e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 79.130.26.202", "pattern": "[ipv4-addr:value = '79.130.26.202']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa", "url": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c752fe03-4545-4a6a-8dad-85e2ff755c2f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: a2c6e01001c62f6198e31a9d603977c6", "pattern": "[file:hashes.MD5 = 'a2c6e01001c62f6198e31a9d603977c6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--debf2843-5719-4e35-829a-020c6e906d82", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: bf94f4056627907d86ce1cae8b44c67a", "pattern": "[file:hashes.MD5 = 'bf94f4056627907d86ce1cae8b44c67a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1bc8c32e-2493-42fb-82b4-d1e0158801a0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: d2a6009587b3cb73355c2d1e53d5cdfa", "pattern": "[file:hashes.MD5 = 'd2a6009587b3cb73355c2d1e53d5cdfa']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--089ab637-36f2-491c-8820-1e25338133bc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 272c86c6db95f1ef8b83f672b65e64df16494cae261e1aba1aeb1e59dcb68524", "pattern": "[file:hashes.'SHA-256' = '272c86c6db95f1ef8b83f672b65e64df16494cae261e1aba1aeb1e59dcb68524']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" }, { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ebf2b55e-5f22-48a6-8701-801c1f3e9818", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 288f26c2eadcb1a7923fe376d16f5404216cce15d9fc162a4a78574dc7df399a", "pattern": "[file:hashes.'SHA-256' = '288f26c2eadcb1a7923fe376d16f5404216cce15d9fc162a4a78574dc7df399a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Wait, binding.gyp Can Do What? Exploring npm's Weirdest Buil", "url": "https://www.aikido.dev/blog/exploring-binding-gyp-npm-build-system" }, { "source_name": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Wor", "url": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--929b5f4f-5bf1-4734-887b-b5572003cf2e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 33580073680016f23bf474e6e62c61bf6a776e561385bfb06788a4713114ba9d", "pattern": "[file:hashes.'SHA-256' = '33580073680016f23bf474e6e62c61bf6a776e561385bfb06788a4713114ba9d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" }, { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5e2a8ff-0147-491f-9a61-a89d4a078d14", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 498961237cf1c48f1e7764829818c5ba0af24a234c2f29c4420fb80276aec676", "pattern": "[file:hashes.'SHA-256' = '498961237cf1c48f1e7764829818c5ba0af24a234c2f29c4420fb80276aec676']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" }, { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14d9fb70-d709-4f52-9ce7-a7fa72e388c3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4f4567abe9ff520797b04b04255bbbe07ecdddb594559d436ac53314ec62c1b3", "pattern": "[file:hashes.'SHA-256' = '4f4567abe9ff520797b04b04255bbbe07ecdddb594559d436ac53314ec62c1b3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" }, { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b639e433-5389-4a0c-8cf9-54490a599fbd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 53f1b841d323c211c715b8f80d0efb9529440caae921a60340de027052946dd9", "pattern": "[file:hashes.'SHA-256' = '53f1b841d323c211c715b8f80d0efb9529440caae921a60340de027052946dd9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" }, { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57f42e0a-cae9-498c-90a0-5a2a8000cfe1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6506d31707a39949f89534bf9705bcf889f1ecae3dbc6f4ff88d67a8be3d01b2", "pattern": "[file:hashes.'SHA-256' = '6506d31707a39949f89534bf9705bcf889f1ecae3dbc6f4ff88d67a8be3d01b2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Restores Some GitHub Repos, Keeps Others Offline a", "url": "https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--36f050ce-71ec-4a12-bf81-07b75fb7b3ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6d332f814f15f19758d65026bbfd0a8c49671b319ec77b8fa1b27fc48afff7d9", "pattern": "[file:hashes.'SHA-256' = '6d332f814f15f19758d65026bbfd0a8c49671b319ec77b8fa1b27fc48afff7d9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Microsoft Restores Some GitHub Repos, Keeps Others Offline a", "url": "https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3cf5a86b-abb6-45fe-a03b-be6c09101132", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: aea13e5871b683a19a05015ff0369b412b985d47eb67a3af93f44400a026b4b0", "pattern": "[file:hashes.'SHA-256' = 'aea13e5871b683a19a05015ff0369b412b985d47eb67a3af93f44400a026b4b0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" }, { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--837f9a42-7751-4798-b80b-e955539d0c74", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b53069a380a9dd3dc1c758888d0e50dd43935f16df0f7124c77569375a9f44f5", "pattern": "[file:hashes.'SHA-256' = 'b53069a380a9dd3dc1c758888d0e50dd43935f16df0f7124c77569375a9f44f5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" }, { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--178afa66-587c-4b00-b5e8-e956431a28b6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ba86b6e0199b8907427364246f049efd67dc4eda0b5078f4bc7607253634cf24", "pattern": "[file:hashes.'SHA-256' = 'ba86b6e0199b8907427364246f049efd67dc4eda0b5078f4bc7607253634cf24']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" }, { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c86a563-8ddd-4640-9ba8-e4a321e30267", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ceff7c51d70832c3ec8dd2744b606a23b3c924ef664ae23439b9b742ea154108", "pattern": "[file:hashes.'SHA-256' = 'ceff7c51d70832c3ec8dd2744b606a23b3c924ef664ae23439b9b742ea154108']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Wait, binding.gyp Can Do What? Exploring npm's Weirdest Buil", "url": "https://www.aikido.dev/blog/exploring-binding-gyp-npm-build-system" }, { "source_name": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Wor", "url": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c981bee7-d15a-4e09-ac2e-c446bb4fa819", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: defe25e400d4925d8a2bb4b1181044d06a8bf61688fd9c9ea59f1e0bb7bc21d8", "pattern": "[file:hashes.'SHA-256' = 'defe25e400d4925d8a2bb4b1181044d06a8bf61688fd9c9ea59f1e0bb7bc21d8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" }, { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d69a66c-264d-4bf3-ba35-27adc909b8bc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e3dbe63aded45278f49c4746ab938ed9472b36def79b43e2dd2d7eff014481d1", "pattern": "[file:hashes.'SHA-256' = 'e3dbe63aded45278f49c4746ab938ed9472b36def79b43e2dd2d7eff014481d1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Wait, binding.gyp Can Do What? Exploring npm's Weirdest Buil", "url": "https://www.aikido.dev/blog/exploring-binding-gyp-npm-build-system" }, { "source_name": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Wor", "url": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f87c5d04-94c9-4d47-92c6-09e7e8691db2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: edc1f7528ca93ec432daca820f47e08d218b79cceca1ee764966f8f90d6a58bd", "pattern": "[file:hashes.'SHA-256' = 'edc1f7528ca93ec432daca820f47e08d218b79cceca1ee764966f8f90d6a58bd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste", "url": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html" }, { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--680d245a-1849-4660-9630-7dbb8b628917", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ef641e956f91d501b748085996303c96a64d67f63bfeef0dda175e5aa19cca90", "pattern": "[file:hashes.'SHA-256' = 'ef641e956f91d501b748085996303c96a64d67f63bfeef0dda175e5aa19cca90']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Wait, binding.gyp Can Do What? Exploring npm's Weirdest Buil", "url": "https://www.aikido.dev/blog/exploring-binding-gyp-npm-build-system" }, { "source_name": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Wor", "url": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c629879a-679e-4767-8230-eb6f311e61c6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-22769", "pattern": "[vulnerability:name = 'CVE-2026-22769']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" }, { "source_name": "CISA KEV: CVE-2026-22769 \u2014 Dell RecoverPoint for Virtual Mac", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--201195cd-a282-4b69-92d6-9ae11491d9f6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-23111", "pattern": "[vulnerability:name = 'CVE-2026-23111']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "One-Character Linux Kernel Flaw Enables Local Root Access, E", "url": "https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e82abda6-b78b-42c4-a9f5-cfeeaa36c32d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-34084", "pattern": "[vulnerability:name = 'CVE-2026-34084']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45034: PHPSpreadsheet has a patch", "url": "https://github.com/advisories/GHSA-87m4-826x-3crx" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db2460eb-3a46-425d-a145-978a6dc73867", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45034", "pattern": "[vulnerability:name = 'CVE-2026-45034']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45034: PHPSpreadsheet has a patch", "url": "https://github.com/advisories/GHSA-87m4-826x-3crx" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b94db9fb-f701-4162-b792-a11dab1a7852", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47252", "pattern": "[vulnerability:name = 'CVE-2026-47252']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47252: Anyquery: AppleScript/JXA ", "url": "https://github.com/advisories/GHSA-hrj8-hjv8-mgwc" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba16398e-5227-4aa4-870a-47dcf52801d5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47430", "pattern": "[vulnerability:name = 'CVE-2026-47430']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47430: Cordova Plugin InAppBrowse", "url": "https://github.com/advisories/GHSA-q42j-x8rq-pjg6" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7a435fd-cd03-49cc-b8da-65944684ea1f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47724", "pattern": "[vulnerability:name = 'CVE-2026-47724']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47724: nebula-mesh: API endpoints", "url": "https://github.com/advisories/GHSA-598g-h2vc-h5vg" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f1101ed-3e16-4dbf-805a-187f99a2987d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-50751", "pattern": "[vulnerability:name = 'CVE-2026-50751']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9821b50a-c26e-4e4a-b201-a07c549ab6aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-50752", "pattern": "[vulnerability:name = 'CVE-2026-50752']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df8831f3-9b96-45a2-819d-d4086ac60619", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: awaydouble.org", "pattern": "[domain-name:value = 'awaydouble.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--720fc22c-bb47-4969-a782-e31cc5de3d1f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: blog.com", "pattern": "[domain-name:value = 'blog.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI Phishing Is Crushing SOCs with Alert Volume: How to Reduc", "url": "https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8d222e8-3e55-4de4-85af-e06624e47af0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: brokeapt.com", "pattern": "[domain-name:value = 'brokeapt.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55daaa11-4a7d-487b-a154-bce6a99bc2a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: business-data-leaks.com", "pattern": "[domain-name:value = 'business-data-leaks.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Th", "url": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a7fcea8-66ff-41d1-aa44-7416ed34ae1e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: dash.awaydouble.org", "pattern": "[domain-name:value = 'dash.awaydouble.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37fdde0d-7180-4f43-ab6e-6c8a488f0237", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: epleyonlineo.za.com", "pattern": "[domain-name:value = 'epleyonlineo.za.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI Phishing Is Crushing SOCs with Alert Volume: How to Reduc", "url": "https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2ccf702f-f58c-4fb3-ba72-49001e99179b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: legendarytrendsbay.shop", "pattern": "[domain-name:value = 'legendarytrendsbay.shop']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2f139fc-ba0b-4a5d-b696-c34f55974ea9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: openvpn.com", "pattern": "[domain-name:value = 'openvpn.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI Phishing Is Crushing SOCs with Alert Volume: How to Reduc", "url": "https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf7ceba4-ac98-4983-a82d-8da686a951e6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pan.rongtv.xyz", "pattern": "[domain-name:value = 'pan.rongtv.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--933153b3-2680-43bf-a403-961062c1ecef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pan.ssffaa19.xyz", "pattern": "[domain-name:value = 'pan.ssffaa19.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--626b52aa-6e99-438a-986f-a3d6959d0c18", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pureplantcravings.com", "pattern": "[domain-name:value = 'pureplantcravings.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--243039b6-9a07-41ac-94bb-7471dd7ec7fc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: rongtv.xyz", "pattern": "[domain-name:value = 'rongtv.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f49eaccb-c71c-42c9-9c41-6d98c89f8330", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: servicing.pureplantcravings.com", "pattern": "[domain-name:value = 'servicing.pureplantcravings.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cfb10bce-b6b3-4bdc-baad-323fe878e85b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ssffaa19.xyz", "pattern": "[domain-name:value = 'ssffaa19.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--094147ee-e92f-459a-8a5f-82202676e6f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 13.107.213.44", "pattern": "[ipv4-addr:value = '13.107.213.44']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI Phishing Is Crushing SOCs with Alert Volume: How to Reduc", "url": "https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6a5f3bc-8277-4744-b72c-722e2dd3176c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 143.204.203.52", "pattern": "[ipv4-addr:value = '143.204.203.52']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI Phishing Is Crushing SOCs with Alert Volume: How to Reduc", "url": "https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e80de470-504d-43ef-8a2c-45caf7347d3a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 144.208.127.155", "pattern": "[ipv4-addr:value = '144.208.127.155']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f0d499b-394a-4569-bb69-172764b6e619", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 149.248.11.71", "pattern": "[ipv4-addr:value = '149.248.11.71']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb77c876-4386-49e7-bde6-0fb3d54c46ce", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 162.33.177.101", "pattern": "[ipv4-addr:value = '162.33.177.101']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b26aec86-4838-40db-aa8d-2a1988c34128", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 174.169.162.62", "pattern": "[ipv4-addr:value = '174.169.162.62']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Th", "url": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65d280af-ce42-433b-8681-1f4e0f08841c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.236.146.173", "pattern": "[ipv4-addr:value = '192.236.146.173']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Th", "url": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c235ed0-261b-4b26-994e-5dfe892d4ba7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.236.147.131", "pattern": "[ipv4-addr:value = '192.236.147.131']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Th", "url": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--30b1bbef-4d2d-4f14-ac2b-4992811753d0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.236.147.138", "pattern": "[ipv4-addr:value = '192.236.147.138']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Th", "url": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8314c438-62d6-476b-a49c-04396039ce29", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.236.154.158", "pattern": "[ipv4-addr:value = '192.236.154.158']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Th", "url": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8539cc9e-b084-4fe0-bb4a-27925e7a06ab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.141.60.212", "pattern": "[ipv4-addr:value = '193.141.60.212']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Th", "url": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--328c9799-0c18-4ded-86d6-ed17b7ce186c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 209.182.225.136", "pattern": "[ipv4-addr:value = '209.182.225.136']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1017454-b34b-4dd5-a0a0-475874c90db8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.54.107.167", "pattern": "[ipv4-addr:value = '38.54.107.167']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28e9ef32-d3f6-4535-a34f-c163d361a8a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.54.88.201", "pattern": "[ipv4-addr:value = '38.54.88.201']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--445a9508-b8d7-458d-b925-0b7bd94ffb85", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.60.157.139", "pattern": "[ipv4-addr:value = '38.60.157.139']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f04712db-82ed-4774-916e-f42d291a0cac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.61.136.173", "pattern": "[ipv4-addr:value = '45.61.136.173']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ac70f7d-ac9b-48ca-b932-e1fa1ed0269d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.63.104.106", "pattern": "[ipv4-addr:value = '45.63.104.106']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d1864e5-def1-4e1d-994a-f425d3569daa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.76.26.42", "pattern": "[ipv4-addr:value = '45.76.26.42']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--09f5c87f-0573-44c0-8572-82b1fe001fd9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.77.149.152", "pattern": "[ipv4-addr:value = '45.77.149.152']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c91db304-9e0c-4aef-a148-6f58b253a8df", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 64.94.84.97", "pattern": "[ipv4-addr:value = '64.94.84.97']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Th", "url": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db4626d1-c2b4-476a-9d29-e96e20b0e057", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 66.42.99.200", "pattern": "[ipv4-addr:value = '66.42.99.200']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0797b361-70b0-4829-823b-68c7c6cf513e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 22c0c7d441fd22432cfe7854b59ba82b", "pattern": "[file:hashes.MD5 = '22c0c7d441fd22432cfe7854b59ba82b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba1f175b-1856-4ce0-8e36-31fb5f99fe05", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 51d39aa39478beeac94f2d12f682ecce", "pattern": "[file:hashes.MD5 = '51d39aa39478beeac94f2d12f682ecce']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0fdde0f-c606-436c-b805-56e4acc6e93d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 52fda5c1b9704544f32ee98d9060e689", "pattern": "[file:hashes.MD5 = '52fda5c1b9704544f32ee98d9060e689']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files ", "url": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html" }, { "source_name": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "The Hacker News", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d381411d-a021-4427-a88e-cb4183bfbe8a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 562d48524313d414b5a419fed6ca10aa", "pattern": "[file:hashes.MD5 = '562d48524313d414b5a419fed6ca10aa']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2fec8776-38ae-496a-b7c1-0f60fc2ae9fc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 58d4eccc982c9e9b1b98aa62c514e53a", "pattern": "[file:hashes.MD5 = '58d4eccc982c9e9b1b98aa62c514e53a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--20db5482-a966-4dca-9974-fd1a19cbd773", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 84ad78b2bab946c3677fdc28ebd8a774", "pattern": "[file:hashes.MD5 = '84ad78b2bab946c3677fdc28ebd8a774']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7bb1fd3-55a2-4cf0-b678-7914d7cf1426", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 95dc2289427ed29b8b996d0e3d1b78cb", "pattern": "[file:hashes.MD5 = '95dc2289427ed29b8b996d0e3d1b78cb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c60c01a-e252-46fa-82d8-fab4addf1f7c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 98ee964edeb5a988c3bba8ea1e57fe0e", "pattern": "[file:hashes.MD5 = '98ee964edeb5a988c3bba8ea1e57fe0e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb389a3b-5d4c-463f-b28f-dc1ef716b5b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: b96c0d609c1b7e74f8cb1442bf0b5418", "pattern": "[file:hashes.MD5 = 'b96c0d609c1b7e74f8cb1442bf0b5418']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--601e96c9-8c9f-43a1-a560-56499b6809b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: dbaa133fd3d1a834460206d83b480f80", "pattern": "[file:hashes.MD5 = 'dbaa133fd3d1a834460206d83b480f80']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f55a2e4-9d03-4f7c-a78e-0075ae24f3cf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: fbfe7513685913e6f878647eec429d45", "pattern": "[file:hashes.MD5 = 'fbfe7513685913e6f878647eec429d45']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7bd38f07-8a30-4852-bc01-c3e0f58bb39c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 4f5c5b3ef45cfff7721754487a86aeff9a2e6e32", "pattern": "[file:hashes.'SHA-1' = '4f5c5b3ef45cfff7721754487a86aeff9a2e6e32']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f362c584-b577-4e5f-811e-967cf2c60ce4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 681075027553546c119ec447eb8df84633dcffce", "pattern": "[file:hashes.'SHA-1' = '681075027553546c119ec447eb8df84633dcffce']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f34d5f80-e2e5-430a-be13-38f5b6cf87b9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: e952c18272efa1c3d73d0a5381bcf443c02743fe", "pattern": "[file:hashes.'SHA-1' = 'e952c18272efa1c3d73d0a5381bcf443c02743fe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f170b79-4d00-4a0f-ba60-2a8321817992", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: f4d77958a12a0778283d3e679b24b18f82e332c4", "pattern": "[file:hashes.'SHA-1' = 'f4d77958a12a0778283d3e679b24b18f82e332c4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e434e5c-4e4b-415e-9640-f34a1016549c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: f8d93c1769e877aae7e7d5c289a467b5ae371c7a", "pattern": "[file:hashes.'SHA-1' = 'f8d93c1769e877aae7e7d5c289a467b5ae371c7a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b13a97ce-26a3-4cd8-bd6c-80010264cd87", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0a26238f6c516de5885457c93042531aa59bc206a9537cebf5267cedc6c68531", "pattern": "[file:hashes.'SHA-256' = '0a26238f6c516de5885457c93042531aa59bc206a9537cebf5267cedc6c68531']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3ded8e59-2c35-4924-b1cf-05c15070cb83", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df", "pattern": "[file:hashes.'SHA-256' = '2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32df5a04-b16b-4efd-b857-f4f56f6908ec", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c", "pattern": "[file:hashes.'SHA-256' = '24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d891a6a-d911-4957-a94f-7063ce3bf0e0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 25270cc429ada8028b5b33220ed412c47907ecceea7377d608fac5af01bed56a", "pattern": "[file:hashes.'SHA-256' = '25270cc429ada8028b5b33220ed412c47907ecceea7377d608fac5af01bed56a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4fa861a0-7f59-4586-87ac-efae066b7722", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759", "pattern": "[file:hashes.'SHA-256' = '320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b27f224-ecc2-40ff-8362-12d7b29e3abe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5", "pattern": "[file:hashes.'SHA-256' = '40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--81c77f90-0154-43f1-9203-efdd878dc8b4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830", "pattern": "[file:hashes.'SHA-256' = '45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1cf158aa-de6a-4cff-bca4-123610eb50d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5455341ed1bbe75a664fca2dd0794c508e1874f75360253a7ff5bc119bc92d80", "pattern": "[file:hashes.'SHA-256' = '5455341ed1bbe75a664fca2dd0794c508e1874f75360253a7ff5bc119bc92d80']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f4d9261d-ab80-4023-bf62-b15e8a838b71", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 56d722b0331bf0aaa86bb37483486c6dff6ad9427fc473ed7c3226c21a9bdd23", "pattern": "[file:hashes.'SHA-256' = '56d722b0331bf0aaa86bb37483486c6dff6ad9427fc473ed7c3226c21a9bdd23']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af5d8e70-d4a6-4b9e-ab4d-2611d03bcd0c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 791efb555eefb7215e96659a1353a97416743b66bdd72705493129c64057d40e", "pattern": "[file:hashes.'SHA-256' = '791efb555eefb7215e96659a1353a97416743b66bdd72705493129c64057d40e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9515866e-37ad-4502-b213-0e46b00db24a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8610d4fb0ec5b525071c2aaec4df0f8fcbb3673aba58a7e1959fc44e83c0e2ca", "pattern": "[file:hashes.'SHA-256' = '8610d4fb0ec5b525071c2aaec4df0f8fcbb3673aba58a7e1959fc44e83c0e2ca']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db12a28b-e4fd-4e93-8089-e79037bb48c7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035", "pattern": "[file:hashes.'SHA-256' = '90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--84f78bd0-a686-4ecc-aae6-2accc67c6166", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a", "pattern": "[file:hashes.'SHA-256' = '92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e71b0df8-b9a4-487a-a89c-784d8b516008", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 99231deb373997364381d1eb513d2d42231d418c3a2db9007c5af9bd56ab9371", "pattern": "[file:hashes.'SHA-256' = '99231deb373997364381d1eb513d2d42231d418c3a2db9007c5af9bd56ab9371']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a03f7563-c401-402e-8e9c-1394cd97f182", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878", "pattern": "[file:hashes.'SHA-256' = 'aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ecc7b70c-f225-4e43-9500-3a34ad215ade", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c7c5072df9f83f4c440a5c3bb4be1d5f6c67bbf78f196406ca20d27b43b975b8", "pattern": "[file:hashes.'SHA-256' = 'c7c5072df9f83f4c440a5c3bb4be1d5f6c67bbf78f196406ca20d27b43b975b8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI brands as bait: How threat actors are using the AI hype i", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1a7ddc1a-a9d4-428c-80b5-b95eb9338cd0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591", "pattern": "[file:hashes.'SHA-256' = 'dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--acdfbb4c-582b-4678-b0d7-30e29b842b12", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: eb141a43958802727a6c813452450c10b92704bea4474ee5fd87c0a1be326e2e", "pattern": "[file:hashes.'SHA-256' = 'eb141a43958802727a6c813452450c10b92704bea4474ee5fd87c0a1be326e2e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3da53a13-7321-4838-ae8a-b3ce8f200da7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a", "pattern": "[file:hashes.'SHA-256' = 'ee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4cc663b-8e3e-478c-ad25-ed1248fbb03f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f70abe93121637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264", "pattern": "[file:hashes.'SHA-256' = 'f70abe93121637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App", "url": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html" } ], "x_severity": "crit", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d406426-b473-4ba3-8789-0a49b58e8644", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ommicrosoft.com", "pattern": "[domain-name:value = 'ommicrosoft.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "When \u201cHi, This Is IT\u201d Comes Through Microsoft Teams", "url": "https://unit42.paloaltonetworks.com/microsoft-teams-phishing/" } ], "x_severity": "high", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--50417bbd-72c8-4ae0-969a-c0cc81dcb15e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: clientsdk.brdtnet.com", "pattern": "[domain-name:value = 'clientsdk.brdtnet.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Pr", "url": "https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2ff0ed2f-e267-46b6-b3b9-461a585d072f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: clientsdk.bright-sdk.com", "pattern": "[domain-name:value = 'clientsdk.bright-sdk.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Pr", "url": "https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1aec4fe8-1a49-4a6d-9651-ed5e5c6581bd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: proxyjs.brdtnet.com", "pattern": "[domain-name:value = 'proxyjs.brdtnet.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Pr", "url": "https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee7f02f6-b7a1-49d2-a99e-b0bd1fd1437b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: proxyjs.bright-sdk.com", "pattern": "[domain-name:value = 'proxyjs.bright-sdk.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Pr", "url": "https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--631d8698-a31c-499c-90b3-3d085e86fd83", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: proxyjs.luminatinet.com", "pattern": "[domain-name:value = 'proxyjs.luminatinet.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Pr", "url": "https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html" } ], "x_severity": "high", "x_sources": [ "The Hacker News" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d7047cb8-4bef-4bde-92e9-426ee790c00f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-28318", "pattern": "[vulnerability:name = 'CVE-2026-28318']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-28318 \u2014 SolarWinds Serv-U Uncontrolled Re", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33985cd4-53bf-4152-a17d-01aba412e86f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47668", "pattern": "[vulnerability:name = 'CVE-2026-47668']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47668: DbGate: Unauthenticated Re", "url": "https://github.com/advisories/GHSA-8v3q-9vmx-36vc" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--48f07e65-f0da-420a-8791-daca20c5d81a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47669", "pattern": "[vulnerability:name = 'CVE-2026-47669']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47669: DbGate: Zip Slip in archiv", "url": "https://github.com/advisories/GHSA-h535-j5hr-mv56" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6e63d3a-427f-4ae7-b2fb-a0996169ec4d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47670", "pattern": "[vulnerability:name = 'CVE-2026-47670']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47670: Authenticated Remote Code ", "url": "https://github.com/advisories/GHSA-wm5r-5qp3-5vxf" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--445b981b-318f-424b-b58d-04a92a0bc874", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47731", "pattern": "[vulnerability:name = 'CVE-2026-47731']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47731: NASA AMMOS Instrument Tool", "url": "https://github.com/advisories/GHSA-p462-prxw-mjx4" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b691d2f1-3514-40ef-9092-42002ff95960", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47744", "pattern": "[vulnerability:name = 'CVE-2026-47744']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47744: Shopper: Authorization byp", "url": "https://github.com/advisories/GHSA-c3qp-2ggw-xjg7" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--498bc458-af07-463a-b35a-f474b91b94eb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47708", "pattern": "[vulnerability:name = 'CVE-2026-47708']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47708: MCP-for-Stata: Command inj", "url": "https://github.com/advisories/GHSA-4p62-hqp5-g644" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d1cb38c5-98c0-4e6a-83ce-76a30a07e73b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 608d01124cd6b5b8c55888e984b4c4d9b06fa686", "pattern": "[file:hashes.'SHA-1' = '608d01124cd6b5b8c55888e984b4c4d9b06fa686']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Wor", "url": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/" }, { "source_name": "Preinstall to persistence: Inside the Red Hat npm Miasma cre", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/" } ], "x_severity": "crit", "x_sources": [ "Snyk", "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e73a530-cd28-48a5-805e-cf795e18173a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 8bf051251ec3b973e39a313547e53421a2f8d2f6", "pattern": "[file:hashes.'SHA-1' = '8bf051251ec3b973e39a313547e53421a2f8d2f6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Wor", "url": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/" }, { "source_name": "Preinstall to persistence: Inside the Red Hat npm Miasma cre", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/" } ], "x_severity": "crit", "x_sources": [ "Snyk", "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b708bb2b-eb90-4da4-87c2-a2830afa1c26", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: ab9903d9edc720d1e11ea7d3d3e7a1c456f44ff7", "pattern": "[file:hashes.'SHA-1' = 'ab9903d9edc720d1e11ea7d3d3e7a1c456f44ff7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Wor", "url": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/" }, { "source_name": "Preinstall to persistence: Inside the Red Hat npm Miasma cre", "url": "https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/" } ], "x_severity": "crit", "x_sources": [ "Snyk", "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1a10dd26-31bb-40e2-8c5c-d4a2bc730f28", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: d78c25443ec4a0d7f0a85776461f3b1163132537", "pattern": "[file:hashes.'SHA-1' = 'd78c25443ec4a0d7f0a85776461f3b1163132537']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromi", "url": "https://github.com/advisories/GHSA-jpvj-wpmj-h7rv" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7ea9a47-9aca-4666-a305-db6d617a9b5a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7c24b4d9a8f448832f3752d7f67dcdbf1b7f0f41e10bf633efa175e627144e8b", "pattern": "[file:hashes.'SHA-256' = '7c24b4d9a8f448832f3752d7f67dcdbf1b7f0f41e10bf633efa175e627144e8b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromi", "url": "https://github.com/advisories/GHSA-jpvj-wpmj-h7rv" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0d60597-a480-48e4-b712-4cd90bb365a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-6514", "pattern": "[vulnerability:name = 'CVE-2025-6514']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "So You Have an AI Security Budget. Now what?", "url": "https://snyk.io/blog/ai-security-budget/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86ecd364-4bc2-4cda-9b23-8f3938f049c1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: kongtuke.com", "pattern": "[domain-name:value = 'kongtuke.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0532807-72f8-4bb7-b995-eae6866300cb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 144.31.221.82", "pattern": "[ipv4-addr:value = '144.31.221.82']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" }, { "source_name": "Hypotheses, telemetry, and human judgment: Inside Cisco Talo", "url": "https://blog.talosintelligence.com/hypotheses-telemetry-and-human-judgment-inside-cisco-talos-threat-hunting/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e6bf5b8-37a3-4cc8-935f-6a79a6f23895", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: bf9672ec85283fdf002d83662f0b08b7", "pattern": "[file:hashes.MD5 = 'bf9672ec85283fdf002d83662f0b08b7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1611ddce-cdb4-41f7-aeed-caa99c40694b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: cc4d231df34e57f59eb970353c7d9de2", "pattern": "[file:hashes.MD5 = 'cc4d231df34e57f59eb970353c7d9de2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" }, { "source_name": "Less panic patching, more precision", "url": "https://blog.talosintelligence.com/less-panic-patching-more-precision/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f651b6a2-c072-4a59-b940-dbe5d81fec78", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5926b86b642e00672252953eb30d8f75cfb7797fe3118bd6fa2cfbee92905d61", "pattern": "[file:hashes.'SHA-256' = '5926b86b642e00672252953eb30d8f75cfb7797fe3118bd6fa2cfbee92905d61']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Wor", "url": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f6a5a68-7e62-476e-b6e3-b4626506acab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 82d83274680df928fdda296a348e01802f595e412308c399565c320df444052a", "pattern": "[file:hashes.'SHA-256' = '82d83274680df928fdda296a348e01802f595e412308c399565c320df444052a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Wor", "url": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8816bdb6-9606-401a-b48b-3bb3b119e23c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: afc8a00883a4ea07df2dc1d4ed02f8a23b35c9456413b438a2d9ce3ae5076638", "pattern": "[file:hashes.'SHA-256' = 'afc8a00883a4ea07df2dc1d4ed02f8a23b35c9456413b438a2d9ce3ae5076638']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" }, { "source_name": "Less panic patching, more precision", "url": "https://blog.talosintelligence.com/less-panic-patching-more-precision/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--26c40cde-f18d-42ca-b07e-f4066189368b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe", "pattern": "[file:hashes.'SHA-256' = 'c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Reporting from Vegas: Networking, AI, and good boys", "url": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fbc493b8-ac00-4f36-a5b8-e90f69d6e80c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: da39146ef451d1b174a24d00b1e2a45cd38d54e849737f8f35333dcb22175707", "pattern": "[file:hashes.'SHA-256' = 'da39146ef451d1b174a24d00b1e2a45cd38d54e849737f8f35333dcb22175707']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Wor", "url": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d5c7257-1f40-4f55-8c8d-6ac0b32f3ab5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44180", "pattern": "[vulnerability:name = 'CVE-2026-44180']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-44180: Jupyter Enterprise Gateway", "url": "https://github.com/advisories/GHSA-chq7-94j8-cj28" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--84e94c31-08c0-4759-b74b-ad41458ac6f9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44181", "pattern": "[vulnerability:name = 'CVE-2026-44181']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-44181: Jupyter Enterprise Gateway", "url": "https://github.com/advisories/GHSA-f49j-v924-fx9w" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2ad1be4c-c53b-4242-9f9d-ce79d0ffac1a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44182", "pattern": "[vulnerability:name = 'CVE-2026-44182']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-44182: Jupyter Enterprise Gateway", "url": "https://github.com/advisories/GHSA-cfw7-6c5v-2wjq" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--daa30426-48b2-4a63-8bd3-008120abcffe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45247", "pattern": "[vulnerability:name = 'CVE-2026-45247']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-45247 \u2014 Mirasvit Full Page Cache Warmer D", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ab27fe8-7a8d-4c37-8a01-ced12f4b6f4e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: asper1.freeddns.org", "pattern": "[domain-name:value = 'asper1.freeddns.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Argamal: Malware hidden in hentai games", "url": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/" } ], "x_severity": "high", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f9d020c-f537-4a02-bfe3-f02f27d29317", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: country1.ignorelist.com", "pattern": "[domain-name:value = 'country1.ignorelist.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Argamal: Malware hidden in hentai games", "url": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/" } ], "x_severity": "high", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a663e4d1-af68-4c0d-bf9c-62ce04e22f9b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: winst0.kozow.com", "pattern": "[domain-name:value = 'winst0.kozow.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Argamal: Malware hidden in hentai games", "url": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/" } ], "x_severity": "high", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62efa4e7-fb56-42d0-8885-973553744f76", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 186.158.223.35", "pattern": "[ipv4-addr:value = '186.158.223.35']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Argamal: Malware hidden in hentai games", "url": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/" } ], "x_severity": "high", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc663868-d47c-46a2-9f79-c5817d139540", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 42add9475e67a1ccc6a6af94b5475d3defc01b85", "pattern": "[file:hashes.'SHA-1' = '42add9475e67a1ccc6a6af94b5475d3defc01b85']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Argamal: Malware hidden in hentai games", "url": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/" } ], "x_severity": "high", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9ce3a83-e4ab-4808-9ee4-19e50e0beba8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: edce72f59e4c1d136cd1946af70d334c19df858d", "pattern": "[file:hashes.'SHA-1' = 'edce72f59e4c1d136cd1946af70d334c19df858d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Argamal: Malware hidden in hentai games", "url": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/" } ], "x_severity": "high", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--893a5d45-3ed8-4a80-be27-937eec789b11", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-0492", "pattern": "[vulnerability:name = 'CVE-2022-0492']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-0492 \u2014 Linux Kernel Improper Authenticati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Containers on fire: from container escapes to supply chain a", "url": "https://securelist.com/container-attack-vectors/120010/" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Securelist (Kaspersky)", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86bcbbc6-cdbf-414d-bf6a-9a261ed98076", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-48595", "pattern": "[vulnerability:name = 'CVE-2025-48595']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-48595 \u2014 Android Framework Integer Overflo", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed5aed14-d7d9-4a0c-b4ce-673f5b3e8532", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ads-parkpro.com", "pattern": "[domain-name:value = 'ads-parkpro.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d462020-b50b-4bc5-a326-72c627f9045b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: adsparkpro.net", "pattern": "[domain-name:value = 'adsparkpro.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--defb0c9d-9fd5-4224-b517-30335d7db546", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: adsparkpro.top", "pattern": "[domain-name:value = 'adsparkpro.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c97e9b4c-9050-4a5f-b280-ea3964ec5320", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: atsheisdomestic.org", "pattern": "[domain-name:value = 'atsheisdomestic.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2de3983b-4ce6-4b99-9a9e-ead6ea9de768", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: audit.checkmarx.cx", "pattern": "[domain-name:value = 'audit.checkmarx.cx']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The npm Threat Landscape: Attack Surface and Mitigations (Up", "url": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/" }, { "source_name": "Containers on fire: from container escapes to supply chain a", "url": "https://securelist.com/container-attack-vectors/120010/" }, { "source_name": "Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer", "url": "https://www.stepsecurity.io/blog/bitwarden-cli-hijacked-on-npm-bun-staged-credential-stealer-targets-developers-github-actions-and-ai-tools" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)", "StepSecurity", "Securelist (Kaspersky)", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d54a6b6-6b86-4af2-81fd-7290447232a7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: etoftheappyrince.org", "pattern": "[domain-name:value = 'etoftheappyrince.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--734f008d-9595-4d14-8c3b-70b155222b90", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: flipboxstudio.info", "pattern": "[domain-name:value = 'flipboxstudio.info']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" }, { "source_name": "Laravel Lang Supply Chain Advisory", "url": "https://snyk.io/blog/laravel-lang-supply-chain-advisory/" }, { "source_name": "Supply Chain Attack Targets Laravel-Lang Packages with Crede", "url": "https://www.aikido.dev/blog/supply-chain-attack-targets-laravel-lang-packages-with-credential-stealer" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ba7550d-1995-4b6f-aceb-1d54bb7fd45c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: healightejustb.org", "pattern": "[domain-name:value = 'healightejustb.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--20b8f1c3-2aec-4373-a77f-2de4d2cddb7e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sinterfumesco.com", "pattern": "[domain-name:value = 'sinterfumesco.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d30656be-9e47-427b-9a75-b6a2fef5ab91", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: softwe.art", "pattern": "[domain-name:value = 'softwe.art']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ac669a7-1720-4816-8d9b-c7f6c1834294", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 94.154.172.43", "pattern": "[ipv4-addr:value = '94.154.172.43']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The npm Threat Landscape: Attack Surface and Mitigations (Up", "url": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/" }, { "source_name": "Containers on fire: from container escapes to supply chain a", "url": "https://securelist.com/container-attack-vectors/120010/" }, { "source_name": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise vi", "url": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)", "StepSecurity", "Securelist (Kaspersky)", "Aikido", "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3707b7e-1967-4f35-bb47-d5cd511f6b72", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 556d2b335d4d6d92139822017ee461b668afe375", "pattern": "[file:hashes.'SHA-1' = '556d2b335d4d6d92139822017ee461b668afe375']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" }, { "source_name": "Laravel Lang Supply Chain Advisory", "url": "https://snyk.io/blog/laravel-lang-supply-chain-advisory/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--21253dae-0f95-4236-9232-bdf6428fb5b3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: a5ea2e8fa92ccf29cdb1d2dadbeb27722b2bff37", "pattern": "[file:hashes.'SHA-1' = 'a5ea2e8fa92ccf29cdb1d2dadbeb27722b2bff37']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" }, { "source_name": "Laravel Lang Supply Chain Advisory", "url": "https://snyk.io/blog/laravel-lang-supply-chain-advisory/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07155745-b4fe-4e83-a733-e2a6a61c267f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: bba2e443dc7ff1f8704f52a5375383e3f4f643b8", "pattern": "[file:hashes.'SHA-1' = 'bba2e443dc7ff1f8704f52a5375383e3f4f643b8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" }, { "source_name": "Laravel Lang Supply Chain Advisory", "url": "https://snyk.io/blog/laravel-lang-supply-chain-advisory/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed25505b-d0d9-4050-8bc6-11b6d0d7f58a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 021666417de8b9972c179783fe60d4c4ad2d93224e3a0f16137065c960b1b845", "pattern": "[file:hashes.'SHA-256' = '021666417de8b9972c179783fe60d4c4ad2d93224e3a0f16137065c960b1b845']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d4bae2df-f504-474d-b91f-cc1fc7a8db8c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 069ac1dc7f7649b76bc72a11ac700f373804bfd81dab7e561157b703999f44ce", "pattern": "[file:hashes.'SHA-256' = '069ac1dc7f7649b76bc72a11ac700f373804bfd81dab7e561157b703999f44ce']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" }, { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" }, { "source_name": "Microsoft's durabletask package on PyPi Compromised. Mini Sh", "url": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud" } ], "x_severity": "crit", "x_sources": [ "Aikido", "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ad24633-7bb8-4457-80eb-081e0d22a0ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1a4afce34918bdc74ae3f31edaffffaa0ee074d83618f53edfd88137927340b8", "pattern": "[file:hashes.'SHA-256' = '1a4afce34918bdc74ae3f31edaffffaa0ee074d83618f53edfd88137927340b8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Nx Console VS Code Extension Compromised", "url": "https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised" }, { "source_name": "What MDM can't protect on developer machines (and what to do", "url": "https://www.aikido.dev/blog/what-mdm-cant-protect" }, { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bdf52fc-7875-4b99-aa1d-57332d54a725", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 30448686ec900d5213d74f08f0d2b7924c5336a29445b2a434aba8d8b19d7530", "pattern": "[file:hashes.'SHA-256' = '30448686ec900d5213d74f08f0d2b7924c5336a29445b2a434aba8d8b19d7530']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a97e04f8-1060-4f2f-af99-85ee27783373", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 363923500ce942bf1a953e8a4e943fbf1fb1b5ed6e5d247964c345b3ad5bfc34", "pattern": "[file:hashes.'SHA-256' = '363923500ce942bf1a953e8a4e943fbf1fb1b5ed6e5d247964c345b3ad5bfc34']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--044e1718-3237-4f30-a468-0a39fcbefb0f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 48047c34bbd57fe1e24bc538bc2ce9e0ac4c4eb48d3b0c195b414f0379dc0745", "pattern": "[file:hashes.'SHA-256' = '48047c34bbd57fe1e24bc538bc2ce9e0ac4c4eb48d3b0c195b414f0379dc0745']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0c85e0a2-a040-40d5-8d9b-990d23518e64", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 644fc49fa1006a2a2acace694e5fb83753164e2617051ece6d9dc9ea32329e70", "pattern": "[file:hashes.'SHA-256' = '644fc49fa1006a2a2acace694e5fb83753164e2617051ece6d9dc9ea32329e70']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da2d30ed-692c-4145-9810-3904234caae4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7d80b3ef74ad7992b93c31966962612e4e2ceb93e7727cdbd1d2a9af47d44ba8", "pattern": "[file:hashes.'SHA-256' = '7d80b3ef74ad7992b93c31966962612e4e2ceb93e7727cdbd1d2a9af47d44ba8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" }, { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "Aikido", "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--433218e9-9ff9-4154-b2a0-7262d33fab07", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8421c902364980e3d762ec6dbbe6b0f40577c27bd79b48c57d098328b2533109", "pattern": "[file:hashes.'SHA-256' = '8421c902364980e3d762ec6dbbe6b0f40577c27bd79b48c57d098328b2533109']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d36531b-5c0b-4a1f-9a4a-2c463d56ab71", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9053e8ddaecca1f960c041c944ca8799fc71dc86a4b50d2639ee4e0d2cb82f47", "pattern": "[file:hashes.'SHA-256' = '9053e8ddaecca1f960c041c944ca8799fc71dc86a4b50d2639ee4e0d2cb82f47']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b39548c2-37d8-4a07-a05c-6a220962204a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9425e8e39fa8a7212cdd07f0917cb3dfde38a90b87297de2c82a5850aff1e4de", "pattern": "[file:hashes.'SHA-256' = '9425e8e39fa8a7212cdd07f0917cb3dfde38a90b87297de2c82a5850aff1e4de']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8be02daa-2fc5-4dd5-b1f2-ebfc5dda6d9e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: aeaf583e20347bf850e2fabdcd6f4982996ba023f8c2cd56bbd299cfd56516f5", "pattern": "[file:hashes.'SHA-256' = 'aeaf583e20347bf850e2fabdcd6f4982996ba023f8c2cd56bbd299cfd56516f5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" }, { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "Aikido", "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8fbe43c6-c467-43b4-a207-0c2b1f0be04c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b0cefb66b953e5184b6adb3035e9e267335ac5eabfe1848e07834777b9397b74", "pattern": "[file:hashes.'SHA-256' = 'b0cefb66b953e5184b6adb3035e9e267335ac5eabfe1848e07834777b9397b74']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Nx Console VS Code Extension Compromised", "url": "https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised" }, { "source_name": "What MDM can't protect on developer machines (and what to do", "url": "https://www.aikido.dev/blog/what-mdm-cant-protect" }, { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f098beb8-ef2b-473b-a18b-8431a26254c8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b60074d1ea2008a581f432f2dee5f84f78668d9dd8e66f75d03c42dabd89bdea", "pattern": "[file:hashes.'SHA-256' = 'b60074d1ea2008a581f432f2dee5f84f78668d9dd8e66f75d03c42dabd89bdea']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation FlutterBridge: macOS Malvertising Campaign Spreads", "url": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c3e1b8a-6b5f-4347-a2aa-fbb0c7cf3c51", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e7347d90653efc565f03733a95e9209d78f9cfa81e31ff2b2dd9d48d75a4b8b1", "pattern": "[file:hashes.'SHA-256' = 'e7347d90653efc565f03733a95e9209d78f9cfa81e31ff2b2dd9d48d75a4b8b1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Nx Console VS Code Extension Compromised", "url": "https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised" }, { "source_name": "What MDM can't protect on developer machines (and what to do", "url": "https://www.aikido.dev/blog/what-mdm-cant-protect" }, { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e99782f4-a86b-47fb-aca4-6d0670a425b5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: packages.npm.org", "pattern": "[domain-name:value = 'packages.npm.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c10b6fc9-48d1-4d48-9271-0756337e96b3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 160.119.64.3", "pattern": "[ipv4-addr:value = '160.119.64.3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--698ffdec-3857-4226-8f19-d8822deb19e3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 1713b19cbf609cb101ff5e216be41f7224269082", "pattern": "[file:hashes.'SHA-1' = '1713b19cbf609cb101ff5e216be41f7224269082']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0c970d5d-2b61-405a-9ac1-75dd738e00c5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 26c233e1a0d4fd2331e8e0f175e18f8eed904aa3", "pattern": "[file:hashes.'SHA-1' = '26c233e1a0d4fd2331e8e0f175e18f8eed904aa3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23bc3b32-80a6-4035-94f3-963a840e7f9c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 50ac0db454d19234c835716f297bbc5363c0a25c", "pattern": "[file:hashes.'SHA-1' = '50ac0db454d19234c835716f297bbc5363c0a25c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--065f48c5-16e1-4033-ac27-cb2b10b16921", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 6b1d5782a8c8c199d070857802d39bfe609eb6f2", "pattern": "[file:hashes.'SHA-1' = '6b1d5782a8c8c199d070857802d39bfe609eb6f2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8a90983a-8586-4258-bce2-4184765ba649", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 722cee67326d932e7f71ba3438f62a255d779aa9", "pattern": "[file:hashes.'SHA-1' = '722cee67326d932e7f71ba3438f62a255d779aa9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aaef9c1c-10ce-4f04-9530-545b6d17a736", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 9ee599d248cc322fa26054694a83a1f4558cc716", "pattern": "[file:hashes.'SHA-1' = '9ee599d248cc322fa26054694a83a1f4558cc716']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae5500bc-aa3f-4ae6-9d0a-0e2dff101423", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: a9f8d88cf98e35988d3d0fd6d79547f980853041", "pattern": "[file:hashes.'SHA-1' = 'a9f8d88cf98e35988d3d0fd6d79547f980853041']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f81a0b65-bd10-43f0-b127-1bc081e97d86", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: ad24b980db8f0dca50ccb3ba6badb3c2331e0ef4", "pattern": "[file:hashes.'SHA-1' = 'ad24b980db8f0dca50ccb3ba6badb3c2331e0ef4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--81e098b7-7efd-43a6-ac22-17d08c546951", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: c45764e70285146da37025cd8601a921ab8a7eda", "pattern": "[file:hashes.'SHA-1' = 'c45764e70285146da37025cd8601a921ab8a7eda']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--efb07b08-e650-4471-9c58-48836ac6ea2e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: d59561727927117e65b35f0183cae131baad19fe", "pattern": "[file:hashes.'SHA-1' = 'd59561727927117e65b35f0183cae131baad19fe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce795420-f6f8-4a38-8f90-74ce0ae0c129", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: daa5212264bb73fb39fe7a36618b62717dc564a5", "pattern": "[file:hashes.'SHA-1' = 'daa5212264bb73fb39fe7a36618b62717dc564a5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f816dd7e-41a5-41b6-97dd-3d295ccc8630", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: db0c3ef246103fd0f6c318e0d48f26b5289044c3", "pattern": "[file:hashes.'SHA-1' = 'db0c3ef246103fd0f6c318e0d48f26b5289044c3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple ", "url": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d1bfc17c-8bf7-4776-bf02-681166e577a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3de04fe2a76262743ed089efa7115f4508619838e77d60b9a1aab8b20d2cc8bf", "pattern": "[file:hashes.'SHA-256' = '3de04fe2a76262743ed089efa7115f4508619838e77d60b9a1aab8b20d2cc8bf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" }, { "source_name": "Microsoft's durabletask package on PyPi Compromised. Mini Sh", "url": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33bebb0a-3b41-4a86-ad2e-b2a5cee9a02c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 85f54c089d78ebfb101454ec934c767065a342a43c9ee1beac8430cdd3b2086f", "pattern": "[file:hashes.'SHA-256' = '85f54c089d78ebfb101454ec934c767065a342a43c9ee1beac8430cdd3b2086f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" }, { "source_name": "Microsoft's durabletask package on PyPi Compromised. Mini Sh", "url": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--909b7209-ebc1-41a6-9bbd-dda5b0e863a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 877ff2531a63393c4cb9a3c86908b62d9c4fc3db971bc231c48537faae6cb3ec", "pattern": "[file:hashes.'SHA-256' = '877ff2531a63393c4cb9a3c86908b62d9c4fc3db971bc231c48537faae6cb3ec']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65e60e79-318d-4a3f-bdd4-14b8b3aa7c90", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 970ba1a06bfabaf7a7f17df75f12a19e48ad4667c938bc7949a6a0502f6160b6", "pattern": "[file:hashes.'SHA-256' = '970ba1a06bfabaf7a7f17df75f12a19e48ad4667c938bc7949a6a0502f6160b6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Protestware by open source maintainer to hinder agentic codi", "url": "https://snyk.io/blog/protestware-open-source-maintainer-qwik-1-10-0-prompt-injection/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4cf3ac98-cc1e-4a7c-9ef2-a375cb39220c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c0b094e46842260936d4b97ce63e4539b99a3eae48b736798c700217c52569dc", "pattern": "[file:hashes.'SHA-256' = 'c0b094e46842260936d4b97ce63e4539b99a3eae48b736798c700217c52569dc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Why EDR and proxy won\u2019t save you from supply chain malware", "url": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware" }, { "source_name": "Microsoft's durabletask package on PyPi Compromised. Mini Sh", "url": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--67265d65-0c9c-457b-8a25-f815dd81f4d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-5736", "pattern": "[vulnerability:name = 'CVE-2019-5736']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Containers on fire: from container escapes to supply chain a", "url": "https://securelist.com/container-attack-vectors/120010/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3240d9a0-df9f-4bd7-bb5b-d2184f1b6d61", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-21626", "pattern": "[vulnerability:name = 'CVE-2024-21626']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Containers on fire: from container escapes to supply chain a", "url": "https://securelist.com/container-attack-vectors/120010/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9cdd4084-4838-46b3-90d2-d1065e5a602c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47413", "pattern": "[vulnerability:name = 'CVE-2026-47413']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47413: praisonai-platform: Any wo", "url": "https://github.com/advisories/GHSA-8g2p-pqm3-fcfh" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--288a6c94-11d6-4cd3-be13-20cacfb0f59e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47429", "pattern": "[vulnerability:name = 'CVE-2026-47429']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47429: When Vitest UI server is l", "url": "https://github.com/advisories/GHSA-5xrq-8626-4rwp" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0dd55b9d-af14-428d-9924-407e38724d92", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: d47de3772f2d61a043e7047431ef4cf4", "pattern": "[file:hashes.MD5 = 'd47de3772f2d61a043e7047431ef4cf4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Containers on fire: from container escapes to supply chain a", "url": "https://securelist.com/container-attack-vectors/120010/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3797d616-e3a8-4743-af62-1b9ddb9749d0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: e1023db24a29ab0229d99764e2c8deba", "pattern": "[file:hashes.MD5 = 'e1023db24a29ab0229d99764e2c8deba']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Containers on fire: from container escapes to supply chain a", "url": "https://securelist.com/container-attack-vectors/120010/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f69dfa1e-574f-4ff3-ab1b-425d4d14b285", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 250f3633529457477a9f8fd3db3472e94383606a", "pattern": "[file:hashes.'SHA-1' = '250f3633529457477a9f8fd3db3472e94383606a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Containers on fire: from container escapes to supply chain a", "url": "https://securelist.com/container-attack-vectors/120010/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c5d46ab6-3758-48f3-acf2-efb76ec1a46b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2b12cc5cc91ec483048abcbd6d523cdc9ebae3f3", "pattern": "[file:hashes.'SHA-1' = '2b12cc5cc91ec483048abcbd6d523cdc9ebae3f3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Containers on fire: from container escapes to supply chain a", "url": "https://securelist.com/container-attack-vectors/120010/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d9c84c3-4c5e-46ef-8df2-57ba4ddf7b15", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 24680027afadea90c7c713821e214b15cb6c922e67ac01109fb1edb3ee4741d9", "pattern": "[file:hashes.'SHA-256' = '24680027afadea90c7c713821e214b15cb6c922e67ac01109fb1edb3ee4741d9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Containers on fire: from container escapes to supply chain a", "url": "https://securelist.com/container-attack-vectors/120010/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--310ccbad-3b66-44af-9d26-584582c6f2cb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2a6a35f06118ff7d61bfd36a5788557b695095e7c9a609b4a01956883f146f50", "pattern": "[file:hashes.'SHA-256' = '2a6a35f06118ff7d61bfd36a5788557b695095e7c9a609b4a01956883f146f50']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Containers on fire: from container escapes to supply chain a", "url": "https://securelist.com/container-attack-vectors/120010/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2859c40c-d7aa-458e-8634-fbe9316d8759", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cloudplatform-single-spa.io", "pattern": "[domain-name:value = 'cloudplatform-single-spa.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm packages abuse dependency confusion to profile", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70cb37a4-6bd1-415a-8821-34058e5e3492", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: docs.cloudplatform-single-spa.io", "pattern": "[domain-name:value = 'docs.cloudplatform-single-spa.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm packages abuse dependency confusion to profile", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d83c8fd7-0a4c-4c25-806a-f830dc92c071", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: docs.t-in-one.io", "pattern": "[domain-name:value = 'docs.t-in-one.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm packages abuse dependency confusion to profile", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc37a51d-1bdc-4420-b78e-cbcf08a59471", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: github.cloudplatform-single-spa.io", "pattern": "[domain-name:value = 'github.cloudplatform-single-spa.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm packages abuse dependency confusion to profile", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--239991a7-76a8-41d6-a781-2b6455eaed74", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: jira.cloudplatform-single-spa.io", "pattern": "[domain-name:value = 'jira.cloudplatform-single-spa.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm packages abuse dependency confusion to profile", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4cb88b9f-2827-489a-879f-1cc31c2aa3cc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: jira.t-in-one.io", "pattern": "[domain-name:value = 'jira.t-in-one.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm packages abuse dependency confusion to profile", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--901abde6-9804-421f-bb2f-29b44a21f003", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: moika.tech", "pattern": "[domain-name:value = 'moika.tech']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm packages abuse dependency confusion to profile", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d41e500d-1cec-453d-b580-28ca96468da7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: npm.t-in-one.io", "pattern": "[domain-name:value = 'npm.t-in-one.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm packages abuse dependency confusion to profile", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a04b20a9-ee2f-49f7-b3ea-c4c0536a2074", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oob.moika.tech", "pattern": "[domain-name:value = 'oob.moika.tech']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm packages abuse dependency confusion to profile", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f0c25d8-4ba0-4fef-88bb-45c78df7b022", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: t-in-one.io", "pattern": "[domain-name:value = 't-in-one.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm packages abuse dependency confusion to profile", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90b0629a-a052-4172-8c41-661567fa6abd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: telemetry.cloudplatform-single-spa.io", "pattern": "[domain-name:value = 'telemetry.cloudplatform-single-spa.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious npm packages abuse dependency confusion to profile", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/" } ], "x_severity": "crit", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ad34d25-343e-46b3-bc0b-881a6c563a57", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2017-9841", "pattern": "[vulnerability:name = 'CVE-2017-9841']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What\u2019s in the container? Analyzing vulnerabilities, risks an", "url": "https://securelist.com/container-security-typical-issues/119974/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d743fb5-f189-4ec8-87c2-01265d69a9ed", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-4034", "pattern": "[vulnerability:name = 'CVE-2021-4034']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What\u2019s in the container? Analyzing vulnerabilities, risks an", "url": "https://securelist.com/container-security-typical-issues/119974/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f48c9b83-1907-4b45-8e62-7945588ca39c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-33246", "pattern": "[vulnerability:name = 'CVE-2023-33246']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What\u2019s in the container? Analyzing vulnerabilities, risks an", "url": "https://securelist.com/container-security-typical-issues/119974/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca18aa4a-bc9d-4a48-920b-1d36df848b41", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-37903", "pattern": "[vulnerability:name = 'CVE-2023-37903']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47137: vm2 has a CVE-2023-37903 p", "url": "https://github.com/advisories/GHSA-m4wx-m65x-ghrr" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d8a48dc7-61cc-4a27-8150-1ff7cc735fc7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-4911", "pattern": "[vulnerability:name = 'CVE-2023-4911']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What\u2019s in the container? Analyzing vulnerabilities, risks an", "url": "https://securelist.com/container-security-typical-issues/119974/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c718d5b-08e9-4cd5-b9d1-0544f3046506", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-32463", "pattern": "[vulnerability:name = 'CVE-2025-32463']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What\u2019s in the container? Analyzing vulnerabilities, risks an", "url": "https://securelist.com/container-security-typical-issues/119974/" }, { "source_name": "CISA KEV: CVE-2025-32463 \u2014 Sudo Inclusion of Functionality f", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bdffc494-719d-4e4f-8945-4f7050b16b91", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-49844", "pattern": "[vulnerability:name = 'CVE-2025-49844']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What\u2019s in the container? Analyzing vulnerabilities, risks an", "url": "https://securelist.com/container-security-typical-issues/119974/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--423ad630-03db-4184-81c6-4a7bd8093403", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-55182", "pattern": "[vulnerability:name = 'CVE-2025-55182']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What\u2019s in the container? Analyzing vulnerabilities, risks an", "url": "https://securelist.com/container-security-typical-issues/119974/" }, { "source_name": "PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials a", "url": "https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/" }, { "source_name": "Critical Remote Code Execution Vulnerabilities Discovered in", "url": "https://www.stepsecurity.io/blog/critical-remote-code-execution-vulnerabilities-discovered-in-react-server-components-and-next-js" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "SentinelLabs", "StepSecurity", "CISA KEV", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a034795-47d9-40bd-ab24-defa2c07c2b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-24061", "pattern": "[vulnerability:name = 'CVE-2026-24061']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What\u2019s in the container? Analyzing vulnerabilities, risks an", "url": "https://securelist.com/container-security-typical-issues/119974/" }, { "source_name": "CISA KEV: CVE-2026-24061 \u2014 GNU InetUtils Argument Injection ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1161c8e-4ec4-400e-8124-6e970c6bd41b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-34938", "pattern": "[vulnerability:name = 'CVE-2026-34938']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sa", "url": "https://github.com/advisories/GHSA-4mr5-g6f9-cfrh" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45a70dcc-105a-4c33-9040-4e68dda9d42f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-39888", "pattern": "[vulnerability:name = 'CVE-2026-39888']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sa", "url": "https://github.com/advisories/GHSA-4mr5-g6f9-cfrh" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d865e8b-80a1-4d2f-8bac-066a6bfd3193", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-40158", "pattern": "[vulnerability:name = 'CVE-2026-40158']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sa", "url": "https://github.com/advisories/GHSA-4mr5-g6f9-cfrh" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94d1df72-3bc7-45a4-a22a-15c8f50d860b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44338", "pattern": "[vulnerability:name = 'CVE-2026-44338']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47393: PraisonAI `deploy --type a", "url": "https://github.com/advisories/GHSA-8444-4fhq-fxpq" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2d5b07c-9c77-4691-b5cf-174c1121d733", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47131", "pattern": "[vulnerability:name = 'CVE-2026-47131']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47131: vm2 has a Sandbox Escape i", "url": "https://github.com/advisories/GHSA-v6mx-mf47-r5wg" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e08a549-f38a-4217-b53e-2befe85a05a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47137", "pattern": "[vulnerability:name = 'CVE-2026-47137']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47137: vm2 has a CVE-2023-37903 p", "url": "https://github.com/advisories/GHSA-m4wx-m65x-ghrr" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6387dd1-6931-48bd-b985-aabd1299a51f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47140", "pattern": "[vulnerability:name = 'CVE-2026-47140']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47140: NodeVM builtin denylist by", "url": "https://github.com/advisories/GHSA-rp36-8xq3-r6c4" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4f215615-c14a-44e2-9492-d5a7529ec8b0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47208", "pattern": "[vulnerability:name = 'CVE-2026-47208']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47208: vm2 is Vulnerable to Sandb", "url": "https://github.com/advisories/GHSA-76w7-j9cq-rx2j" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bafec597-a6be-49ca-8347-4072f5166e5d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47210", "pattern": "[vulnerability:name = 'CVE-2026-47210']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47210: vm2 sandbox escape via JSP", "url": "https://github.com/advisories/GHSA-6j2x-vhqr-qr7q" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e2dc6b5-c4db-42b1-b24f-7f7382ffb7a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47391", "pattern": "[vulnerability:name = 'CVE-2026-47391']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47391: PraisonAI's unauthenticate", "url": "https://github.com/advisories/GHSA-vg22-4gmj-prxw" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25b36d29-6664-48ad-a7ec-3e6be717cfac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47392", "pattern": "[vulnerability:name = 'CVE-2026-47392']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sa", "url": "https://github.com/advisories/GHSA-4mr5-g6f9-cfrh" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--49905fd6-0da2-4a65-9100-fe450877843b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47393", "pattern": "[vulnerability:name = 'CVE-2026-47393']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47393: PraisonAI `deploy --type a", "url": "https://github.com/advisories/GHSA-8444-4fhq-fxpq" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c5128dc9-8684-4dfe-af98-1e42e374b9fd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47407", "pattern": "[vulnerability:name = 'CVE-2026-47407']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47407: PraisonAI Platform has a c", "url": "https://github.com/advisories/GHSA-h8q5-cp56-rr65" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76c36b41-0f49-4d1e-b2dd-7e9d31df09e2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47410", "pattern": "[vulnerability:name = 'CVE-2026-47410']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47410: praisonai-platform: JWT si", "url": "https://github.com/advisories/GHSA-3qg8-5g3r-79v5" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bc3415b-290f-4052-ac1c-eed468352bf0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47416", "pattern": "[vulnerability:name = 'CVE-2026-47416']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47416: praisonai-platform: Any wo", "url": "https://github.com/advisories/GHSA-c2m8-4gcg-v22g" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e8c83d1c-012a-4a02-a36f-be41bc5b7fd6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.190.133.49", "pattern": "[ipv4-addr:value = '146.190.133.49']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47393: PraisonAI `deploy --type a", "url": "https://github.com/advisories/GHSA-8444-4fhq-fxpq" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0e107df-be4e-49be-9eba-012a07a462a0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: aab.sportsontheweb.net", "pattern": "[domain-name:value = 'aab.sportsontheweb.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Typosquatted npm packages used to steal cloud and CI/CD secr", "url": "https://www.microsoft.com/en-us/security/blog/2026/05/28/typosquatted-npm-packages-used-steal-cloud-ci-cd-secrets/" } ], "x_severity": "high", "x_sources": [ "Microsoft Security Blog" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6dd89dc5-6da4-4777-a07a-4336fca3bf8d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: filev2.getsession.org", "pattern": "[domain-name:value = 'filev2.getsession.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What MDM can't protect on developer machines (and what to do", "url": "https://www.aikido.dev/blog/what-mdm-cant-protect" }, { "source_name": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerabilit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Why developer machines are now the number one target for sup", "url": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks" } ], "x_severity": "crit", "x_sources": [ "Aikido", "CISA KEV", "StepSecurity", "Snyk", "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2a98094-7bc9-405e-84e6-8017188c2727", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 558b09d7ad0d1660e2a0fb8a06da81a6f42e06d2", "pattern": "[file:hashes.'SHA-1' = '558b09d7ad0d1660e2a0fb8a06da81a6f42e06d2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What MDM can't protect on developer machines (and what to do", "url": "https://www.aikido.dev/blog/what-mdm-cant-protect" }, { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" }, { "source_name": "The Wild West of VS Code extensions and how a poisoned exten", "url": "https://www.aikido.dev/blog/vs-code-extension-github-breach" } ], "x_severity": "crit", "x_sources": [ "Aikido", "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65a8a845-1fa1-481c-b482-2fae2c90e851", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: ba642fe2c7c65e42dd7f6444b83023dc6827e08c", "pattern": "[file:hashes.'SHA-1' = 'ba642fe2c7c65e42dd7f6444b83023dc6827e08c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What MDM can't protect on developer machines (and what to do", "url": "https://www.aikido.dev/blog/what-mdm-cant-protect" }, { "source_name": "The Wild West of VS Code extensions and how a poisoned exten", "url": "https://www.aikido.dev/blog/vs-code-extension-github-breach" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--871c6d0b-671c-4964-8acb-27dc79687cd3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96", "pattern": "[file:hashes.'SHA-256' = '2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What MDM can't protect on developer machines (and what to do", "url": "https://www.aikido.dev/blog/what-mdm-cant-protect" }, { "source_name": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerabilit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Why developer machines are now the number one target for sup", "url": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks" } ], "x_severity": "crit", "x_sources": [ "Aikido", "CISA KEV", "Snyk", "GitHub Security Advisories", "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db95d93c-4a4d-4387-ae37-06d0b685a8b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c", "pattern": "[file:hashes.'SHA-256' = 'ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What MDM can't protect on developer machines (and what to do", "url": "https://www.aikido.dev/blog/what-mdm-cant-protect" }, { "source_name": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerabilit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Why developer machines are now the number one target for sup", "url": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks" } ], "x_severity": "crit", "x_sources": [ "Aikido", "CISA KEV", "Snyk", "GitHub Security Advisories", "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0aa17f1-6d28-4e3e-ad17-ba9052802bd1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cyberhavenext.pro", "pattern": "[domain-name:value = 'cyberhavenext.pro']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What MDM can't protect on developer machines (and what to do", "url": "https://www.aikido.dev/blog/what-mdm-cant-protect" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--29c2b75d-d912-42cf-a18f-65a667325aab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: a2cf85d22a54e26794cbc7be16840bb1", "pattern": "[file:hashes.MD5 = 'a2cf85d22a54e26794cbc7be16840bb1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Less panic patching, more precision", "url": "https://blog.talosintelligence.com/less-panic-patching-more-precision/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ff58dd9-abcc-4c81-b6e8-f9d6b305f9a0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5e6060df7e8114cb7b412260870efd1dc05979454bd907d8750c669ae6fcbcfe", "pattern": "[file:hashes.'SHA-256' = '5e6060df7e8114cb7b412260870efd1dc05979454bd907d8750c669ae6fcbcfe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Less panic patching, more precision", "url": "https://blog.talosintelligence.com/less-panic-patching-more-precision/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5aff9a2-134f-47f7-a465-c91b778e09af", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: 5d14vnfb.space", "pattern": "[domain-name:value = '5d14vnfb.space']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--98ebbe98-cad2-4245-a936-67afaee20b4b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: file.ipfs.us.69.mu", "pattern": "[domain-name:value = 'file.ipfs.us.69.mu']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04093b38-db9a-40ed-8969-684e61ca6c8a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: jeaw520i.space", "pattern": "[domain-name:value = 'jeaw520i.space']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--064db7df-a872-4213-be02-c1eb9c76fe34", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: kristina.quest", "pattern": "[domain-name:value = 'kristina.quest']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17ef7699-268f-4aa7-a0b9-9760a384dc68", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: m4yuri.online", "pattern": "[domain-name:value = 'm4yuri.online']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa0f5ab0-2ef8-455e-bb37-953174aac3ec", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: qdmagva5.space", "pattern": "[domain-name:value = 'qdmagva5.space']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b420c20-eea6-495c-8990-1672595a4f67", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: r7mvjl67.space", "pattern": "[domain-name:value = 'r7mvjl67.space']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6d93d7c-3dad-4719-84c2-1c10254e9806", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: urush1bar4.online", "pattern": "[domain-name:value = 'urush1bar4.online']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c8a7663-affa-47ea-bfef-054d6b81d723", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: zgj1tam9.space", "pattern": "[domain-name:value = 'zgj1tam9.space']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0f0feed-e01b-4009-964a-7c914b2a2e02", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 107.172.212.235", "pattern": "[ipv4-addr:value = '107.172.212.235']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc6ab1a7-5325-48dd-ad6e-dd0007436b7b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 02a43b3423367b9dddc24cc7dfc070df", "pattern": "[file:hashes.MD5 = '02a43b3423367b9dddc24cc7dfc070df']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a262421f-631c-479d-9a94-1c0ec130c55c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 6a0fe6065d76715feebc1526d456db73", "pattern": "[file:hashes.MD5 = '6a0fe6065d76715feebc1526d456db73']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ec03457-4738-483d-a770-28955541fe33", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 7f624407ae489324e96a708a09c17e6f", "pattern": "[file:hashes.MD5 = '7f624407ae489324e96a708a09c17e6f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Pirates in the crosshairs: how one cybercrime gang has been ", "url": "https://securelist.com/video-books-pirates-miners-rat/119943/" } ], "x_severity": "med", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a90e2894-2fc1-46bd-a5a7-e93b550d4ab9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-61882", "pattern": "[vulnerability:name = 'CVE-2025-61882']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Out of the Crypt: The Evolving Cyber Extortion Economy", "url": "https://unit42.paloaltonetworks.com/cyber-extortion-economy/" }, { "source_name": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Si", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df46ca7a-5097-4a43-91ae-2217c01a93ac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44632", "pattern": "[vulnerability:name = 'CVE-2026-44632']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-44632: Yamcs Vulnerable to Server", "url": "https://github.com/advisories/GHSA-524g-x36v-9wm6" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6fe7edd4-1777-4688-a33c-7626ef254fb3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45618", "pattern": "[vulnerability:name = 'CVE-2026-45618']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45618: LiquidJS is Vulnerable to ", "url": "https://github.com/advisories/GHSA-gf2q-c269-pqgc" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe33def9-4088-4351-9d23-cc637dead0a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46562", "pattern": "[vulnerability:name = 'CVE-2026-46562']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46562: Yamcs Vulnerable to Remote", "url": "https://github.com/advisories/GHSA-vmwp-vh32-rj75" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--900a925e-b187-4aa4-ab82-5920ced173ea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46621", "pattern": "[vulnerability:name = 'CVE-2026-46621']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46621: Yamcs Vulnerable to Authen", "url": "https://github.com/advisories/GHSA-2g95-6x5q-xjwj" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7363d1f0-b2a6-4800-9884-a4a47a8d37b6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48027", "pattern": "[vulnerability:name = 'CVE-2026-48027']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-48027 \u2014 Nx Console Embedded Malicious Cod", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "The Wild West of VS Code extensions and how a poisoned exten", "url": "https://www.aikido.dev/blog/vs-code-extension-github-breach" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b23a9a9c-5613-4a2d-9cd8-d547dd13cd05", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-8398", "pattern": "[vulnerability:name = 'CVE-2026-8398']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83974c8f-cffc-4fca-bb6e-276f8a57e9b1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: api.masscan.cloud", "pattern": "[domain-name:value = 'api.masscan.cloud']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerabilit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Why developer machines are now the number one target for sup", "url": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks" }, { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Aikido", "StepSecurity", "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--830cec3a-cf51-4a78-9c86-46b2d4daca3c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: env-check.daemontools.cc", "pattern": "[domain-name:value = 'env-check.daemontools.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a4d6e6c-302b-4151-a349-a146b3306a37", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: git-tanstack.com", "pattern": "[domain-name:value = 'git-tanstack.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerabilit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Why developer machines are now the number one target for sup", "url": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks" }, { "source_name": "[GHSA / CRITICAL] CVE-2026-45758: Malicious code in guardrai", "url": "https://github.com/advisories/GHSA-xmpw-2vmm-p4p6" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Aikido", "GitHub Security Advisories", "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3362cd37-183f-4ea6-920c-c0f5ed81aadf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: litter.catbox.moe", "pattern": "[domain-name:value = 'litter.catbox.moe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerabilit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply C", "url": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5eb4577c-b842-4f73-8c74-9c4b75017f7a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: seed1.getsession.org", "pattern": "[domain-name:value = 'seed1.getsession.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerabilit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Why developer machines are now the number one target for sup", "url": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks" }, { "source_name": "[GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearc", "url": "https://github.com/advisories/GHSA-27f5-xjrr-q9ff" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Aikido", "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a67516d-eeee-4138-8ee7-35ec365a07a3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: seed2.getsession.org", "pattern": "[domain-name:value = 'seed2.getsession.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerabilit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d48424a4-51a8-4e8b-a09c-882f2510d444", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: seed3.getsession.org", "pattern": "[domain-name:value = 'seed3.getsession.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerabilit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c30b8a-8f15-4673-ae97-78b1382ade16", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.180.107.76", "pattern": "[ipv4-addr:value = '38.180.107.76']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc136a64-1e09-425b-ae86-9633e9aac4de", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 00e2df8f42d14072e4385e500d4669ec783aa517", "pattern": "[file:hashes.'SHA-1' = '00e2df8f42d14072e4385e500d4669ec783aa517']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7a206288-1fac-4f42-94cf-fb0d416fa977", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 0456e2f5f56ec8ed16078941248e7cbba9f1c8eb", "pattern": "[file:hashes.'SHA-1' = '0456e2f5f56ec8ed16078941248e7cbba9f1c8eb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--281a229f-311f-4d23-b516-a8c49437bef9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 0c1d3da9c7a651ba40b40e12d48ebd32b3f31820", "pattern": "[file:hashes.'SHA-1' = '0c1d3da9c7a651ba40b40e12d48ebd32b3f31820']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b70fb589-519c-462e-a805-3d139243a55b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 15ed5c3384e12fe4314ad6edbd1dcccf5ac1ee29", "pattern": "[file:hashes.'SHA-1' = '15ed5c3384e12fe4314ad6edbd1dcccf5ac1ee29']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8b439bb4-465c-4bee-944a-d6d93cce05e5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 28b72576d67ae21d9587d782942628ea46dcc870", "pattern": "[file:hashes.'SHA-1' = '28b72576d67ae21d9587d782942628ea46dcc870']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3067cfd8-c77e-4a65-b937-4aa10bb4d2ab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 295ce86226b933e7262c2ce4b36bdd6c389aaaef", "pattern": "[file:hashes.'SHA-1' = '295ce86226b933e7262c2ce4b36bdd6c389aaaef']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--24162195-7f04-42de-b57b-5c759e2518cc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2d4eb55b01f59c62c6de9aacba9b47267d398fe4", "pattern": "[file:hashes.'SHA-1' = '2d4eb55b01f59c62c6de9aacba9b47267d398fe4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3199bb1-1551-4126-9be5-8454cf5e3443", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2ecb292d27c36c1d4e47fb5cafa42af7ffbdda99", "pattern": "[file:hashes.'SHA-1' = '2ecb292d27c36c1d4e47fb5cafa42af7ffbdda99']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72db97fc-fb94-43eb-bd1c-b399153ffc6a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 3ee71d75020b2634b2c23866211a0c91b942c8d4", "pattern": "[file:hashes.'SHA-1' = '3ee71d75020b2634b2c23866211a0c91b942c8d4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ecbd43c9-b89f-452e-8098-f25a2ea5b502", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 427f1728682ebc7ffe3300fef67d0e3cb6b62948", "pattern": "[file:hashes.'SHA-1' = '427f1728682ebc7ffe3300fef67d0e3cb6b62948']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c5f9163-c9f9-4075-8d52-20b5f4e73401", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 46b90bf370e60d61075d3472828fdc0b85ab0492", "pattern": "[file:hashes.'SHA-1' = '46b90bf370e60d61075d3472828fdc0b85ab0492']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ca5fb87-868a-40ee-b436-f5e08b701d57", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 50d47adb6dd45215c7cb4c68bae28b129ca09645", "pattern": "[file:hashes.'SHA-1' = '50d47adb6dd45215c7cb4c68bae28b129ca09645']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2ef9d7db-e015-495e-9533-9d4b2aa9b005", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 524d2d92909eef80c406e87a0fc37d7bb4dadc14", "pattern": "[file:hashes.'SHA-1' = '524d2d92909eef80c406e87a0fc37d7bb4dadc14']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da3c477a-88cf-43e4-b715-29b9aec3e798", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 6325179f442e5b1a716580cd70dea644ac9ecd18", "pattern": "[file:hashes.'SHA-1' = '6325179f442e5b1a716580cd70dea644ac9ecd18']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1ff6adc-a8d8-4271-b8d3-181557d3c45c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 64462f751788f529c1eb09023b26a47792ecdc54", "pattern": "[file:hashes.'SHA-1' = '64462f751788f529c1eb09023b26a47792ecdc54']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7710163c-adc2-428b-a590-8cdddcc8e617", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 8d435918d304fc38d54b104a13f2e33e8e598c82", "pattern": "[file:hashes.'SHA-1' = '8d435918d304fc38d54b104a13f2e33e8e598c82']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb5fc514-be1e-4017-9d15-f67080567eee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 8e7eb0f5ac60dd3b4a9474d2544348c3bda48045", "pattern": "[file:hashes.'SHA-1' = '8e7eb0f5ac60dd3b4a9474d2544348c3bda48045']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3dfe6819-7d69-4b16-977f-be72d0ffe1bb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 98de8147394b74b27158e02ce9e7b0e25eb6e98a", "pattern": "[file:hashes.'SHA-1' = '98de8147394b74b27158e02ce9e7b0e25eb6e98a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--78771f6e-0211-46d7-895b-59d2f1fbe543", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 9a09ad7b7e9ff7a465aa1150541e231189911afb", "pattern": "[file:hashes.'SHA-1' = '9a09ad7b7e9ff7a465aa1150541e231189911afb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5d7471a-fcfc-4f1d-a52d-6d6f85f79c2c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 9ccd769624de98eeeb12714ff1707ec4f5bf196d", "pattern": "[file:hashes.'SHA-1' = '9ccd769624de98eeeb12714ff1707ec4f5bf196d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3fe7927-5339-4c41-92ba-8936a7a5a78c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 9dbfc23ebf36b3c0b56d2f93116abb32656c42e4", "pattern": "[file:hashes.'SHA-1' = '9dbfc23ebf36b3c0b56d2f93116abb32656c42e4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79bf96de-b473-46ec-9824-c4ca1776bf1a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: a3e90653bd0a81ebe2ae387a67a59bb8d07ce7b5", "pattern": "[file:hashes.'SHA-1' = 'a3e90653bd0a81ebe2ae387a67a59bb8d07ce7b5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03c2b857-255f-4781-9c2c-16f389ea27ed", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: aea55e42c4436236278e5692d3dcbcbe5fe6ce0b", "pattern": "[file:hashes.'SHA-1' = 'aea55e42c4436236278e5692d3dcbcbe5fe6ce0b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a85f14fb-da76-4bf2-9e96-03dcbeedae30", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: bd8fbb5e6842df8683163adbd6a36136164eac58", "pattern": "[file:hashes.'SHA-1' = 'bd8fbb5e6842df8683163adbd6a36136164eac58']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed89df61-5484-4959-9c20-f309b184d181", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7c12d8614c624c70d6dd6fc2ee289332474abaa38f70ebe2cdef064923ca3a9b", "pattern": "[file:hashes.'SHA-256' = '7c12d8614c624c70d6dd6fc2ee289332474abaa38f70ebe2cdef064923ca3a9b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerabilit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Why developer machines are now the number one target for sup", "url": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks" }, { "source_name": "[GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearc", "url": "https://github.com/advisories/GHSA-27f5-xjrr-q9ff" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Aikido", "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb86ec04-995b-472c-a7d1-e9d6bbc63216", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: anyclaw.store", "pattern": "[domain-name:value = 'anyclaw.store']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Legitimate-Looking Codex Remote UI Secretly Steals Your AI T", "url": "https://www.aikido.dev/blog/codex-remote-ui-steals-ai-tokens" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d59ed980-ad41-48d5-b60d-449e450f0151", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gyx.com", "pattern": "[domain-name:value = 'gyx.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Legitimate-Looking Codex Remote UI Secretly Steals Your AI T", "url": "https://www.aikido.dev/blog/codex-remote-ui-steals-ai-tokens" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06d68a93-072b-496e-8154-5813a75e068b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sentry.anyclaw.store", "pattern": "[domain-name:value = 'sentry.anyclaw.store']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Legitimate-Looking Codex Remote UI Secretly Steals Your AI T", "url": "https://www.aikido.dev/blog/codex-remote-ui-steals-ai-tokens" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44c6929d-f5b8-40de-a7f3-885f3d300f68", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-33137", "pattern": "[vulnerability:name = 'CVE-2026-33137']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-33137: XWiki Platform has an Unau", "url": "https://github.com/advisories/GHSA-qrvh-r3f2-9h4r" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3c9a1089-1702-4067-a9c4-3ad3f5b00687", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48172", "pattern": "[vulnerability:name = 'CVE-2026-48172']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-48172 \u2014 LiteSpeed cPanel Plugin Privilege", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--66d2ef72-9061-4a27-8fd7-401dc71c4fdb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: arbsniper.com", "pattern": "[domain-name:value = 'arbsniper.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--46291d81-3aea-4000-b3af-1a1aed549e18", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.21.64.137", "pattern": "[ipv4-addr:value = '104.21.64.137']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7ccaee3-1c4e-4046-bbdd-0d3c164c1a18", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 142.251.183.138", "pattern": "[ipv4-addr:value = '142.251.183.138']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--034470e5-f928-4993-b3ed-04288ebd62e6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 173.194.193.138", "pattern": "[ipv4-addr:value = '173.194.193.138']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--faf96ee8-b507-4802-bb8a-229e79376455", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 173.194.194.94", "pattern": "[ipv4-addr:value = '173.194.194.94']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79154253-1676-4687-ae02-ec1a591d74ab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 173.194.206.106", "pattern": "[ipv4-addr:value = '173.194.206.106']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--beb37671-8c6c-4740-9664-cc4a2c2950e7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 178.156.177.192", "pattern": "[ipv4-addr:value = '178.156.177.192']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aca4175f-37f8-4d9f-8acb-9b77e1d0f780", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 191.101.131.250", "pattern": "[ipv4-addr:value = '191.101.131.250']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--63da1a17-7f42-4c1b-b925-9244faa5605a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 191.96.224.87", "pattern": "[ipv4-addr:value = '191.96.224.87']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--67532c09-ba1f-4705-afbd-848ff172f005", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 191.96.225.241", "pattern": "[ipv4-addr:value = '191.96.225.241']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d27a49c-0b5f-4ca2-9a35-c2ed64a1b6a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 191.96.78.172", "pattern": "[ipv4-addr:value = '191.96.78.172']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc096204-3172-4b6a-a7f5-b00a2b297642", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 191.96.78.28", "pattern": "[ipv4-addr:value = '191.96.78.28']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--508caf05-a0dc-4e68-aa6e-d605b8c78c1d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 191.96.79.133", "pattern": "[ipv4-addr:value = '191.96.79.133']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e6eb93a-83ed-4830-a584-28165da8b6bb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 191.96.79.179", "pattern": "[ipv4-addr:value = '191.96.79.179']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--280e25be-648d-4ad4-b9fb-fb46e786dd16", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 191.96.79.41", "pattern": "[ipv4-addr:value = '191.96.79.41']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73d4f868-b80f-4b1a-b752-36daf57e3ce5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.178.209.95", "pattern": "[ipv4-addr:value = '192.178.209.95']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8b56b2b0-b6b3-4bde-9294-c769ab799759", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 195.160.221.203", "pattern": "[ipv4-addr:value = '195.160.221.203']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c6d34ad1-e1f8-4172-a0ae-6285bf28b5ae", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 200.9.155.153", "pattern": "[ipv4-addr:value = '200.9.155.153']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb296fd2-d52f-4743-a5f0-ae1f786d8592", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 74.125.132.95", "pattern": "[ipv4-addr:value = '74.125.132.95']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--793716b1-115a-4873-80f4-264cee72425a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 74.125.202.103", "pattern": "[ipv4-addr:value = '74.125.202.103']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3a4d409d-8e00-4cb1-aecc-02f9cc48a793", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 78.135.93.123", "pattern": "[ipv4-addr:value = '78.135.93.123']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--52bddc79-0a78-4b17-ae55-ee4f0c76e097", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 79.133.57.141", "pattern": "[ipv4-addr:value = '79.133.57.141']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c761ef0-b0c9-42ad-8563-fafa8bc7987f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 02A52C4CC11748D44C9B49D508EE4E46425661981FA1406F30EC0830CB69DDC5", "pattern": "[file:hashes.'SHA-256' = '02A52C4CC11748D44C9B49D508EE4E46425661981FA1406F30EC0830CB69DDC5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91e8f38b-e64d-4558-9e2d-5504e9c98a9e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0A542751724A432A8448324613E0CE10393E41739A1800CBB7D5A2C648FCDC35", "pattern": "[file:hashes.'SHA-256' = '0A542751724A432A8448324613E0CE10393E41739A1800CBB7D5A2C648FCDC35']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e9dcce9-166c-4f3b-a82b-51ecfbb010bc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 140A7F995B0336942691A2E93E2017FD575267C017C7D0728D69169306F91963", "pattern": "[file:hashes.'SHA-256' = '140A7F995B0336942691A2E93E2017FD575267C017C7D0728D69169306F91963']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ae98ca2-5410-4436-a4e6-6af7c2d6f4a0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 168F50BF9A87099094EF410E3AC33E676A6A8740A5437CD09E7B63D73DF8431A", "pattern": "[file:hashes.'SHA-256' = '168F50BF9A87099094EF410E3AC33E676A6A8740A5437CD09E7B63D73DF8431A']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d6e01df-5be2-4047-9c26-7cee1a6fcb4b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1A60CB5F7E2FB7C09FC3DC8459108B26AC98EE73131F37A28CFDAD5FC75B7A7D", "pattern": "[file:hashes.'SHA-256' = '1A60CB5F7E2FB7C09FC3DC8459108B26AC98EE73131F37A28CFDAD5FC75B7A7D']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4f283bf3-7247-43e6-a718-8854a039f5fe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 244D81FD9908CD17815501D4EDADEB1BAF1C421AA25D8BD61C7CB481C939540E", "pattern": "[file:hashes.'SHA-256' = '244D81FD9908CD17815501D4EDADEB1BAF1C421AA25D8BD61C7CB481C939540E']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9a903c0-2915-4140-b8ca-5c493e3af778", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2525D1E427A9983B0B4CA0906A4B44FFB9814B23D53FD8A2E3AB6512B027C733", "pattern": "[file:hashes.'SHA-256' = '2525D1E427A9983B0B4CA0906A4B44FFB9814B23D53FD8A2E3AB6512B027C733']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f10be86-fb14-43a2-b4b8-c40f3a5daffa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 26A2268281E8043125EF72B92F8980B42912048753D56894BC378FB54C7C188A", "pattern": "[file:hashes.'SHA-256' = '26A2268281E8043125EF72B92F8980B42912048753D56894BC378FB54C7C188A']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e8f1c839-a7e3-4f5c-95ac-07128dc37bb2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 512EDE9F2FA794907999F3C26165557FDFD383B7AAD71BA022CE2C8BA6C0019D", "pattern": "[file:hashes.'SHA-256' = '512EDE9F2FA794907999F3C26165557FDFD383B7AAD71BA022CE2C8BA6C0019D']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d3f0e2dc-6ec0-414a-82c2-5ae359623c05", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 58AC130A8EBB09E37592AC69841483EDC5695D1545B1F04F23D5B760AC17CD94", "pattern": "[file:hashes.'SHA-256' = '58AC130A8EBB09E37592AC69841483EDC5695D1545B1F04F23D5B760AC17CD94']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8bde878-d582-4c7a-b257-b2d21bcf2161", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5AAAF972C8BF39A98F2748E526DE3CC0370BA831997D7D9765CDABA599645C0D", "pattern": "[file:hashes.'SHA-256' = '5AAAF972C8BF39A98F2748E526DE3CC0370BA831997D7D9765CDABA599645C0D']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0c5cf5f2-52b2-4e03-bed5-bf519a8048f0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6101D1E1811DB052F869F7EB3402DAD28DA7E92103D4A44EE43F95846A075012", "pattern": "[file:hashes.'SHA-256' = '6101D1E1811DB052F869F7EB3402DAD28DA7E92103D4A44EE43F95846A075012']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b73baab0-2c67-4de4-be55-37fef5e4b51b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 676CB2D0A60403AFC06CEA1B572CB7261F706365FAC65621B5A4907893E7AC0D", "pattern": "[file:hashes.'SHA-256' = '676CB2D0A60403AFC06CEA1B572CB7261F706365FAC65621B5A4907893E7AC0D']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--563c0446-dc65-4e96-a1b4-3b220f67774a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6AE94CE710016D86ED7457236DEEF2C4C51478587F3609B6E827A348828B3931", "pattern": "[file:hashes.'SHA-256' = '6AE94CE710016D86ED7457236DEEF2C4C51478587F3609B6E827A348828B3931']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a8d1dacf-2c1f-4841-83bf-17a87a4f6a35", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6BBA64FA9E8A7B11CB2476CD071DE08986DB44B0783EFF211C68FA5594EF8143", "pattern": "[file:hashes.'SHA-256' = '6BBA64FA9E8A7B11CB2476CD071DE08986DB44B0783EFF211C68FA5594EF8143']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1e0f823e-7e4d-40e5-b248-3196bc4c0cae", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6F9832EBB4C3054BEE4A6CE5CCB69C00E2020053E1308353343097E6A4041109", "pattern": "[file:hashes.'SHA-256' = '6F9832EBB4C3054BEE4A6CE5CCB69C00E2020053E1308353343097E6A4041109']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a560089e-8586-40ce-9734-2b86f570071e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 702261BA38B57ECC3A5407FED28B2F0611A74C2EC0C116AEA4F9E6DEF0899AED", "pattern": "[file:hashes.'SHA-256' = '702261BA38B57ECC3A5407FED28B2F0611A74C2EC0C116AEA4F9E6DEF0899AED']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ed37a03-20b1-4656-9b89-266b1c208a69", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 75DD4FB011ED598374A46FC0D9C0D1D64A298341C34AFC83A56A6983CFD27764", "pattern": "[file:hashes.'SHA-256' = '75DD4FB011ED598374A46FC0D9C0D1D64A298341C34AFC83A56A6983CFD27764']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--016401ce-59d0-431a-a719-dcb3796df4a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7AC974899E8E05AAACD417577C97E382D5E8C5F7F4A85632CFFB47EC2F6AE4E0", "pattern": "[file:hashes.'SHA-256' = '7AC974899E8E05AAACD417577C97E382D5E8C5F7F4A85632CFFB47EC2F6AE4E0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--19220868-758b-41d4-8b4b-639c3a7ca3ad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8F09274E808E0063D51F34CAC82A5770B3DF30C792E426DA2F6A80657F27AFFC", "pattern": "[file:hashes.'SHA-256' = '8F09274E808E0063D51F34CAC82A5770B3DF30C792E426DA2F6A80657F27AFFC']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7aeb3810-b3d3-4259-8793-abba5f330c0b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 97A0497DE585D3BE6EC75064AB3BD0979CD85561193C1F0669CCF4DB31330687", "pattern": "[file:hashes.'SHA-256' = '97A0497DE585D3BE6EC75064AB3BD0979CD85561193C1F0669CCF4DB31330687']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--343add33-0469-43df-9e3e-3748816b0ba6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 998A7ED1572AD9DC11375BC25294E1954E606B7CFF9FABC5C120713E597CD274", "pattern": "[file:hashes.'SHA-256' = '998A7ED1572AD9DC11375BC25294E1954E606B7CFF9FABC5C120713E597CD274']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b02b8d0c-a29a-4f8c-82d9-f42304b9553c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: A1E457C52EAB430C20D48F2AC476E080386313F16EFB135A0471902CF68CE475", "pattern": "[file:hashes.'SHA-256' = 'A1E457C52EAB430C20D48F2AC476E080386313F16EFB135A0471902CF68CE475']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b9d3428-0ab1-4e39-8f8a-82fd43177949", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: A764D73795ABE47AE640BA09999A18C47B5340E5ECC7B897AFEBF34F3F37638F", "pattern": "[file:hashes.'SHA-256' = 'A764D73795ABE47AE640BA09999A18C47B5340E5ECC7B897AFEBF34F3F37638F']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02b7bc73-2c7d-4798-8a7b-290d1001ec63", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: C6199E175FB988CBBEACDF0F5ACDF9ED83F5BDAAE5C95B7A6C27EE72CD11B0B1", "pattern": "[file:hashes.'SHA-256' = 'C6199E175FB988CBBEACDF0F5ACDF9ED83F5BDAAE5C95B7A6C27EE72CD11B0B1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--731036d8-9e16-469e-8762-a1cb5f9a9ffc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: C99139B0053C4C698EA0246D26D747F2A984C7ABA4613DA818ECD9F97899EF3A", "pattern": "[file:hashes.'SHA-256' = 'C99139B0053C4C698EA0246D26D747F2A984C7ABA4613DA818ECD9F97899EF3A']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--772828a6-9d90-4e5a-b90d-62774634aaa5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: D55057CD9110D12A192281356F06B94F342B9FEBB305CF0A5898A7E6AF40758F", "pattern": "[file:hashes.'SHA-256' = 'D55057CD9110D12A192281356F06B94F342B9FEBB305CF0A5898A7E6AF40758F']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b211733-20fd-4c0a-86a1-d6d51f4aa354", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: DDCE0219923D152B8FACD303F058A6286CF1F6924992B9FB9F5BF4D96436CC39", "pattern": "[file:hashes.'SHA-256' = 'DDCE0219923D152B8FACD303F058A6286CF1F6924992B9FB9F5BF4D96436CC39']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9f6691f-93f2-429e-92f7-fd6de526f746", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: E5A9FDFF900DD502E8F3DCE52D2D1B69AA9AFAFB5094A28F9037E8770DB0E63B", "pattern": "[file:hashes.'SHA-256' = 'E5A9FDFF900DD502E8F3DCE52D2D1B69AA9AFAFB5094A28F9037E8770DB0E63B']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4ac8208-fe38-4a10-b022-41e63b9a3f69", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: F76B13040C634F82A8332FF9443D84C89A5BCED51AE9ADAD7FD15C05FADB4324", "pattern": "[file:hashes.'SHA-256' = 'F76B13040C634F82A8332FF9443D84C89A5BCED51AE9ADAD7FD15C05FADB4324']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "BTMOB: A stealthy RAT burrowing deep into Android devices", "url": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72b3c7af-e376-45c7-9683-f15fd40c4492", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46716", "pattern": "[vulnerability:name = 'CVE-2026-46716']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46716: Nezha Monitoring: RoleMemb", "url": "https://github.com/advisories/GHSA-99gv-2m7h-3hh9" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2c1ecf7-d1e4-49f1-8256-ef581362649a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-0802", "pattern": "[vulnerability:name = 'CVE-2018-0802']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83e4f4a8-3649-4530-ab2c-2420bf7e08a4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44542", "pattern": "[vulnerability:name = 'CVE-2026-44542']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-48777: FileBrowser Quantum: Path ", "url": "https://github.com/advisories/GHSA-qqqm-5547-774x" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--48bf024a-eb3e-438c-a5de-b0585d8b7498", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46670", "pattern": "[vulnerability:name = 'CVE-2026-46670']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46670: YesWiki: Unauthenticated S", "url": "https://github.com/advisories/GHSA-jwvv-qr7q-cv8j" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16c0d564-a728-4510-8955-e0d80a9f6708", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-48777", "pattern": "[vulnerability:name = 'CVE-2026-48777']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-48777: FileBrowser Quantum: Path ", "url": "https://github.com/advisories/GHSA-qqqm-5547-774x" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ddcc9f1-ef72-4b86-a6df-ab8f2e87da03", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-9082", "pattern": "[vulnerability:name = 'CVE-2026-9082']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-9082 \u2014 Drupal Core SQL Injection Vulnerab", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c23f71d-9e34-4b22-bb9f-a7887753e842", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: agenciakharis.com.br", "pattern": "[domain-name:value = 'agenciakharis.com.br']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--36d58205-a279-49d3-b5d0-c5d951f98129", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: allgoodsdirect.com.au", "pattern": "[domain-name:value = 'allgoodsdirect.com.au']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--98fce32e-c081-4ffc-bc9e-e55379bf8afb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: alnakhlah.com.sa", "pattern": "[domain-name:value = 'alnakhlah.com.sa']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ae374e4-344b-418b-9730-df214023f72d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: amerikastaj.com", "pattern": "[domain-name:value = 'amerikastaj.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03aba2b1-2bb4-4718-a2bb-5e99eeeadccd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bigbang.me", "pattern": "[domain-name:value = 'bigbang.me']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9535e4be-b70f-44f3-9927-77ef945c2deb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: buisness-centeral-transportation.com", "pattern": "[domain-name:value = 'buisness-centeral-transportation.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0551a5c9-06e8-449f-aaa6-4777e7104e4f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: business-startup.org", "pattern": "[domain-name:value = 'business-startup.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9a16724-0b5d-4043-85e7-fc741d2c1ac1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cloudguide.in", "pattern": "[domain-name:value = 'cloudguide.in']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64e7f2b2-b6e2-448f-b814-1c35090e1ae2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: firsai.tipshub.net", "pattern": "[domain-name:value = 'firsai.tipshub.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c45fe1d0-a94a-45ff-abad-7ed13930ea8b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: fishingflytackle.com", "pattern": "[domain-name:value = 'fishingflytackle.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7534e86d-f672-4998-a371-9f60874304d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: goverru.com", "pattern": "[domain-name:value = 'goverru.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b53d7360-47d0-4fbc-97d6-63846dd499e0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: humanitas.si", "pattern": "[domain-name:value = 'humanitas.si']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe8f7e6c-6e1c-4449-bd7c-ac66aaf5bf35", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: internationalcommoditiesllc.com", "pattern": "[domain-name:value = 'internationalcommoditiesllc.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7222647d-e398-415b-b70f-92270d7f7c0b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: investika-club.com", "pattern": "[domain-name:value = 'investika-club.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76e167aa-b5d3-4fd7-b2cb-b1edea545f59", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: istochnik.org", "pattern": "[domain-name:value = 'istochnik.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff58f1b5-7ca1-4373-8156-d3006c07f146", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: kommando.live", "pattern": "[domain-name:value = 'kommando.live']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e3f8f05d-9906-45e0-9497-f6c7f3127195", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: kufar.org", "pattern": "[domain-name:value = 'kufar.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d58a997-57ba-4d51-a6a9-812e4e733625", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: lafortunaitalian.co.uk", "pattern": "[domain-name:value = 'lafortunaitalian.co.uk']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7abd3026-548f-4eb2-b949-96ccc11adb8a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: landscapeuganda.com", "pattern": "[domain-name:value = 'landscapeuganda.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--196390bd-a2d1-45e6-8230-44692e38f6bd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: mamurjor.com", "pattern": "[domain-name:value = 'mamurjor.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc86379a-c800-41df-831e-2f46dc17db2c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: onedrivesupport.net", "pattern": "[domain-name:value = 'onedrivesupport.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--be6de658-397c-4758-b662-5a4e540d74f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: paleturquoise-dragonfly-364512.hostingersite.com", "pattern": "[domain-name:value = 'paleturquoise-dragonfly-364512.hostingersite.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2762b629-c424-4daf-8e71-39f870dc68c7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: premierhealthadvisory.com", "pattern": "[domain-name:value = 'premierhealthadvisory.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--589f1083-c70e-4d6c-bc54-e9f0340d92ab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ramiltonsfinance.com", "pattern": "[domain-name:value = 'ramiltonsfinance.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d50c073-2ef8-4d08-a5a4-1a117a858584", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: spbnews.net", "pattern": "[domain-name:value = 'spbnews.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e6489d1-00b8-4feb-a21a-b5b8ba5b2625", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: tenkoff.org", "pattern": "[domain-name:value = 'tenkoff.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f4dd7f70-5950-499f-bb6b-e3e22e0e1dff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: totallegacy.org", "pattern": "[domain-name:value = 'totallegacy.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--09b3ee0c-d419-4ac9-90a0-1e2882d05904", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ultimatecore.net", "pattern": "[domain-name:value = 'ultimatecore.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--24f5b34f-0f68-4756-8425-24d5ddaed783", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: wizzifi.com", "pattern": "[domain-name:value = 'wizzifi.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0ea53f4-e472-4a81-a8b0-405eb6f8c63e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: znews.net", "pattern": "[domain-name:value = 'znews.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--859e93ec-bb29-4bd1-999d-98b19564a3b3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.70.53.171", "pattern": "[ipv4-addr:value = '146.70.53.171']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79c0489d-b746-438f-9655-342141a3c104", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.126.239.77", "pattern": "[ipv4-addr:value = '185.126.239.77']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--00d7753e-97d8-4b58-9818-7e8891f3673e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.22.154.73", "pattern": "[ipv4-addr:value = '185.22.154.73']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf6d85b-405a-4a9e-ad89-e9f8dcb4afa3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.250.181.207", "pattern": "[ipv4-addr:value = '185.250.181.207']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e252c3fe-9507-4994-b4da-e39e4f830349", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.53.179.136", "pattern": "[ipv4-addr:value = '185.53.179.136']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dbdb1568-a181-4aaf-b638-beeed3185fc6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.102.104.207", "pattern": "[ipv4-addr:value = '194.102.104.207']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9d35037-12f8-4941-b2bc-1fc29ed091a6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.87.196.163", "pattern": "[ipv4-addr:value = '194.87.196.163']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--75629042-b6ce-4fd8-8c94-43228e40add2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 195.58.49.9", "pattern": "[ipv4-addr:value = '195.58.49.9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97f44920-7378-4841-bc7d-d8507a2e4d5b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 37.228.129.224", "pattern": "[ipv4-addr:value = '37.228.129.224']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b110b61b-b68b-4613-a8a5-2543ebb7f7af", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.15.65.134", "pattern": "[ipv4-addr:value = '45.15.65.134']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37f568f0-3f8d-411b-a7d4-728adc073b58", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.87.219.116", "pattern": "[ipv4-addr:value = '45.87.219.116']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--abe318ab-0e84-4726-8681-34d4e1e56fe2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 46.17.44.125", "pattern": "[ipv4-addr:value = '46.17.44.125']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18f67bf0-6106-4ce4-aa25-57b73d2eed79", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 46.17.44.212", "pattern": "[ipv4-addr:value = '46.17.44.212']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--773728d0-af3d-4d66-addf-9eb0189f6a18", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 46.17.45.49", "pattern": "[ipv4-addr:value = '46.17.45.49']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--67ea0131-9315-47d7-b509-d4ddc99fbd38", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 46.17.45.56", "pattern": "[ipv4-addr:value = '46.17.45.56']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c67d8cc-008a-4df1-aa94-f7d3b98c7ff3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 5.181.21.75", "pattern": "[ipv4-addr:value = '5.181.21.75']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec4ad313-3ed4-4631-bd92-c4788244f66e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 81.30.105.71", "pattern": "[ipv4-addr:value = '81.30.105.71']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--808c4d53-c4ab-488b-b184-67cc2cd7f381", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 93.125.114.193", "pattern": "[ipv4-addr:value = '93.125.114.193']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23332c5a-dcd7-49da-b0c3-8d82295b779f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 93.125.114.57", "pattern": "[ipv4-addr:value = '93.125.114.57']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8253ae62-e3f0-4296-be97-f3e45f64f010", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 1a11b26dd0261ef27a112ce8b361c247", "pattern": "[file:hashes.MD5 = '1a11b26dd0261ef27a112ce8b361c247']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--796ebfdd-0263-46cb-b0da-c007cd62a7d9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 1b39e86eb772a0e40060b672b7f574f1", "pattern": "[file:hashes.MD5 = '1b39e86eb772a0e40060b672b7f574f1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92a097a9-86c4-4c80-8739-41c6a614c5d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 1d401d6e6fc0b00aaa2c65a0ac0cfd6b", "pattern": "[file:hashes.MD5 = '1d401d6e6fc0b00aaa2c65a0ac0cfd6b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0a0011ec-de04-43df-b75a-a6c085e9486e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 25c8ed0511375dca57ef136ac3fa0cca", "pattern": "[file:hashes.MD5 = '25c8ed0511375dca57ef136ac3fa0cca']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1fd0071d-ef2b-4d0a-a94e-def92535583b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 2b4ba4facf8c299749771a3a4369782e", "pattern": "[file:hashes.MD5 = '2b4ba4facf8c299749771a3a4369782e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d22c32ff-4dba-4997-bfe0-05b38586df57", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 2cabb721681455dae1b6a26709def453", "pattern": "[file:hashes.MD5 = '2cabb721681455dae1b6a26709def453']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--678ab416-62fa-4964-8fd1-cbefb5a571eb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 3c75cedb1196df5eab91f31411ed4b33", "pattern": "[file:hashes.MD5 = '3c75cedb1196df5eab91f31411ed4b33']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b01f5d56-d01c-444d-873b-db63278118ba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 40a562b8600f843b717bc5951b2e3c29", "pattern": "[file:hashes.MD5 = '40a562b8600f843b717bc5951b2e3c29']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4162b81-4142-4be2-b8ed-d6ef0d83fbb8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 42ac350bfbc5b4eb0fedba16c81919c7", "pattern": "[file:hashes.MD5 = '42ac350bfbc5b4eb0fedba16c81919c7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb01e1d2-6463-49b5-a34e-6ee3c51e5a07", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 493b901d1b33eb577db64aadd948f9ce", "pattern": "[file:hashes.MD5 = '493b901d1b33eb577db64aadd948f9ce']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a57a9cea-408e-4d2e-b88e-a4581b5a6c1a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 5329f7bff9d0d5db28821b86c26d628f", "pattern": "[file:hashes.MD5 = '5329f7bff9d0d5db28821b86c26d628f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3da06e4-60d5-4736-acab-1866fd4450e7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 63b6be9ae8d8024a40b200cccb438f1d", "pattern": "[file:hashes.MD5 = '63b6be9ae8d8024a40b200cccb438f1d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f82b9caa-3295-4fa3-8114-925e65004b9c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 6aa586bcc45ca2e92a4f0ef47e086fa1", "pattern": "[file:hashes.MD5 = '6aa586bcc45ca2e92a4f0ef47e086fa1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4da649a4-0b23-49e0-9993-12b4f4dab495", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 6d7b2d1172bbdb7340972d844f6f0717", "pattern": "[file:hashes.MD5 = '6d7b2d1172bbdb7340972d844f6f0717']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7fa77ff-4026-41a6-824a-e87e3ebd6437", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 7a95360b7e0eb5b107a3d231abbc541a", "pattern": "[file:hashes.MD5 = '7a95360b7e0eb5b107a3d231abbc541a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d07a29e7-d0a8-48b5-a0e5-6917ddde2e78", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 9769f43b9de8d19e803263267fa6d62e", "pattern": "[file:hashes.MD5 = '9769f43b9de8d19e803263267fa6d62e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e3f3e34-f995-4667-9955-9346c68d5a88", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: b4e183627b7399006c1bc47b3711e419", "pattern": "[file:hashes.MD5 = 'b4e183627b7399006c1bc47b3711e419']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8028c9b0-70e7-4e3d-a9fd-112490e61ce2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: ba9ce06641067742f2afc9691faff1dc", "pattern": "[file:hashes.MD5 = 'ba9ce06641067742f2afc9691faff1dc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05071349-2b29-4e08-a426-028e295e18a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: bbf1fa694122e07635deeac11ad712f8", "pattern": "[file:hashes.MD5 = 'bbf1fa694122e07635deeac11ad712f8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d453d815-c1c3-438d-b33b-20ebaaabfcd8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: c0d1eaa15a2cefbab9735787575c8d8e", "pattern": "[file:hashes.MD5 = 'c0d1eaa15a2cefbab9735787575c8d8e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--29561fa5-6a13-4d97-87d9-608cb45abdc1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: d3c8afd22baa306ff659db1fac28574a", "pattern": "[file:hashes.MD5 = 'd3c8afd22baa306ff659db1fac28574a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--26e280cb-6177-4046-b3cb-b25b133fb6d7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: d5b38b252cf212a4a32763de36732d40", "pattern": "[file:hashes.MD5 = 'd5b38b252cf212a4a32763de36732d40']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--317c526d-c0f9-4e8d-ba3f-2452774d85c1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: eba3bcdb19a7e256bf8e2cc5b9c1cca9", "pattern": "[file:hashes.MD5 = 'eba3bcdb19a7e256bf8e2cc5b9c1cca9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b16ae7ba-fc7e-4d9d-80d4-8a1f3b0d214d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: f301aa3d62b5095eec4d8e34201a4769", "pattern": "[file:hashes.MD5 = 'f301aa3d62b5095eec4d8e34201a4769']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--468ce9e6-dac1-407e-8fb9-01bf59a1161a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: f56b31a4b47ad3365b18a7e922fba1a8", "pattern": "[file:hashes.MD5 = 'f56b31a4b47ad3365b18a7e922fba1a8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7a4f7a00-40ed-444a-ac44-5be30b954171", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: f6f62456fb0fcc396fb654cbed339bc3", "pattern": "[file:hashes.MD5 = 'f6f62456fb0fcc396fb654cbed339bc3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3141e34c-49f4-4df8-89e0-56d37f5de741", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: f721a76deb28fd0b80d27fce6b8f5016", "pattern": "[file:hashes.MD5 = 'f721a76deb28fd0b80d27fce6b8f5016']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f623f455-5af6-4000-924a-f37c8ca290d4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: f9c3bbe108566d1a6b070f9c5fb03160", "pattern": "[file:hashes.MD5 = 'f9c3bbe108566d1a6b070f9c5fb03160']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32b0bb18-c7b6-40e2-adff-41f06486f837", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: fb0f8027acf1b1e47e07a63d8812ed50", "pattern": "[file:hashes.MD5 = 'fb0f8027acf1b1e47e07a63d8812ed50']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cloud Atlas activity in the second half of 2025 and early 20", "url": "https://securelist.com/cloud-atlas-2026/119895/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c15530f-3dc7-4645-984f-f013b343f693", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0db36a04d304ad96f9e6f97b531934594cd95a5cea9ff2c9af249201089dc864", "pattern": "[file:hashes.'SHA-256' = '0db36a04d304ad96f9e6f97b531934594cd95a5cea9ff2c9af249201089dc864']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--617d0811-0890-4bd7-82a4-9f466490e036", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 332ba2f0297dfb1599adecc3e9067893e7cf243aa23aedce4906a4c480574c17", "pattern": "[file:hashes.'SHA-256' = '332ba2f0297dfb1599adecc3e9067893e7cf243aa23aedce4906a4c480574c17']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d20bfa8f-3702-42f5-99c4-c0176dddaaad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 38bd137c672bd58d08c4f0502f993a6561e2c3411773d1ae57ee0151a0a9d11d", "pattern": "[file:hashes.'SHA-256' = '38bd137c672bd58d08c4f0502f993a6561e2c3411773d1ae57ee0151a0a9d11d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07e319ae-7f86-43e7-9197-04662dadbeb6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 43dc62cef52ebdd69e79f10015b3e13890f26c058325c0ff139c70f8d8eadcfa", "pattern": "[file:hashes.'SHA-256' = '43dc62cef52ebdd69e79f10015b3e13890f26c058325c0ff139c70f8d8eadcfa']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--029dc4fb-f6b2-41f2-8378-b96fda387e35", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 44f4f7aca7f1d9bfdaf7b3736934cbe19f851a707662f8f0b0c49b383e054250", "pattern": "[file:hashes.'SHA-256' = '44f4f7aca7f1d9bfdaf7b3736934cbe19f851a707662f8f0b0c49b383e054250']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--092afa6d-d008-4107-9e45-d939e428c4aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 74882085db2088356ed7f72f01e0404a0a98cda88ef56fb15ce74c1f36b26d27", "pattern": "[file:hashes.'SHA-256' = '74882085db2088356ed7f72f01e0404a0a98cda88ef56fb15ce74c1f36b26d27']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03170f50-e12e-442b-97ab-8684aa200d25", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8808c794c24367438f183e4be941876f1d3ecd0c8d2eb43b10d2380841d2283b", "pattern": "[file:hashes.'SHA-256' = '8808c794c24367438f183e4be941876f1d3ecd0c8d2eb43b10d2380841d2283b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f368dc0-28ce-49b4-aad7-bd0d57db9881", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9cf029daca89523d917dafed0568d11d00e45ec96b5b90b4a1f7fd4018c7da84", "pattern": "[file:hashes.'SHA-256' = '9cf029daca89523d917dafed0568d11d00e45ec96b5b90b4a1f7fd4018c7da84']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55e6fc36-c3fe-477d-a99f-761e19895302", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9e4a658e6d831c9e9bdfe11884a75b7c64812ed0a80e8495ddf6b316505acac1", "pattern": "[file:hashes.'SHA-256' = '9e4a658e6d831c9e9bdfe11884a75b7c64812ed0a80e8495ddf6b316505acac1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90107201-27f3-48c8-bddb-5d7a81c84772", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b19e06da580cf91691eda066ac9ee4b09c6e5dc26c367af12660fe1f9306eec4", "pattern": "[file:hashes.'SHA-256' = 'b19e06da580cf91691eda066ac9ee4b09c6e5dc26c367af12660fe1f9306eec4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--685d445e-80a8-49e5-9e39-00063c770de4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bc3b44154518c5794ce639108e7b9c5fecb0c189607a26de1aaed518d890c7ad", "pattern": "[file:hashes.'SHA-256' = 'bc3b44154518c5794ce639108e7b9c5fecb0c189607a26de1aaed518d890c7ad']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de0a1b2a-7c8c-49b2-b674-9bf69da626fe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d4a7e9f107fe40c1a5d0139c6c6e25bf6bf57f61feff090bee28f476bb3cc3c2", "pattern": "[file:hashes.'SHA-256' = 'd4a7e9f107fe40c1a5d0139c6c6e25bf6bf57f61feff090bee28f476bb3cc3c2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campa", "url": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d75120c-6ce8-4e18-ab72-8008e91e720f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: actions-bot.com", "pattern": "[domain-name:value = 'actions-bot.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,", "url": "https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd796671-5a21-4310-991c-c93819a70a81", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: github-ci.com", "pattern": "[domain-name:value = 'github-ci.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,", "url": "https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ecfe3d19-01d1-4d0b-9a37-b6b5a374aec4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 216.126.225.129", "pattern": "[ipv4-addr:value = '216.126.225.129']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,", "url": "https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34921d02-aa7c-45cc-8cf3-70aafb88371f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: acac5a9854650c4ae2883c4740bf87d34120c038", "pattern": "[file:hashes.'SHA-1' = 'acac5a9854650c4ae2883c4740bf87d34120c038']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,", "url": "https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a98fd017-b45e-48a0-a66b-14da57a6e0ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: fifa26.shop", "pattern": "[domain-name:value = 'fifa26.shop']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Foul play: Fake FIFA websites target soccer fans looking for", "url": "https://www.welivesecurity.com/en/cybersecurity/foul-play-fake-fifa-world-cup-websites-tickets/" } ], "x_severity": "med", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--38e5a49a-3b99-41ed-83fc-e34b26a3387f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: fifaworldcup26.hospitality.fifa.com", "pattern": "[domain-name:value = 'fifaworldcup26.hospitality.fifa.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Foul play: Fake FIFA websites target soccer fans looking for", "url": "https://www.welivesecurity.com/en/cybersecurity/foul-play-fake-fifa-world-cup-websites-tickets/" } ], "x_severity": "med", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2cfbc716-b25a-44ce-b7ec-79e631579d14", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-34291", "pattern": "[vulnerability:name = 'CVE-2025-34291']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-34291 \u2014 Langflow Origin Validation Error ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0201aae-183c-4a39-a079-2cfc3fd85378", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-34926", "pattern": "[vulnerability:name = 'CVE-2026-34926']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-34926 \u2014 Trend Micro Apex One (On-Premise)", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5f16334-c348-46ba-9441-2a01596b3f40", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46614", "pattern": "[vulnerability:name = 'CVE-2026-46614']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46614: Fission router exposes /fi", "url": "https://github.com/advisories/GHSA-3g33-6vg6-27m8" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c41e18c-8147-4a07-990a-6d2077eaf449", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46633", "pattern": "[vulnerability:name = 'CVE-2026-46633']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46633: Twig: PHP code injection v", "url": "https://github.com/advisories/GHSA-7p85-w9px-jpjp" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d28daa5-b593-4942-af42-6620fb454e56", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46703", "pattern": "[vulnerability:name = 'CVE-2026-46703']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46703: Boxlite: Path Traversal Vu", "url": "https://github.com/advisories/GHSA-f396-4rp4-7v2j" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39d5da7b-1f05-48fa-8b13-03fca1b65931", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 83.142.209.194", "pattern": "[ipv4-addr:value = '83.142.209.194']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" }, { "source_name": "[GHSA / CRITICAL] CVE-2026-45758: Malicious code in guardrai", "url": "https://github.com/advisories/GHSA-xmpw-2vmm-p4p6" }, { "source_name": "[GHSA / CRITICAL] GHSA-wx9m-wx4f-4cmg: Malicious dropper in ", "url": "https://github.com/advisories/GHSA-wx9m-wx4f-4cmg" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "GitHub Security Advisories", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6c1f85a-2605-48e0-9163-2fcb9362c8c8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 1c9e803c80cc7fed000022d4c94f4b5bc2e90062", "pattern": "[file:hashes.'SHA-1' = '1c9e803c80cc7fed000022d4c94f4b5bc2e90062']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e127681b-ec8d-4c9e-91a3-ea079bd3d437", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 5c267592a87e92c2b005b338bd0d2724c2f64acb", "pattern": "[file:hashes.'SHA-1' = '5c267592a87e92c2b005b338bd0d2724c2f64acb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc042955-29a6-4e64-8f7b-ffbc6f2ef993", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 7f6120bb10c870b9fde146961a18e5bf0b3d4401", "pattern": "[file:hashes.'SHA-1' = '7f6120bb10c870b9fde146961a18e5bf0b3d4401']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eaf438d5-e4b5-4a52-b992-956b0b50ca31", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 99b7f41bf9e14a2a2c7cc524731336543f552178", "pattern": "[file:hashes.'SHA-1' = '99b7f41bf9e14a2a2c7cc524731336543f552178']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2a03697-332c-45d1-9cd7-dc7ad61d7258", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: b9c83f01929e190cda300e76f688bf7ea7e37a7a", "pattern": "[file:hashes.'SHA-1' = 'b9c83f01929e190cda300e76f688bf7ea7e37a7a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ab5b471a-fa30-4848-a6d2-62acd7a5064e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: f0448c62fc57b8a5ce23d8acd6e795cdd76a3b6c", "pattern": "[file:hashes.'SHA-1' = 'f0448c62fc57b8a5ce23d8acd6e795cdd76a3b6c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18fe73da-13ad-470a-a70d-27c56bdffa91", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 43f2b001846c4966073ebffa5be8f15e491a1e7d32bbd805d57406ff540e0dd9", "pattern": "[file:hashes.'SHA-256' = '43f2b001846c4966073ebffa5be8f15e491a1e7d32bbd805d57406ff540e0dd9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" }, { "source_name": "The Wild West of VS Code extensions and how a poisoned exten", "url": "https://www.aikido.dev/blog/vs-code-extension-github-breach" }, { "source_name": "GitHub breached via a malicious VS Code extension: why devel", "url": "https://www.aikido.dev/blog/github-breached-vs-code-extension" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9f8ab4a-436b-4306-8561-ed6897437a48", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 877ff2531a63393c4cb9c3c86908b62d9c4fc3db971bc231c48537faae6cb3ec", "pattern": "[file:hashes.'SHA-256' = '877ff2531a63393c4cb9c3c86908b62d9c4fc3db971bc231c48537faae6cb3ec']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1918754a-fef6-448f-a3f6-7c0c3f8fb7a0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b673b4e3400c71bd72464c98610c952e2164f70f946873b82adf3e6212851d54", "pattern": "[file:hashes.'SHA-256' = 'b673b4e3400c71bd72464c98610c952e2164f70f946873b82adf3e6212851d54']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46703: Boxlite: Path Traversal Vu", "url": "https://github.com/advisories/GHSA-f396-4rp4-7v2j" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--279076ed-c2d8-465a-838c-f9910b55b98c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: cb86f4f223daa54467c7782a0d8607e9c84e2bb633e6f0e51d9a19579e200990", "pattern": "[file:hashes.'SHA-256' = 'cb86f4f223daa54467c7782a0d8607e9c84e2bb633e6f0e51d9a19579e200990']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer I", "url": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcdcd093-669b-423e-9730-a5423c27bf29", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 0f03f72a92aef6d63eb74e73f8ac201d", "pattern": "[file:hashes.MD5 = '0f03f72a92aef6d63eb74e73f8ac201d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The art of being ungovernable", "url": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c78177b3-9bca-4cc7-a4ba-277587a3e01e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 362498c3e71eeaa066a67e4a3f981d1c", "pattern": "[file:hashes.MD5 = '362498c3e71eeaa066a67e4a3f981d1c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The art of being ungovernable", "url": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6aa6b58-e2f6-4a5d-ae79-75a723d642a8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: acd55c44b8b0d66d66defed85ca18082c092f048d3621da827fce593305c11fd", "pattern": "[file:hashes.'SHA-256' = 'acd55c44b8b0d66d66defed85ca18082c092f048d3621da827fce593305c11fd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The art of being ungovernable", "url": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--12d8c8b6-53db-460d-9743-4f3e77f0a158", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d87e8d9d43758ce67a8052cb2334b99cc24f9b0437ee44815f360be0b22d835a", "pattern": "[file:hashes.'SHA-256' = 'd87e8d9d43758ce67a8052cb2334b99cc24f9b0437ee44815f360be0b22d835a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The art of being ungovernable", "url": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1819ce6c-4488-455b-bb3c-d6fac5220d82", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2008-4250", "pattern": "[vulnerability:name = 'CVE-2008-4250']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2008-4250 \u2014 Microsoft Windows Buffer Overflow ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c412e85-6566-40a4-884d-605418088e17", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2009-1537", "pattern": "[vulnerability:name = 'CVE-2009-1537']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2009-1537 \u2014 Microsoft DirectX NULL Byte Overwr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e8ca7780-0148-410c-acd1-cc7144aa4730", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2009-3459", "pattern": "[vulnerability:name = 'CVE-2009-3459']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2009-3459 \u2014 Adobe Acrobat and Reader Heap-Base", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e46414b2-4ff6-4a40-8292-9dd7f16cd006", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2010-0249", "pattern": "[vulnerability:name = 'CVE-2010-0249']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2010-0249 \u2014 Microsoft Internet Explorer Use-Af", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--660633e0-883e-47a0-bd99-327a7d72aae4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2010-0806", "pattern": "[vulnerability:name = 'CVE-2010-0806']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2010-0249 \u2014 Microsoft Internet Explorer Use-Af", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--50eb0cae-2bc1-48c4-a343-6c1c2b55c9ba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2017-7692", "pattern": "[vulnerability:name = 'CVE-2017-7692']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6d15785-bda9-4c4e-a49e-6f75ee71af4b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46421", "pattern": "[vulnerability:name = 'CVE-2026-46421']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise vi", "url": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2308c0a-b98d-468b-878c-3b7b6ab641b2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: appsuites.ai", "pattern": "[domain-name:value = 'appsuites.ai']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking TamperedChef Clusters via Certificate and Code Reus", "url": "https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4a5d15d-b7d3-4cf4-8430-80cd5fbe522a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: crystalpdf.com", "pattern": "[domain-name:value = 'crystalpdf.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking TamperedChef Clusters via Certificate and Code Reus", "url": "https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e629fd0a-17bd-4e13-a368-79c9b5994095", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: freeonlinetools.info", "pattern": "[domain-name:value = 'freeonlinetools.info']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking TamperedChef Clusters via Certificate and Code Reus", "url": "https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87d6e2c2-7817-4b80-bbbb-e78781b0ca2a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: github.com/anjsdgasdf/WordPress", "pattern": "[domain-name:value = 'github.com/anjsdgasdf/WordPress']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcf23d32-6a78-48c8-badb-d457111ccd33", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pdf-tool.appsuites.ai", "pattern": "[domain-name:value = 'pdf-tool.appsuites.ai']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking TamperedChef Clusters via Certificate and Code Reus", "url": "https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7d83691-c10a-4100-b115-287d0dbe6a8a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: vault.appsuites.ai", "pattern": "[domain-name:value = 'vault.appsuites.ai']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Tracking TamperedChef Clusters via Certificate and Code Reus", "url": "https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--270959b1-ba6f-4814-a431-afb62086e811", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: zero.masscan.cloud", "pattern": "[domain-name:value = 'zero.masscan.cloud']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise vi", "url": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5245bccd-582f-42be-b1b5-e34f297c74ca", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.243.23.43", "pattern": "[ipv4-addr:value = '104.243.23.43']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16b90fa9-7b6f-4069-869c-4437da83cd48", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 108.61.200.151", "pattern": "[ipv4-addr:value = '108.61.200.151']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--19eb7ead-4940-4590-a27c-0c2da05104c8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 144.168.60.233", "pattern": "[ipv4-addr:value = '144.168.60.233']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2aabd975-098c-452a-8d50-b3a19e12628d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.77.13.67", "pattern": "[ipv4-addr:value = '45.77.13.67']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--862a72a4-c78b-4a52-8314-5c1403affce0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 64.176.85.158", "pattern": "[ipv4-addr:value = '64.176.85.158']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b43e0183-a9d4-479c-816c-4038d26b4548", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 1DF40A4A31B30B62EC33DC6FECC2C4408302ADC7", "pattern": "[file:hashes.'SHA-1' = '1DF40A4A31B30B62EC33DC6FECC2C4408302ADC7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9630d60-3c35-4af4-88b2-7169fbc73a12", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 77F1970D620216C5FFF4E14A6CCC13FCCC267217", "pattern": "[file:hashes.'SHA-1' = '77F1970D620216C5FFF4E14A6CCC13FCCC267217']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5a1baea-a295-49a5-8132-bb8f9cd4fe14", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 7DCFE9EE25841DFD58D3D6871BF867FE32141DFB", "pattern": "[file:hashes.'SHA-1' = '7DCFE9EE25841DFD58D3D6871BF867FE32141DFB']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--541d05be-7f31-4150-a76d-3a0810eb157b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 948159A7FC2E688386864BEA59FD40DFFC4B24D6", "pattern": "[file:hashes.'SHA-1' = '948159A7FC2E688386864BEA59FD40DFFC4B24D6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33073157-7278-4af7-9812-3a96518dedbd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 9d88f040c44b5f4d5f9db15ff89310776c168e99", "pattern": "[file:hashes.'SHA-1' = '9d88f040c44b5f4d5f9db15ff89310776c168e99']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The Wild West of VS Code extensions and how a poisoned exten", "url": "https://www.aikido.dev/blog/vs-code-extension-github-breach" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--337574cd-bcea-411d-979c-b9c366297f62", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: A3C077BDF8898E612CCD65BC82E7960834ADB2A9", "pattern": "[file:hashes.'SHA-1' = 'A3C077BDF8898E612CCD65BC82E7960834ADB2A9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d5ec0f64-14aa-4198-ad6f-6964e8bdcac2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: acfc3f957a63b4cde93ff645f2b6bf26a8ed1bbf", "pattern": "[file:hashes.'SHA-1' = 'acfc3f957a63b4cde93ff645f2b6bf26a8ed1bbf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The Wild West of VS Code extensions and how a poisoned exten", "url": "https://www.aikido.dev/blog/vs-code-extension-github-breach" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae60bc31-858c-4b01-afec-4512d94a3b42", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: CB4E50433336707381429707F59C3CBE8D497D98", "pattern": "[file:hashes.'SHA-1' = 'CB4E50433336707381429707F59C3CBE8D497D98']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Webworm: New burrowing techniques", "url": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6728a03-2af2-4c78-83a3-2c2e35f64266", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34", "pattern": "[file:hashes.'SHA-256' = '4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise vi", "url": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8" }, { "source_name": "Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4", "url": "https://www.stepsecurity.io/blog/shai-hulud-worm-pivots-to-multi-cloud-intercom-client-hijacked" }, { "source_name": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Se", "url": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories", "StepSecurity", "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bc0bf39-4639-400b-b2e5-3793ae928b95", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6f933d00b7d05678eb43c90963a80b8947c4ae6830182f89df31da9f568fea95", "pattern": "[file:hashes.'SHA-256' = '6f933d00b7d05678eb43c90963a80b8947c4ae6830182f89df31da9f568fea95']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise vi", "url": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8" }, { "source_name": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Se", "url": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared" }, { "source_name": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP", "url": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories", "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--31725c56-c191-44c4-ae2b-c8053826e2cb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb", "pattern": "[file:hashes.'SHA-256' = 'eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise vi", "url": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e538361e-8ec5-4ae2-b3d9-192cfca679ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-27636", "pattern": "[vulnerability:name = 'CVE-2025-27636']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47323: Camel-CXF and Camel-Knativ", "url": "https://github.com/advisories/GHSA-8364-hfqj-pwm6" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cd5b743d-ee8b-49cb-8b83-4bb1c85e6900", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-29891", "pattern": "[vulnerability:name = 'CVE-2025-29891']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47323: Camel-CXF and Camel-Knativ", "url": "https://github.com/advisories/GHSA-8364-hfqj-pwm6" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5045a43d-caf4-4530-8ef7-db5d266b54d3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-30177", "pattern": "[vulnerability:name = 'CVE-2025-30177']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47323: Camel-CXF and Camel-Knativ", "url": "https://github.com/advisories/GHSA-8364-hfqj-pwm6" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--870fe532-b9c1-4652-9ab7-5f39f091c338", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-2587", "pattern": "[vulnerability:name = 'CVE-2026-2587']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-2587: GlassFish's gadget handler ", "url": "https://github.com/advisories/GHSA-29wv-cv7p-xjc2" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a710cc84-2725-4ac5-8c37-a469d68fcfdf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-2611", "pattern": "[vulnerability:name = 'CVE-2026-2611']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-2611: MLflow: Improper Origin Val", "url": "https://github.com/advisories/GHSA-67c5-x5mf-rppq" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6cd1d6c1-fd7d-4cd0-b382-6bfa90b44b82", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-40453", "pattern": "[vulnerability:name = 'CVE-2026-40453']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47323: Camel-CXF and Camel-Knativ", "url": "https://github.com/advisories/GHSA-8364-hfqj-pwm6" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--adf2bed1-8700-4e35-98b1-bd0b84a7baf0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45568", "pattern": "[vulnerability:name = 'CVE-2026-45568']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45568: rok Python ProxyShare can ", "url": "https://github.com/advisories/GHSA-jh67-hwqw-m5r7" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ab5b4fc8-2384-4830-bd7e-f3d66e0a76be", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45695", "pattern": "[vulnerability:name = 'CVE-2026-45695']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45695: Kopia: RCE via SSH ProxyCo", "url": "https://github.com/advisories/GHSA-2q4c-3mrw-63c3" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--47086137-44f7-45f9-b0a7-21b47b04b253", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45721", "pattern": "[vulnerability:name = 'CVE-2026-45721']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45721: Algernon: handler.lua disc", "url": "https://github.com/advisories/GHSA-xwcr-wm99-g9jc" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a12b03c9-3a4c-4779-94f8-29946e8ce927", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45758", "pattern": "[vulnerability:name = 'CVE-2026-45758']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45758: Malicious code in guardrai", "url": "https://github.com/advisories/GHSA-xmpw-2vmm-p4p6" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5735ef5b-90d6-4be4-82ce-ef148a03f053", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46339", "pattern": "[vulnerability:name = 'CVE-2026-46339']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46339: 9router: Unauthenticated R", "url": "https://github.com/advisories/GHSA-fhh6-4qxv-rpqj" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--343354de-6028-4dc2-b534-51ee7cc1a35f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46354", "pattern": "[vulnerability:name = 'CVE-2026-46354']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46354: Coder: PKCS#7 signature by", "url": "https://github.com/advisories/GHSA-6x44-w3xg-hqqf" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b14e36a-a836-45ed-8028-6156057c04e4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46395", "pattern": "[vulnerability:name = 'CVE-2026-46395']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46395: HAXcms: Private Key Disclo", "url": "https://github.com/advisories/GHSA-6c8g-9hfh-pq5h" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b2e7492-4bcd-48a7-b793-b3bb6991ad6a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46412", "pattern": "[vulnerability:name = 'CVE-2026-46412']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The AntV Supply Chain Campaign Expands: Microsoft's `durable", "url": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "Snyk", "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10ebdf96-1096-4101-9088-ee5901455dbc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-47323", "pattern": "[vulnerability:name = 'CVE-2026-47323']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-47323: Camel-CXF and Camel-Knativ", "url": "https://github.com/advisories/GHSA-8364-hfqj-pwm6" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b1df2edc-c7df-4909-bc63-1e56a335ac64", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: iis.01nmwe.xyz", "pattern": "[domain-name:value = 'iis.01nmwe.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83d19d0f-84f5-4d47-a91e-b0667f827708", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: lee.6686ty.vip", "pattern": "[domain-name:value = 'lee.6686ty.vip']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bb72e20-254a-4dcc-b7cb-0d5154a482d2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sh.azurestaticprovider.net", "pattern": "[domain-name:value = 'sh.azurestaticprovider.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Active Supply Chain Attack: Malicious node-ipc Versions Publ", "url": "https://www.stepsecurity.io/blog/node-ipc-npm-supply-chain-attack" }, { "source_name": "Malicious node-ipc versions published to npm in suspected ma", "url": "https://snyk.io/blog/malicious-node-ipc-versions-published-npm/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79db395e-6626-414b-b5e4-741a5c7a69d8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 143.92.36.109", "pattern": "[ipv4-addr:value = '143.92.36.109']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4fb7a5ab-afc0-4889-8fd5-b8af4e2f498c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 154.23.186.99", "pattern": "[ipv4-addr:value = '154.23.186.99']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07fcf3d7-7bf2-4d10-ac3f-ccad82fa5948", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 154.36.149.4", "pattern": "[ipv4-addr:value = '154.36.149.4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b39eb130-e3be-47d1-b9c2-d70f0f24b9ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.181.52.147", "pattern": "[ipv4-addr:value = '38.181.52.147']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e485ac1c-342b-4144-a635-c7aff024747a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.194.17.133", "pattern": "[ipv4-addr:value = '45.194.17.133']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--287c3397-1352-4191-a899-4058c046c2b4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 833fd59ebe66a4449982c6d18db656b4", "pattern": "[file:hashes.MD5 = '833fd59ebe66a4449982c6d18db656b4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The AntV Supply Chain Campaign Expands: Microsoft's `durable", "url": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/" }, { "source_name": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, in", "url": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised" } ], "x_severity": "crit", "x_sources": [ "Snyk", "GitHub Security Advisories", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9b9549de-f70f-4799-be42-db3a89bc9bc2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: b82e54923f7e440664d2d75bd31588ca", "pattern": "[file:hashes.MD5 = 'b82e54923f7e440664d2d75bd31588ca']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The AntV Supply Chain Campaign Expands: Microsoft's `durable", "url": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/" }, { "source_name": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, in", "url": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised" } ], "x_severity": "crit", "x_sources": [ "Snyk", "GitHub Security Advisories", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4357b4d6-62de-40db-a16b-b6a1d7f84908", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 12ed9a3c1f73617aefdb740480695c04405d7b4b", "pattern": "[file:hashes.'SHA-1' = '12ed9a3c1f73617aefdb740480695c04405d7b4b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The AntV Supply Chain Campaign Expands: Microsoft's `durable", "url": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/" }, { "source_name": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, in", "url": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised" } ], "x_severity": "crit", "x_sources": [ "Snyk", "GitHub Security Advisories", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9622e440-2fab-4a4a-85ba-7e7b42075ed3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: e7d582b98ca80690883175470e96f703ef6dc497", "pattern": "[file:hashes.'SHA-1' = 'e7d582b98ca80690883175470e96f703ef6dc497']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The AntV Supply Chain Campaign Expands: Microsoft's `durable", "url": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/" }, { "source_name": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply C", "url": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem" }, { "source_name": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, in", "url": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised" } ], "x_severity": "crit", "x_sources": [ "Snyk", "GitHub Security Advisories", "StepSecurity", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e31b331-ebcd-4af3-83e3-ca99627cc913", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 01577f5b0869154fb678bcf86eef50afceb5fc189c87b2085fe5fcdf74cd6ff0", "pattern": "[file:hashes.'SHA-256' = '01577f5b0869154fb678bcf86eef50afceb5fc189c87b2085fe5fcdf74cd6ff0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ddb4f45d-15b1-4b14-81ad-d93aa663d0e8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 03fef9805e2e7dfd31d9277253fbc1a5c3eddeedee4e1950e42f860b7e936287", "pattern": "[file:hashes.'SHA-256' = '03fef9805e2e7dfd31d9277253fbc1a5c3eddeedee4e1950e42f860b7e936287']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a421441-06b0-4cdc-af9a-a96b3814f8cd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0ebe923b7bc39489532b377c69ce808c38206dd931286d0b0b4bf7b245020174", "pattern": "[file:hashes.'SHA-256' = '0ebe923b7bc39489532b377c69ce808c38206dd931286d0b0b4bf7b245020174']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dff5cff1-0cf3-4dbb-b517-b78c36072a14", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 144129f42081dbbacbbd15688dc5f4dcb97c3dd17cc1352abe80b524c0ea7ca8", "pattern": "[file:hashes.'SHA-256' = '144129f42081dbbacbbd15688dc5f4dcb97c3dd17cc1352abe80b524c0ea7ca8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f96291df-e6c5-4923-8582-12f7f2946915", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1bb1187daff9610a0c142b48bc04d3e883344ca0eca8fe915d6a02fb3e7571ff", "pattern": "[file:hashes.'SHA-256' = '1bb1187daff9610a0c142b48bc04d3e883344ca0eca8fe915d6a02fb3e7571ff']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a74ad4c4-8d43-494b-81ef-43fde8da00b5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 402c616229aa0c7f98cfc3f4e9781c2468bd79c2d23da1cdf38172cb082a8a9c", "pattern": "[file:hashes.'SHA-256' = '402c616229aa0c7f98cfc3f4e9781c2468bd79c2d23da1cdf38172cb082a8a9c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e42b6ba-13f7-4ac8-b5d4-bab6ef148534", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4091ddc3560fb60bd3ef071367fd833d67c3c6e3e81165aa3d93519b93959658", "pattern": "[file:hashes.'SHA-256' = '4091ddc3560fb60bd3ef071367fd833d67c3c6e3e81165aa3d93519b93959658']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--215eb85a-2015-4bda-aa1f-6b0ee376615b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 44bfb9f0e13dd72ed111b5b5600b80b305ab153a0ee2224957e76391b28ac037", "pattern": "[file:hashes.'SHA-256' = '44bfb9f0e13dd72ed111b5b5600b80b305ab153a0ee2224957e76391b28ac037']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--760a325e-87ec-4270-9105-fa64a761861b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 521869f9ee6066c33fb1615cbcad66de157876bd08cec05597e4d3a0405efac8", "pattern": "[file:hashes.'SHA-256' = '521869f9ee6066c33fb1615cbcad66de157876bd08cec05597e4d3a0405efac8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e863619-6cad-413d-a805-572dc7275e50", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 524a9dfe12299ec9cc3148692b620130c7e767ed0430f211be4128a82c0fdafc", "pattern": "[file:hashes.'SHA-256' = '524a9dfe12299ec9cc3148692b620130c7e767ed0430f211be4128a82c0fdafc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0c34a116-3540-43a6-a20c-e2659b35ccc3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5904b42d8099a6657ea21a6af0ae9bd50ae7ca4b619fee125df133051cff2b8a", "pattern": "[file:hashes.'SHA-256' = '5904b42d8099a6657ea21a6af0ae9bd50ae7ca4b619fee125df133051cff2b8a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07cb312d-c662-4116-b032-bd8a9cfba682", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 59b416efff07208dc8b1c98a6f754e3abc14e55d71971ddc5581f6bc7ca45837", "pattern": "[file:hashes.'SHA-256' = '59b416efff07208dc8b1c98a6f754e3abc14e55d71971ddc5581f6bc7ca45837']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf9d8b9c-6441-4c71-bf31-88e08db2da39", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 65967f471440449d2f1b615ff1338b8082b0481b617eda4d9f21a9f102b98859", "pattern": "[file:hashes.'SHA-256' = '65967f471440449d2f1b615ff1338b8082b0481b617eda4d9f21a9f102b98859']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--35c956a4-86c1-450f-ad4d-b3c4600f9acc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 79b3c217f5b7c257d8c7f4c8166102e9754208e60306aa3f4bf917e765fac8ea", "pattern": "[file:hashes.'SHA-256' = '79b3c217f5b7c257d8c7f4c8166102e9754208e60306aa3f4bf917e765fac8ea']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37ace300-23ad-4bfa-a9e2-b0f2ff8bebb4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7a0e2aee8141c06558347dc4800daba06ab337c5619ba501da49ed03adf8175e", "pattern": "[file:hashes.'SHA-256' = '7a0e2aee8141c06558347dc4800daba06ab337c5619ba501da49ed03adf8175e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--550c18df-8444-4f2a-9eb6-dfdd7c5d517e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 80e9a39292b7af7b9831563799776808e597bade3fba4f4d7b25b6833a8c7e5a", "pattern": "[file:hashes.'SHA-256' = '80e9a39292b7af7b9831563799776808e597bade3fba4f4d7b25b6833a8c7e5a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--50e56b46-72ce-4d74-9066-9bb31c91535c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9eb45f6f529f9f385a87b13c41351800a1046718d45e7d99e1feb053c26d469f", "pattern": "[file:hashes.'SHA-256' = '9eb45f6f529f9f385a87b13c41351800a1046718d45e7d99e1feb053c26d469f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92e96b23-a3f9-46a0-9b58-0b75894038fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a68dd1e6a6e35ec3771e1f94fe796f55dfe65a2b94560516ff4ac189390dfa1c", "pattern": "[file:hashes.'SHA-256' = 'a68dd1e6a6e35ec3771e1f94fe796f55dfe65a2b94560516ff4ac189390dfa1c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Mini Shai-Hulud strikes again: npm worm compromises hundreds", "url": "https://www.aikido.dev/blog/mini-shai-hulud-antv-npm-supply-chain-attack" }, { "source_name": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Publi", "url": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c090e6f9-e506-4748-9ba4-05affc479beb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b0f419467a36a9ab71fe0aa8e1587377d668789b18907ec0993cb549c61c9d42", "pattern": "[file:hashes.'SHA-256' = 'b0f419467a36a9ab71fe0aa8e1587377d668789b18907ec0993cb549c61c9d42']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18898a92-93bf-4608-b45e-b1014023160c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b9ba4c4fff3f5042805b2d75484fdf4e0a7e067cfa560b07544570e20775457e", "pattern": "[file:hashes.'SHA-256' = 'b9ba4c4fff3f5042805b2d75484fdf4e0a7e067cfa560b07544570e20775457e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb28b387-4693-44fc-aaee-f84ce22c9d40", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bbf9d7dafba979ef9c1e8531a20d3bea1adcdbb628816ce8781d7eeb6292f265", "pattern": "[file:hashes.'SHA-256' = 'bbf9d7dafba979ef9c1e8531a20d3bea1adcdbb628816ce8781d7eeb6292f265']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--69940571-7ab4-472f-8975-f5a70bf2fada", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bf9d8c0c3ed3ceaa831a13de27f1b1c7c7b7f01d2db4103bfdba4191940b0301", "pattern": "[file:hashes.'SHA-256' = 'bf9d8c0c3ed3ceaa831a13de27f1b1c7c7b7f01d2db4103bfdba4191940b0301']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Active Supply Chain Attack: Malicious node-ipc Versions Publ", "url": "https://www.stepsecurity.io/blog/node-ipc-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a94e0518-89b4-42d9-b5c5-fe9701e0e96d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c732067b3d8763c248051366ab7beeae0d7fbe105884d4d3f8647e3427f36daf", "pattern": "[file:hashes.'SHA-256' = 'c732067b3d8763c248051366ab7beeae0d7fbe105884d4d3f8647e3427f36daf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ab753a7-9555-4e1f-8f5b-c84766533c56", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d0da3be9de8e7068a65247b8195d73e88f454820e13c1de62675e1f845d6fabf", "pattern": "[file:hashes.'SHA-256' = 'd0da3be9de8e7068a65247b8195d73e88f454820e13c1de62675e1f845d6fabf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--40192388-90d7-4876-a3d3-c318c572d043", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e1c117bfa71d0cf5e9305839d56c73752be53bd6426d4c2b4f5d51ee3735d8e6", "pattern": "[file:hashes.'SHA-256' = 'e1c117bfa71d0cf5e9305839d56c73752be53bd6426d4c2b4f5d51ee3735d8e6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d487967-a395-408a-a812-63f8a228f650", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e7d8b5647917589949634155d936d8aa4dd25307a9292fb43d47281001859a9b", "pattern": "[file:hashes.'SHA-256' = 'e7d8b5647917589949634155d936d8aa4dd25307a9292fb43d47281001859a9b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61a192be-ed98-427c-a578-3e7daf56add7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: eda7a7edc01392706a872a5a275940b4a4b9471dc562eb70128ee672872d1407", "pattern": "[file:hashes.'SHA-256' = 'eda7a7edc01392706a872a5a275940b4a4b9471dc562eb70128ee672872d1407']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d5472402-c682-446e-b88c-47903067849f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f1dcd2809a001a0d0ea3221939f7afd2ef9e5bf468709bd91abd70c902c42d45", "pattern": "[file:hashes.'SHA-256' = 'f1dcd2809a001a0d0ea3221939f7afd2ef9e5bf468709bd91abd70c902c42d45']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef57d0a9-9a26-4ddf-a964-e09e8bbb2a0b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f9017361349421728fc1ac1bc1549b3d23b35bd795f0a83be2e9e517bccaccdc", "pattern": "[file:hashes.'SHA-256' = 'f9017361349421728fc1ac1bc1549b3d23b35bd795f0a83be2e9e517bccaccdc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cd736cc-ed44-461a-b7c4-7e092f37c7e0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fa15ba707356cb474c16ce04abd86ae9d074763ab965e3766d6af56f37003dda", "pattern": "[file:hashes.'SHA-256' = 'fa15ba707356cb474c16ce04abd86ae9d074763ab965e3766d6af56f37003dda']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f034851e-5f85-41cf-9b8e-f6b5706f1750", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142", "pattern": "[file:hashes.'SHA-256' = 'fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Mini Shai-Hulud strikes again: npm worm compromises hundreds", "url": "https://www.aikido.dev/blog/mini-shai-hulud-antv-npm-supply-chain-attack" }, { "source_name": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Publi", "url": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e332e204-7173-4b24-9904-fa6acda2bd63", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fdbe78935bd3f56df43a4702b83a568881f119e43236e92ecf10ca19eac6b87f", "pattern": "[file:hashes.'SHA-256' = 'fdbe78935bd3f56df43a4702b83a568881f119e43236e92ecf10ca19eac6b87f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c846f29-6480-4b71-bf94-2a82117d9dad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ff8095aba365885b0886da894794ac45ae5e0c3363a45ae106383e5bd1353941", "pattern": "[file:hashes.'SHA-256' = 'ff8095aba365885b0886da894794ac45ae5e0c3363a45ae106383e5bd1353941']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosys", "url": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad5828cf-9452-419b-8203-be41898a6467", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20131", "pattern": "[vulnerability:name = 'CVE-2026-20131']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "IT threat evolution in Q1 2026. Mobile statistics", "url": "https://securelist.com/malware-report-q1-2026-mobile-statistics/119819/" }, { "source_name": "CISA KEV: CVE-2026-20131 \u2014 Cisco Secure Firewall Management ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c435c72b-5f59-4691-aa4f-c31594fda9b4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45625", "pattern": "[vulnerability:name = 'CVE-2026-45625']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45625: Arcane Backend: Missing ad", "url": "https://github.com/advisories/GHSA-7h26-hg47-p9hx" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0e16801-1449-497b-aab1-409026b7e0d4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45697", "pattern": "[vulnerability:name = 'CVE-2026-45697']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45697: Formie: Pre-authenticated ", "url": "https://github.com/advisories/GHSA-x7m9-mwc2-g6w2" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df67a494-63ac-4aa6-9add-6269e57f0c6c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45829", "pattern": "[vulnerability:name = 'CVE-2026-45829']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45829: ChromaDB Python project ha", "url": "https://github.com/advisories/GHSA-f4j7-r4q5-qw2c" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--896d339d-ed7b-4321-bdea-b079cc444580", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-7301", "pattern": "[vulnerability:name = 'CVE-2026-7301']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-7301: SGLanG: Multimodal schedule", "url": "https://github.com/advisories/GHSA-gwv6-pq6m-p3rq" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45ebf9f9-4826-40e1-890c-ed219113c3d4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-7302", "pattern": "[vulnerability:name = 'CVE-2026-7302']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-7302: SGLang's multimodal generat", "url": "https://github.com/advisories/GHSA-qwrp-wghp-94q2" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--285467c2-1604-4980-baba-dbb69cb58fd9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-7304", "pattern": "[vulnerability:name = 'CVE-2026-7304']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-7304: SGLang: Unauthenticated RCE", "url": "https://github.com/advisories/GHSA-36m8-w8qf-g76p" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0c838e3f-0e3a-4d67-9d88-7f6e0956b0d5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: m-kosche.com", "pattern": "[domain-name:value = 'm-kosche.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Publi", "url": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e11cfd9c-03d9-4f63-a660-bab9db417c54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.95.159.32", "pattern": "[ipv4-addr:value = '185.95.159.32']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Publi", "url": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54866ab9-a5cd-4f23-b173-4a12360ad0b1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: b06b126b9e26af03a7ef2f8b8e90d446", "pattern": "[file:hashes.MD5 = 'b06b126b9e26af03a7ef2f8b8e90d446']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Publi", "url": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d8ac38b6-668f-4164-975a-699464ecdf7d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 783b4019fc5b942a29846132d28441c8fc31bed8", "pattern": "[file:hashes.'SHA-1' = '783b4019fc5b942a29846132d28441c8fc31bed8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Publi", "url": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af33ffc2-763f-4998-8783-9c879c0643f0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6dbaa43bf2f3c0d3cddbca74967e952da563fb974c1ef9d4ecbb2e58e41fe81b", "pattern": "[file:hashes.'SHA-256' = '6dbaa43bf2f3c0d3cddbca74967e952da563fb974c1ef9d4ecbb2e58e41fe81b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] GHSA-wx9m-wx4f-4cmg: Malicious dropper in ", "url": "https://github.com/advisories/GHSA-wx9m-wx4f-4cmg" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d2d641e2-f12d-498a-880c-1f2de05b69b1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-42897", "pattern": "[vulnerability:name = 'CVE-2026-42897']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-42897 \u2014 Microsoft Exchange Server Cross-S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9f9148b-186d-44b1-9028-494c126ffe83", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: azurestaticprovider.net", "pattern": "[domain-name:value = 'azurestaticprovider.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious node-ipc versions published to npm in suspected ma", "url": "https://snyk.io/blog/malicious-node-ipc-versions-published-npm/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80517eee-d18e-49ed-8323-124d3f76bdb0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 37.16.75.69", "pattern": "[ipv4-addr:value = '37.16.75.69']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious node-ipc versions published to npm in suspected ma", "url": "https://snyk.io/blog/malicious-node-ipc-versions-published-npm/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34e89f96-c2d7-4f8b-9ce5-e19bdb593332", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.87.92.109", "pattern": "[ipv4-addr:value = '194.87.92.109']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight Wit", "url": "https://unit42.paloaltonetworks.com/gremlin-stealer-evolution/" } ], "x_severity": "high", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aca3defe-b1c3-462c-91d7-edcdd8ed4102", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2172dae9a5a695e00e0e4609e7db0207d8566d225f7e815fada246ae995c0f9b", "pattern": "[file:hashes.'SHA-256' = '2172dae9a5a695e00e0e4609e7db0207d8566d225f7e815fada246ae995c0f9b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight Wit", "url": "https://unit42.paloaltonetworks.com/gremlin-stealer-evolution/" } ], "x_severity": "high", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2f67fc6-29ba-4859-8d8a-b6d0804553e1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-38831", "pattern": "[vulnerability:name = 'CVE-2023-38831']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "FrostyNeighbor: Fresh mischief and digital shenanigans", "url": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c1ea06b-fa5b-4ec8-a343-a87618a8ad83", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-42009", "pattern": "[vulnerability:name = 'CVE-2024-42009']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "FrostyNeighbor: Fresh mischief and digital shenanigans", "url": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/" }, { "source_name": "ESET APT Activity Report Q2 2025\u2013Q3 2025", "url": "https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2025-q3-2025/" }, { "source_name": "CISA KEV: CVE-2024-42009 \u2014 RoundCube Webmail Cross-Site Scri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--29e29357-1451-459f-b05a-67b369cd66a6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-27886", "pattern": "[vulnerability:name = 'CVE-2026-27886']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-27886: Strapi may leak sensitive ", "url": "https://github.com/advisories/GHSA-rjg2-95x7-8qmx" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5945bf1c-7420-4506-a684-590835bee9d1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44789", "pattern": "[vulnerability:name = 'CVE-2026-44789']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-44789: n8n: HTTP Request Node Pag", "url": "https://github.com/advisories/GHSA-c8xv-5998-g76h" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--489e2fce-098f-4fea-8e07-4b039a788c9a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44791", "pattern": "[vulnerability:name = 'CVE-2026-44791']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-44791: n8n Has an XML Node Protot", "url": "https://github.com/advisories/GHSA-wrwr-h859-xh2r" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--681fcbc8-65f6-449c-8cfa-9fdf17e99539", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44848", "pattern": "[vulnerability:name = 'CVE-2026-44848']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-44848: Portainer missing authoriz", "url": "https://github.com/advisories/GHSA-rrmm-9v76-h3p4" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e185048d-a01e-4e4a-b0e4-098d036dfc8e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44849", "pattern": "[vulnerability:name = 'CVE-2026-44849']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-44849: Portainer has an endpoint ", "url": "https://github.com/advisories/GHSA-5fxq-qcf3-244w" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e3004de-f289-4443-b0f1-c21d12c64ad6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-44990", "pattern": "[vulnerability:name = 'CVE-2026-44990']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-44990: Apostrophe has default XSS", "url": "https://github.com/advisories/GHSA-rpr9-rxv7-x643" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--843fc4d8-2ec8-4caf-9609-c247d41f076c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45288", "pattern": "[vulnerability:name = 'CVE-2026-45288']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45288: Marten has an injection vu", "url": "https://github.com/advisories/GHSA-vmw2-qwm8-x84c" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71016102-3cb6-4fd5-bb98-6963bc67e3ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45311", "pattern": "[vulnerability:name = 'CVE-2026-45311']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45311: DeepSeek TUI: run_tests To", "url": "https://github.com/advisories/GHSA-wx44-2q6h-j6p8" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--74ac6299-9d8f-46bf-98a6-a63390bd6209", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45369", "pattern": "[vulnerability:name = 'CVE-2026-45369']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45369: utcp-cli Vulnerable to Com", "url": "https://github.com/advisories/GHSA-33p6-5jxp-p3x4" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5fccbdc-26e0-48e6-9f55-1918fb35a348", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45374", "pattern": "[vulnerability:name = 'CVE-2026-45374']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45374: DeepSeek TUI: task_create ", "url": "https://github.com/advisories/GHSA-72w5-pf8h-xfp4" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe4258d4-f6a2-4a5f-b6d5-5c9c67ebe29d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-45411", "pattern": "[vulnerability:name = 'CVE-2026-45411']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-45411: vm2 Has a Sandbox Breakout", "url": "https://github.com/advisories/GHSA-248r-7h7q-cr24" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e34fd0f-e31f-4eaf-b50d-e61dc9b5303c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-46442", "pattern": "[vulnerability:name = 'CVE-2026-46442']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-46442: FlowiseAI: Authenticated H", "url": "https://github.com/advisories/GHSA-9rvc-vf7m-pgm2" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44d0bc95-b7f4-486b-911b-8d4050d8c1e2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-8178", "pattern": "[vulnerability:name = 'CVE-2026-8178']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "[GHSA / CRITICAL] CVE-2026-8178: Amazon Redshift Vulnerable ", "url": "https://github.com/advisories/GHSA-wmmv-vvg5-993q" } ], "x_severity": "crit", "x_sources": [ "GitHub Security Advisories" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e01ef9e1-053a-4409-8695-f0f99e390859", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: book-happy.needbinding.icu", "pattern": "[domain-name:value = 'book-happy.needbinding.icu']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "FrostyNeighbor: Fresh mischief and digital shenanigans", "url": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--829dafe0-abc2-4337-bf1d-a5d9f2100a78", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: female-disorder-beta-metropolitan.trycloudflare.com", "pattern": "[domain-name:value = 'female-disorder-beta-metropolitan.trycloudflare.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Kimsuky targets organizations with PebbleDash-based tools", "url": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d759af5b-17a2-430c-99bc-182924d152e1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: nama-belakang.nebao.icu", "pattern": "[domain-name:value = 'nama-belakang.nebao.icu']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "FrostyNeighbor: Fresh mischief and digital shenanigans", "url": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85d1fb92-f622-42a0-8fd5-22ca9c710d89", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: nebao.icu", "pattern": "[domain-name:value = 'nebao.icu']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "FrostyNeighbor: Fresh mischief and digital shenanigans", "url": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0a3429c-5b74-41d1-8599-eb41b0b40a34", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: needbinding.icu", "pattern": "[domain-name:value = 'needbinding.icu']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "FrostyNeighbor: Fresh mischief and digital shenanigans", "url": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17aca38c-62ea-4450-a755-7ac76a1932d1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.233.156.1", "pattern": "[ipv4-addr:value = '104.233.156.1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90463bf0-c46b-4152-896b-6310a37c741f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 13.62.52.206", "pattern": "[ipv4-addr:value = '13.62.52.206']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7472acd-416a-459c-ac75-e31b0999cb67", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.163.175.135", "pattern": "[ipv4-addr:value = '194.163.175.135']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da494b30-f714-445b-8fea-877cbb013330", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.233.100.40", "pattern": "[ipv4-addr:value = '194.233.100.40']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d083ae08-9d8f-4033-8c15-728d1d56b947", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 212.83.162.37", "pattern": "[ipv4-addr:value = '212.83.162.37']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556cbb55-8fdd-4c2f-a835-221a5c126cbb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 23.27.143.170", "pattern": "[ipv4-addr:value = '23.27.143.170']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e0c7c90-5646-4f0a-964e-f2f4732b5289", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.181.52.89", "pattern": "[ipv4-addr:value = '38.181.52.89']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a647e53-183a-476a-b769-6f38d28eb7c0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.60.214.92", "pattern": "[ipv4-addr:value = '38.60.214.92']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--030c2624-90c9-4e61-909a-585e2b6dc8f6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 65.20.67.134", "pattern": "[ipv4-addr:value = '65.20.67.134']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4fd5f75-bc25-43d7-87d1-51858c55ac98", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 71.80.85.135", "pattern": "[ipv4-addr:value = '71.80.85.135']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2aedfaf9-fe9b-4aca-bc51-7545970df489", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 79.135.105.208", "pattern": "[ipv4-addr:value = '79.135.105.208']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7d24af42-232f-4c44-8331-363c375ef7b9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 83.229.126.195", "pattern": "[ipv4-addr:value = '83.229.126.195']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7837d680-3f22-4ad8-894f-a20858dcbe93", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 89.125.244.33", "pattern": "[ipv4-addr:value = '89.125.244.33']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be7235b-2a9c-4f51-bb1d-0bf9848619be", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 89.125.244.51", "pattern": "[ipv4-addr:value = '89.125.244.51']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitie", "url": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc92c779-07bb-44d7-803d-810b9d624cef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 52f1ff082e981cbdfd1f045c6021c63f", "pattern": "[file:hashes.MD5 = '52f1ff082e981cbdfd1f045c6021c63f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Kimsuky targets organizations with PebbleDash-based tools", "url": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d54e5361-f7f7-4c24-b59c-ffeded6176a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 65fc9f06de5603e2c1af9b4f288bb22c", "pattern": "[file:hashes.MD5 = '65fc9f06de5603e2c1af9b4f288bb22c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Kimsuky targets organizations with PebbleDash-based tools", "url": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86b796d3-5a71-4cd8-b5b6-af4690bef80a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 8983ffa6da23e0b99ccc58c17b9788c7", "pattern": "[file:hashes.MD5 = '8983ffa6da23e0b99ccc58c17b9788c7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Kimsuky targets organizations with PebbleDash-based tools", "url": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8cac283f-78a9-49ea-a767-04c1e9ab26bf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 8e15c4d4f71bdd9dbc48cd2cabc87806", "pattern": "[file:hashes.MD5 = '8e15c4d4f71bdd9dbc48cd2cabc87806']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Kimsuky targets organizations with PebbleDash-based tools", "url": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b23de4e4-d20d-4523-972e-ec523a805998", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 995a0a49ae4b244928b3f67e2bfd7a6e", "pattern": "[file:hashes.MD5 = '995a0a49ae4b244928b3f67e2bfd7a6e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Kimsuky targets organizations with PebbleDash-based tools", "url": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/" } ], "x_severity": "crit", "x_sources": [ "Securelist (Kaspersky)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--01fa4ffd-68a7-4e1f-b910-27a8485e98c5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 43E30BE82D82B24A6496F6943ECB6877E83F88AB", "pattern": "[file:hashes.'SHA-1' = '43E30BE82D82B24A6496F6943ECB6877E83F88AB']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "FrostyNeighbor: Fresh mischief and digital shenanigans", "url": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe4c7494-ae61-4d72-8042-9f91b9688e26", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 776A43E46C36A539C916ED426745EE96E2392B39", "pattern": "[file:hashes.'SHA-1' = '776A43E46C36A539C916ED426745EE96E2392B39']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "FrostyNeighbor: Fresh mischief and digital shenanigans", "url": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2eeaa2eb-231b-4c87-9f8b-1fdfc1d717e2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 8D1F2A6DF51C7783F2EAF1A0FC0FF8D032E5B57F", "pattern": "[file:hashes.'SHA-1' = '8D1F2A6DF51C7783F2EAF1A0FC0FF8D032E5B57F']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "FrostyNeighbor: Fresh mischief and digital shenanigans", "url": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d1dc5484-3d9b-4ed6-a4ef-6b1262540acb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: B65551D339AECE718EA1465BF3542C794C445EFC", "pattern": "[file:hashes.'SHA-1' = 'B65551D339AECE718EA1465BF3542C794C445EFC']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "FrostyNeighbor: Fresh mischief and digital shenanigans", "url": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--235dda83-88fa-48d0-8cdd-36890e7b6057", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a", "pattern": "[file:hashes.MD5 = 'c2efb2dcacba6d3ccc175b6ce1b7ed0a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The time of much patching is coming", "url": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86251622-c071-4a28-bd11-0963cdb5e4ba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: dbd8dbecaa80795c135137d69921fdba", "pattern": "[file:hashes.MD5 = 'dbd8dbecaa80795c135137d69921fdba']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The time of much patching is coming", "url": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03039de5-c8a8-4cdf-81bf-7f7548b9cb37", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59", "pattern": "[file:hashes.'SHA-256' = '90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The time of much patching is coming", "url": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--afe735c9-6587-4190-b7df-526290a6de49", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba", "pattern": "[file:hashes.'SHA-256' = 'e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The time of much patching is coming", "url": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/" } ], "x_severity": "high", "x_sources": [ "Cisco Talos" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2422f30-839c-42cc-94af-e37d0812e444", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 12f35b1081b17d21815b35feb57ab03d02482116", "pattern": "[file:hashes.'SHA-1' = '12f35b1081b17d21815b35feb57ab03d02482116']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply C", "url": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem" }, { "source_name": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, in", "url": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--84aad757-b2f9-4f21-8b58-c31940842895", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 820fa07a7328b6cf2b417078e103721d4d8f2e79", "pattern": "[file:hashes.'SHA-1' = '820fa07a7328b6cf2b417078e103721d4d8f2e79']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply C", "url": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem" }, { "source_name": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, in", "url": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a41be8d8-ab51-46a8-811b-8fedc3a38f67", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1e8538c6e0563d50da0f2e097e979ebd5294ce1defe01d0b9fe361ba3bed1898", "pattern": "[file:hashes.'SHA-256' = '1e8538c6e0563d50da0f2e097e979ebd5294ce1defe01d0b9fe361ba3bed1898']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply C", "url": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--600ad315-a660-4e92-af71-78104e85346d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2258284d65f63829bd67eaba01ef6f1ada2f593f9bbe41678b2df360bd90d3df", "pattern": "[file:hashes.'SHA-256' = '2258284d65f63829bd67eaba01ef6f1ada2f593f9bbe41678b2df360bd90d3df']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply C", "url": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem" }, { "source_name": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, in", "url": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0c3d82d-f3bb-4a04-b5f1-891b0838d59d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-26923", "pattern": "[vulnerability:name = 'CVE-2022-26923']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Inside AD CS Escalation: Unpacking Advanced Misuse Technique", "url": "https://unit42.paloaltonetworks.com/active-directory-certificate-services-exploitation/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--709916a6-6aed-4318-95e4-3d3d49ca1128", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-29927", "pattern": "[vulnerability:name = 'CVE-2025-29927']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials a", "url": "https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/" }, { "source_name": "CVE-2025-29927 Authorization Bypass in Next.js Middleware", "url": "https://snyk.io/blog/cve-2025-29927-authorization-bypass-in-next-js-middleware/" } ], "x_severity": "crit", "x_sources": [ "SentinelLabs", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bf61c55-ba95-4ff1-bf83-74c529c5a719", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-48703", "pattern": "[vulnerability:name = 'CVE-2025-48703']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials a", "url": "https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/" }, { "source_name": "CISA KEV: CVE-2025-48703 \u2014 CWP Control Web Panel OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "SentinelLabs", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b7fe3c0-ff93-45a1-bc7e-6461217ed25e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-9501", "pattern": "[vulnerability:name = 'CVE-2025-9501']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials a", "url": "https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/" } ], "x_severity": "crit", "x_sources": [ "SentinelLabs" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f369dd8a-8b01-4634-8e66-9dbe09949208", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-0300", "pattern": "[vulnerability:name = 'CVE-2026-0300']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day", "url": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/" }, { "source_name": "CISA KEV: CVE-2026-0300 \u2014 Palo Alto Networks PAN-OS Out-of-b", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--63f882a0-1e67-4f18-b3be-7f35944642a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-1357", "pattern": "[vulnerability:name = 'CVE-2026-1357']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials a", "url": "https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/" } ], "x_severity": "crit", "x_sources": [ "SentinelLabs" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f59b65ff-95d9-46f6-b470-012895e3e19b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-6973", "pattern": "[vulnerability:name = 'CVE-2026-6973']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-6973 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8c07d1f-e9b8-493b-8226-57502a122c64", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.0.8.48", "pattern": "[ipv4-addr:value = '136.0.8.48']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day", "url": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34c2bb62-9f32-4015-af59-149e4cdebab9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.70.100.69", "pattern": "[ipv4-addr:value = '146.70.100.69']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day", "url": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94dfe136-c72e-4d8a-bb32-3474c568a069", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 149.104.66.84", "pattern": "[ipv4-addr:value = '149.104.66.84']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day", "url": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a68c6302-8126-40fa-8afb-5852f161defb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 67.206.213.86", "pattern": "[ipv4-addr:value = '67.206.213.86']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day", "url": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa94b183-35a0-4f2c-b929-33781f875d03", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 799BB5127CA54239D3D4A14367DB3B712012CF14", "pattern": "[file:hashes.'SHA-1' = '799BB5127CA54239D3D4A14367DB3B712012CF14']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fake call logs, real payments: How CallPhantom tricks Androi", "url": "https://www.welivesecurity.com/en/eset-research/fake-call-logs-real-payments-how-callphantom-tricks-android-users/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cb4e2868-66d3-424a-a656-ccc275d29428", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e11f69b49b6f2e829454371c31ebf86893f82a042dae3f2faf63dcd84f97a584", "pattern": "[file:hashes.'SHA-256' = 'e11f69b49b6f2e829454371c31ebf86893f82a042dae3f2faf63dcd84f97a584']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day", "url": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/" } ], "x_severity": "crit", "x_sources": [ "Unit 42 (Palo Alto)" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f777d76a-2d01-41f1-aa6b-0e42cc983995", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sqgame.com.cn", "pattern": "[domain-name:value = 'sqgame.com.cn']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A rigged game: ScarCruft compromises gaming platform in a su", "url": "https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--879a5ca3-03ed-4862-8fe1-929183a44b3f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sqgame.net", "pattern": "[domain-name:value = 'sqgame.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A rigged game: ScarCruft compromises gaming platform in a su", "url": "https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79403526-2a6c-470e-aa13-0865d916d41b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: xiazai.sqgame.com.cn", "pattern": "[domain-name:value = 'xiazai.sqgame.com.cn']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A rigged game: ScarCruft compromises gaming platform in a su", "url": "https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ec1a0fe-51a1-4d0b-be8e-ca37a5c9c90b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 03E3ECE9F48CF4104AAFC535790CA2FB3C6B26CF", "pattern": "[file:hashes.'SHA-1' = '03E3ECE9F48CF4104AAFC535790CA2FB3C6B26CF']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A rigged game: ScarCruft compromises gaming platform in a su", "url": "https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--140c629f-1872-477e-9424-067f6d62df9e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: FC0C691DB7E2D2BD3B0B4C1E24D18DF72168B7D9", "pattern": "[file:hashes.'SHA-1' = 'FC0C691DB7E2D2BD3B0B4C1E24D18DF72168B7D9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A rigged game: ScarCruft compromises gaming platform in a su", "url": "https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72da389c-21a7-454a-832f-9ace8eb91f1f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0.io", "pattern": "[domain-name:value = 'cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CanisterSprawl: pgserve Compromised on npm: Malicious Versio", "url": "https://www.stepsecurity.io/blog/pgserve-compromised-on-npm-malicious-versions-harvest-credentials" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9b2c9f2-e39f-4028-b4ca-8a7744453619", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: telemetry.api-monitor.com", "pattern": "[domain-name:value = 'telemetry.api-monitor.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CanisterSprawl: pgserve Compromised on npm: Malicious Versio", "url": "https://www.stepsecurity.io/blog/pgserve-compromised-on-npm-malicious-versions-harvest-credentials" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc17ae31-17e5-4d54-ae03-44a623ef5a5f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 18f784b3bc9a0bcdcb1a8d7f51bc5f54323fc40cbd874119354ab609bef6e4cb", "pattern": "[file:hashes.'SHA-256' = '18f784b3bc9a0bcdcb1a8d7f51bc5f54323fc40cbd874119354ab609bef6e4cb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer", "url": "https://www.stepsecurity.io/blog/bitwarden-cli-hijacked-on-npm-bun-staged-credential-stealer-targets-developers-github-actions-and-ai-tools" }, { "source_name": "Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Sel", "url": "https://www.aikido.dev/blog/shai-hulud-npm-bitwarden-cli-compromise" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c17193b-6d7a-43df-ab84-65599bb836ca", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 80a3d2877813968ef847ae73b5eeeb70b9435254e74d7f07d8cf4057f0a710ac", "pattern": "[file:hashes.'SHA-256' = '80a3d2877813968ef847ae73b5eeeb70b9435254e74d7f07d8cf4057f0a710ac']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4", "url": "https://www.stepsecurity.io/blog/shai-hulud-worm-pivots-to-multi-cloud-intercom-client-hijacked" }, { "source_name": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Se", "url": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared" }, { "source_name": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP", "url": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3a0c52cc-b470-4e7e-bcc4-7c366d225ce6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8605e365edf11160aad517c7d79a3b26b62290e5072ef97b102a01ddbb343f14", "pattern": "[file:hashes.'SHA-256' = '8605e365edf11160aad517c7d79a3b26b62290e5072ef97b102a01ddbb343f14']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer", "url": "https://www.stepsecurity.io/blog/bitwarden-cli-hijacked-on-npm-bun-staged-credential-stealer-targets-developers-github-actions-and-ai-tools" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8721ed4f-64b5-436a-b218-6d112d590884", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: igotnofriendsonlineorirl-imgonnakmslmao.skyhanni.cloud", "pattern": "[domain-name:value = 'igotnofriendsonlineorirl-imgonnakmslmao.skyhanni.cloud']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "elementary-data Compromised on PyPI and GHCR: Forged Release", "url": "https://www.stepsecurity.io/blog/elementary-data-compromised-on-pypi-and-ghcr-forged-release-pushed-via-github-actions-script-injection" }, { "source_name": "Malicious Release of elementary-data PyPI Package Steals Clo", "url": "https://snyk.io/blog/malicious-release-of-elementary-data-pypi-package-steals-cloud-credentials-from-data-engineers/" } ], "x_severity": "high", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7bb78b4e-6593-4a8b-8980-db6a9f2f1efe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-41940", "pattern": "[vulnerability:name = 'CVE-2026-41940']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-41940 \u2014 WebPros cPanel & WHM and WP2 (Wor", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--718b00bf-d0c0-4e38-8283-9a33eec07b16", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: 22evxpggnkyrxpluewqsrv5j4jtde6hut2peq3w44d6ase676qlkoead.onion", "pattern": "[domain-name:value = '22evxpggnkyrxpluewqsrv5j4jtde6hut2peq3w44d6ase676qlkoead.onion']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "lightning PyPI Compromise: A Bun-Based Credential Stealer in", "url": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b562b173-33af-42f7-9bcb-61f995c86718", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 40d0f21b64ec8fb3a7a1959897252e09", "pattern": "[file:hashes.MD5 = '40d0f21b64ec8fb3a7a1959897252e09']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "lightning PyPI Compromise: A Bun-Based Credential Stealer in", "url": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aeaac620-fd9c-44fa-a20a-caf7519e74f6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: f1b3e7b3eec3294c4d6b5f87854a52471f03997f", "pattern": "[file:hashes.'SHA-1' = 'f1b3e7b3eec3294c4d6b5f87854a52471f03997f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "lightning PyPI Compromise: A Bun-Based Credential Stealer in", "url": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d86cb3e0-1769-48e1-9beb-00b8bf237526", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 56070a9d8de0c0ffb1ec5c309953cf4679432df5a78df9aeb020fbb73d2be9fb", "pattern": "[file:hashes.'SHA-256' = '56070a9d8de0c0ffb1ec5c309953cf4679432df5a78df9aeb020fbb73d2be9fb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "lightning PyPI Compromise: A Bun-Based Credential Stealer in", "url": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d310f129-47c0-4e79-95cd-68a978b95958", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5f5852b5f604369945118937b058e49064612ac69826e0adadca39a357dfb5b1", "pattern": "[file:hashes.'SHA-256' = '5f5852b5f604369945118937b058e49064612ac69826e0adadca39a357dfb5b1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Popular PyTorch Lightning Package Compromised by Mini Shai-H", "url": "https://www.aikido.dev/blog/pytorch-lightning-pypi-compromise-mini-shai-hulud" }, { "source_name": "lightning PyPI Compromise: A Bun-Based Credential Stealer in", "url": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f72eb765-92c8-4cc9-806c-8add58fa5aa8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8046a11187c135da6959862ff3846e99ad15462d2ec8a2f77a30ad53ebd5dcf2", "pattern": "[file:hashes.'SHA-256' = '8046a11187c135da6959862ff3846e99ad15462d2ec8a2f77a30ad53ebd5dcf2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Popular PyTorch Lightning Package Compromised by Mini Shai-H", "url": "https://www.aikido.dev/blog/pytorch-lightning-pypi-compromise-mini-shai-hulud" }, { "source_name": "lightning PyPI Compromise: A Bun-Based Credential Stealer in", "url": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--611c5a9c-46e3-412d-962b-68645ae6b47f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 0af7415d65753f6aede8c9c0f39be478666b9c12", "pattern": "[file:hashes.'SHA-1' = '0af7415d65753f6aede8c9c0f39be478666b9c12']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Se", "url": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared" }, { "source_name": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP", "url": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--963c0062-da95-4735-893e-6201651ed0c2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 4b04304f6d51392e3f43856c94ca95800518a694", "pattern": "[file:hashes.'SHA-1' = '4b04304f6d51392e3f43856c94ca95800518a694']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Se", "url": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared" }, { "source_name": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP", "url": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9d498fe8-043c-467f-9372-f126a23a721c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 7b6a28e92149637e5d7c7f4a2d3e54acd507c929", "pattern": "[file:hashes.'SHA-1' = '7b6a28e92149637e5d7c7f4a2d3e54acd507c929']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Se", "url": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared" }, { "source_name": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP", "url": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c1f53fb-6dd0-4800-9715-1c0d642321e6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: e80824a19f48d778a746571bb15279b5679fd61c", "pattern": "[file:hashes.'SHA-1' = 'e80824a19f48d778a746571bb15279b5679fd61c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Se", "url": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared" }, { "source_name": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP", "url": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/" } ], "x_severity": "crit", "x_sources": [ "Aikido", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b436cc0-7858-4285-9496-bc4880b7d5f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 29ac906c8bd801dfe1cb39596197df49f80fff2270b3e7fbab52278c24e4f1a7", "pattern": "[file:hashes.'SHA-256' = '29ac906c8bd801dfe1cb39596197df49f80fff2270b3e7fbab52278c24e4f1a7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Se", "url": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61598c61-0cef-4e9a-9481-81c6c8a235f1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-40478", "pattern": "[vulnerability:name = 'CVE-2026-40478']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Don't Panic: The Thymeleaf Template Injection That Only Hurt", "url": "https://snyk.io/blog/thymeleaf-injection/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8202541d-50b2-47e0-a934-3bd04d998076", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: api.svix.com", "pattern": "[domain-name:value = 'api.svix.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Someone published four versions of a fake \"tanstack\" package", "url": "https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70bf53c0-c00c-4477-bcc8-716660d945b4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 35baf8316645372eea40b91d48acb067", "pattern": "[file:hashes.MD5 = '35baf8316645372eea40b91d48acb067']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP", "url": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f724237-d519-4279-a8d2-bfdd7cf96ab9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 307d0fa7407d40e67d14e9d5a4c61ac5b4f20431", "pattern": "[file:hashes.'SHA-1' = '307d0fa7407d40e67d14e9d5a4c61ac5b4f20431']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP", "url": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dabe8de6-f76f-43b7-a23c-46a1283bc498", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 04ee5325c8900c9d644ed81c9012525b6fc19f21c65cef85b6ba98b6a0a23566", "pattern": "[file:hashes.'SHA-256' = '04ee5325c8900c9d644ed81c9012525b6fc19f21c65cef85b6ba98b6a0a23566']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Someone published four versions of a fake \"tanstack\" package", "url": "https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--705697d6-b603-4209-86f3-b9956e119f81", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 72ec4571e27c06f1d48737477c2b38a4f90d699950dab8946b48591133dc4f90", "pattern": "[file:hashes.'SHA-256' = '72ec4571e27c06f1d48737477c2b38a4f90d699950dab8946b48591133dc4f90']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Someone published four versions of a fake \"tanstack\" package", "url": "https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07c61b17-cbef-40c9-a4c7-1239c31e4945", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7bb84e6ba893248814cd3bac70b7bdc115740fba9e13419940c73460cbcd7b6f", "pattern": "[file:hashes.'SHA-256' = '7bb84e6ba893248814cd3bac70b7bdc115740fba9e13419940c73460cbcd7b6f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Someone published four versions of a fake \"tanstack\" package", "url": "https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86d295f3-97db-46b5-a4d6-fcc2935dbcc1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: abc164807947b102164488a08161adb4ee08be6b78a371350a6b156eed0d97d9", "pattern": "[file:hashes.'SHA-256' = 'abc164807947b102164488a08161adb4ee08be6b78a371350a6b156eed0d97d9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Someone published four versions of a fake \"tanstack\" package", "url": "https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4e32284-9f46-4db8-b44b-8936e2b5141a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-1708", "pattern": "[vulnerability:name = 'CVE-2024-1708']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-1708 \u2014 ConnectWise ScreenConnect Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de88fbad-e1ce-4cc2-9e85-b95f64af293e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-32202", "pattern": "[vulnerability:name = 'CVE-2026-32202']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-32202 \u2014 Microsoft Windows Protection Mech", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d250981f-1742-4d40-a9d6-2654af26d2ea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-3965", "pattern": "[vulnerability:name = 'CVE-2026-3965']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Qinglong task scheduler RCE vulnerabilities exploited in the", "url": "https://snyk.io/blog/qinglong-task-scheduler-rce-vulnerabilities/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--308a65c9-2b25-4ca4-b8ed-6e923e94febf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-4047", "pattern": "[vulnerability:name = 'CVE-2026-4047']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Qinglong task scheduler RCE vulnerabilities exploited in the", "url": "https://snyk.io/blog/qinglong-task-scheduler-rce-vulnerabilities/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d4f82e6f-d8b7-4bd2-aa65-93ee5191e8dc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: file.551911.xyz", "pattern": "[domain-name:value = 'file.551911.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Qinglong task scheduler RCE vulnerabilities exploited in the", "url": "https://snyk.io/blog/qinglong-task-scheduler-rce-vulnerabilities/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65b38dc7-a5cc-4df7-96ab-7789d222244b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: b1e4b1f3aad0d489ab0e9208031c67402bbb8480", "pattern": "[file:hashes.'SHA-1' = 'b1e4b1f3aad0d489ab0e9208031c67402bbb8480']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious Release of elementary-data PyPI Package Steals Clo", "url": "https://snyk.io/blog/malicious-release-of-elementary-data-pypi-package-steals-cloud-credentials-from-data-engineers/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfbc298-8f33-41af-8ea7-f1c5bd9efd15", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 31ecc5939de6d24cf60c50d4ca26cf7a8c322db82a8ce4bd122ebd89cf634255", "pattern": "[file:hashes.'SHA-256' = '31ecc5939de6d24cf60c50d4ca26cf7a8c322db82a8ce4bd122ebd89cf634255']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious Release of elementary-data PyPI Package Steals Clo", "url": "https://snyk.io/blog/malicious-release-of-elementary-data-pypi-package-steals-cloud-credentials-from-data-engineers/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f29db266-2807-4aa8-80e7-98ea23ec1f92", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-57726", "pattern": "[vulnerability:name = 'CVE-2024-57726']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57726 \u2014 SimpleHelp Missing Authorization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-57727 \u2014 SimpleHelp Path Traversal Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f63ea1e6-562e-4ef4-8982-e1edae6e676c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-57728", "pattern": "[vulnerability:name = 'CVE-2024-57728']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57728 \u2014 SimpleHelp Path Traversal Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-57727 \u2014 SimpleHelp Path Traversal Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5b6fedd-758e-49f2-8016-2f3328543e80", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-7399", "pattern": "[vulnerability:name = 'CVE-2024-7399']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7399 \u2014 Samsung MagicINFO 9 Server Path Tr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-4632 \u2014 Samsung MagicINFO 9 Server Path Tr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--424020ba-1829-4956-bb8b-87b36cfca40f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-29635", "pattern": "[vulnerability:name = 'CVE-2025-29635']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29635 \u2014 D-Link DIR-823X Command Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa2d74d2-551c-414d-88b1-27d80c717308", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.147.173.172", "pattern": "[ipv4-addr:value = '38.147.173.172']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-39987 \u2014 Marimo Remote Code Execution Vuln", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba35142a-d57c-4ffa-9fc2-f1a0132468ab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 43.231.113.50", "pattern": "[ipv4-addr:value = '43.231.113.50']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GopherWhisper: A burrow full of malware", "url": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71ad7a27-4f36-4c10-bef7-87b8b33f58c8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 0ff6abe0252d4f37a196a1231fae5f26", "pattern": "[file:hashes.MD5 = '0ff6abe0252d4f37a196a1231fae5f26']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "fast16 | Mystery Shadow Brokers Reference Reveals High-Preci", "url": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/" } ], "x_severity": "crit", "x_sources": [ "SentinelLabs" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f7e6bc1-a97a-448a-a230-758fc2f6205f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 410eddfc19de44249897986ecc8ac449", "pattern": "[file:hashes.MD5 = '410eddfc19de44249897986ecc8ac449']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "fast16 | Mystery Shadow Brokers Reference Reveals High-Preci", "url": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/" } ], "x_severity": "crit", "x_sources": [ "SentinelLabs" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bfd5b9ec-e92b-4cf4-a016-132fd2216479", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: dbe51eabebf9d4ef9581ef99844a2944", "pattern": "[file:hashes.MD5 = 'dbe51eabebf9d4ef9581ef99844a2944']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "fast16 | Mystery Shadow Brokers Reference Reveals High-Preci", "url": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/" } ], "x_severity": "crit", "x_sources": [ "SentinelLabs" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e218e61-dd66-4170-a337-a76d4fe889fd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 039eb329a173fce7efeca18611a8f2c0f7d24609", "pattern": "[file:hashes.'SHA-1' = '039eb329a173fce7efeca18611a8f2c0f7d24609']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GopherWhisper: A burrow full of malware", "url": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f3987fb-eb9f-48de-84e7-61307d793118", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 57c2490e4db194d3503ee85635fb1d6f26e8c534", "pattern": "[file:hashes.'SHA-1' = '57c2490e4db194d3503ee85635fb1d6f26e8c534']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GopherWhisper: A burrow full of malware", "url": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4778b73a-931d-490b-9e5a-8561022a7c33", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 5a1bbb40c442b12594a913431f8c6757a3a66e8f", "pattern": "[file:hashes.'SHA-1' = '5a1bbb40c442b12594a913431f8c6757a3a66e8f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GopherWhisper: A burrow full of malware", "url": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4aa30fa-0195-4555-a080-2b8e06ea4311", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 716554dc580a82cc17a1035add302c0766590964", "pattern": "[file:hashes.'SHA-1' = '716554dc580a82cc17a1035add302c0766590964']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GopherWhisper: A burrow full of malware", "url": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d382dc23-8ed1-4b49-a6d0-22b1de1882d4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 926974facfd0383c65458d6ef1f31fbb7c769e18", "pattern": "[file:hashes.'SHA-1' = '926974facfd0383c65458d6ef1f31fbb7c769e18']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GopherWhisper: A burrow full of malware", "url": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10ab44a3-2fff-438b-9f01-cf3798af0350", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: ad7e264eb08415871617e45f21d03f7d71e4c36f", "pattern": "[file:hashes.'SHA-1' = 'ad7e264eb08415871617e45f21d03f7d71e4c36f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GopherWhisper: A burrow full of malware", "url": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--158fb324-86d7-4870-ba24-a41b854b3438", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: c72e7540d6f12d74d8e737b02f31568385f575d7", "pattern": "[file:hashes.'SHA-1' = 'c72e7540d6f12d74d8e737b02f31568385f575d7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GopherWhisper: A burrow full of malware", "url": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd229a8c-8e42-44b3-b247-59ac09e93678", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: de584703c78a60a56028f9834086facd1401b355", "pattern": "[file:hashes.'SHA-1' = 'de584703c78a60a56028f9834086facd1401b355']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "fast16 | Mystery Shadow Brokers Reference Reveals High-Preci", "url": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/" } ], "x_severity": "crit", "x_sources": [ "SentinelLabs" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1db5540c-f53c-4819-a14f-3b1f828e14b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: fa9e65e58eb8fa41fde0a0a870b7d24b298026d9", "pattern": "[file:hashes.'SHA-1' = 'fa9e65e58eb8fa41fde0a0a870b7d24b298026d9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GopherWhisper: A burrow full of malware", "url": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc7704dd-786f-4aae-b867-ead2e72e02f6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 07c69fc33271cf5a2ce03ac1fed7a3b16357aec093c5bf9ef61fbfa4348d0529", "pattern": "[file:hashes.'SHA-256' = '07c69fc33271cf5a2ce03ac1fed7a3b16357aec093c5bf9ef61fbfa4348d0529']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "fast16 | Mystery Shadow Brokers Reference Reveals High-Preci", "url": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/" } ], "x_severity": "crit", "x_sources": [ "SentinelLabs" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e332362d-2529-4739-8b51-a9a6c7d92e39", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8fcb4d3d4df61719ee3da98241393779290e0efcd88a49e363e2a2dfbc04dae9", "pattern": "[file:hashes.'SHA-256' = '8fcb4d3d4df61719ee3da98241393779290e0efcd88a49e363e2a2dfbc04dae9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "fast16 | Mystery Shadow Brokers Reference Reveals High-Preci", "url": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/" } ], "x_severity": "crit", "x_sources": [ "SentinelLabs" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8185a3b7-89ef-44e5-9d97-55acfa3d2444", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9a10e1faa86a5d39417cae44da5adf38824dfb9a16432e34df766aa1dc9e3525", "pattern": "[file:hashes.'SHA-256' = '9a10e1faa86a5d39417cae44da5adf38824dfb9a16432e34df766aa1dc9e3525']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "fast16 | Mystery Shadow Brokers Reference Reveals High-Preci", "url": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/" } ], "x_severity": "crit", "x_sources": [ "SentinelLabs" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af479022-43ab-49bd-90f5-fd5f19c2f70f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 37f34aa3b86db6898065f3ca886031978580a15251f2576f6d24c3b778907336", "pattern": "[file:hashes.'SHA-256' = '37f34aa3b86db6898065f3ca886031978580a15251f2576f6d24c3b778907336']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Sel", "url": "https://www.aikido.dev/blog/shai-hulud-npm-bitwarden-cli-compromise" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eeb50608-bc38-4a8d-9c0d-71403c136d79", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sync.geeker.indevs.in", "pattern": "[domain-name:value = 'sync.geeker.indevs.in']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GPT-Proxy Backdoor in npm and PyPI turns Servers into Chines", "url": "https://www.aikido.dev/blog/gpt-proxy-backdoor-npm-pypi-chinese-llm-relay" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce9f363d-b3ce-4ffa-b780-6214c1d631b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3a3d8f8636fa1db21871005a49ecd7fa59688fa763622fa737ce6b899558b300", "pattern": "[file:hashes.'SHA-256' = '3a3d8f8636fa1db21871005a49ecd7fa59688fa763622fa737ce6b899558b300']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GPT-Proxy Backdoor in npm and PyPI turns Servers into Chines", "url": "https://www.aikido.dev/blog/gpt-proxy-backdoor-npm-pypi-chinese-llm-relay" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--622094fb-d141-4fd2-bd12-b970ec4205dd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5d58ce3119c37f2bd552f4d883a4f4896dfcb8fb04875f844f999497e4ca846d", "pattern": "[file:hashes.'SHA-256' = '5d58ce3119c37f2bd552f4d883a4f4896dfcb8fb04875f844f999497e4ca846d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GPT-Proxy Backdoor in npm and PyPI turns Servers into Chines", "url": "https://www.aikido.dev/blog/gpt-proxy-backdoor-npm-pypi-chinese-llm-relay" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6dd6954f-1e9c-468d-b6fd-41d24a882931", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b3405b8456f4e82f192cdff6fdd5b290a58fafda01fbc08174105b922bd7b3cf", "pattern": "[file:hashes.'SHA-256' = 'b3405b8456f4e82f192cdff6fdd5b290a58fafda01fbc08174105b922bd7b3cf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GPT-Proxy Backdoor in npm and PyPI turns Servers into Chines", "url": "https://www.aikido.dev/blog/gpt-proxy-backdoor-npm-pypi-chinese-llm-relay" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--98257acb-457b-4a5f-bd8c-adb6d26291c0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fb3ae78d09c119ec335c3b99a95c97d9bb6f92fd2c7c9b0d3e875347e2f25bb2", "pattern": "[file:hashes.'SHA-256' = 'fb3ae78d09c119ec335c3b99a95c97d9bb6f92fd2c7c9b0d3e875347e2f25bb2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GPT-Proxy Backdoor in npm and PyPI turns Servers into Chines", "url": "https://www.aikido.dev/blog/gpt-proxy-backdoor-npm-pypi-chinese-llm-relay" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bd416d6b-5227-4d32-a1f3-8d4a4488492a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-27351", "pattern": "[vulnerability:name = 'CVE-2023-27351']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-27351 \u2014 PaperCut NG/MF Improper Authentic", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c5042aea-e4a9-4345-b677-2f882f5a6178", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-27199", "pattern": "[vulnerability:name = 'CVE-2024-27199']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27199 \u2014 JetBrains TeamCity Relative Path ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0473a5f-c75e-496c-b24f-eee523929f3c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-2749", "pattern": "[vulnerability:name = 'CVE-2025-2749']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2749 \u2014 Kentico Xperience Path Traversal V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-2746 \u2014 Kentico Xperience CMS Authenticati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4b38e28-38fd-45bb-8af0-2b74822f854e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-32975", "pattern": "[vulnerability:name = 'CVE-2025-32975']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32975 \u2014 Quest KACE Systems Management App", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ecde290f-2b19-473d-b50e-9beadc397648", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-48700", "pattern": "[vulnerability:name = 'CVE-2025-48700']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-48700 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f4984f6b-95ac-4f8f-a899-79b7288fcd24", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-34197", "pattern": "[vulnerability:name = 'CVE-2026-34197']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-34197 \u2014 Apache ActiveMQ Improper Input Va", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee7ec4ce-184c-4495-a087-4e848d3b745e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2009-0238", "pattern": "[vulnerability:name = 'CVE-2009-0238']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2009-0238 \u2014 Microsoft Office Remote Code Execu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2db51b5-c820-4d27-9a6b-3a99d2a97cf2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-32201", "pattern": "[vulnerability:name = 'CVE-2026-32201']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-32201 \u2014 Microsoft SharePoint Server Impro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--82150f82-22ac-4bf5-8300-876a9cecbfe6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2012-1854", "pattern": "[vulnerability:name = 'CVE-2012-1854']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2012-1854 \u2014 Microsoft Visual Basic for Applica", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--88a69c09-8ce4-43ac-833c-db50776e813e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-9715", "pattern": "[vulnerability:name = 'CVE-2020-9715']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-9715 \u2014 Adobe Acrobat Use-After-Free Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fab54960-e1f0-4d02-adf6-bb83e0b620aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-21529", "pattern": "[vulnerability:name = 'CVE-2023-21529']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-21529 \u2014 Microsoft Exchange Server Deseria", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0ee269a-de8d-457c-8e0a-83f3c2198aa4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-36424", "pattern": "[vulnerability:name = 'CVE-2023-36424']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-36424 \u2014 Microsoft Windows Out-of-Bounds R", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ff7e68c-124a-431b-9359-a4a0c23e568f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-60710", "pattern": "[vulnerability:name = 'CVE-2025-60710']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-60710 \u2014 Microsoft Windows Link Following ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c62ef07-a925-462d-8406-22f83c9ade0f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-21643", "pattern": "[vulnerability:name = 'CVE-2026-21643']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-21643 \u2014 Fortinet FortiClient EMS SQL Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8590ff5d-0ff0-408c-bb2f-760cfe68f853", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-34621", "pattern": "[vulnerability:name = 'CVE-2026-34621']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-34621 \u2014 Adobe Acrobat and Reader Prototyp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ab4bafd6-d77a-46f1-97b1-a4c8d1cdafe4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: api.metrics-trustwallet.com", "pattern": "[domain-name:value = 'api.metrics-trustwallet.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Securing Vibe Coding and AI Coding Agents: An End-to-End App", "url": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--839a8bf9-1792-4be1-a0e7-d60d8dd9325c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: metrics-trustwallet.com", "pattern": "[domain-name:value = 'metrics-trustwallet.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Securing Vibe Coding and AI Coding Agents: An End-to-End App", "url": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7ca44133-6310-4ba1-ab4e-959af796695f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-25253", "pattern": "[vulnerability:name = 'CVE-2026-25253']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cline Supply Chain Attack Detected: cline@2.3.0 Silently Ins", "url": "https://www.stepsecurity.io/blog/cline-supply-chain-attack-detected-cline-2-3-0-silently-installs-openclaw" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1fd0cec-ea3e-440b-99c1-24695a127027", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: checkmarx.zone", "pattern": "[domain-name:value = 'checkmarx.zone']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" }, { "source_name": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "url": "https://snyk.io/blog/litellm-ai-blast-radius/" }, { "source_name": "litellm: Credential Stealer Hidden in PyPI Wheel", "url": "https://www.stepsecurity.io/blog/litellm-credential-stealer-hidden-in-pypi-wheel" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a8f8663-29fc-4bfc-bf48-9d1ac9a9a5e4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: models.litellm.cloud", "pattern": "[domain-name:value = 'models.litellm.cloud']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" }, { "source_name": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "url": "https://snyk.io/blog/litellm-ai-blast-radius/" }, { "source_name": "litellm: Credential Stealer Hidden in PyPI Wheel", "url": "https://www.stepsecurity.io/blog/litellm-credential-stealer-hidden-in-pypi-wheel" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2114a131-ec15-49e2-9e44-fdd216b0fc35", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: plug-tab-protective-relay.trycloudflare.com", "pattern": "[domain-name:value = 'plug-tab-protective-relay.trycloudflare.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--633b6441-afca-4056-b700-522bcba3f07d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: scan.aquasecurtiy.org", "pattern": "[domain-name:value = 'scan.aquasecurtiy.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" }, { "source_name": "CanisterWorm: How a Self-Propagating npm Worm Is Spreading B", "url": "https://www.stepsecurity.io/blog/canisterworm-how-a-self-propagating-npm-worm-is-spreading-backdoors-across-the-ecosystem" }, { "source_name": "Trivy Compromised a Second Time - Malicious v0.69.4 Release,", "url": "https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ef0d00e-f463-49f6-9d0b-80e0858dfc39", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io", "pattern": "[domain-name:value = 'tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" }, { "source_name": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "url": "https://snyk.io/blog/litellm-ai-blast-radius/" }, { "source_name": "CanisterWorm: How a Self-Propagating npm Worm Is Spreading B", "url": "https://www.stepsecurity.io/blog/canisterworm-how-a-self-propagating-npm-worm-is-spreading-backdoors-across-the-ecosystem" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc2f8087-372f-414b-8129-fe62d485127c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.148.10.212", "pattern": "[ipv4-addr:value = '45.148.10.212']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44f9aef8-caa5-46dc-acb1-70cd8c3ccc3f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0880819ef821cff918960a39c1c1aada55a5593c61c608ea9215da858a86e349", "pattern": "[file:hashes.'SHA-256' = '0880819ef821cff918960a39c1c1aada55a5593c61c608ea9215da858a86e349']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9515fab4-6927-4530-b33b-54f4cc2893a7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6328a34b26a63423b555a61f89a6a0525a534e9c88584c815d937910f1ddd538", "pattern": "[file:hashes.'SHA-256' = '6328a34b26a63423b555a61f89a6a0525a534e9c88584c815d937910f1ddd538']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ea32c7f-aca6-448f-b145-4fac1686ed7e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 822dd269ec10459572dfaaefe163dae693c344249a0161953f0d5cdd110bd2a0", "pattern": "[file:hashes.'SHA-256' = '822dd269ec10459572dfaaefe163dae693c344249a0161953f0d5cdd110bd2a0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25ec182b-c7b6-4c0a-83c9-7f1edb28ac44", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 887e1f5b5b50162a60bd03b66269e0ae545d0aef0583c1c5b00972152ad7e073", "pattern": "[file:hashes.'SHA-256' = '887e1f5b5b50162a60bd03b66269e0ae545d0aef0583c1c5b00972152ad7e073']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--afd4dc55-f5bb-40c2-baf4-4e45d738ea8d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bef7e2c5a92c4fa4af17791efc1e46311c0f304796f1172fce192f5efc40f5d7", "pattern": "[file:hashes.'SHA-256' = 'bef7e2c5a92c4fa4af17791efc1e46311c0f304796f1172fce192f5efc40f5d7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e56721f-2c39-429c-a656-c76dcb8c59ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d5edd791021b966fb6af0ace09319ace7b97d6642363ef27b3d5056ca654a94c", "pattern": "[file:hashes.'SHA-256' = 'd5edd791021b966fb6af0ace09319ace7b97d6642363ef27b3d5056ca654a94c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7f1c49c-b51e-42bc-8725-054c12b8a607", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e6310d8a003d7ac101a6b1cd39ff6c6a88ee454b767c1bdce143e04bc1111343", "pattern": "[file:hashes.'SHA-256' = 'e6310d8a003d7ac101a6b1cd39ff6c6a88ee454b767c1bdce143e04bc1111343']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7761e390-4fee-4c13-8afa-274984fbfea9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e64e152afe2c722d750f10259626f357cdea40420c5eedab37969fbf13abbecf", "pattern": "[file:hashes.'SHA-256' = 'e64e152afe2c722d750f10259626f357cdea40420c5eedab37969fbf13abbecf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--21cfb409-e01f-4e2f-97bf-208df8ecf81c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ecce7ae5ffc9f57bb70efd3ea136a2923f701334a8cd47d4fbf01a97fd22859c", "pattern": "[file:hashes.'SHA-256' = 'ecce7ae5ffc9f57bb70efd3ea136a2923f701334a8cd47d4fbf01a97fd22859c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3e01371-d16a-468b-adb1-873669aa4fde", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f7084b0229dce605ccc5506b14acd4d954a496da4b6134a294844ca8d601970d", "pattern": "[file:hashes.'SHA-256' = 'f7084b0229dce605ccc5506b14acd4d954a496da4b6134a294844ca8d601970d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Behind the Scenes: How StepSecurity Detected and Helped Reme", "url": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0550f466-3d87-494f-b5d4-e48840ede2e7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: hackmoltrepeat.com", "pattern": "[domain-name:value = 'hackmoltrepeat.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub", "url": "https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e58cd2d-2a88-4f48-81f2-6e6a78582660", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: recv.hackmoltrepeat.com", "pattern": "[domain-name:value = 'recv.hackmoltrepeat.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub", "url": "https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--023bd99a-ca3e-49b0-ba9e-cf09adc07a5c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 89.36.224.5", "pattern": "[ipv4-addr:value = '89.36.224.5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "@velora-dex/sdk Compromised on npm: Malicious Version Drops ", "url": "https://www.stepsecurity.io/blog/velora-dex-sdk-compromised-on-npm-malicious-version-drops-macos-backdoor-via-launchctl-persistence" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a457ac8d-997f-45ac-9259-dbe9c701da61", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-1340", "pattern": "[vulnerability:name = 'CVE-2026-1340']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-1340 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55c9bb03-fe0c-4dd0-83ee-c295184a1402", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: github.com/ColossusQuailPray/oiegjqde", "pattern": "[domain-name:value = 'github.com/ColossusQuailPray/oiegjqde']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GlassWorm goes native: New Zig dropper infects every IDE on ", "url": "https://www.aikido.dev/blog/glassworm-zig-dropper-infects-every-ide-on-your-machine" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6c595a9-cb1a-458f-b8ec-8881e40a65aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 112d1b33dd9b0244525f51e59e6a79ac5ae452bf6e98c310e7b4fa7902e4db44", "pattern": "[file:hashes.'SHA-256' = '112d1b33dd9b0244525f51e59e6a79ac5ae452bf6e98c310e7b4fa7902e4db44']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GlassWorm goes native: New Zig dropper infects every IDE on ", "url": "https://www.aikido.dev/blog/glassworm-zig-dropper-infects-every-ide-on-your-machine" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f02b7f8a-037e-4763-ad44-ddf225500f66", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2819ea44e22b9c47049e86894e544f3fd0de1d8afc7b545314bd3bc718bf2e02", "pattern": "[file:hashes.'SHA-256' = '2819ea44e22b9c47049e86894e544f3fd0de1d8afc7b545314bd3bc718bf2e02']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GlassWorm goes native: New Zig dropper infects every IDE on ", "url": "https://www.aikido.dev/blog/glassworm-zig-dropper-infects-every-ide-on-your-machine" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44bf9f6d-dbd0-4b41-be95-705c0e12de83", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-3502", "pattern": "[vulnerability:name = 'CVE-2026-3502']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-3502 \u2014 TrueConf Client Download of Code W", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2990b3f0-9669-4c6b-9c7a-029ce3ec7dff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 83.142.209.11", "pattern": "[ipv4-addr:value = '83.142.209.11']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "url": "https://snyk.io/blog/litellm-ai-blast-radius/" }, { "source_name": "How a Poisoned Security Scanner Became the Key to Backdoorin", "url": "https://snyk.io/blog/poisoned-security-scanner-backdooring-litellm/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--719c45d1-d3c7-4cbd-be0f-c89e63ed5890", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 83.142.209.203", "pattern": "[ipv4-addr:value = '83.142.209.203']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "TeamPCP Plants WAV Steganography Credential Stealer in telny", "url": "https://www.stepsecurity.io/blog/teampcp-plants-wav-steganography-credential-stealer-in-telnyx-pypi-package" }, { "source_name": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "url": "https://snyk.io/blog/litellm-ai-blast-radius/" }, { "source_name": "Popular telnyx package compromised on PyPI by TeamPCP", "url": "https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3beb6524-be5f-4123-ba27-2a027f835318", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: aquasecurtiy.org", "pattern": "[domain-name:value = 'aquasecurtiy.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "url": "https://snyk.io/blog/litellm-ai-blast-radius/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e010ee41-5d91-4366-b751-76a27c06f421", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cdn.rraghh.com", "pattern": "[domain-name:value = 'cdn.rraghh.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious IoliteLabs VSCode Extensions Target Solidity Devel", "url": "https://www.stepsecurity.io/blog/malicious-iolitelabs-vscode-extensions-target-solidity-developers-on-windows-macos-and-linux-with-backdoor" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7a3bf99e-318c-48cb-9bd1-eb43df4fd99d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: championships-peoples-point-cassette.trycloudflare.com", "pattern": "[domain-name:value = 'championships-peoples-point-cassette.trycloudflare.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "url": "https://snyk.io/blog/litellm-ai-blast-radius/" }, { "source_name": "CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets ", "url": "https://www.aikido.dev/blog/teampcp-stage-payload-canisterworm-iran" } ], "x_severity": "high", "x_sources": [ "Snyk", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ddb57d39-f51c-4da4-a7bb-774b15bcc50f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: investigation-launches-hearings-copying.trycloudflare.com", "pattern": "[domain-name:value = 'investigation-launches-hearings-copying.trycloudflare.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "url": "https://snyk.io/blog/litellm-ai-blast-radius/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11921694-3e6d-4c25-b606-59e8e5404dca", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oortt.com", "pattern": "[domain-name:value = 'oortt.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious IoliteLabs VSCode Extensions Target Solidity Devel", "url": "https://www.stepsecurity.io/blog/malicious-iolitelabs-vscode-extensions-target-solidity-developers-on-windows-macos-and-linux-with-backdoor" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9681c821-9a60-47e6-a441-687f8143038f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: rraghh.com", "pattern": "[domain-name:value = 'rraghh.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious IoliteLabs VSCode Extensions Target Solidity Devel", "url": "https://www.stepsecurity.io/blog/malicious-iolitelabs-vscode-extensions-target-solidity-developers-on-windows-macos-and-linux-with-backdoor" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0eb71996-2c20-47df-bf35-faaddc412560", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: souls-entire-defined-routes.trycloudflare.com", "pattern": "[domain-name:value = 'souls-entire-defined-routes.trycloudflare.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "url": "https://snyk.io/blog/litellm-ai-blast-radius/" }, { "source_name": "CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets ", "url": "https://www.aikido.dev/blog/teampcp-stage-payload-canisterworm-iran" } ], "x_severity": "high", "x_sources": [ "Snyk", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--08ad76d6-8b33-46c1-9797-2ab3a7005d50", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 46.151.182.203", "pattern": "[ipv4-addr:value = '46.151.182.203']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "url": "https://snyk.io/blog/litellm-ai-blast-radius/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07a20d4a-f7a3-47ef-bf84-6db96c03acbf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e903ae267bf7ed1d02b218c1dc7cf6d87257e87de9fbda411a13f9154716bfa3", "pattern": "[file:hashes.'SHA-256' = 'e903ae267bf7ed1d02b218c1dc7cf6d87257e87de9fbda411a13f9154716bfa3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious IoliteLabs VSCode Extensions Target Solidity Devel", "url": "https://www.stepsecurity.io/blog/malicious-iolitelabs-vscode-extensions-target-solidity-developers-on-windows-macos-and-linux-with-backdoor" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--914471e7-5136-41f2-8165-b2c96ca12332", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fcd398abc51fd16e8bc93ef8d88a23d7dec28081b6dfce4b933020322a610508", "pattern": "[file:hashes.'SHA-256' = 'fcd398abc51fd16e8bc93ef8d88a23d7dec28081b6dfce4b933020322a610508']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious IoliteLabs VSCode Extensions Target Solidity Devel", "url": "https://www.stepsecurity.io/blog/malicious-iolitelabs-vscode-extensions-target-solidity-developers-on-windows-macos-and-linux-with-backdoor" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cac39afc-1c3b-4537-81d2-da5639d67836", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-5281", "pattern": "[vulnerability:name = 'CVE-2026-5281']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-5281 \u2014 Google Dawn Use-After-Free Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--508047c5-cf51-4bbc-8727-f9bc63d1517b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-3055", "pattern": "[vulnerability:name = 'CVE-2026-3055']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-3055 \u2014 Citrix NetScaler Out-of-Bounds Rea", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ab26fae5-0fef-462f-8b87-a7988a4d21c9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101", "pattern": "[file:hashes.'SHA-256' = '617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Axios npm Package Compromised: Supply Chain Attack Delivers ", "url": "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/" }, { "source_name": "axios compromised on npm: maintainer account hijacked, RAT d", "url": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat" } ], "x_severity": "high", "x_sources": [ "Snyk", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ab660482-e318-48ae-96ae-3a49c80c0dc2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a", "pattern": "[file:hashes.'SHA-256' = '92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Axios npm Package Compromised: Supply Chain Attack Delivers ", "url": "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/" }, { "source_name": "axios compromised on npm: maintainer account hijacked, RAT d", "url": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat" } ], "x_severity": "high", "x_sources": [ "Snyk", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb8cbee6-fcad-492b-83f1-816bf9772fa6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c", "pattern": "[file:hashes.'SHA-256' = 'ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "axios compromised on npm: maintainer account hijacked, RAT d", "url": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8b4e3218-a0a8-4d7f-958e-78f6cc2c72b2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd", "pattern": "[file:hashes.'SHA-256' = 'f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "axios compromised on npm: maintainer account hijacked, RAT d", "url": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dac2be50-cef3-4a16-a7ce-b588841fc876", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf", "pattern": "[file:hashes.'SHA-256' = 'fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Axios npm Package Compromised: Supply Chain Attack Delivers ", "url": "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/" }, { "source_name": "axios compromised on npm: maintainer account hijacked, RAT d", "url": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat" } ], "x_severity": "high", "x_sources": [ "Snyk", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16ba8be8-ad4d-4f56-8b4f-984c3219d761", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-53521", "pattern": "[vulnerability:name = 'CVE-2025-53521']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53521 \u2014 F5 BIG-IP Stack-Based Buffer Over", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ec5f214-2d68-4b7e-a119-211d258f258f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7321caa303fe96ded0492c747d2f353c4f7d17185656fe292ab0a59e2bd0b8d9", "pattern": "[file:hashes.'SHA-256' = '7321caa303fe96ded0492c747d2f353c4f7d17185656fe292ab0a59e2bd0b8d9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Popular telnyx package compromised on PyPI by TeamPCP", "url": "https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da31b566-0502-443a-898e-d452814f6e40", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: cd08115806662469bbedec4b03f8427b97c8a4b3bc1442dc18b72b4e19395fe3", "pattern": "[file:hashes.'SHA-256' = 'cd08115806662469bbedec4b03f8427b97c8a4b3bc1442dc18b72b4e19395fe3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Popular telnyx package compromised on PyPI by TeamPCP", "url": "https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--709dab77-1c24-439e-9cbc-fc9277a3b6a3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cloudflareguard.vercel.app", "pattern": "[domain-name:value = 'cloudflareguard.vercel.app']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious Polymarket Bot Hides in Hijacked dev-protocol GitH", "url": "https://www.stepsecurity.io/blog/malicious-polymarket-bot-hides-in-hijacked-dev-protocol-github-org-and-steals-wallet-keys" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6906af4-25e0-4c96-bf97-e52e04484484", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cloudflareinsights.vercel.app", "pattern": "[domain-name:value = 'cloudflareinsights.vercel.app']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious Polymarket Bot Hides in Hijacked dev-protocol GitH", "url": "https://www.stepsecurity.io/blog/malicious-polymarket-bot-hides-in-hijacked-dev-protocol-github-org-and-steals-wallet-keys" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9f3b1295-ac11-46df-806a-4573c77635d1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: finney.metagraph-stats.com", "pattern": "[domain-name:value = 'finney.metagraph-stats.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfilt", "url": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d1f5bd9-0a13-4622-8b94-6af4d5ec06e7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: finney.opentensor-metrics.com", "pattern": "[domain-name:value = 'finney.opentensor-metrics.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfilt", "url": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ace3c05-0d1b-4f3e-ad90-9929f36a02a3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: finney.subtensor-telemetry.com", "pattern": "[domain-name:value = 'finney.subtensor-telemetry.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfilt", "url": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8426475-e09b-4c52-a342-cf8ae9a48bc2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: opentensor-cdn.com", "pattern": "[domain-name:value = 'opentensor-cdn.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfilt", "url": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44724319-07ae-44c7-9330-5f7072319efc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: t.opentensor-cdn.com", "pattern": "[domain-name:value = 't.opentensor-cdn.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfilt", "url": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a29a659c-9f32-4b87-b36b-1ad860928387", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: tbqcbkpbhy.opentensor-cdn.com", "pattern": "[domain-name:value = 'tbqcbkpbhy.opentensor-cdn.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfilt", "url": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8d3e4b3-03fe-4fb8-a477-02062a9f983d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: tuwyqibtvy.opentensor-cdn.com", "pattern": "[domain-name:value = 'tuwyqibtvy.opentensor-cdn.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfilt", "url": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9a4e2b9b-fc7d-490b-8423-ca70b8db124a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: yccansiwfr.opentensor-cdn.com", "pattern": "[domain-name:value = 'yccansiwfr.opentensor-cdn.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfilt", "url": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--75b912f3-f27b-4ef3-bd51-ee4a6b10afbb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 217.69.0.159", "pattern": "[ipv4-addr:value = '217.69.0.159']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "ForceMemo: Hundreds of GitHub Python Repos Compromised via A", "url": "https://www.stepsecurity.io/blog/forcememo-hundreds-of-github-python-repos-compromised-via-account-takeover-and-force-push" }, { "source_name": "GlassWorm Hides a RAT Inside a Malicious Chrome Extension", "url": "https://www.aikido.dev/blog/glassworm-chrome-extension-rat" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ceaaa99-d05a-4f71-841e-a3beda9a2b1c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6a416b72ff24804abc12484a3b41413a8580acedd8a5f8c84224fcf0732c2f8e", "pattern": "[file:hashes.'SHA-256' = '6a416b72ff24804abc12484a3b41413a8580acedd8a5f8c84224fcf0732c2f8e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfilt", "url": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--499fa0a5-b229-4499-bb78-c22a9ca3045f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: security-verify.91.214.78.178.nip.io", "pattern": "[domain-name:value = 'security-verify.91.214.78.178.nip.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "xygeni-action Compromised: C2 Reverse Shell Backdoor Injecte", "url": "https://www.stepsecurity.io/blog/xygeni-action-compromised-c2-reverse-shell-backdoor-injected-via-tag-poisoning" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f987f84e-5a58-413b-878f-60bbb6230301", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.214.78.178", "pattern": "[ipv4-addr:value = '91.214.78.178']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "xygeni-action Compromised: C2 Reverse Shell Backdoor Injecte", "url": "https://www.stepsecurity.io/blog/xygeni-action-compromised-c2-reverse-shell-backdoor-injected-via-tag-poisoning" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--634d7b78-0236-4af0-a2d6-be9628573612", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-33017", "pattern": "[vulnerability:name = 'CVE-2026-33017']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-33017 \u2014 Langflow Code Injection Vulnerabi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cec9e84a-2fa1-465d-ac3c-0edc30ea37d7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-31277", "pattern": "[vulnerability:name = 'CVE-2025-31277']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-43510 \u2014 Apple Multiple Products Improper ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--01d8b84d-b740-422a-966c-991c8013f3fa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-32432", "pattern": "[vulnerability:name = 'CVE-2025-32432']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32432 \u2014 Craft CMS Code Injection Vulnerab", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Ass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-58136 \u2014 Yiiframework Yii Improper Protect", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b3be898-c8ab-4559-875c-5dc15d12b663", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-43510", "pattern": "[vulnerability:name = 'CVE-2025-43510']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-43510 \u2014 Apple Multiple Products Improper ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--322dde07-70a5-42e5-bf14-d5db555afc2f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-43520", "pattern": "[vulnerability:name = 'CVE-2025-43520']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-43520 \u2014 Apple Multiple Products Classic B", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2229da9-69a6-4677-90b8-e615bed7d70e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-54068", "pattern": "[vulnerability:name = 'CVE-2025-54068']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54068 \u2014 Laravel Livewire Code Injection V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18e6571a-2a94-44d2-ae34-28a455f54a19", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-12420", "pattern": "[vulnerability:name = 'CVE-2025-12420']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "AI Is Building Your Attack Surface. Are You Testing It?", "url": "https://snyk.io/blog/ai-is-building-your-attack-surface-are-you-testing-it/" }, { "source_name": "Claude Code Security: A Welcome Evolution in the Remediation", "url": "https://snyk.io/blog/claude-code-remediation-loop-evolution/" }, { "source_name": "ServiceNow's Virtual Agent Vulnerability Shows Why AI Securi", "url": "https://snyk.io/blog/servicenow-virtual-agent-vulnerability/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1dc96db5-f174-4686-8862-bd31b3185ddf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-66376", "pattern": "[vulnerability:name = 'CVE-2025-66376']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-66376 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c48c50ce-4b8b-4578-8c07-0e4302798211", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20963", "pattern": "[vulnerability:name = 'CVE-2026-20963']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-20963 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--50ad4b5c-7b65-482d-9939-74fafdba0407", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: raw.githubusercontent.com/BlokTrooper/extension", "pattern": "[domain-name:value = 'raw.githubusercontent.com/BlokTrooper/extension']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "fast-draft Open VSX Extension Compromised by BlokTrooper", "url": "https://www.aikido.dev/blog/fast-draft-open-vsx-bloktrooper" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4b49591-b8a4-4c4c-9e95-406d0a82626c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 195.201.104.53", "pattern": "[ipv4-addr:value = '195.201.104.53']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "fast-draft Open VSX Extension Compromised by BlokTrooper", "url": "https://www.aikido.dev/blog/fast-draft-open-vsx-bloktrooper" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0cff5306-635f-4254-9227-e8f124d89093", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 217.69.3.152", "pattern": "[ipv4-addr:value = '217.69.3.152']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GlassWorm Hides a RAT Inside a Malicious Chrome Extension", "url": "https://www.aikido.dev/blog/glassworm-chrome-extension-rat" }, { "source_name": "Glassworm Strikes Popular React Native Phone Number Packages", "url": "https://www.aikido.dev/blog/glassworm-strikes-react-packages-phone-numbers" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6aa60fd-f5da-4857-91e2-f88d893640d2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.150.34.158", "pattern": "[ipv4-addr:value = '45.150.34.158']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GlassWorm Hides a RAT Inside a Malicious Chrome Extension", "url": "https://www.aikido.dev/blog/glassworm-chrome-extension-rat" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd843ff6-fa80-4daf-a1fa-1fbee85b1750", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 06fab21dc276e3ab9b5d0a1532398979fd377b080c86d74f2c53a04603a43b1d", "pattern": "[file:hashes.'SHA-256' = '06fab21dc276e3ab9b5d0a1532398979fd377b080c86d74f2c53a04603a43b1d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GlassWorm Hides a RAT Inside a Malicious Chrome Extension", "url": "https://www.aikido.dev/blog/glassworm-chrome-extension-rat" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8008ca45-0d4c-481b-abb8-0ead4e4d403d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-47813", "pattern": "[vulnerability:name = 'CVE-2025-47813']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47813 \u2014 Wing FTP Server Information Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca17bad4-28e6-4b05-8281-c08dadb11989", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 59221aa9623d86c930357dba7e3f54138c7ccbd0daa9c483d766cd8ce1b6ad26", "pattern": "[file:hashes.'SHA-256' = '59221aa9623d86c930357dba7e3f54138c7ccbd0daa9c483d766cd8ce1b6ad26']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Glassworm Strikes Popular React Native Phone Number Packages", "url": "https://www.aikido.dev/blog/glassworm-strikes-react-packages-phone-numbers" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d6153ba-b2ec-4db3-ba28-c29274069b26", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-3909", "pattern": "[vulnerability:name = 'CVE-2026-3909']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-3909 \u2014 Google Skia Out-of-Bounds Write Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0033e2cc-e1f0-4968-b4c7-676ac8d312a4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-3910", "pattern": "[vulnerability:name = 'CVE-2026-3910']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-3910 \u2014 Google Chromium V8 Improper Restri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a3aa157a-a0df-47f2-9f11-f526a86eeb6c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: iili.io", "pattern": "[domain-name:value = 'iili.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c6f8bb86-dbc8-4c51-9866-e4ea7832b950", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: short-link.net", "pattern": "[domain-name:value = 'short-link.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb71c2f2-6cae-40d4-b100-21090cac3a76", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 188.137.228.162", "pattern": "[ipv4-addr:value = '188.137.228.162']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--402432d1-d238-43c3-b6e6-18b48383fc53", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 80.89.224.13", "pattern": "[ipv4-addr:value = '80.89.224.13']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0a50c08e-5d51-41e7-8fc4-1e98f16c880f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 107b2badfc93fcdd3ffda7d3999477ced3f39f43f458dd0f6a424c9ab52681c3", "pattern": "[file:hashes.'SHA-256' = '107b2badfc93fcdd3ffda7d3999477ced3f39f43f458dd0f6a424c9ab52681c3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0a52d7a-b8fc-498e-b3e8-4a0938e6c00c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 21fefc3913d3d2dfde7f0dff54800ca7512eb5df9513b1a457a2af25fdd51b26", "pattern": "[file:hashes.'SHA-256' = '21fefc3913d3d2dfde7f0dff54800ca7512eb5df9513b1a457a2af25fdd51b26']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cbbaedf5-af52-4283-9a19-f976449cf8a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2b5d8f8db5fd38ae1c34807dcba35b057cffa61eb14ba3b558f82eb630480c3f", "pattern": "[file:hashes.'SHA-256' = '2b5d8f8db5fd38ae1c34807dcba35b057cffa61eb14ba3b558f82eb630480c3f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2ea9878d-b120-4783-920b-6b32c02988d1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 32973ef02e10a585a4a0196b013265e29fc57d8e1c50752f7b39e43b9f388715", "pattern": "[file:hashes.'SHA-256' = '32973ef02e10a585a4a0196b013265e29fc57d8e1c50752f7b39e43b9f388715']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4cc0084-e513-43bf-83e7-379ed5609fcd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 352f34ea5cc40e2b3ec056ae60fa19a368dbd42503ef225cb1ca57956eb05e81", "pattern": "[file:hashes.'SHA-256' = '352f34ea5cc40e2b3ec056ae60fa19a368dbd42503ef225cb1ca57956eb05e81']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--99ef5b24-a8d4-495d-a5e3-414c7a6ffaa9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 51e86408904c0ca3778361cde746783a0f2b9fd2a6782aa7e062aa597151876e", "pattern": "[file:hashes.'SHA-256' = '51e86408904c0ca3778361cde746783a0f2b9fd2a6782aa7e062aa597151876e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bcff1ced-678f-4b5b-8f2f-dd624fffdd61", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5b978cdc46afa28d83e532cd19622d9097bebedf87efc4c87bd35d8ffad9e672", "pattern": "[file:hashes.'SHA-256' = '5b978cdc46afa28d83e532cd19622d9097bebedf87efc4c87bd35d8ffad9e672']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13e3c4d5-9a89-4228-99bf-0b5e77a823d2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6178b1af51057c0bac75a842afff500a8fa3ed957d79a712a6ef089bec7e7a8b", "pattern": "[file:hashes.'SHA-256' = '6178b1af51057c0bac75a842afff500a8fa3ed957d79a712a6ef089bec7e7a8b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a5b772f-a865-4612-b7be-b22fd9e361e7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 66a7828bc8c6c783b2ffa3c906d53f6dae1bbddc019283cc369d7d73247c5181", "pattern": "[file:hashes.'SHA-256' = '66a7828bc8c6c783b2ffa3c906d53f6dae1bbddc019283cc369d7d73247c5181']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f4536a4-f89c-4005-8713-04b84be0c4ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6fea579685d2433cedb1c32ef704575dcbc1d0a623769e824023ffccd0dedaae", "pattern": "[file:hashes.'SHA-256' = '6fea579685d2433cedb1c32ef704575dcbc1d0a623769e824023ffccd0dedaae']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9dff5f2-07fd-40e2-9950-344ee93df733", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 76eb713e38f145ee68b89f2febd8f9a28bbb2b464da61cb029d84433a0b2c746", "pattern": "[file:hashes.'SHA-256' = '76eb713e38f145ee68b89f2febd8f9a28bbb2b464da61cb029d84433a0b2c746']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bcdf65f8-dea4-44e7-9b6a-402bb7fe8d12", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 801c47550799831bfb1ac6c5c3fd698be95da19fc85bd65f5d8639f26244d2a9", "pattern": "[file:hashes.'SHA-256' = '801c47550799831bfb1ac6c5c3fd698be95da19fc85bd65f5d8639f26244d2a9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1cc1c9c4-d2d4-4c91-b968-dee9bee59348", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 886df55794cbca146de96dcc626471b3c097a5c20ba488033b24f4347aa20a14", "pattern": "[file:hashes.'SHA-256' = '886df55794cbca146de96dcc626471b3c097a5c20ba488033b24f4347aa20a14']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--26d313bf-2b54-4ceb-8593-319e2ef0d4f9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8c6ea44ce7f4ed4e4e7e19e11b3b345d58785c93b33aa795ddd1b0d753236b05", "pattern": "[file:hashes.'SHA-256' = '8c6ea44ce7f4ed4e4e7e19e11b3b345d58785c93b33aa795ddd1b0d753236b05']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d89b574-552b-4c6c-95f6-a10c418189f9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9367f4b4d2775ff47279d143dd9a0ef544ddff81946aab33da9350a49f14e1e1", "pattern": "[file:hashes.'SHA-256' = '9367f4b4d2775ff47279d143dd9a0ef544ddff81946aab33da9350a49f14e1e1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cfc49f67-d12f-4205-8a96-5261e6d52f96", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 993d55f60414bf2092f421c3d0ac6af1897a21cc4ea260ae8e610a402bf4c81c", "pattern": "[file:hashes.'SHA-256' = '993d55f60414bf2092f421c3d0ac6af1897a21cc4ea260ae8e610a402bf4c81c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--471ceca3-1e43-4d74-bc56-9735c42bd3b3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a545908c931ec47884b5ccfb1f112435f5d0cdac140e664673672c9df9016672", "pattern": "[file:hashes.'SHA-256' = 'a545908c931ec47884b5ccfb1f112435f5d0cdac140e664673672c9df9016672']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--67481722-50f4-4c34-845b-234bc5bf73be", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ac60eefc2607216f8126c0b22b6243f3862ef2bb265c585deee0d00a20a436b3", "pattern": "[file:hashes.'SHA-256' = 'ac60eefc2607216f8126c0b22b6243f3862ef2bb265c585deee0d00a20a436b3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b25e35d9-215f-4abe-8c33-effa5b4c84ca", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b891fa118db5190f07b18be46eb9bc10677f9afab1406a7d52ce587522ab3d28", "pattern": "[file:hashes.'SHA-256' = 'b891fa118db5190f07b18be46eb9bc10677f9afab1406a7d52ce587522ab3d28']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b6660fb-9eb4-45da-806b-2655b9014ce5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bad7c6f6ca25363a02eaceb3ed1e378218dc4a246a63d723cfcc5feee3af5056", "pattern": "[file:hashes.'SHA-256' = 'bad7c6f6ca25363a02eaceb3ed1e378218dc4a246a63d723cfcc5feee3af5056']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8850c08d-0229-4cd8-8de2-4608ed8df372", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c6905bae088982a2b234451b45db742098f2e2ab4fd6ca62c8f4e801160552aa", "pattern": "[file:hashes.'SHA-256' = 'c6905bae088982a2b234451b45db742098f2e2ab4fd6ca62c8f4e801160552aa']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b17962b3-ce87-4345-a1e5-f8be9c847cb7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ccb7d999ee4d979e175b8c87e09ccda0cbc93b6140471283e3a1f1f9da33759d", "pattern": "[file:hashes.'SHA-256' = 'ccb7d999ee4d979e175b8c87e09ccda0cbc93b6140471283e3a1f1f9da33759d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bd2d9e66-ca8c-49ff-9a0c-9cf67889a2b2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e20831cecd763d0dc91fb39f3bd61d17002608c5a40a6cf0bd16111f4e50d341", "pattern": "[file:hashes.'SHA-256' = 'e20831cecd763d0dc91fb39f3bd61d17002608c5a40a6cf0bd16111f4e50d341']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a3c6cb73-1548-4253-a5e6-8e73dacc2cbe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: eb9c1649e01db6a9a94d5d50373e54865d672b14ad6f221c98047c562d3cc0f3", "pattern": "[file:hashes.'SHA-256' = 'eb9c1649e01db6a9a94d5d50373e54865d672b14ad6f221c98047c562d3cc0f3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c6471f2f-6a14-43cd-bf59-b7ac6c498a93", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ee90b01b16099e0bb23d4653607a3a559590fc8d0c43120b8456fb1860d2e630", "pattern": "[file:hashes.'SHA-256' = 'ee90b01b16099e0bb23d4653607a3a559590fc8d0c43120b8456fb1860d2e630']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3ed398f7-d4d2-4b88-a9a0-3e1fceb50926", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fb16933b09a4fcca5beff93da05566e924017fb534a2f45caf57b57a633f43a6", "pattern": "[file:hashes.'SHA-256' = 'fb16933b09a4fcca5beff93da05566e924017fb534a2f45caf57b57a633f43a6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DRILLAPP: new backdoor targeting Ukrainian entities with pos", "url": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" } ], "x_severity": "high", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9b56375-9a78-4f7d-a113-8c7a12af50b2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-68613", "pattern": "[vulnerability:name = 'CVE-2025-68613']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-68613 \u2014 n8n Improper Control of Dynamical", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a641bf4-a43a-47c1-a272-f4ca280cb2c7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 929c6399c4fde4fe236bd6712b2c53f750d9ad3a", "pattern": "[file:hashes.'SHA-1' = '929c6399c4fde4fe236bd6712b2c53f750d9ad3a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "kubernetes-el Compromised: How a Pwn Request Exploited a Pop", "url": "https://www.stepsecurity.io/blog/kubernetes-el-compromised-how-a-pwn-request-exploited-a-popular-emacs-package" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c479e228-dfeb-4cb1-b10b-10dfb845504b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 99B454262DC26B081600E844371982A49D334E5E", "pattern": "[file:hashes.'SHA-1' = '99B454262DC26B081600E844371982A49D334E5E']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Sednit reloaded: Back in the trenches", "url": "https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenches/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e6fa639-ccd1-455e-b1f6-ec1ecb0a3c2d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: D0DB619A7A160949528D46D20FC0151BF9775C32", "pattern": "[file:hashes.'SHA-1' = 'D0DB619A7A160949528D46D20FC0151BF9775C32']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Sednit reloaded: Back in the trenches", "url": "https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenches/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c74f8330-e365-44bb-a616-37f15acdc89c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-22054", "pattern": "[vulnerability:name = 'CVE-2021-22054']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-22054 \u2014 Omnissa Workspace ONE Server-Side", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7aed7474-dc99-4b82-8db6-88dfa8c4465d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-26399", "pattern": "[vulnerability:name = 'CVE-2025-26399']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-26399 \u2014 SolarWinds Web Help Desk Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3bd3e8ac-5f6b-4973-a91a-7f8b97242d8b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-1603", "pattern": "[vulnerability:name = 'CVE-2026-1603']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-1603 \u2014 Ivanti Endpoint Manager (EPM) Auth", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f0f57de-c9d7-4193-bb3d-cd200d1e48d2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2017-7921", "pattern": "[vulnerability:name = 'CVE-2017-7921']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2017-7921 \u2014 Hikvision Multiple Products Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2020-25078 \u2014 D-Link DCS-2530L and DCS-2670L De", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2b9a93b-bd70-4eb7-b9e7-c0ab8c05dbee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-22681", "pattern": "[vulnerability:name = 'CVE-2021-22681']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-22681 \u2014 Rockwell Multiple Products Insuff", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10673227-9120-4755-85da-6bd8363188db", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-30952", "pattern": "[vulnerability:name = 'CVE-2021-30952']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-30952 \u2014 Apple Multiple Products Integer O", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05b00a95-f1d8-4074-966d-e27eb7ef20b9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-43000", "pattern": "[vulnerability:name = 'CVE-2023-43000']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-43000 \u2014 Apple Multiple products Use-After", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6602094e-db1f-4f59-9844-5d495cc04dd6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-21385", "pattern": "[vulnerability:name = 'CVE-2026-21385']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-21385 \u2014 Qualcomm Multiple Chipsets Memory", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fce54b4a-2340-4d7f-a444-8950d3214b32", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-22719", "pattern": "[vulnerability:name = 'CVE-2026-22719']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-22719 \u2014 Broadcom VMware Aria Operations C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f59085c-a9c6-4873-94e5-f1602c063212", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-27148", "pattern": "[vulnerability:name = 'CVE-2026-27148']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Persistent XSS/RCE using WebSockets in Storybook\u2019s dev serve", "url": "https://www.aikido.dev/blog/storybooks-websockets-attack" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--146184af-6867-4240-a1a3-5b00ade6476f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: decoorat.net", "pattern": "[domain-name:value = 'decoorat.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--acb0f8aa-fb78-4e7b-84bd-c28e492bdc68", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: decoraat.net", "pattern": "[domain-name:value = 'decoraat.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32d79be4-4200-4f11-9ec8-d92e45cf28cf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gesecole.net", "pattern": "[domain-name:value = 'gesecole.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7b9d907-015f-432f-be2f-d7ad080f01f4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: onedow.gesecole.net", "pattern": "[domain-name:value = 'onedow.gesecole.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa486dc4-39fa-49d4-b5e5-c91800d63a61", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: onedown.gesecole.net", "pattern": "[domain-name:value = 'onedown.gesecole.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c13e3892-8fa2-4576-bf63-0ac8b148d219", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 381247c1d4c68a406237d7d3aa030930", "pattern": "[file:hashes.MD5 = '381247c1d4c68a406237d7d3aa030930']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c98961d2-79b2-4621-9123-d8952ff74968", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 769687f93869a70511aac1ef7c752455", "pattern": "[file:hashes.MD5 = '769687f93869a70511aac1ef7c752455']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d1442e59-5ded-48f6-847b-7018af42ae65", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 7a75e713db41c28378e823322fdea0fd", "pattern": "[file:hashes.MD5 = '7a75e713db41c28378e823322fdea0fd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--963eaa90-94ba-429d-af86-4ca02eae3c50", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 9f331a11a054f33664fe86543fc34cf0", "pattern": "[file:hashes.MD5 = '9f331a11a054f33664fe86543fc34cf0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de2e029a-de48-4e12-876e-db739660bfcf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: e7cb954f4bbdbadbd2c0206577621683", "pattern": "[file:hashes.MD5 = 'e7cb954f4bbdbadbd2c0206577621683']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a66d7dd6-d010-4984-bb75-7e00197bb899", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 1151100a0aa1ed88f7897709444fd3b3b1044c10", "pattern": "[file:hashes.'SHA-1' = '1151100a0aa1ed88f7897709444fd3b3b1044c10']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d333c83d-6499-4a7c-998a-c6d5f3ca8f80", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2336c9a20ecd53ec1be468282bae94c8160eb93a", "pattern": "[file:hashes.'SHA-1' = '2336c9a20ecd53ec1be468282bae94c8160eb93a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--88051525-99cd-48b7-92c9-e98e97bb9c9e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: ad833604d230b241e180950980ea462b3812f82a", "pattern": "[file:hashes.'SHA-1' = 'ad833604d230b241e180950980ea462b3812f82a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4400b3f7-0a13-494e-9f06-369ce49a2f4d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: d1a86ed06b18efef5ce724d2129cf1583b779b44", "pattern": "[file:hashes.'SHA-1' = 'd1a86ed06b18efef5ce724d2129cf1583b779b44']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61ba4183-942d-4379-8e44-a0a2dbcb07c0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: f06da8e29c3f0fafabfc3a524ae8b21730b57ed3", "pattern": "[file:hashes.'SHA-1' = 'f06da8e29c3f0fafabfc3a524ae8b21730b57ed3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d238d580-46b6-43a6-a514-efc80ba9f8d8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 29cd44aa2a51a200d82cca578d97dc13241bc906ea6a33b132c6ca567dc8f3ad", "pattern": "[file:hashes.'SHA-256' = '29cd44aa2a51a200d82cca578d97dc13241bc906ea6a33b132c6ca567dc8f3ad']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5adae8ad-2b0d-44dd-9199-3bb3d85ce8a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 46314092c8d00ab93cbbdc824b9fc39dec9303169163b9625bae3b1717d70ebc", "pattern": "[file:hashes.'SHA-256' = '46314092c8d00ab93cbbdc824b9fc39dec9303169163b9625bae3b1717d70ebc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aeb8b634-7b95-4f18-88bf-3e2d7c2887a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5f9af68db10b029453264cfc9b8eee4265549a2855bb79668ccfc571fb11f5fc", "pattern": "[file:hashes.'SHA-256' = '5f9af68db10b029453264cfc9b8eee4265549a2855bb79668ccfc571fb11f5fc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7438b70-1c3b-4fb4-a97e-dd38be7d89f2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6df8649bf4e233ee86a896ee8e5a3b3179c168ef927ac9283b945186f8629ee7", "pattern": "[file:hashes.'SHA-256' = '6df8649bf4e233ee86a896ee8e5a3b3179c168ef927ac9283b945186f8629ee7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d3a5cc64-68e5-4c0b-a406-099a198a3b82", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8421e7995778faf1f2a902fb2c51d85ae39481f443b7b3186068d5c33c472d99", "pattern": "[file:hashes.'SHA-256' = '8421e7995778faf1f2a902fb2c51d85ae39481f443b7b3186068d5c33c472d99']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce7837e1-b747-43f1-8b80-cd9b588992e6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d293ded5a63679b81556d2c622c78be6253f500b6751d4eeb271e6500a23b21e", "pattern": "[file:hashes.'SHA-256' = 'd293ded5a63679b81556d2c622c78be6253f500b6751d4eeb271e6500a23b21e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--baf87ecf-c034-46a2-99d2-3658fea9c389", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: de8ddc2451fb1305d76ab20661725d11c77625aeeaa1447faf3fbf56706c87f1", "pattern": "[file:hashes.'SHA-256' = 'de8ddc2451fb1305d76ab20661725d11c77625aeeaa1447faf3fbf56706c87f1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e20064b5-57b2-4f60-8c81-625320568b04", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e7ed0cd4115f3ff35c38d36cc50c6a13eba2d845554439a36108789cd1e05b17", "pattern": "[file:hashes.'SHA-256' = 'e7ed0cd4115f3ff35c38d36cc50c6a13eba2d845554439a36108789cd1e05b17']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlugX Meeting Invitation via MSBuild and GDATA", "url": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0add4839-62f7-4882-9020-e14075cb68ab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-20775", "pattern": "[vulnerability:name = 'CVE-2022-20775']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-20775 \u2014 Cisco SD-WAN Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--daa40505-52ee-48f3-9596-2c6c81c7b0ba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-25108", "pattern": "[vulnerability:name = 'CVE-2026-25108']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-25108 \u2014 Soliton Systems K.K FileZen OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--927bba8c-d93e-46dd-bb46-8867a65e2e3c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-25545", "pattern": "[vulnerability:name = 'CVE-2026-25545']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Astro Full-Read SSRF via Host Header Injection", "url": "https://www.aikido.dev/blog/astro-full-read-ssrf-via-host-header-injection" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed0a9244-f156-4386-a98f-feaca99b2587", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-49113", "pattern": "[vulnerability:name = 'CVE-2025-49113']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49113 \u2014 RoundCube Webmail Deserialization", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8136cc9d-21df-4c17-9844-019f077f998e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-68461", "pattern": "[vulnerability:name = 'CVE-2025-68461']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-68461 \u2014 RoundCube Webmail Cross-site Scri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a51865e-489d-491e-81c3-81ede0863129", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-27118", "pattern": "[vulnerability:name = 'CVE-2026-27118']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "SvelteSpill: A Cache Deception Bug in SvelteKit + Vercel", "url": "https://www.aikido.dev/blog/sveltespill-cache-deception-sveltekit-vercel" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8639b816-b62c-4015-bb8f-250804635d7f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: attacker.oastify.com", "pattern": "[domain-name:value = 'attacker.oastify.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "How \u201cClinejection\u201d Turned an AI Bot into a Supply Chain Atta", "url": "https://snyk.io/blog/cline-supply-chain-attack-prompt-injection-github-actions/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28edd3e0-aff4-4aee-a448-e1e8dee66ecd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-22175", "pattern": "[vulnerability:name = 'CVE-2021-22175']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-22175 \u2014 GitLab Server-Side Request Forger", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87fb0433-adf6-4c51-bcc5-1e4c22d0133b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2008-0015", "pattern": "[vulnerability:name = 'CVE-2008-0015']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2008-0015 \u2014 Microsoft Windows Video ActiveX C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--580ab373-a952-4f08-9ac4-ad0d01ba0439", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-7796", "pattern": "[vulnerability:name = 'CVE-2020-7796']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-7796 \u2014 Synacor Zimbra Collaboration Suite", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--064ef9dc-7002-4939-9353-e17a3eec39b5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-7694", "pattern": "[vulnerability:name = 'CVE-2024-7694']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7694 \u2014 TeamT5 ThreatSonar Anti-Ransomware", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a947251f-cc5a-478e-a32b-48d01c97de78", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-2441", "pattern": "[vulnerability:name = 'CVE-2026-2441']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-2441 \u2014 Google Chromium CSS Use-After-Free", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9109d09e-ffed-47c1-93d3-03de5ada949b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gali.web.test.myapptest.top", "pattern": "[domain-name:value = 'gali.web.test.myapptest.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm backdoor lets hackers hijack gambling outcomes", "url": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33490836-69b3-42af-90ec-1f7e6de157f3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gameland.21game.live", "pattern": "[domain-name:value = 'gameland.21game.live']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm backdoor lets hackers hijack gambling outcomes", "url": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae9b1fcb-80c2-46f8-a0d4-9999c6232c29", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gameland.myapptest.top", "pattern": "[domain-name:value = 'gameland.myapptest.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm backdoor lets hackers hijack gambling outcomes", "url": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--253637a8-c842-42fa-81ed-9575dc0216de", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gameland.nbzysp1.com", "pattern": "[domain-name:value = 'gameland.nbzysp1.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm backdoor lets hackers hijack gambling outcomes", "url": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cead0e63-35ea-4c9d-9f46-de669afc6496", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: payment.snip-site.cc", "pattern": "[domain-name:value = 'payment.snip-site.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm backdoor lets hackers hijack gambling outcomes", "url": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592c28b9-9165-447c-a3ec-6db9c86bced9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: payment.y1pay.vip", "pattern": "[domain-name:value = 'payment.y1pay.vip']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm backdoor lets hackers hijack gambling outcomes", "url": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--217d0866-840e-409d-be89-8bda5f593fb0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-3094", "pattern": "[vulnerability:name = 'CVE-2024-3094']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "2024 in Review: The Evolution of CI/CD Security & What's Nex", "url": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next" }, { "source_name": "The XZ backdoor CVE-2024-3094", "url": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a121fd37-c581-4c0d-b655-0daadbc17cc6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae", "pattern": "[file:hashes.'SHA-256' = '319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "2024 in Review: The Evolution of CI/CD Security & What's Nex", "url": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next" }, { "source_name": "The XZ backdoor CVE-2024-3094", "url": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65114d70-0aff-4ccb-916a-e3ac0e1386d8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5448850cdc3a7ae41ff53b433c2adbd0ff492515012412ee63a40d2685db3049", "pattern": "[file:hashes.'SHA-256' = '5448850cdc3a7ae41ff53b433c2adbd0ff492515012412ee63a40d2685db3049']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "2024 in Review: The Evolution of CI/CD Security & What's Nex", "url": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next" }, { "source_name": "The XZ backdoor CVE-2024-3094", "url": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e04b8cda-f422-48d9-8893-6c354ff7aec1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 605861f833fc181c7cdcabd5577ddb8989bea332648a8f498b4eef89b8f85ad4", "pattern": "[file:hashes.'SHA-256' = '605861f833fc181c7cdcabd5577ddb8989bea332648a8f498b4eef89b8f85ad4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "2024 in Review: The Evolution of CI/CD Security & What's Nex", "url": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next" }, { "source_name": "The XZ backdoor CVE-2024-3094", "url": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c7fd35a-9e4c-4ee0-b8e1-8f087dd68926", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8fa641c454c3e0f76de73b7cc3446096b9c8b9d33d406d38b8ac76090b0344fd", "pattern": "[file:hashes.'SHA-256' = '8fa641c454c3e0f76de73b7cc3446096b9c8b9d33d406d38b8ac76090b0344fd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "2024 in Review: The Evolution of CI/CD Security & What's Nex", "url": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next" }, { "source_name": "The XZ backdoor CVE-2024-3094", "url": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d3f7c8b2-a42e-4e2f-8210-6ab24dea622c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b418bfd34aa246b2e7b5cb5d263a640e5d080810f767370c4d2c24662a274963", "pattern": "[file:hashes.'SHA-256' = 'b418bfd34aa246b2e7b5cb5d263a640e5d080810f767370c4d2c24662a274963']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "2024 in Review: The Evolution of CI/CD Security & What's Nex", "url": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next" }, { "source_name": "The XZ backdoor CVE-2024-3094", "url": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--21417671-fb8d-4721-a95e-db94f99483af", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: cbeef92e67bf41ca9c015557d81f39adaba67ca9fb3574139754999030b83537", "pattern": "[file:hashes.'SHA-256' = 'cbeef92e67bf41ca9c015557d81f39adaba67ca9fb3574139754999030b83537']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "2024 in Review: The Evolution of CI/CD Security & What's Nex", "url": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next" }, { "source_name": "The XZ backdoor CVE-2024-3094", "url": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af1d9e65-ee9d-4c5c-a984-0f5e5131d308", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-1731", "pattern": "[vulnerability:name = 'CVE-2026-1731']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-1731 \u2014 BeyondTrust Remote Support (RS) an", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58deeebe-b35b-4b17-8f6a-31d8a294d9d8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 58cfb8b9fee1caa94813c259901dc1baa96bae7d30d79b79a7d441d0ee4e577e", "pattern": "[file:hashes.'SHA-256' = '58cfb8b9fee1caa94813c259901dc1baa96bae7d30d79b79a7d441d0ee4e577e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation MacroMaze: new APT28 campaign using basic tooling", "url": "https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0cf36d9-f9b3-4cf7-838f-37bcdd48e961", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b0f9f0a34ccab1337fbcca24b4f894de8d6d3a6f5db2e0463e2320215e4262e4", "pattern": "[file:hashes.'SHA-256' = 'b0f9f0a34ccab1337fbcca24b4f894de8d6d3a6f5db2e0463e2320215e4262e4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation MacroMaze: new APT28 campaign using basic tooling", "url": "https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--715e5af3-cecd-4186-9d0c-5b5de5e9ca2e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c3b617e0c6b8f01cf628a2b3db40e8d06ef20a3c71365ccc1799787119246010", "pattern": "[file:hashes.'SHA-256' = 'c3b617e0c6b8f01cf628a2b3db40e8d06ef20a3c71365ccc1799787119246010']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation MacroMaze: new APT28 campaign using basic tooling", "url": "https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--535e05e1-d3dd-4140-987b-25ec3ccdac4f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: df60fa6008b1a0b79c394b42d3ada6bab18b798f3c2ca1530a3e0cb4fbbbe9f6", "pattern": "[file:hashes.'SHA-256' = 'df60fa6008b1a0b79c394b42d3ada6bab18b798f3c2ca1530a3e0cb4fbbbe9f6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Operation MacroMaze: new APT28 campaign using basic tooling", "url": "https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/" } ], "x_severity": "crit", "x_sources": [ "Lab52" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--816aa2a6-7a40-4355-a18c-97833b736888", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-43468", "pattern": "[vulnerability:name = 'CVE-2024-43468']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-43468 \u2014 Microsoft Configuration Manager S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17d6513b-775f-4cd9-b2e7-fe4903a12e47", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-15556", "pattern": "[vulnerability:name = 'CVE-2025-15556']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-15556 \u2014 Notepad++ Download of Code Withou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e6823cc-d67d-493a-812b-84331cf9f1ad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-40536", "pattern": "[vulnerability:name = 'CVE-2025-40536']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-40536 \u2014 SolarWinds Web Help Desk Security", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bca10096-132f-449e-88fa-007893f01abf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20700", "pattern": "[vulnerability:name = 'CVE-2026-20700']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-20700 \u2014 Apple Multiple Buffer Overflow Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--852e631a-5744-43fd-a720-5fccb7e893e5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-30066", "pattern": "[vulnerability:name = 'CVE-2025-30066']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Harden-Runner detection: tj-actions/changed-files action is ", "url": "https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised" }, { "source_name": "Suspicious Tag Movement in AWS\u2019s GitHub Action: What Happene", "url": "https://www.stepsecurity.io/blog/suspicious-tag-movement-in-aws-github-action" }, { "source_name": "When 'Changed Files' Changed Everything: Our Black Hat 2025 ", "url": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "CISA KEV", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e3c9920-f880-4895-8fff-1f2da7168bc3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 0e58ed8671d6b60d0890c21b07f8835ace038e67", "pattern": "[file:hashes.'SHA-1' = '0e58ed8671d6b60d0890c21b07f8835ace038e67']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Harden-Runner detection: tj-actions/changed-files action is ", "url": "https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised" }, { "source_name": "Suspicious Tag Movement in AWS\u2019s GitHub Action: What Happene", "url": "https://www.stepsecurity.io/blog/suspicious-tag-movement-in-aws-github-action" }, { "source_name": "When 'Changed Files' Changed Everything: Our Black Hat 2025 ", "url": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "CISA KEV", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9be68627-b4d5-4a04-9501-05375450b0e8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-21513", "pattern": "[vulnerability:name = 'CVE-2026-21513']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-21513 \u2014 Microsoft MSHTML Framework Protec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--819f226c-0e82-41d9-a0e0-f71fb907d665", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-21514", "pattern": "[vulnerability:name = 'CVE-2026-21514']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-21514 \u2014 Microsoft Office Word Reliance on", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cd80baff-2147-439c-a9fd-453404717588", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-21519", "pattern": "[vulnerability:name = 'CVE-2026-21519']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-21519 \u2014 Microsoft Windows Type Confusion ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb7d1ee4-2e01-4713-b82e-9e6eec29ec4b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-21525", "pattern": "[vulnerability:name = 'CVE-2026-21525']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-21525 \u2014 Microsoft Windows NULL Pointer De", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ab0a359e-c013-42a5-9709-6aacaf04ef95", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-21533", "pattern": "[vulnerability:name = 'CVE-2026-21533']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-21533 \u2014 Microsoft Windows Improper Privil", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f21777c-dd20-4bf5-bb97-e021c0e36c76", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: github.com/aztr0nutz/NET_NINJA.v1.2", "pattern": "[domain-name:value = 'github.com/aztr0nutz/NET_NINJA.v1.2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "How a Malicious Google Skill on ClawHub Tricks Users Into In", "url": "https://snyk.io/blog/clawhub-malicious-google-skill-openclaw-malware/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--48edf06a-e857-406c-bf42-49d23350bb88", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: github.com/denboss99/openclaw-core", "pattern": "[domain-name:value = 'github.com/denboss99/openclaw-core']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "How a Malicious Google Skill on ClawHub Tricks Users Into In", "url": "https://snyk.io/blog/clawhub-malicious-google-skill-openclaw-malware/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c3b312b3-f017-438c-8d83-8810b702c61a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: rentry.co/openclaw-core", "pattern": "[domain-name:value = 'rentry.co/openclaw-core']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "How a Malicious Google Skill on ClawHub Tricks Users Into In", "url": "https://snyk.io/blog/clawhub-malicious-google-skill-openclaw-malware/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--137ed80c-f894-4d9c-a8bb-5efc0abe90be", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: setup-service.com", "pattern": "[domain-name:value = 'setup-service.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "How a Malicious Google Skill on ClawHub Tricks Users Into In", "url": "https://snyk.io/blog/clawhub-malicious-google-skill-openclaw-malware/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2f59f72-5186-4c2c-9b21-caf4fad661c3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-11953", "pattern": "[vulnerability:name = 'CVE-2025-11953']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-11953 \u2014 React Native Community CLI OS Com", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6cf2b2c4-3375-4649-b41b-7c3f28ab83f3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-24423", "pattern": "[vulnerability:name = 'CVE-2026-24423']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-24423 \u2014 SmarterTools SmarterMail Missing ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f68fac98-e269-424c-990e-9f9f5ee68313", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-19006", "pattern": "[vulnerability:name = 'CVE-2019-19006']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2019-19006 \u2014 Sangoma FreePBX Improper Authent", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aac038f4-b141-4781-be5d-15c09c0442e8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-39935", "pattern": "[vulnerability:name = 'CVE-2021-39935']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-39935 \u2014 GitLab Community and Enterprise E", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c1489d5-2d3e-40df-a76d-c884f3fadd65", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-40551", "pattern": "[vulnerability:name = 'CVE-2025-40551']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-40551 \u2014 SolarWinds Web Help Desk Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--48b344de-81f5-4abf-94ae-dd29ff86fd78", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-64328", "pattern": "[vulnerability:name = 'CVE-2025-64328']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-64328 \u2014 Sangoma FreePBX OS Command Inject", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c3368ef-9acc-4466-a538-1b87472cff94", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: progamevl.ru", "pattern": "[domain-name:value = 'progamevl.ru']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DynoWiper update: Technical analysis and attribution", "url": "https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3bfb9d3a-af65-40f2-9061-5e95ebb3a231", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 31.172.71.5", "pattern": "[ipv4-addr:value = '31.172.71.5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "DynoWiper update: Technical analysis and attribution", "url": "https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f47ff82e-0eee-4195-bccb-7d15d1b13b20", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-1281", "pattern": "[vulnerability:name = 'CVE-2026-1281']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-1281 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--30edb465-d63b-4c9c-990a-46143f89c2b0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-24858", "pattern": "[vulnerability:name = 'CVE-2026-24858']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-24858 \u2014 Fortinet Multiple Products Authen", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e14d679-e01d-4436-ac44-792306f0420e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: clawdbot.getintwopc.site", "pattern": "[domain-name:value = 'clawdbot.getintwopc.site']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "url": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ccb183d-b020-4fae-842a-bcdc45628a12", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: darkgptprivate.com", "pattern": "[domain-name:value = 'darkgptprivate.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "url": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9c36f07-a58c-4fab-a03d-47d2e282b76c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: meeting.bulletmailer.net", "pattern": "[domain-name:value = 'meeting.bulletmailer.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "url": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--229d3d37-f2dc-4e4d-9acb-de2c21603458", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 178.16.54.253", "pattern": "[ipv4-addr:value = '178.16.54.253']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "url": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d82ecb3-e05d-46f6-84e9-7cb8dcc25ae9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 179.43.176.32", "pattern": "[ipv4-addr:value = '179.43.176.32']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "url": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2891ec55-4fd1-4529-a52d-8489ac1546f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d1e0c26774cb8beabaf64f119652719f673fb530368d5b2166178191ad5fcbea", "pattern": "[file:hashes.'SHA-256' = 'd1e0c26774cb8beabaf64f119652719f673fb530368d5b2166178191ad5fcbea']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "url": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed26ed4d-fbf7-41eb-a616-57871d16a84b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e20b920c7af988aa215c95bbaa365d005dd673544ab7e3577b60fecf11dcdea2", "pattern": "[file:hashes.'SHA-256' = 'e20b920c7af988aa215c95bbaa365d005dd673544ab7e3577b60fecf11dcdea2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "url": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aceed67d-df8e-4f95-b275-a0301bbd1659", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-14634", "pattern": "[vulnerability:name = 'CVE-2018-14634']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-14634 \u2014 Linux Kernel Integer Overflow Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac1b3d68-88be-4e41-a581-6c6847a36d3a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-52691", "pattern": "[vulnerability:name = 'CVE-2025-52691']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-52691 \u2014 SmarterTools SmarterMail Unrestri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c20bcd8-ba6d-415f-8498-cfdffbcf0bc7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-23760", "pattern": "[vulnerability:name = 'CVE-2026-23760']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-23760 \u2014 SmarterTools SmarterMail Authenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de0d023d-2ff0-4e83-a782-4ea1671e6e1a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-37079", "pattern": "[vulnerability:name = 'CVE-2024-37079']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-37079 \u2014 Broadcom VMware vCenter Server Ou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4491f782-6aa9-46d0-895f-8047e8a07081", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: fra.cloud.appwrite.io", "pattern": "[domain-name:value = 'fra.cloud.appwrite.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "G_Wagon: npm Package Deploys Python Stealer Targeting 100+ C", "url": "https://www.aikido.dev/blog/npm-malware-g-wagon-python-stealer-crypto-wallets" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0007f371-84bd-4290-b4ba-16680026c4f0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: login.siemens-energy.icu", "pattern": "[domain-name:value = 'login.siemens-energy.icu']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gone Phishin': npm Packages Serving Custom Credential Harves", "url": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7a712a62-7f23-4740-901d-1bd960161fd3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: login.siemensergy.icu", "pattern": "[domain-name:value = 'login.siemensergy.icu']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gone Phishin': npm Packages Serving Custom Credential Harves", "url": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fae48498-df78-4a24-99b2-f41b778091d8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: nyc.cloud.appwrite.io", "pattern": "[domain-name:value = 'nyc.cloud.appwrite.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "G_Wagon: npm Package Deploys Python Stealer Targeting 100+ C", "url": "https://www.aikido.dev/blog/npm-malware-g-wagon-python-stealer-crypto-wallets" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76006d25-88f4-494c-bddd-0641b3e4dfa7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oprsys.deno.dev", "pattern": "[domain-name:value = 'oprsys.deno.dev']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gone Phishin': npm Packages Serving Custom Credential Harves", "url": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5c1ad51-ecc4-45dc-a647-0961b31a1432", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 163.123.236.118", "pattern": "[ipv4-addr:value = '163.123.236.118']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gone Phishin': npm Packages Serving Custom Credential Harves", "url": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a0a0e9d0-2fbf-4839-a4aa-31ecc3c1a3ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 34.120.54.55", "pattern": "[ipv4-addr:value = '34.120.54.55']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gone Phishin': npm Packages Serving Custom Credential Harves", "url": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5aa347be-7aaf-4834-9e42-faebbd19bbcc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 4ec3c90846af6b79ee1a5188eefa3fd21f6d4cf6", "pattern": "[file:hashes.'SHA-1' = '4ec3c90846af6b79ee1a5188eefa3fd21f6d4cf6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "ESET Research: Sandworm behind cyberattack on Poland\u2019s power", "url": "https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/" } ], "x_severity": "high", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f196772-6fcd-466b-872b-cf5c3ca9d305", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 211f88a55e8fe9254f75c358c42bb7e78e014b862de7ea6e8b80ed1f78d13add", "pattern": "[file:hashes.'SHA-256' = '211f88a55e8fe9254f75c358c42bb7e78e014b862de7ea6e8b80ed1f78d13add']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gone Phishin': npm Packages Serving Custom Credential Harves", "url": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--364c061d-5ec3-450f-86f8-48a9f45790a8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3ceb182fb32a8fb0f0fcf056d6ab8de1cf6e789053f1aadc98ba315ae9a96f0c", "pattern": "[file:hashes.'SHA-256' = '3ceb182fb32a8fb0f0fcf056d6ab8de1cf6e789053f1aadc98ba315ae9a96f0c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gone Phishin': npm Packages Serving Custom Credential Harves", "url": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4d08a0b-dfee-4b7c-a70c-45816c8d8a1f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4631584783d84758ae58bc717b08ac67d99dee30985db18b9d2b08df8721348e", "pattern": "[file:hashes.'SHA-256' = '4631584783d84758ae58bc717b08ac67d99dee30985db18b9d2b08df8721348e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gone Phishin': npm Packages Serving Custom Credential Harves", "url": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70f03f8e-6cd1-4fe0-a30f-7af6b24a0323", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7d7f795ac1fcb5623731a50999f518877fd423a5a98219d0f495c488564a1554", "pattern": "[file:hashes.'SHA-256' = '7d7f795ac1fcb5623731a50999f518877fd423a5a98219d0f495c488564a1554']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gone Phishin': npm Packages Serving Custom Credential Harves", "url": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b30be641-a4dc-4ab8-8f97-a1587b307535", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fdb6c79a8d01b528698c53ebd5030f875242e6af93f6ae799dee7f66b452bf3e", "pattern": "[file:hashes.'SHA-256' = 'fdb6c79a8d01b528698c53ebd5030f875242e6af93f6ae799dee7f66b452bf3e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gone Phishin': npm Packages Serving Custom Credential Harves", "url": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns" } ], "x_severity": "high", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8b8c7deb-34fa-4625-9b05-3336141386de", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-31125", "pattern": "[vulnerability:name = 'CVE-2025-31125']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31125 \u2014 Vite Vitejs Improper Access Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7af2dedf-0f82-4eb2-b8fa-b8e0429464c0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-34026", "pattern": "[vulnerability:name = 'CVE-2025-34026']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-34026 \u2014 Versa Concerto Improper Authentic", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--19cc859d-2a66-4a60-af50-7013327300cf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-54313", "pattern": "[vulnerability:name = 'CVE-2025-54313']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54313 \u2014 Prettier eslint-config-prettier E", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "Supply Chain Security Alert: eslint-config-prettier Package ", "url": "https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise" }, { "source_name": "Maintainers of ESLint Prettier Plugin Attacked via npm Suppl", "url": "https://snyk.io/blog/maintainers-of-eslint-prettier-plugin-attacked-via-npm-supply-chain-malware/" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--29940af8-d088-4a34-a6ab-791105f69768", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-68645", "pattern": "[vulnerability:name = 'CVE-2025-68645']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-68645 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18eaf12c-adff-4d20-96f4-cab4ced43021", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: dothebest.store", "pattern": "[domain-name:value = 'dothebest.store']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious PyPI Packages spellcheckpy and spellcheckerpy Deli", "url": "https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-rat" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e1302ea-91e1-4dd3-a08f-53d170e0eed6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: updatenet.work", "pattern": "[domain-name:value = 'updatenet.work']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious PyPI Packages spellcheckpy and spellcheckerpy Deli", "url": "https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-rat" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--77312678-1502-4337-96db-fa658be7be0a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 172.86.73.139", "pattern": "[ipv4-addr:value = '172.86.73.139']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Malicious PyPI Packages spellcheckpy and spellcheckerpy Deli", "url": "https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-rat" } ], "x_severity": "crit", "x_sources": [ "Aikido" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ec7bd6d-3a82-4d9e-b416-d4f990412f39", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20045", "pattern": "[vulnerability:name = 'CVE-2026-20045']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-20045 \u2014 Cisco Unified Communications Prod", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e633716c-9c1b-4539-a2ed-a19f2bc1b3bb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2026-20805", "pattern": "[vulnerability:name = 'CVE-2026-20805']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2026-20805 \u2014 Microsoft Windows Information Dis", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e9c30df-32a0-4a32-8961-de5b0d6ee0f9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-8110", "pattern": "[vulnerability:name = 'CVE-2025-8110']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8110 \u2014 Gogs Path Traversal Vulnerability", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e77c4428-3875-4098-8568-65b5deaca1e2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2009-0556", "pattern": "[vulnerability:name = 'CVE-2009-0556']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2009-0556 \u2014 Microsoft Office PowerPoint Code I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--083b3b19-9fc9-42ec-8b5e-3530e9368198", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-37164", "pattern": "[vulnerability:name = 'CVE-2025-37164']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-37164 \u2014 Hewlett Packard Enterprise (HPE) ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9299c8a6-dbd7-4c7f-a91e-f16875abd77f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-14847", "pattern": "[vulnerability:name = 'CVE-2025-14847']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-14847 \u2014 MongoDB and MongoDB Server Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f6e4747-561e-43d1-93e4-ecc8e295fb9e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-52163", "pattern": "[vulnerability:name = 'CVE-2023-52163']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-52163 \u2014 Digiever DS-2105 Pro Missing Auth", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--21268f40-7dd0-4f27-bf4f-b908ee0fd830", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-50165", "pattern": "[vulnerability:name = 'CVE-2025-50165']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Revisiting CVE-2025-50165: A critical flaw in Windows Imagin", "url": "https://www.welivesecurity.com/en/eset-research/revisiting-cve-2025-50165-critical-flaw-windows-imaging-component/" } ], "x_severity": "high", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--742dbd1c-c3b6-4397-99ae-f43eb297a0c8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-14733", "pattern": "[vulnerability:name = 'CVE-2025-14733']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-14733 \u2014 WatchGuard Firebox Out of Bounds ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71123381-287f-4dc0-8980-6a3878e574cd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-20393", "pattern": "[vulnerability:name = 'CVE-2025-20393']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20393 \u2014 Cisco Multiple Products Improper ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef41de90-48e6-40fc-9574-a009f4a40a7c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-40602", "pattern": "[vulnerability:name = 'CVE-2025-40602']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-40602 \u2014 SonicWall SMA1000 Missing Authori", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ffa90b9b-3170-4f14-9c82-a2574366b0d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-59374", "pattern": "[vulnerability:name = 'CVE-2025-59374']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-59374 \u2014 ASUS Live Update Embedded Malicio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d428ac3-ae64-4226-b523-e825778b376f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-59718", "pattern": "[vulnerability:name = 'CVE-2025-59718']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-59718 \u2014 Fortinet Multiple Products Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c926e8a8-673e-41e8-9880-6e8f2d4685f1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-59719", "pattern": "[vulnerability:name = 'CVE-2025-59719']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-59718 \u2014 Fortinet Multiple Products Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ed57cad-c8e3-4e1f-8597-4e834d4de503", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-14611", "pattern": "[vulnerability:name = 'CVE-2025-14611']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-14611 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f28dba7-90e1-4916-8456-e4c879529cf9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-43529", "pattern": "[vulnerability:name = 'CVE-2025-43529']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-43529 \u2014 Apple Multiple Products Use-After", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0997f4a-1e3f-4d29-bb27-61581f657a8f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: npnjs.com", "pattern": "[domain-name:value = 'npnjs.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Supply Chain Security Alert: eslint-config-prettier Package ", "url": "https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise" }, { "source_name": "Maintainers of ESLint Prettier Plugin Attacked via npm Suppl", "url": "https://snyk.io/blog/maintainers-of-eslint-prettier-plugin-attacked-via-npm-supply-chain-malware/" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18d08bdd-845a-4d79-a90c-3e384666f9fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-66478", "pattern": "[vulnerability:name = 'CVE-2025-66478']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Critical Remote Code Execution Vulnerabilities Discovered in", "url": "https://www.stepsecurity.io/blog/critical-remote-code-execution-vulnerabilities-discovered-in-react-server-components-and-next-js" }, { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0067fad-d580-4614-ad7d-fb051e0dc3b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bun.sh", "pattern": "[domain-name:value = 'bun.sh']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attac", "url": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bd6abde-d695-4f27-87c2-43b777bb2513", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: keychecker.trufflesecurity.com", "pattern": "[domain-name:value = 'keychecker.trufflesecurity.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attac", "url": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c587af7c-e2b1-442b-b100-91cacfbe7090", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oss.trufflehog.org", "pattern": "[domain-name:value = 'oss.trufflehog.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attac", "url": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d840994-b9eb-48a6-8685-c8676e4c7d70", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 3d7570d14d34b0ba137d502f042b27b0f37a59fa", "pattern": "[file:hashes.'SHA-1' = '3d7570d14d34b0ba137d502f042b27b0f37a59fa']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attac", "url": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository" }, { "source_name": "SHA1-Hulud, npm supply chain incident", "url": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/" } ], "x_severity": "high", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39c225f1-ad39-469e-8eeb-25ea991645aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: d1829b4708126dcc7bea7437c04d1f10eacd4a16", "pattern": "[file:hashes.'SHA-1' = 'd1829b4708126dcc7bea7437c04d1f10eacd4a16']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attac", "url": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository" }, { "source_name": "SHA1-Hulud, npm supply chain incident", "url": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/" } ], "x_severity": "high", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce4fc4c0-9eeb-481d-a00b-b1d9da05441a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: d60ec97eea19fffb4809bc35b91033b52490ca11", "pattern": "[file:hashes.'SHA-1' = 'd60ec97eea19fffb4809bc35b91033b52490ca11']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attac", "url": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository" }, { "source_name": "SHA1-Hulud, npm supply chain incident", "url": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/" } ], "x_severity": "high", "x_sources": [ "StepSecurity", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04d51886-c642-491f-969a-ab91af9e65c2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-4063", "pattern": "[vulnerability:name = 'CVE-2018-4063']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-4063 \u2014 Sierra Wireless AirLink ALEOS Unre", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a26ffe43-c593-4ef8-b750-2b04f2f86f34", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-14174", "pattern": "[vulnerability:name = 'CVE-2025-14174']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-14174 \u2014 Google Chromium Out of Bounds Mem", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf30ffaa-f2f2-4f81-af95-f308083dbc6d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-58360", "pattern": "[vulnerability:name = 'CVE-2025-58360']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-58360 \u2014 OSGeo GeoServer Improper Restrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6ef7a06-cfb3-46f8-ad80-0856920b79e0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-6218", "pattern": "[vulnerability:name = 'CVE-2025-6218']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-6218 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--502d7721-b388-408e-8af3-b74ea300200d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-62221", "pattern": "[vulnerability:name = 'CVE-2025-62221']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-62221 \u2014 Microsoft Windows Use After Free ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e9c2420-3f5c-4d05-8a65-973e1fc96071", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-37055", "pattern": "[vulnerability:name = 'CVE-2022-37055']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-37055 \u2014 D-Link Routers Buffer Overflow Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7bba509c-dbe1-4856-a40f-64c282e28b48", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-66644", "pattern": "[vulnerability:name = 'CVE-2025-66644']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-66644 \u2014 Array Networks ArrayOS AG OS Comm", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d337c566-f026-4e4c-9a3e-8f0567dec026", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-26828", "pattern": "[vulnerability:name = 'CVE-2021-26828']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-26828 \u2014 OpenPLC ScadaBR Unrestricted Uplo", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ded6ed06-dcad-42f2-9b7d-b4fa0231a5a7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: anywherehost.site", "pattern": "[domain-name:value = 'anywherehost.site']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8bf22c7-eccc-44da-a7e0-05ced59e642b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: donaldjtrmp.anondns.net", "pattern": "[domain-name:value = 'donaldjtrmp.anondns.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce709163-ac31-4658-bec4-7bdf46dd8470", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ghostbin.axel.org", "pattern": "[domain-name:value = 'ghostbin.axel.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa2e6283-6c12-4f3d-82aa-7a781075e1fe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: help.093214.xyz", "pattern": "[domain-name:value = 'help.093214.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--74746403-ef47-4479-ba53-34b2041518f2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: keep.camdvr.org", "pattern": "[domain-name:value = 'keep.camdvr.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a3b864d4-20e9-4fa7-ab32-8935a6626794", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: krebsec.anondns.net", "pattern": "[domain-name:value = 'krebsec.anondns.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7964b96-fd93-4969-862e-c8b01ab17047", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: labubu.anondns.net", "pattern": "[domain-name:value = 'labubu.anondns.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa72561d-0818-4768-ab13-9b77e5874cbd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: overcome-pmc-conferencing-books.trycloudflare.com", "pattern": "[domain-name:value = 'overcome-pmc-conferencing-books.trycloudflare.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1b295041-e572-4ed5-8793-8017085276f1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: reactcdn.windowserrorapis.com", "pattern": "[domain-name:value = 'reactcdn.windowserrorapis.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f34e206-2cf2-43ae-a319-b26b2f7c5a54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: res.qiqigece.top", "pattern": "[domain-name:value = 'res.qiqigece.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6f8157b-861d-48ff-97f0-821e4c7acb46", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: superminecraft.net.br", "pattern": "[domain-name:value = 'superminecraft.net.br']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fbaae7ab-a405-4190-87e2-f28c3016a19b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: vip.kof97.lol", "pattern": "[domain-name:value = 'vip.kof97.lol']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86ea0856-b3b8-4102-8ae3-a41029636462", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: vps-zap812595-1.zap-srv.com", "pattern": "[domain-name:value = 'vps-zap812595-1.zap-srv.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9916ab6-106b-4661-ab32-b978dddbeb26", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: xpertclient.net", "pattern": "[domain-name:value = 'xpertclient.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28d2db81-06c6-409c-aa47-afc3baccf769", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 115.42.60.223", "pattern": "[ipv4-addr:value = '115.42.60.223']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4804725-13d1-4f22-a3ea-0c208760a3c8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 140.99.223.178", "pattern": "[ipv4-addr:value = '140.99.223.178']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92a415df-c2bf-49d1-bbe1-060ff8be0332", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.88.129.138", "pattern": "[ipv4-addr:value = '146.88.129.138']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5afa3d11-b070-450e-9eee-5d1769ae7ea9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 156.234.209.103", "pattern": "[ipv4-addr:value = '156.234.209.103']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d752ac7b-1ff9-49c1-840c-612042eb52b3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 162.215.170.26", "pattern": "[ipv4-addr:value = '162.215.170.26']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e859c64-e05d-4c0e-83a4-febae4842e65", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.238.202.17", "pattern": "[ipv4-addr:value = '192.238.202.17']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b0252ce-96a4-4ae7-b969-871caa43e939", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.24.123.68", "pattern": "[ipv4-addr:value = '193.24.123.68']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55d287b0-138a-484e-a71a-36a71579c034", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.34.213.150", "pattern": "[ipv4-addr:value = '193.34.213.150']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--792f8dd8-5c85-4ee0-b156-93b128e8a1b2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.69.203.32", "pattern": "[ipv4-addr:value = '194.69.203.32']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b7c85b1-d5bc-4315-9a5c-69527bccd00c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 196.251.100.191", "pattern": "[ipv4-addr:value = '196.251.100.191']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b97c971-c421-410c-935a-1b65f127b9fd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 216.158.232.43", "pattern": "[ipv4-addr:value = '216.158.232.43']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--82fde717-0842-4193-8c83-9b8788db483c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 31.56.27.76", "pattern": "[ipv4-addr:value = '31.56.27.76']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8c3f4e95-ddfa-4499-9d73-a64cf0078520", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 31.57.46.28", "pattern": "[ipv4-addr:value = '31.57.46.28']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9d6a648-982b-490d-a40e-8c79f31063c6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.162.112.141", "pattern": "[ipv4-addr:value = '38.162.112.141']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--743a59d9-1d71-4067-9296-38485bb31c65", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.32.158.54", "pattern": "[ipv4-addr:value = '45.32.158.54']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f296eccf-7f29-4c36-96fb-2f4320d0cb76", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 46.36.37.85", "pattern": "[ipv4-addr:value = '46.36.37.85']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76f7ed93-75c9-4965-87d2-4207c04fa1a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 47.84.57.207", "pattern": "[ipv4-addr:value = '47.84.57.207']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9f9da718-2bf1-4af5-acd6-7cbbf7524c9e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 47.84.79.46", "pattern": "[ipv4-addr:value = '47.84.79.46']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3678a718-afaa-467d-ae92-436bac6edae7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 72.62.67.33", "pattern": "[ipv4-addr:value = '72.62.67.33']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28140f51-1a48-4200-abcf-f1a7053b7573", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 92.246.87.48", "pattern": "[ipv4-addr:value = '92.246.87.48']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6cd0f03-b5ea-46b4-b004-0b85e2d5d633", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 95.169.180.135", "pattern": "[ipv4-addr:value = '95.169.180.135']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a657ad8c-7897-4483-889b-0619e10ea5bf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1663d98c259001f1b03f82d0c5bee7cfd3c7623ccb83759c994f9ab845939665", "pattern": "[file:hashes.'SHA-256' = '1663d98c259001f1b03f82d0c5bee7cfd3c7623ccb83759c994f9ab845939665']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dbdbff65-6421-4abd-9c17-1718b6e98a97", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 18c68a982f91f665effe769f663c51cb0567ea2bfc7fab6a1a40d4fe50fc382b", "pattern": "[file:hashes.'SHA-256' = '18c68a982f91f665effe769f663c51cb0567ea2bfc7fab6a1a40d4fe50fc382b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eaaad33e-1cc2-4a40-befb-13660e4f3e59", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1a3e7b4ee2b2858dbac2d73dd1c52b1ea1d69c6ebb24cc434d1e15e43325b74e", "pattern": "[file:hashes.'SHA-256' = '1a3e7b4ee2b2858dbac2d73dd1c52b1ea1d69c6ebb24cc434d1e15e43325b74e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--27bab3f0-d11a-4ab6-8cd8-266c1a28d772", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1cdd9b0434eb5b06173c7516f99a832dc4614ac10dda171c8eed3272a5e63d20", "pattern": "[file:hashes.'SHA-256' = '1cdd9b0434eb5b06173c7516f99a832dc4614ac10dda171c8eed3272a5e63d20']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--410f555b-164d-4589-8fc0-2f1360f82b36", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1e31dc074a4ea7f400cb969ea80e8855b5e7486660aab415da17591bc284ac5b", "pattern": "[file:hashes.'SHA-256' = '1e31dc074a4ea7f400cb969ea80e8855b5e7486660aab415da17591bc284ac5b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e962ca7-7fb7-40ad-9089-1d1cb6467257", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1f3f0695c7ec63723b2b8e9d50b1838df304821fcb22c7902db1f8248a812035", "pattern": "[file:hashes.'SHA-256' = '1f3f0695c7ec63723b2b8e9d50b1838df304821fcb22c7902db1f8248a812035']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b17442c-7e3a-4227-9167-ed2e2f278b09", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2b0dc27f035ba1417990a21dafb361e083e4ed94a75a1c49dc45690ecf463de4", "pattern": "[file:hashes.'SHA-256' = '2b0dc27f035ba1417990a21dafb361e083e4ed94a75a1c49dc45690ecf463de4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0c566b6-2c7f-4758-95d1-99468a9936be", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2ca913556efd6c45109fd8358edb18d22a10fb6a36c1ab7b2df7594cd5b0adbc", "pattern": "[file:hashes.'SHA-256' = '2ca913556efd6c45109fd8358edb18d22a10fb6a36c1ab7b2df7594cd5b0adbc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2aa1cc79-67c8-4a5b-8a7f-4082c9a1663b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 33641bfbbdd5a9cd2320c61f65fe446a2226d8a48e3bd3c29e8f916f0592575f", "pattern": "[file:hashes.'SHA-256' = '33641bfbbdd5a9cd2320c61f65fe446a2226d8a48e3bd3c29e8f916f0592575f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1e62b66-ad23-410e-9edb-77d9c30b4d72", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4745703f395282a0687def2c7dcf82ed1683f3128bef1686bd74c966273ce1c5", "pattern": "[file:hashes.'SHA-256' = '4745703f395282a0687def2c7dcf82ed1683f3128bef1686bd74c966273ce1c5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--40786c0d-3792-4ccd-9910-9fc020f66522", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4a759cbc219bcb3a1f8380a959307b39873fb36a9afd0d57ba0736ad7a02763b", "pattern": "[file:hashes.'SHA-256' = '4a759cbc219bcb3a1f8380a959307b39873fb36a9afd0d57ba0736ad7a02763b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2641b0a5-2c43-4e6f-8cab-df731bb3a169", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4ff096fbea443778fec6f960bf2b9c84da121e6d63e189aebaaa6397d9aac948", "pattern": "[file:hashes.'SHA-256' = '4ff096fbea443778fec6f960bf2b9c84da121e6d63e189aebaaa6397d9aac948']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee329f16-b211-4853-9a2d-210e524291a6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 55ae00bc8482afd085fd128965b108cca4adb5a3a8a0ee2957d76f33edd5a864", "pattern": "[file:hashes.'SHA-256' = '55ae00bc8482afd085fd128965b108cca4adb5a3a8a0ee2957d76f33edd5a864']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1e83e784-d3b0-4be6-8db1-76ce4f1cac6b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 62e9a01307bcf85cdaeecafd6efb5be72a622c43a10f06d6d6d3b566b072228d", "pattern": "[file:hashes.'SHA-256' = '62e9a01307bcf85cdaeecafd6efb5be72a622c43a10f06d6d6d3b566b072228d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4ec1169-c646-4fbc-b353-518fe040c783", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7d25a97be42b357adcc6d7f56ab01111378a3190134aa788b1f04336eb924b53", "pattern": "[file:hashes.'SHA-256' = '7d25a97be42b357adcc6d7f56ab01111378a3190134aa788b1f04336eb924b53']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--42db153d-7176-458f-829f-9f32fd4611f8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7f05bad031d22c2bb4352bf0b6b9ee2ca064a4c0e11a317e6fedc694de37737a", "pattern": "[file:hashes.'SHA-256' = '7f05bad031d22c2bb4352bf0b6b9ee2ca064a4c0e11a317e6fedc694de37737a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--964532ae-a8f5-4b64-ac8f-8f1e587e9e09", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9c931f7f7d511108263b0a75f7b9fcbbf9fd67ebcc7cd2e5dcd1266b75053624", "pattern": "[file:hashes.'SHA-256' = '9c931f7f7d511108263b0a75f7b9fcbbf9fd67ebcc7cd2e5dcd1266b75053624']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--867d0ab6-5970-4034-8d06-af89ae5d9b8d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a455731133c00fdd2a141bdfba4def34ae58195126f762cdf951056b0ef161d4", "pattern": "[file:hashes.'SHA-256' = 'a455731133c00fdd2a141bdfba4def34ae58195126f762cdf951056b0ef161d4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d8707dd-5d6d-4f02-973c-84c839274739", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ac2182dfbf56d58b4d63cde3ad6e7a52fed54e52959e4c82d6fc999f20f8d693", "pattern": "[file:hashes.'SHA-256' = 'ac2182dfbf56d58b4d63cde3ad6e7a52fed54e52959e4c82d6fc999f20f8d693']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a0654500-a682-46bc-935e-9a33871c6b02", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ac7027f30514d0c00d9e8b379b5ad8150c9827c827dc7ee54d906fc2585b6bf6", "pattern": "[file:hashes.'SHA-256' = 'ac7027f30514d0c00d9e8b379b5ad8150c9827c827dc7ee54d906fc2585b6bf6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ee8a55f-202f-4c56-b27e-e2e95714155c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b38ec4c803a2d84277d9c598bfa5434fb8561ddad0ec38da6f9b8ece8104d787", "pattern": "[file:hashes.'SHA-256' = 'b38ec4c803a2d84277d9c598bfa5434fb8561ddad0ec38da6f9b8ece8104d787']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--210747e5-0356-4036-b0d1-bb29f364c496", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bc31561c44a36e1305692d0af673bc5406f4a5bb2c3f2ffdb613c09b4e80fa9f", "pattern": "[file:hashes.'SHA-256' = 'bc31561c44a36e1305692d0af673bc5406f4a5bb2c3f2ffdb613c09b4e80fa9f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d37b7645-54ff-4a9f-ae4b-c6775f4a2b70", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bf602b11d99e815e26c88a3a47eb63997d43db8b8c60db06d6fbddf386fd8c4a", "pattern": "[file:hashes.'SHA-256' = 'bf602b11d99e815e26c88a3a47eb63997d43db8b8c60db06d6fbddf386fd8c4a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90889741-cd64-427f-83ab-a94fd9fc65b3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c2867570f3bbb71102373a94c7153239599478af84b9c81f2a0368de36f14a7c", "pattern": "[file:hashes.'SHA-256' = 'c2867570f3bbb71102373a94c7153239599478af84b9c81f2a0368de36f14a7c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da9ca08a-61e1-4e84-9684-1a7f8ab08339", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d704541cde64a3eef5c4f80d0d7f96dc96bae8083804c930111024b274557b16", "pattern": "[file:hashes.'SHA-256' = 'd704541cde64a3eef5c4f80d0d7f96dc96bae8083804c930111024b274557b16']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--126d4f5c-0676-4418-bd72-487f090c4965", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d9313f949af339ed9fafb12374600e66b870961eeb9b2b0d4a3172fd1aa34ed0", "pattern": "[file:hashes.'SHA-256' = 'd9313f949af339ed9fafb12374600e66b870961eeb9b2b0d4a3172fd1aa34ed0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8c452f7a-2f25-4ff7-aa28-dee558e85eec", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e2d7c8491436411474cef5d3b51116ddecfee68bab1e15081752a54772559879", "pattern": "[file:hashes.'SHA-256' = 'e2d7c8491436411474cef5d3b51116ddecfee68bab1e15081752a54772559879']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c226a5cc-73e9-4694-bb18-862ad9fd56e3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ebdb85704b2e7ced3673b12c6f3687bc0177a7b1b3caef110213cc93a75da837", "pattern": "[file:hashes.'SHA-256' = 'ebdb85704b2e7ced3673b12c6f3687bc0177a7b1b3caef110213cc93a75da837']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05594f4f-7866-497c-8ddb-838dd93f3265", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f88ce150345787dd1bcfbc301350033404e32273c9a140f22da80810e3a3f6ea", "pattern": "[file:hashes.'SHA-256' = 'f88ce150345787dd1bcfbc301350033404e32273c9a140f22da80810e3a3f6ea']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a42ceb03-b269-4425-b334-3ce7c9dad04c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fc9e53675e315edeea2292069c3fbc91337c972c936ca0f535da01760814b125", "pattern": "[file:hashes.'SHA-256' = 'fc9e53675e315edeea2292069c3fbc91337c972c936ca0f535da01760814b125']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Security Advisory: Critical RCE Vulnerabilities in React Ser", "url": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1e33078-cb92-430f-bb06-bd725b775dc0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-48572", "pattern": "[vulnerability:name = 'CVE-2025-48572']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-48572 \u2014 Android Framework Privilege Escal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bd350d90-69db-4a23-86ec-944ed60ae506", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-48633", "pattern": "[vulnerability:name = 'CVE-2025-48633']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-48633 \u2014 Android Framework Information Dis", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c072bc58-690c-42c6-a359-6b84d08b6ad3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-26829", "pattern": "[vulnerability:name = 'CVE-2021-26829']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-26829 \u2014 OpenPLC ScadaBR Cross-site Script", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4e2a98c-9281-413e-a8b0-f4365af71948", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-61757", "pattern": "[vulnerability:name = 'CVE-2025-61757']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61757 \u2014 Oracle Fusion Middleware Missing ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2cb81319-568e-4820-b451-de020bdfec6f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-13223", "pattern": "[vulnerability:name = 'CVE-2025-13223']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-13223 \u2014 Google Chromium V8 Type Confusion", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6c22723-2603-4d35-93d3-4bf28a98b05c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ds20221202.dsc.wcsset.com", "pattern": "[domain-name:value = 'ds20221202.dsc.wcsset.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlushDaemon compromises network devices for adversary-in-the", "url": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6aa59a0-2290-4cf3-811d-7f919a4d3189", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: test.dsc.wcsset.com", "pattern": "[domain-name:value = 'test.dsc.wcsset.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlushDaemon compromises network devices for adversary-in-the", "url": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--95dbe2e3-48d1-472e-b2bd-02ab51c8ee2b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 119.136.153.0", "pattern": "[ipv4-addr:value = '119.136.153.0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlushDaemon compromises network devices for adversary-in-the", "url": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33201664-491e-4f69-a52f-e976f250f1cf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 47.242.198.250", "pattern": "[ipv4-addr:value = '47.242.198.250']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "PlushDaemon compromises network devices for adversary-in-the", "url": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2eccb5cc-9131-47b5-8068-4881f9975ba4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-58034", "pattern": "[vulnerability:name = 'CVE-2025-58034']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-58034 \u2014 Fortinet FortiWeb OS Command Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--228ee8d2-bf0d-4e88-b45c-71e0791e4e74", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-64446", "pattern": "[vulnerability:name = 'CVE-2025-64446']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-64446 \u2014 Fortinet FortiWeb Path Traversal ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1977d2ff-42bc-41a9-a3ce-43f237d37c21", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-12480", "pattern": "[vulnerability:name = 'CVE-2025-12480']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-12480 \u2014 Gladinet Triofox Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4d2b301-869a-4c5f-a70c-3f87a70d1187", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-62215", "pattern": "[vulnerability:name = 'CVE-2025-62215']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-62215 \u2014 Microsoft Windows Race Condition ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7a3949ab-572b-466f-a5b1-37176da92729", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-9242", "pattern": "[vulnerability:name = 'CVE-2025-9242']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-9242 \u2014 WatchGuard Firebox Out-of-Bounds W", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a28cc5c-3aae-4cff-a652-69e3f79c4a19", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-21042", "pattern": "[vulnerability:name = 'CVE-2025-21042']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bfe0b764-c426-4433-bdbe-09933f355c20", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-21043", "pattern": "[vulnerability:name = 'CVE-2025-21043']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aafe1b6a-533b-414f-9654-0235814a2fc1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-43300", "pattern": "[vulnerability:name = 'CVE-2025-43300']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-55177 \u2014 Meta Platforms WhatsApp Incorrect", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-43300 \u2014 Apple iOS, iPadOS, and macOS Out-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7a89ef28-ded0-4047-acda-79e4b44532de", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-55177", "pattern": "[vulnerability:name = 'CVE-2025-55177']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-55177 \u2014 Meta Platforms WhatsApp Incorrect", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2411ba2-5824-44ea-b3b0-5aa4da4e3a8b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: brightvideodesigns.com", "pattern": "[domain-name:value = 'brightvideodesigns.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e2e98e8-6696-476c-a93c-b229a362dbf6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: healthyeatingontherun.com", "pattern": "[domain-name:value = 'healthyeatingontherun.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3215471-854e-4c82-90ab-5e2eeff9eaff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: hotelsitereview.com", "pattern": "[domain-name:value = 'hotelsitereview.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--22ab76cc-d64a-41c3-90a6-fa395719d927", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: projectmanagerskills.com", "pattern": "[domain-name:value = 'projectmanagerskills.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f84bbff6-38c1-4194-a38a-0c80f2c76a7d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.36.57.56", "pattern": "[ipv4-addr:value = '192.36.57.56']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86574eb4-f9a8-410a-9305-28a841b23e46", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.76.224.127", "pattern": "[ipv4-addr:value = '194.76.224.127']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1630536e-df65-4691-9efb-e18c2d1858a3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.155.250.158", "pattern": "[ipv4-addr:value = '45.155.250.158']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c3f205bc-7408-490b-96de-a8b9815499ae", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 46.246.28.75", "pattern": "[ipv4-addr:value = '46.246.28.75']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f40ea650-22d3-4c6b-b40e-0d908e208067", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.132.92.35", "pattern": "[ipv4-addr:value = '91.132.92.35']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05b830e7-8f60-48a4-8fb8-969f3e715bf1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 92.243.65.240", "pattern": "[ipv4-addr:value = '92.243.65.240']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f1bef2e-5b2e-4596-957e-9585d6aff093", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 211311468f3673f005031d5f77d4d716e80cbf3c1f0bb1f148f2200920513261", "pattern": "[file:hashes.'SHA-256' = '211311468f3673f005031d5f77d4d716e80cbf3c1f0bb1f148f2200920513261']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc633cb6-a209-46fd-9cec-f2e8757674ec", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2425f15eb542fca82892fd107ac19d63d4d112ddbfe698650f0c25acf6f8d78a", "pattern": "[file:hashes.'SHA-256' = '2425f15eb542fca82892fd107ac19d63d4d112ddbfe698650f0c25acf6f8d78a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--181521e9-773d-400b-a19d-14201aafb6f5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 29882a3c426273a7302e852aa77662e168b6d44dcebfca53757e29a9cdf02483", "pattern": "[file:hashes.'SHA-256' = '29882a3c426273a7302e852aa77662e168b6d44dcebfca53757e29a9cdf02483']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--727ec3e2-eccf-41ab-98b1-a1d9ff78fd0f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 384f073d3d51e0f2e1586b6050af62de886ff448735d963dfc026580096d81bd", "pattern": "[file:hashes.'SHA-256' = '384f073d3d51e0f2e1586b6050af62de886ff448735d963dfc026580096d81bd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a83eb894-4c7a-40e4-9f53-2c77c474a991", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 69cf56ac6f3888efa7a1306977f431fd1edb369a5fd4591ce37b72b7e01955ee", "pattern": "[file:hashes.'SHA-256' = '69cf56ac6f3888efa7a1306977f431fd1edb369a5fd4591ce37b72b7e01955ee']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--88d5f2fa-5300-41fc-8745-8fcaca0d869e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9297888746158e38d320b05b27b0032b2cc29231be8990d87bc46f1e06456f93", "pattern": "[file:hashes.'SHA-256' = '9297888746158e38d320b05b27b0032b2cc29231be8990d87bc46f1e06456f93']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7847d5f1-7796-4adb-a433-ac6f78d980dc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a62a2400bf93ed84ebadf22b441924f904d3fcda7d1507ba309a4b1801d44495", "pattern": "[file:hashes.'SHA-256' = 'a62a2400bf93ed84ebadf22b441924f904d3fcda7d1507ba309a4b1801d44495']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--93f3a020-ebbe-42b8-80ab-f861368c5594", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b06dec10e8ad0005ebb9da24204c96cb2e297bd8d418bc1c8983d066c0997756", "pattern": "[file:hashes.'SHA-256' = 'b06dec10e8ad0005ebb9da24204c96cb2e297bd8d418bc1c8983d066c0997756']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f96f00e-7f57-4fd2-828b-c6b4614b7c9e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b45817ffb0355badcc89f2d7d48eecf00ebdf2b966ac986514f9d971f6c57d18", "pattern": "[file:hashes.'SHA-256' = 'b45817ffb0355badcc89f2d7d48eecf00ebdf2b966ac986514f9d971f6c57d18']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--43e7215b-b670-4c93-9794-e7f981bb0671", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b975b499baa3119ac5c2b3379306d4e50b9610e9bba3e56de7dfd3927a96032d", "pattern": "[file:hashes.'SHA-256' = 'b975b499baa3119ac5c2b3379306d4e50b9610e9bba3e56de7dfd3927a96032d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7981ff64-7eaa-4169-ad16-1436e2b5b377", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c0f30c2a2d6f95b57128e78dc0b7180e69315057e62809de1926b75f86516b2e", "pattern": "[file:hashes.'SHA-256' = 'c0f30c2a2d6f95b57128e78dc0b7180e69315057e62809de1926b75f86516b2e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2b9cb89-ba42-4221-adca-4f21f73ae6c6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d2fafc7100f33a11089e98b660a85bd479eab761b137cca83b1f6d19629dd3b0", "pattern": "[file:hashes.'SHA-256' = 'd2fafc7100f33a11089e98b660a85bd479eab761b137cca83b1f6d19629dd3b0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9d85555-b433-43fe-800c-aae371c643fc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ffeeb0356abb56c5084756a5ab0a39002832403bca5290bb6d794d14b642ffe2", "pattern": "[file:hashes.'SHA-256' = 'ffeeb0356abb56c5084756a5ab0a39002832403bca5290bb6d794d14b642ffe2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ac03ae9-da6b-4cfe-890d-c0f8f66d090c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: esetremover.com", "pattern": "[domain-name:value = 'esetremover.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "url": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dca20fc4-8232-4dfe-aab8-dab135ddd187", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: esetscanner.com", "pattern": "[domain-name:value = 'esetscanner.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "url": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13ef037f-84a4-40ef-9864-77d8bf65aecf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: esetsmart.com", "pattern": "[domain-name:value = 'esetsmart.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "url": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b891d688-a310-4df1-b406-cf3a4a6ad0ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bf50442dedeb6a715de82177eb7e24daed3f3e45d6dcd186bb360675d07ac047", "pattern": "[file:hashes.'SHA-256' = 'bf50442dedeb6a715de82177eb7e24daed3f3e45d6dcd186bb360675d07ac047']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "url": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5fc2e0b-2b0e-48b5-9a2f-0a8fa8ca7df6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e77afc29d52cbf4bedb8bc92017fb3ddd051d8acc9b106b627e10b8285ab7389", "pattern": "[file:hashes.'SHA-256' = 'e77afc29d52cbf4bedb8bc92017fb3ddd051d8acc9b106b627e10b8285ab7389']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "url": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13b4565f-c07a-4066-813b-a19f2928cde3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-11371", "pattern": "[vulnerability:name = 'CVE-2025-11371']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-11371 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ebfa6dbc-2f08-4adc-9a7e-d50e3c9571e1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-30406", "pattern": "[vulnerability:name = 'CVE-2025-30406']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-11371 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7afb222a-e150-42cb-83dd-fb575ef073bd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.70.134.50", "pattern": "[ipv4-addr:value = '146.70.134.50']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-11371 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34cce73c-96ad-4fb9-990a-4a9e7b666928", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 147.124.216.205", "pattern": "[ipv4-addr:value = '147.124.216.205']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-11371 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f3ba19e-459e-475c-b54e-bf5561107d43", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24893", "pattern": "[vulnerability:name = 'CVE-2025-24893']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--756efd19-698d-48de-9b74-f856a44cc4a4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-41244", "pattern": "[vulnerability:name = 'CVE-2025-41244']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-41244 \u2014 Broadcom VMware Aria Operations a", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96564bef-a4ca-46d5-a1a2-6ad036992786", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: c3pool.org", "pattern": "[domain-name:value = 'c3pool.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b62445f8-34cd-443d-9ca5-b0c77a3acbac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 123.25.249.88", "pattern": "[ipv4-addr:value = '123.25.249.88']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9851e3e0-d45e-46a9-928c-4da1ab6c4564", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.32.208.24", "pattern": "[ipv4-addr:value = '193.32.208.24']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--77614c5a-5dd9-4273-821e-74d3aea26187", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 0b907eee9a85d39f8f0d7c503cc1f84a71c4de10", "pattern": "[file:hashes.'SHA-1' = '0b907eee9a85d39f8f0d7c503cc1f84a71c4de10']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85bc031e-6ece-4219-88a8-9a9f08dec59e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2abd6f68a24b0a5df5809276016e6b85c77e5f7f", "pattern": "[file:hashes.'SHA-1' = '2abd6f68a24b0a5df5809276016e6b85c77e5f7f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--881408c3-bf97-4b0b-b1b6-e2c852ec8e97", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 5abc337dbc04fee7206956dad1e0b6d43921a868", "pattern": "[file:hashes.'SHA-1' = '5abc337dbc04fee7206956dad1e0b6d43921a868']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4184acde-2907-4f50-b5d4-25b9c353065d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 90d274c7600fbdca5fe035250d0baff20889ec2b", "pattern": "[file:hashes.'SHA-1' = '90d274c7600fbdca5fe035250d0baff20889ec2b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef915f76-ef2c-40e3-b049-ad91834bef38", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: de082aeb01d41dd81cfb79bc5bfa33453b0022ed", "pattern": "[file:hashes.'SHA-1' = 'de082aeb01d41dd81cfb79bc5bfa33453b0022ed']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5fea38f1-98ec-4759-8475-b4543b1ac7dd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-6204", "pattern": "[vulnerability:name = 'CVE-2025-6204']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-6204 \u2014 Dassault Syst\u00e8mes DELMIA Apriso Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c030f24-c4ac-43c5-b930-07e8036d0019", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-6205", "pattern": "[vulnerability:name = 'CVE-2025-6205']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-6204 \u2014 Dassault Syst\u00e8mes DELMIA Apriso Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--42663368-8937-4487-aa30-537cf4724b40", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-54236", "pattern": "[vulnerability:name = 'CVE-2025-54236']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--adb9ef23-c051-46e6-880e-3b1afeb7cac6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-59287", "pattern": "[vulnerability:name = 'CVE-2025-59287']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-59287 \u2014 Microsoft Windows Server Update S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a015cd9a-b98e-4790-b744-389b06b25d85", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sagecrafft.com", "pattern": "[domain-name:value = 'sagecrafft.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97db93ea-c1f4-4a5f-8a67-9800cd7f06c2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: tecnokauf.ru", "pattern": "[domain-name:value = 'tecnokauf.ru']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c75bca55-234b-441a-a2e2-7d7f391b21dc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: webhook.site/22b6b8c8-2e07-4878-a681-b772e569aa6a", "pattern": "[domain-name:value = 'webhook.site/22b6b8c8-2e07-4878-a681-b772e569aa6a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-59287 \u2014 Microsoft Windows Server Update S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2483b16f-4afc-4a60-aeac-870db569639b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: worcksbot.com", "pattern": "[domain-name:value = 'worcksbot.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--815a9394-d618-481c-9733-323494105c7c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.215.237.26", "pattern": "[ipv4-addr:value = '103.215.237.26']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--89b81d81-8c9e-4630-bcdc-1a34bb695a56", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 141.11.62.221", "pattern": "[ipv4-addr:value = '141.11.62.221']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--129e39c8-2c5b-44aa-9ac3-5c091e0c551f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 143.244.44.172", "pattern": "[ipv4-addr:value = '143.244.44.172']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ef7eb9a-2d1c-4ddc-838a-43f4aac47816", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 149.28.33.250", "pattern": "[ipv4-addr:value = '149.28.33.250']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d238778-4a03-4dd5-8284-01f21b12bc77", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 155.117.84.134", "pattern": "[ipv4-addr:value = '155.117.84.134']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62275999-2fd3-467a-a061-ab468cec3655", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 155.138.226.245", "pattern": "[ipv4-addr:value = '155.138.226.245']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc16753e-ce29-4546-a737-1205e2f3e4e3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 156.244.16.170", "pattern": "[ipv4-addr:value = '156.244.16.170']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4272d31-b96c-45df-bdac-6aec62a82e6a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 157.245.52.111", "pattern": "[ipv4-addr:value = '157.245.52.111']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2222bf3d-7fbf-4008-9c6e-49cfea3c07ea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 159.89.12.166", "pattern": "[ipv4-addr:value = '159.89.12.166']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--30246c91-f1b9-4c49-bb50-9ca1471915ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 198.144.182.13", "pattern": "[ipv4-addr:value = '198.144.182.13']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05b6961a-9b7b-4f96-a650-b7e680d97d35", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 212.8.248.191", "pattern": "[ipv4-addr:value = '212.8.248.191']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6670d2d6-8df5-41d5-a2f1-57e379b01ca2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 23.146.184.93", "pattern": "[ipv4-addr:value = '23.146.184.93']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3eaed97-6fff-462d-b65f-f392c92fd18b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 23.249.27.221", "pattern": "[ipv4-addr:value = '23.249.27.221']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb4dedb1-4ded-4e6e-8567-1739071f6c74", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 34.227.25.4", "pattern": "[ipv4-addr:value = '34.227.25.4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1d2f6a7-d798-4872-ad00-5f7add967803", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 44.212.43.34", "pattern": "[ipv4-addr:value = '44.212.43.34']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b388a853-8550-4612-96ca-03f1e127d5ea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.143.20.147", "pattern": "[ipv4-addr:value = '45.143.20.147']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a328989d-e36a-40bb-b004-63af5b156599", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.32.66.51", "pattern": "[ipv4-addr:value = '45.32.66.51']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--95fcb1d8-6bde-458a-a59c-649839a90a35", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 46.39.230.243", "pattern": "[ipv4-addr:value = '46.39.230.243']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bbbbb647-851b-488c-bc76-0892d42fe281", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 54.205.171.35", "pattern": "[ipv4-addr:value = '54.205.171.35']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b3dd88c-99e4-4906-a1b7-77b9972df25b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 54.226.181.219", "pattern": "[ipv4-addr:value = '54.226.181.219']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e423298d-5d7f-4751-a404-aec70a7654a3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 80.78.25.213", "pattern": "[ipv4-addr:value = '80.78.25.213']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da6d3138-5abe-4621-ace9-1142692da582", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 86.203.185.51", "pattern": "[ipv4-addr:value = '86.203.185.51']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae1945e5-39d6-4727-b8b7-a0648c9a2f83", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 99.246.176.115", "pattern": "[ipv4-addr:value = '99.246.176.115']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce69e9d5-3a1d-4bc3-b75c-12841f1bbb72", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: anvil.org.ph", "pattern": "[domain-name:value = 'anvil.org.ph']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a19c40c1-1013-48c9-ad53-bc82ad0b8b6d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bandarpowder.com", "pattern": "[domain-name:value = 'bandarpowder.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7b1ebc8-0422-46b6-938a-6c102180d559", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: coralsunmarine.com", "pattern": "[domain-name:value = 'coralsunmarine.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca771215-517c-4ab6-918c-9ab46ecfd24b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ecudecode.mx", "pattern": "[domain-name:value = 'ecudecode.mx']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4680ada2-5cc7-4e9c-bc3f-057d7637d429", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: galaterrace.com", "pattern": "[domain-name:value = 'galaterrace.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--663e6762-ade3-402d-93dd-31eea72907bc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: kazitradebd.com", "pattern": "[domain-name:value = 'kazitradebd.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--98f300f7-85c8-4df7-b460-8e689f9efc90", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: mediostresbarbas.com.ar", "pattern": "[domain-name:value = 'mediostresbarbas.com.ar']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--977b1848-8698-42f2-8c8a-cd01d8647821", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: mnmathleague.org", "pattern": "[domain-name:value = 'mnmathleague.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b99c20e6-9ca7-42b5-89a8-5f43be1bd341", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oldlinewoodwork.com", "pattern": "[domain-name:value = 'oldlinewoodwork.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4cb03f8b-c9ad-48c9-ae0c-58f6a61b287e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: partnerls.pl", "pattern": "[domain-name:value = 'partnerls.pl']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8920b866-9b86-4ec3-89c5-b8ee60f4ce9d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pierregems.com", "pattern": "[domain-name:value = 'pierregems.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04e4520e-f080-46ec-b37b-7469d3f3c4ed", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: scgestor.com.br", "pattern": "[domain-name:value = 'scgestor.com.br']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc242088-3539-465b-b230-f3f87cf6d1c1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: spaincaramoon.com", "pattern": "[domain-name:value = 'spaincaramoon.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45338b1c-feb4-44eb-bd14-565689e88652", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: trainingpharmacist.co.uk", "pattern": "[domain-name:value = 'trainingpharmacist.co.uk']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7a8f221d-2389-4fce-9b3a-845b7bdab70a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.21.80.1", "pattern": "[ipv4-addr:value = '104.21.80.1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a72b8d9-b048-44e5-b9ff-5dea69d05016", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.247.162.67", "pattern": "[ipv4-addr:value = '104.247.162.67']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8fdd6c67-abc6-48dd-ac94-ea6c546595b7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 108.181.92.71", "pattern": "[ipv4-addr:value = '108.181.92.71']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9330400-018d-46ed-9d97-0b4750aaf435", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 152.42.239.211", "pattern": "[ipv4-addr:value = '152.42.239.211']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73123835-4083-4d80-9d14-2e44a9b19c77", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 172.67.193.139", "pattern": "[ipv4-addr:value = '172.67.193.139']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f09f943-352c-4d53-8d63-72ea76025cf5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.148.129.24", "pattern": "[ipv4-addr:value = '185.148.129.24']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--271cc163-f03c-43a2-a4bd-e14782c17516", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.39.187.165", "pattern": "[ipv4-addr:value = '193.39.187.165']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4d26274-5a73-41d7-9d72-3f36a365923f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 23.111.133.162", "pattern": "[ipv4-addr:value = '23.111.133.162']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--08fd0457-fa46-41df-bb58-611c553e1c6a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.148.29.122", "pattern": "[ipv4-addr:value = '45.148.29.122']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0997ab5d-cdbb-4948-83ae-188e1532bd86", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 66.29.144.75", "pattern": "[ipv4-addr:value = '66.29.144.75']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ffe94eb-55cc-4b7b-98fd-1d3b35b2c813", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 70.32.24.131", "pattern": "[ipv4-addr:value = '70.32.24.131']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed5265ec-0e10-4f03-8806-acc7f040d998", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 75.102.23.3", "pattern": "[ipv4-addr:value = '75.102.23.3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--41895b5e-eda2-403f-af9c-82d73c26d6d3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 77.55.252.111", "pattern": "[ipv4-addr:value = '77.55.252.111']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--50505ba0-c4c9-4a70-9a1e-da793645aa16", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 95.217.119.214", "pattern": "[ipv4-addr:value = '95.217.119.214']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d19739fa-db60-45bb-bd53-d0555e9d2e97", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 03D9B8F0FCF9173D2964CE7173D21E681DFA8DA4", "pattern": "[file:hashes.'SHA-1' = '03D9B8F0FCF9173D2964CE7173D21E681DFA8DA4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5db3653c-2353-4813-a9ba-45269911b246", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 086816466D9D9C12FCADA1C872B8C0FF0A5FC611", "pattern": "[file:hashes.'SHA-1' = '086816466D9D9C12FCADA1C872B8C0FF0A5FC611']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--826389fa-1f88-4c74-8267-17bb376667e2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 0CB73D70FD4132A4FF5493DAA84AAE839F6329D5", "pattern": "[file:hashes.'SHA-1' = '0CB73D70FD4132A4FF5493DAA84AAE839F6329D5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2657ffa6-9019-481b-b942-90201088c878", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 262B4ED6AC6A977135DECA5B0872B7D6D676083A", "pattern": "[file:hashes.'SHA-1' = '262B4ED6AC6A977135DECA5B0872B7D6D676083A']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--669b880f-9062-4427-98f1-d737ca49207d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 26AA2643B07C48CB6943150ADE541580279E8E0E", "pattern": "[file:hashes.'SHA-1' = '26AA2643B07C48CB6943150ADE541580279E8E0E']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11a627f0-d314-4113-9f8c-79dfa8a3b6d4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 28978E987BC59E75CA22562924EAB93355CF679E", "pattern": "[file:hashes.'SHA-1' = '28978E987BC59E75CA22562924EAB93355CF679E']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4a4ad0a-442b-48cf-92b7-1167c8201e16", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2A2B20FDDD65BA28E7C57AC97A158C15B61A7B05", "pattern": "[file:hashes.'SHA-1' = '2A2B20FDDD65BA28E7C57AC97A158C15B61A7B05']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc8839a0-a5d6-4c15-af3f-d7178f0933af", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2AA341B03FAC3054C57640122EA849BC0C2B6AF6", "pattern": "[file:hashes.'SHA-1' = '2AA341B03FAC3054C57640122EA849BC0C2B6AF6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--048f6187-2ada-46d2-ae82-c23777885286", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 5B85DD485FD516AA1F4412801897A40A9BE31837", "pattern": "[file:hashes.'SHA-1' = '5B85DD485FD516AA1F4412801897A40A9BE31837']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--38044cc1-a97a-406e-a1a4-cca451995cb6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 5E5BBA521F0034D342CC26DB8BCFECE57DBD4616", "pattern": "[file:hashes.'SHA-1' = '5E5BBA521F0034D342CC26DB8BCFECE57DBD4616']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc6fe888-854a-4b10-b7ef-97b15034b506", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 71D0DDB7C6CAC4BA2BDE679941FA92A31FBEC1FF", "pattern": "[file:hashes.'SHA-1' = '71D0DDB7C6CAC4BA2BDE679941FA92A31FBEC1FF']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96867e2a-25a3-42cd-ba47-133d83488506", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 87B2DF764455164C6982BA9700F27EA34D3565DF", "pattern": "[file:hashes.'SHA-1' = '87B2DF764455164C6982BA9700F27EA34D3565DF']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe689324-adc4-4dec-84e0-bf67b83ac777", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: AC16B1BAEDE349E4824335E0993533BF4FC116B3", "pattern": "[file:hashes.'SHA-1' = 'AC16B1BAEDE349E4824335E0993533BF4FC116B3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0998bd93-ba6a-4142-8838-678af1e5d0ea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: B12EEB595FEEC2CFBF9A60E1CC21A14CE8873539", "pattern": "[file:hashes.'SHA-1' = 'B12EEB595FEEC2CFBF9A60E1CC21A14CE8873539']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c5912f59-e1bc-40c8-8447-61462c97a0ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: B68C49841DC48E3672031795D85ED24F9F619782", "pattern": "[file:hashes.'SHA-1' = 'B68C49841DC48E3672031795D85ED24F9F619782']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4caafe32-8950-4078-95d5-82a007ddb7c5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: CB7834BE7DE07F89352080654F7FEB574B42A2B8", "pattern": "[file:hashes.'SHA-1' = 'CB7834BE7DE07F89352080654F7FEB574B42A2B8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e903bc8-45da-412b-80b6-81d34cdda38d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: E670C4275EC24D403E0D4DE7135CBCF1D54FF09C", "pattern": "[file:hashes.'SHA-1' = 'E670C4275EC24D403E0D4DE7135CBCF1D54FF09C']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ad639c1-1786-44ac-9f91-24562fafa0a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 083d4a4ef6267c9a0ab57f1e5a2ed45ff67a0b4db83bbd43563458a223781120", "pattern": "[file:hashes.'SHA-256' = '083d4a4ef6267c9a0ab57f1e5a2ed45ff67a0b4db83bbd43563458a223781120']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--12755a14-a3c5-4441-830f-57289adf20c7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 503b3ece42f540409bcb2f0abc7584e557a0d120b7ba9854b4548496b2546d34", "pattern": "[file:hashes.'SHA-256' = '503b3ece42f540409bcb2f0abc7584e557a0d120b7ba9854b4548496b2546d34']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d85776c-02d1-40c1-beb7-310ed3e0d9da", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 98d1a10521a4dd968d75e2860e523311b5851737795c84943c380870794c851a", "pattern": "[file:hashes.'SHA-256' = '98d1a10521a4dd968d75e2860e523311b5851737795c84943c380870794c851a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9541653a-19db-4129-a37e-e3021e15561b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c39ecc7d9f1e225a37304345731fffe72cdb95b21aeb06aa6022f6d338777012", "pattern": "[file:hashes.'SHA-256' = 'c39ecc7d9f1e225a37304345731fffe72cdb95b21aeb06aa6022f6d338777012']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10b718dd-8eed-4174-9a96-3eda17a6c2dc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f9a9c1a13ed74aebca0652b102755833fc084e221d731b5e7ae76ff136f85864", "pattern": "[file:hashes.'SHA-256' = 'f9a9c1a13ed74aebca0652b102755833fc084e221d731b5e7ae76ff136f85864']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Gotta fly: Lazarus targets the UAV sector", "url": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/" } ], "x_severity": "crit", "x_sources": [ "ESET WeLiveSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--75a20f01-006b-411a-bfb0-f482486b9ad6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-61932", "pattern": "[vulnerability:name = 'CVE-2025-61932']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17f5ec5e-9843-443f-a37c-3b28f44aa0a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 108.61.161.118", "pattern": "[ipv4-addr:value = '108.61.161.118']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2e5e0c8-20d5-493a-af6e-225c2578e3cd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.54.56.10", "pattern": "[ipv4-addr:value = '38.54.56.10']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f8f8b06-5bd9-4033-9f40-bb05fe130b06", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.54.56.57", "pattern": "[ipv4-addr:value = '38.54.56.57']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--19e1fda7-a500-4a2b-93c8-8833d0ec506a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.54.88.172", "pattern": "[ipv4-addr:value = '38.54.88.172']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18feaee5-b277-4434-9aa0-739992184560", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 4946b0de3b705878c514e2eead096e1e", "pattern": "[file:hashes.MD5 = '4946b0de3b705878c514e2eead096e1e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--22d1d5a8-942f-4ced-b3fe-b3d525f83ea0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 932c91020b74aaa7ffc687e21da0119c", "pattern": "[file:hashes.MD5 = '932c91020b74aaa7ffc687e21da0119c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed718aa7-cfef-496c-823d-3343ff781882", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 1406b4e905c65ba1599eb9c619c196fa5e1c3bf7", "pattern": "[file:hashes.'SHA-1' = '1406b4e905c65ba1599eb9c619c196fa5e1c3bf7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6c5ef3d-70e0-4b44-94e7-65bce5ee1174", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 8124940a41d4b7608eada0d2b546b73c010e30b1", "pattern": "[file:hashes.'SHA-1' = '8124940a41d4b7608eada0d2b546b73c010e30b1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d4a24cb-28b7-4db5-9ae0-c3e074046bc3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: be75458b489468e0acdea6ebbb424bc898b3db29", "pattern": "[file:hashes.'SHA-1' = 'be75458b489468e0acdea6ebbb424bc898b3db29']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3beca177-47da-471a-88cb-ce107732653d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3c96c1a9b3751339390be9d7a5c3694df46212fb97ebddc074547c2338a4c7ba", "pattern": "[file:hashes.'SHA-256' = '3c96c1a9b3751339390be9d7a5c3694df46212fb97ebddc074547c2338a4c7ba']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c91684c2-6967-41cb-8a2a-e0a2464ca546", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 704e697441c0af67423458a99f30318c57f1a81c4146beb4dd1a88a88a8c97c3", "pattern": "[file:hashes.'SHA-256' = '704e697441c0af67423458a99f30318c57f1a81c4146beb4dd1a88a88a8c97c3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bd0d706d-eec8-47a7-b159-8f8e3e1e7422", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9e581d0506d2f6ec39226f052a58bc5a020ebc81ae539fa3a6b7fc0db1b94946", "pattern": "[file:hashes.'SHA-256' = '9e581d0506d2f6ec39226f052a58bc5a020ebc81ae539fa3a6b7fc0db1b94946']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65c12172-87c2-4caf-9ad9-cb3c73491a54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-48503", "pattern": "[vulnerability:name = 'CVE-2022-48503']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-48503 \u2014 Apple Multiple Products Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe341c8e-ac86-4ce7-9525-e62d08ef1e2e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-2746", "pattern": "[vulnerability:name = 'CVE-2025-2746']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2746 \u2014 Kentico Xperience CMS Authenticati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23360f7e-ab8c-4c57-b585-9456f8b26171", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-2747", "pattern": "[vulnerability:name = 'CVE-2025-2747']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2746 \u2014 Kentico Xperience CMS Authenticati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--445ae006-374e-4c11-abb4-7d92a910a005", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-61884", "pattern": "[vulnerability:name = 'CVE-2025-61884']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Si", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b5f09c-1283-4f57-8da2-ba70155af99c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pubstorm.com", "pattern": "[domain-name:value = 'pubstorm.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Si", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1b52c4d-c7b1-4dee-a4d1-10a0f19cb535", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pubstorm.net", "pattern": "[domain-name:value = 'pubstorm.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Si", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--325ac8fa-4d4a-4502-a6fc-f1b200ebbea0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.194.11.200", "pattern": "[ipv4-addr:value = '104.194.11.200']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Si", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e176b6e7-a8f1-492c-a1ad-b591ef9d4d54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 161.97.99.49", "pattern": "[ipv4-addr:value = '161.97.99.49']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Si", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0cbb3130-b52a-4f14-8c72-fe85455eb113", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 162.55.17.215", "pattern": "[ipv4-addr:value = '162.55.17.215']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Si", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d58480da-4cb0-4aa0-824c-f5abc395822b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 200.107.207.26", "pattern": "[ipv4-addr:value = '200.107.207.26']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Si", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e752aa47-0aa5-4f3a-a44f-e7fcad17aea9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-54253", "pattern": "[vulnerability:name = 'CVE-2025-54253']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54253 \u2014 Adobe Experience Manager Forms Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61199fba-977f-4d8e-9c2b-a54a31eee858", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-54254", "pattern": "[vulnerability:name = 'CVE-2025-54254']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54253 \u2014 Adobe Experience Manager Forms Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a179977-d1f8-4be0-a59a-1f8eee59ebd4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2016-7836", "pattern": "[vulnerability:name = 'CVE-2016-7836']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2016-7836 \u2014 SKYSEA Client View Improper Authen", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--104317f7-f2bb-47b3-819e-7c217b6f1d36", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24990", "pattern": "[vulnerability:name = 'CVE-2025-24990']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24990 \u2014 Microsoft Windows Untrusted Point", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9981a62d-5fb8-4756-b718-5ad3440de3b6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-47827", "pattern": "[vulnerability:name = 'CVE-2025-47827']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47827 \u2014 IGEL OS Use of a Key Past its Exp", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7437476d-a0fe-4546-aa4e-d7e4fe91f9d7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-59230", "pattern": "[vulnerability:name = 'CVE-2025-59230']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-59230 \u2014 Microsoft Windows Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85814c89-e857-442d-9e0c-f08e4c373f17", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-43798", "pattern": "[vulnerability:name = 'CVE-2021-43798']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-43798 \u2014 Grafana Path Traversal Vulnerabil", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb8a5826-b2b7-4189-a9a5-5546dfe180c6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cfn.fejyhy.com", "pattern": "[domain-name:value = 'cfn.fejyhy.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Phishing Campaign Leveraging the NPM Ecosystem", "url": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da9ac871-068b-4a03-a5aa-daadb346aef2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cfn.fenamu.com", "pattern": "[domain-name:value = 'cfn.fenamu.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Phishing Campaign Leveraging the NPM Ecosystem", "url": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f32bd11f-b95e-4bfa-9628-7230f0e1712a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cfn.jackpotmastersdanske.com", "pattern": "[domain-name:value = 'cfn.jackpotmastersdanske.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Phishing Campaign Leveraging the NPM Ecosystem", "url": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa1c5f76-89d8-43ab-a2e7-a1b9a2d33be5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cfn.notwinningbutpartici.com", "pattern": "[domain-name:value = 'cfn.notwinningbutpartici.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Phishing Campaign Leveraging the NPM Ecosystem", "url": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4a8e09d-3bdd-416a-8048-c4074fb88afd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: elkendinsc.com", "pattern": "[domain-name:value = 'elkendinsc.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Phishing Campaign Leveraging the NPM Ecosystem", "url": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb6bb8e7-461a-43bb-8fa1-860f000a9b33", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: musicboxcr.com", "pattern": "[domain-name:value = 'musicboxcr.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Phishing Campaign Leveraging the NPM Ecosystem", "url": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a515e23-c35d-4cb7-9f4e-4afb601c0cf1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: villasmbuva.co.mz", "pattern": "[domain-name:value = 'villasmbuva.co.mz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Phishing Campaign Leveraging the NPM Ecosystem", "url": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4e5f51-cccf-4410-addc-276f14495768", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-27915", "pattern": "[vulnerability:name = 'CVE-2025-27915']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-27915 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a41eedce-dba9-4628-8238-4dfea66c9f3b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ffrk.net", "pattern": "[domain-name:value = 'ffrk.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-27915 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bcdc34d9-e4a3-4487-bdbe-709f62334e61", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.29.58.37", "pattern": "[ipv4-addr:value = '193.29.58.37']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-27915 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc843ab7-661f-4ae1-8d2e-e64d0f96a41b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2010-3765", "pattern": "[vulnerability:name = 'CVE-2010-3765']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2010-3765 \u2014 Mozilla Multiple Products Remote C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe1d227d-9619-4f30-91de-499b3ff6b82a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2010-3962", "pattern": "[vulnerability:name = 'CVE-2010-3962']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2010-3962 \u2014 Microsoft Internet Explorer Uninit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--01d360c5-a526-4ceb-b26b-a08ef560d7ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2011-3402", "pattern": "[vulnerability:name = 'CVE-2011-3402']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2011-3402 \u2014 Microsoft Windows Remote Code Exec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd9229da-c184-46c2-a678-5027550788a7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2013-3918", "pattern": "[vulnerability:name = 'CVE-2013-3918']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3918 \u2014 Microsoft Windows Out-of-Bounds Wr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--add07486-540c-4a9e-bb73-06d91672a048", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-22555", "pattern": "[vulnerability:name = 'CVE-2021-22555']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-22555 \u2014 Linux Kernel Heap Out-of-Bounds W", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91a19425-eb92-4deb-99af-ea2006259b5a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-43226", "pattern": "[vulnerability:name = 'CVE-2021-43226']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-43226 \u2014 Microsoft Windows Privilege Escal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cbbced75-9b5d-42d6-a014-404328669957", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: dxcdfghg.com", "pattern": "[domain-name:value = 'dxcdfghg.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2010-3962 \u2014 Microsoft Internet Explorer Uninit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f14246b-1d08-470c-8ba0-49bb5a9430b5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: l-3com.dyndns-work.com", "pattern": "[domain-name:value = 'l-3com.dyndns-work.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2010-3765 \u2014 Mozilla Multiple Products Remote C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03486ead-f090-4a90-bc00-0ba2ee5b07c3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: l-3com.dyndns.tv", "pattern": "[domain-name:value = 'l-3com.dyndns.tv']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2010-3765 \u2014 Mozilla Multiple Products Remote C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e819e7ea-554d-4d2e-8720-5307bab61510", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.181.60.11", "pattern": "[ipv4-addr:value = '185.181.60.11']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6835c4ae-d02b-45ee-b2f2-ca227116efe1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d", "pattern": "[file:hashes.'SHA-256' = '76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57d7fd89-44a1-4261-85c8-0cabef45352a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2014-6271", "pattern": "[vulnerability:name = 'CVE-2014-6271']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vuln", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2bc69cc-a858-4446-a7d0-d44b62564016", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2014-6277", "pattern": "[vulnerability:name = 'CVE-2014-6277']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vuln", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f5b91764-158a-4c97-aca8-2cedddfc6edf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2014-6278", "pattern": "[vulnerability:name = 'CVE-2014-6278']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vuln", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d2c938f-66de-48bd-9e7c-3b957fb89004", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2014-7169", "pattern": "[vulnerability:name = 'CVE-2014-7169']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vuln", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--487cc679-f860-4b84-8b29-ae47bbc65dac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2014-7186", "pattern": "[vulnerability:name = 'CVE-2014-7186']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vuln", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90e9a905-513c-4fbe-bc8e-bf8ccf06e744", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2014-7187", "pattern": "[vulnerability:name = 'CVE-2014-7187']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vuln", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e46a38c4-ba0a-4f40-9510-8e968cb1b39b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2015-7755", "pattern": "[vulnerability:name = 'CVE-2015-7755']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2015-7755 \u2014 Juniper ScreenOS Improper Authenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--973476cb-2ede-4fc3-b328-27b2a3747d32", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2015-7756", "pattern": "[vulnerability:name = 'CVE-2015-7756']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2015-7755 \u2014 Juniper ScreenOS Improper Authenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--38acaeae-286f-45d3-a96e-205815e53640", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2017-1000353", "pattern": "[vulnerability:name = 'CVE-2017-1000353']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2017-1000353 \u2014 Jenkins Remote Code Execution V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64c7042d-d407-4961-81b4-9e5f5f12c80f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-4008", "pattern": "[vulnerability:name = 'CVE-2025-4008']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4008 \u2014 Smartbedded Meteobridge Command In", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c18a572-44ad-454a-b429-18588d17f591", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2017-3881", "pattern": "[vulnerability:name = 'CVE-2017-3881']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNM", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--344890d3-d056-4cec-bcba-53e663103859", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-21311", "pattern": "[vulnerability:name = 'CVE-2021-21311']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-21311 \u2014 Adminer Server-Side Request Forge", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6a3964b-a4ee-4bea-90f8-729d8cc1951f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-10035", "pattern": "[vulnerability:name = 'CVE-2025-10035']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserializa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2307367e-6b93-4c11-a0bc-b05509024a22", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-20352", "pattern": "[vulnerability:name = 'CVE-2025-20352']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNM", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f641c624-f32e-4e5e-ab9c-267dfbd10979", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-59689", "pattern": "[vulnerability:name = 'CVE-2025-59689']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-59689 \u2014 Libraesva Email Security Gateway ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9aade56-ba01-42dc-a581-c47e71d70d95", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 213.183.63.41", "pattern": "[ipv4-addr:value = '213.183.63.41']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserializa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17425df8-3bbb-4c87-9d2c-1179d07d294e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 31.220.45.120", "pattern": "[ipv4-addr:value = '31.220.45.120']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserializa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f1bbaf6-1443-4d3b-ac11-000d51813e58", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.11.183.123", "pattern": "[ipv4-addr:value = '45.11.183.123']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserializa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c84a7985-0253-4bd7-a2c9-dfd515479b12", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 235dc2d8c92661e5e2797a03bccd2653272ca1ac93401d194d7784930ca17a5a", "pattern": "[file:hashes.'SHA-256' = '235dc2d8c92661e5e2797a03bccd2653272ca1ac93401d194d7784930ca17a5a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNM", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62c3de45-6556-41cd-91ca-baa2ddf81af4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2abc874435c16aa5cfd431b0d9c26095ef4b9429bd82306f054c367e96df49b2", "pattern": "[file:hashes.'SHA-256' = '2abc874435c16aa5cfd431b0d9c26095ef4b9429bd82306f054c367e96df49b2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNM", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44465c96-6bff-4e29-aa8d-4131b6ce428e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3a524bc40ca7c11b68283504f0119caeefd7589edea621d43d5d0cd973354675", "pattern": "[file:hashes.'SHA-256' = '3a524bc40ca7c11b68283504f0119caeefd7589edea621d43d5d0cd973354675']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNM", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dbcf2ae2-0f87-4dba-b597-32bf4c414362", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4106c35ff46bb6f2f4a42d63a2b8a619f1e1df72414122ddf6fd1b1a644b3220", "pattern": "[file:hashes.'SHA-256' = '4106c35ff46bb6f2f4a42d63a2b8a619f1e1df72414122ddf6fd1b1a644b3220']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserializa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b495b2e-b727-47f1-b173-fbf307f44b01", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5ba7de7d5115789b952d9b1c6cff440c9128f438de933ff9044a68fff8496d19", "pattern": "[file:hashes.'SHA-256' = '5ba7de7d5115789b952d9b1c6cff440c9128f438de933ff9044a68fff8496d19']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserializa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d7d7b69f-b7ae-4ce6-8326-e6c95ffdee3a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 69d761bdde73ea8e33384cf986d7e9c2d9011f7aad8933e8af64e60a77091e11", "pattern": "[file:hashes.'SHA-256' = '69d761bdde73ea8e33384cf986d7e9c2d9011f7aad8933e8af64e60a77091e11']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNM", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa9b7c58-e6e9-4e85-9f0b-097aa58f9bdb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7cc7aed51adb426e55d82fd74c55b78f6ecbb895a315be721ef149a17f4b3a9b", "pattern": "[file:hashes.'SHA-256' = '7cc7aed51adb426e55d82fd74c55b78f6ecbb895a315be721ef149a17f4b3a9b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNM", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef3292db-9552-451d-81d8-815dfa77247d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 81b35152768f28a479ba9f7e27d66042b0d7edcd79355481aa401f3f47a7733b", "pattern": "[file:hashes.'SHA-256' = '81b35152768f28a479ba9f7e27d66042b0d7edcd79355481aa401f3f47a7733b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNM", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f29d754c-03e0-4229-a8a1-ae4c698f799a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9b8a896aa2057f46e17b18bbe091d85fb816b1d3232a3178d6aba94df3a92f6a", "pattern": "[file:hashes.'SHA-256' = '9b8a896aa2057f46e17b18bbe091d85fb816b1d3232a3178d6aba94df3a92f6a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNM", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--affe4226-8cee-4fec-a065-8273a326d2a3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b08877f6f1c6c097240a6a8aa4a23243e3b14a1432170bc3fa5fa9886a2b19b4", "pattern": "[file:hashes.'SHA-256' = 'b08877f6f1c6c097240a6a8aa4a23243e3b14a1432170bc3fa5fa9886a2b19b4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNM", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--747dd3a5-8e67-4ac5-a280-4ba065712eb2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c7e2632702d0e22598b90ea226d3cde4830455d9232bd8b33ebcb13827e99bc3", "pattern": "[file:hashes.'SHA-256' = 'c7e2632702d0e22598b90ea226d3cde4830455d9232bd8b33ebcb13827e99bc3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserializa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e68ec24b-f8b5-4be4-8ba7-0baf33578e9b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: cd5aa589873d777c6e919c4438afe8bceccad6bbe57739e2ccb70b39aee1e8b3", "pattern": "[file:hashes.'SHA-256' = 'cd5aa589873d777c6e919c4438afe8bceccad6bbe57739e2ccb70b39aee1e8b3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserializa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56b4c323-11e6-4838-805a-8f17c4882b0b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e303d0c6c59b4dc55edc0212a9319702e9db7fa03185ae9177777b874c02d4c1", "pattern": "[file:hashes.'SHA-256' = 'e303d0c6c59b4dc55edc0212a9319702e9db7fa03185ae9177777b874c02d4c1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNM", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6561c6b-fccc-40c4-829a-7b47eb0e0a47", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-20333", "pattern": "[vulnerability:name = 'CVE-2025-20333']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20362 \u2014 Cisco Secure Firewall Adaptive Se", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--607ad79d-993b-4685-95de-4b288b128641", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-20362", "pattern": "[vulnerability:name = 'CVE-2025-20362']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20362 \u2014 Cisco Secure Firewall Adaptive Se", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe89e284-e35c-471d-a30e-45ddea87e03e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-20363", "pattern": "[vulnerability:name = 'CVE-2025-20363']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20362 \u2014 Cisco Secure Firewall Adaptive Se", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b54964e2-c0b6-4d32-aecc-7c3a6cfe88c0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-10585", "pattern": "[vulnerability:name = 'CVE-2025-10585']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-10585 \u2014 Google Chromium V8 Type Confusion", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1e7aeb36-ee7d-4994-a9cb-be9aa5188497", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-10894", "pattern": "[vulnerability:name = 'CVE-2025-10894']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "s1ngularity: Popular Nx Build System Package Compromised wit", "url": "https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72341575-a150-4b9c-82bb-de03bac29742", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 3905475cfd0e0ea670e20c6a9eaeb768169dc33d", "pattern": "[file:hashes.'SHA-1' = '3905475cfd0e0ea670e20c6a9eaeb768169dc33d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "s1ngularity: Popular Nx Build System Package Compromised wit", "url": "https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a577c3a8-dd3f-472d-9d6f-fc395521cff1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: 493networking.cc", "pattern": "[domain-name:value = '493networking.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GhostAction Campaign: Over 3,000 Secrets Stolen Through Mali", "url": "https://www.stepsecurity.io/blog/ghostaction-campaign-over-3-000-secrets-stolen-through-malicious-github-workflows" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17170373-f295-4d49-a2aa-e33d1aefa8b2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bold-dhawan.45-139-104-115.plesk.page", "pattern": "[domain-name:value = 'bold-dhawan.45-139-104-115.plesk.page']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GhostAction Campaign: Over 3,000 Secrets Stolen Through Mali", "url": "https://www.stepsecurity.io/blog/ghostaction-campaign-over-3-000-secrets-stolen-through-malicious-github-workflows" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--15cfef2c-018b-44ae-850d-4d55a235dffe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: carte-avantage.com", "pattern": "[domain-name:value = 'carte-avantage.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GhostAction Campaign: Over 3,000 Secrets Stolen Through Mali", "url": "https://www.stepsecurity.io/blog/ghostaction-campaign-over-3-000-secrets-stolen-through-malicious-github-workflows" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f27caa1c-185b-4420-86be-645f24f85335", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: objective-hopper.45-139-104-115.plesk.page", "pattern": "[domain-name:value = 'objective-hopper.45-139-104-115.plesk.page']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GhostAction Campaign: Over 3,000 Secrets Stolen Through Mali", "url": "https://www.stepsecurity.io/blog/ghostaction-campaign-over-3-000-secrets-stolen-through-malicious-github-workflows" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf68f029-7721-4920-aad9-4724a0410208", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.139.104.115", "pattern": "[ipv4-addr:value = '45.139.104.115']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "GhostAction Campaign: Over 3,000 Secrets Stolen Through Mali", "url": "https://www.stepsecurity.io/blog/ghostaction-campaign-over-3-000-secrets-stolen-through-malicious-github-workflows" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d254f655-005c-4e81-af11-cf181f3c7601", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-5086", "pattern": "[vulnerability:name = 'CVE-2025-5086']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-5086 \u2014 Dassault Syst\u00e8mes DELMIA Apriso De", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--93529b9a-c0cb-4890-b54b-e83ac74ead0b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 156.244.33.162", "pattern": "[ipv4-addr:value = '156.244.33.162']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-5086 \u2014 Dassault Syst\u00e8mes DELMIA Apriso De", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ccec07f5-8256-4144-bd23-57b1ae1cf467", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 292ea9dbc5a1d15b769edb5df1602418931122455223081064ad7ea4e8ab6821", "pattern": "[file:hashes.'SHA-256' = '292ea9dbc5a1d15b769edb5df1602418931122455223081064ad7ea4e8ab6821']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-5086 \u2014 Dassault Syst\u00e8mes DELMIA Apriso De", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5100736b-2afb-4ad5-ab23-72a9d6c8be65", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: npmjs.help", "pattern": "[domain-name:value = 'npmjs.help']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm Supply Chain Attack via Open Source maintainer compromis", "url": "https://snyk.io/blog/npm-supply-chain-attack-via-open-source-maintainer-compromise/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--88e97530-3493-4b25-8a1b-ef991d8cba1b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: websocket-api2.publicvm.com", "pattern": "[domain-name:value = 'websocket-api2.publicvm.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "npm Supply Chain Attack via Open Source maintainer compromis", "url": "https://snyk.io/blog/npm-supply-chain-attack-via-open-source-maintainer-compromise/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf5d57c7-8e50-4ff7-bc90-badeb357f67e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-38352", "pattern": "[vulnerability:name = 'CVE-2025-38352']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-38352 \u2014 Linux Kernel Time-of-Check Time-o", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--412bee6b-3119-45a2-aff7-7665d5196ebf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-48543", "pattern": "[vulnerability:name = 'CVE-2025-48543']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-48543 \u2014 Android Runtime Use-After-Free Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c008d84a-aa83-4e9d-8a88-110bc409360e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-53690", "pattern": "[vulnerability:name = 'CVE-2025-53690']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2694b615-c688-4b86-a0de-1710eb1366cc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.235.46.102", "pattern": "[ipv4-addr:value = '103.235.46.102']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f65a5469-0154-42f4-9b08-9dd547575153", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 130.33.156.194", "pattern": "[ipv4-addr:value = '130.33.156.194']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9eab76bf-7650-4ae6-a953-6a00c928886f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 117305c6c8222162d7246f842c4bb014", "pattern": "[file:hashes.MD5 = '117305c6c8222162d7246f842c4bb014']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f145e12-01a8-45af-a5b1-fd4ce533b99f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 62483e732553c8ba051b792949f3c6d0", "pattern": "[file:hashes.MD5 = '62483e732553c8ba051b792949f3c6d0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d8cd981-add9-4b98-9806-abba5a021db9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 63d22ae0568b760b5e3aabb915313e44", "pattern": "[file:hashes.MD5 = '63d22ae0568b760b5e3aabb915313e44']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c08f7328-b8dc-42a5-98ac-0a746886dd10", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: a39696e95a34a017be1435db7ff139d5", "pattern": "[file:hashes.MD5 = 'a39696e95a34a017be1435db7ff139d5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa5aeaff-a51e-41c3-8353-1c4df30de002", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: be7e2c6a9a4654b51a16f8b10a2be175", "pattern": "[file:hashes.MD5 = 'be7e2c6a9a4654b51a16f8b10a2be175']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe388ed9-dfd8-440b-a939-a56668be4775", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: f410d88429b93786b224e489c960bf5c", "pattern": "[file:hashes.MD5 = 'f410d88429b93786b224e489c960bf5c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e7e295c-4c14-4115-bb91-0c1d5716a08f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 223b873c50380fe9a39f1a22b6abf8d46db506e1c08d08312902f6f3cd1f7ac3", "pattern": "[file:hashes.'SHA-256' = '223b873c50380fe9a39f1a22b6abf8d46db506e1c08d08312902f6f3cd1f7ac3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--320b89ae-c0f9-43e3-8e76-f11fcf99f9d0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 61f897ed69646e0509f6802fb2d7c5e88c3e3b93c4ca86942e24d203aa878863", "pattern": "[file:hashes.'SHA-256' = '61f897ed69646e0509f6802fb2d7c5e88c3e3b93c4ca86942e24d203aa878863']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9bb08b8-7bc8-4ea4-89d0-f37d48288356", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a566cceaf9a66332470a978a234a8a8e2bbdd4d6aa43c2c75c25a80b3b744307", "pattern": "[file:hashes.'SHA-256' = 'a566cceaf9a66332470a978a234a8a8e2bbdd4d6aa43c2c75c25a80b3b744307']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcaa9e70-a03c-41a7-ba6f-e925545911b0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b3f83721f24f7ee5eb19f24747b7668ff96da7dfd9be947e6e24a688ecc0a52b", "pattern": "[file:hashes.'SHA-256' = 'b3f83721f24f7ee5eb19f24747b7668ff96da7dfd9be947e6e24a688ecc0a52b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deseri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--002d6ec2-b718-407b-8285-91dcb107b6b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-9377", "pattern": "[vulnerability:name = 'CVE-2025-9377']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-50224 \u2014 TP-Link TL-WR841N Authentication ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-9377 \u2014 TP-Link Archer C7(EU) and TL-WR841", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f44068e5-064c-4336-8c7a-b031a235ef94", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-24363", "pattern": "[vulnerability:name = 'CVE-2020-24363']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-24363 \u2014 TP-link TL-WA855RE Missing Authen", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7724bb15-4dd8-4fcd-9c3b-9581e47c1d5a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-57819", "pattern": "[vulnerability:name = 'CVE-2025-57819']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-57819 \u2014 Sangoma FreePBX Authentication By", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3b60ee94-b5de-4a54-903e-7128e2ca74a3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-7775", "pattern": "[vulnerability:name = 'CVE-2025-7775']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-7775 \u2014 Citrix NetScaler Memory Overflow V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2826c110-2587-4902-ba4f-d70594d16542", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-7776", "pattern": "[vulnerability:name = 'CVE-2025-7776']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-7775 \u2014 Citrix NetScaler Memory Overflow V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed6dadb6-6ae9-4eaf-b478-88a64be5a06b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-8424", "pattern": "[vulnerability:name = 'CVE-2025-8424']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-7775 \u2014 Citrix NetScaler Memory Overflow V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83eb2ee2-aac0-40c5-86c2-d0648c308711", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-8068", "pattern": "[vulnerability:name = 'CVE-2024-8068']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8068 \u2014 Citrix Session Recording Improper ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05f49843-dbe0-4717-b296-e248a7c24a07", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-8069", "pattern": "[vulnerability:name = 'CVE-2024-8069']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8068 \u2014 Citrix Session Recording Improper ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8069 \u2014 Citrix Session Recording Deseriali", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f23cbc2e-ce42-45da-b052-52d68499cfbd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-48384", "pattern": "[vulnerability:name = 'CVE-2025-48384']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-48384 \u2014 Git Link Following Vulnerability", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fbf3b01e-aebc-42c8-8ba5-bf75260caae8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-54948", "pattern": "[vulnerability:name = 'CVE-2025-54948']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54948 \u2014 Trend Micro Apex One OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a9d2f4a-0540-472b-9af0-e4b1439e8f0f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-54987", "pattern": "[vulnerability:name = 'CVE-2025-54987']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54948 \u2014 Trend Micro Apex One OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ef7dae5-38f1-4672-a6d4-28dadd376c10", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-30154", "pattern": "[vulnerability:name = 'CVE-2025-30154']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Suspicious Tag Movement in AWS\u2019s GitHub Action: What Happene", "url": "https://www.stepsecurity.io/blog/suspicious-tag-movement-in-aws-github-action" }, { "source_name": "When 'Changed Files' Changed Everything: Our Black Hat 2025 ", "url": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach" }, { "source_name": "Lessons from AWS CodeBuild\u2019s Memory-Dump Incident (CVE-2025-", "url": "https://www.stepsecurity.io/blog/lessons-from-aws-codebuilds-memory-dump-incident-cve-2025-8217" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6993eca-f234-4dfe-b9a7-2776863ce139", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 3f401fe1d58fe77e10d665ab713057375e39b887", "pattern": "[file:hashes.'SHA-1' = '3f401fe1d58fe77e10d665ab713057375e39b887']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "When 'Changed Files' Changed Everything: Our Black Hat 2025 ", "url": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e9cff76-2d85-4c0b-95db-cd4d74732ad1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 6e6023c01918b353229af0881232f601a4cc8365", "pattern": "[file:hashes.'SHA-1' = '6e6023c01918b353229af0881232f601a4cc8365']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "When 'Changed Files' Changed Everything: Our Black Hat 2025 ", "url": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach" }, { "source_name": "CISA KEV: CVE-2025-30154 \u2014 reviewdog/action-setup GitHub Act", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-30066 \u2014 tj-actions/changed-files GitHub A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c02918f3-699a-4b10-9a42-7f7efbb62449", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: c17ac4b5c1cb901a7ccddf00ac9722b8e2725345", "pattern": "[file:hashes.'SHA-1' = 'c17ac4b5c1cb901a7ccddf00ac9722b8e2725345']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "When 'Changed Files' Changed Everything: Our Black Hat 2025 ", "url": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c5ccdd4-336b-48f2-82d7-287de69a3d4a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: ce4a123414f9fffa959d1f329c4749da83c4bf10", "pattern": "[file:hashes.'SHA-1' = 'ce4a123414f9fffa959d1f329c4749da83c4bf10']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "When 'Changed Files' Changed Everything: Our Black Hat 2025 ", "url": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--138fb618-f2bf-4ad9-bccb-c1ba2c7b4470", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: e1e36574b3af1ddaab74f5e69505d8836bf12f52", "pattern": "[file:hashes.'SHA-1' = 'e1e36574b3af1ddaab74f5e69505d8836bf12f52']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "When 'Changed Files' Changed Everything: Our Black Hat 2025 ", "url": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2123caee-c212-4e55-a2c6-523ecea1d0fc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: f5434e31b6259b4e08684618a305bae127b6d784", "pattern": "[file:hashes.'SHA-1' = 'f5434e31b6259b4e08684618a305bae127b6d784']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "When 'Changed Files' Changed Everything: Our Black Hat 2025 ", "url": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach" }, { "source_name": "CISA KEV: CVE-2025-30154 \u2014 reviewdog/action-setup GitHub Act", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-30066 \u2014 tj-actions/changed-files GitHub A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "StepSecurity", "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7479f98b-5560-4887-b7b9-f2a30c300669", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: fbc2c5ebe64389f297a7808025379f77133f1292", "pattern": "[file:hashes.'SHA-1' = 'fbc2c5ebe64389f297a7808025379f77133f1292']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "When 'Changed Files' Changed Everything: Our Black Hat 2025 ", "url": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb733cae-ddd5-4ce8-95fc-5d10b8aa5776", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: f0d342d24037bb11d26b9bd8496e0808ba32e9ec", "pattern": "[file:hashes.'SHA-1' = 'f0d342d24037bb11d26b9bd8496e0808ba32e9ec']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Suspicious Tag Movement in AWS\u2019s GitHub Action: What Happene", "url": "https://www.stepsecurity.io/blog/suspicious-tag-movement-in-aws-github-action" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--deee0624-08ef-46db-a767-c65bc6deb3ba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-8875", "pattern": "[vulnerability:name = 'CVE-2025-8875']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8875 \u2014 N-able N-Central Insecure Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--69434041-25ed-4dad-a225-a9b4fe381c9b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-8876", "pattern": "[vulnerability:name = 'CVE-2025-8876']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8876 \u2014 N-able N-Central Command Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3dd920e-ac5e-40c6-9e23-0707902d2b79", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2007-0671", "pattern": "[vulnerability:name = 'CVE-2007-0671']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2007-0671 \u2014 Microsoft Office Excel Remote Code", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6cd3022-8a31-479a-aa68-4fdbdfe34ccb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2013-3893", "pattern": "[vulnerability:name = 'CVE-2013-3893']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c1f4e939-9557-4201-b930-62645b9ea565", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ali.blankchair.com", "pattern": "[domain-name:value = 'ali.blankchair.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--81557741-4f7c-4e6f-8644-c6a13742a24d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: blankchair.com", "pattern": "[domain-name:value = 'blankchair.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65123ba8-f8cc-484e-be9d-53d92ce4dd89", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: dll.freshdns.org", "pattern": "[domain-name:value = 'dll.freshdns.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1e157d10-6c58-45d9-ba36-fd24a95ceebe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: downloadmp3server.servemp3.com", "pattern": "[domain-name:value = 'downloadmp3server.servemp3.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a4a5dc5-6c23-4eb9-8cd2-5a390e2d7674", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ea.blankchair.com", "pattern": "[domain-name:value = 'ea.blankchair.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--27d4afe0-745a-485c-ac5f-d87e7e62d136", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: rt.blankchair.com", "pattern": "[domain-name:value = 'rt.blankchair.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8acfc07e-46fa-4caf-9e1f-f9de36f21e45", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: yahooeast.net", "pattern": "[domain-name:value = 'yahooeast.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--493397db-6704-4fd9-954b-6b0e5e69531e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.17.117.90", "pattern": "[ipv4-addr:value = '103.17.117.90']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df154f1c-c62f-4af1-a875-538a1ffab3aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 110.45.158.5", "pattern": "[ipv4-addr:value = '110.45.158.5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80fc555a-cae8-4600-bc2a-f2a12fe39e8c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 180.150.228.102", "pattern": "[ipv4-addr:value = '180.150.228.102']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--67e8f79a-fe2e-487e-a8eb-92eea2a1a634", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.192.91.6", "pattern": "[ipv4-addr:value = '192.192.91.6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc6126c5-606b-438c-a4dc-5dd2f4845423", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 210.176.3.130", "pattern": "[ipv4-addr:value = '210.176.3.130']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f30d413d-aa99-4998-9168-5b04cf521d2f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 210.177.74.45", "pattern": "[ipv4-addr:value = '210.177.74.45']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d906002-c649-4439-8259-4f3b45eb9a1b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 211.23.103.221", "pattern": "[ipv4-addr:value = '211.23.103.221']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--01929983-bf3c-4f9c-b43a-325849576265", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 61.63.47.27", "pattern": "[ipv4-addr:value = '61.63.47.27']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a71fdc00-5c92-4132-b140-a180b3255e05", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 66.153.86.14", "pattern": "[ipv4-addr:value = '66.153.86.14']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--355d26e3-29fd-4cc2-8fb0-c1adb9176226", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 1b03e3de1ef3e7135fbf9d5ce7e7ccf6", "pattern": "[file:hashes.MD5 = '1b03e3de1ef3e7135fbf9d5ce7e7ccf6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--882ba4a2-8bae-4a12-b01b-beacbf7fdfc6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 4d257e569539973ab0bbafee8fb87582", "pattern": "[file:hashes.MD5 = '4d257e569539973ab0bbafee8fb87582']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5046d45d-d47c-4561-9b17-a0975ad9d3ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 58dc05118ef8b11dcb5f5c596ab772fd", "pattern": "[file:hashes.MD5 = '58dc05118ef8b11dcb5f5c596ab772fd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8c35ca3-1633-443a-8ec2-49b93292145e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 645e29b7c6319295ae8b13ce8575dc1d", "pattern": "[file:hashes.MD5 = '645e29b7c6319295ae8b13ce8575dc1d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aab80098-fd43-4d1c-a1f3-7e4c07aca15a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: bf891c72e4c29cfbe533756ea5685314", "pattern": "[file:hashes.MD5 = 'bf891c72e4c29cfbe533756ea5685314']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11ea6df1-8980-4428-a2cb-5009ee9760fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: dbdb1032d7bb4757d6011fb1d077856c", "pattern": "[file:hashes.MD5 = 'dbdb1032d7bb4757d6011fb1d077856c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34658ab0-f08c-4ded-beaa-93e2dc6f6ac3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: e9c73997694a897d3c6aadb26ed34797", "pattern": "[file:hashes.MD5 = 'e9c73997694a897d3c6aadb26ed34797']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resour", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3fdb7a51-a05a-4029-8b3e-4650266ebb62", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 371a5b8ba86fbcab80d4e0087d2aa0d8ffddc70b", "pattern": "[file:hashes.'SHA-1' = '371a5b8ba86fbcab80d4e0087d2aa0d8ffddc70b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5511bdd0-4c08-4b3b-8796-1f08e8e72305", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 29f89486bb820d40c9bee8bf70ee8664ea270b16e486af4a53ab703996943256", "pattern": "[file:hashes.'SHA-256' = '29f89486bb820d40c9bee8bf70ee8664ea270b16e486af4a53ab703996943256']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5fd2acf9-cf4d-4c00-8e60-b463860dfc3b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2c40e7cf613bf2806ff6e9bc396058fe4f85926493979189dbdbc7d615b7cb14", "pattern": "[file:hashes.'SHA-256' = '2c40e7cf613bf2806ff6e9bc396058fe4f85926493979189dbdbc7d615b7cb14']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a883abe1-6741-4c83-a9d2-1f7bbc45e6ce", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3b85d0261ab2531aba9e2992eb85273be0e26fe61e4592862d8f45d6807ceee4", "pattern": "[file:hashes.'SHA-256' = '3b85d0261ab2531aba9e2992eb85273be0e26fe61e4592862d8f45d6807ceee4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4612721d-9d66-4266-aca6-a49851847b3f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 55b3dc57929d8eacfdadc71d92483eabe4874bf3d0189f861b145705a0f0a8fe", "pattern": "[file:hashes.'SHA-256' = '55b3dc57929d8eacfdadc71d92483eabe4874bf3d0189f861b145705a0f0a8fe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0d8d304-69a7-4b06-affd-160f5ad043e6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5b64786ed92545eeac013be9456e1ff03d95073910742e45ff6b88a86e91901b", "pattern": "[file:hashes.'SHA-256' = '5b64786ed92545eeac013be9456e1ff03d95073910742e45ff6b88a86e91901b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5762df06-6d07-44f4-b313-4d21c5c74e68", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 68d9020aa9b509a6d018d6d9f4c77e7604a588b2848e05da6a4d9f82d725f91b", "pattern": "[file:hashes.'SHA-256' = '68d9020aa9b509a6d018d6d9f4c77e7604a588b2848e05da6a4d9f82d725f91b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c25c872-b7fc-4d60-9234-9c7c7b131715", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6d3586aa6603f1c1c79d7bd7e0b5c5f0cc8e8a84577c35d21b0f462656c2e1f9", "pattern": "[file:hashes.'SHA-256' = '6d3586aa6603f1c1c79d7bd7e0b5c5f0cc8e8a84577c35d21b0f462656c2e1f9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e1b1d97-d1ea-4aa4-8ef4-a2648ee75181", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 867a05d67dd184d544d5513f4f07959a7c2b558197c99cb8139ea797ad9fbece", "pattern": "[file:hashes.'SHA-256' = '867a05d67dd184d544d5513f4f07959a7c2b558197c99cb8139ea797ad9fbece']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e06f1bf-d8c8-47c3-879c-67e792cd190a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 958921ea0995482fb04ea4a50bbdb654f272ab991046a43c1fdbd22da302d544", "pattern": "[file:hashes.'SHA-256' = '958921ea0995482fb04ea4a50bbdb654f272ab991046a43c1fdbd22da302d544']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71e0bc8b-63cd-485e-975a-ca84ad2aa987", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a54bcafd9d4ece87fa314d508a68f47b0ec3351c0a270aa2ed3a0e275b9db03c", "pattern": "[file:hashes.'SHA-256' = 'a54bcafd9d4ece87fa314d508a68f47b0ec3351c0a270aa2ed3a0e275b9db03c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02772162-47ea-460d-b18c-fde6d37441f3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a97f460bfa612f1d406823620d0d25e381f9b980a0497e2775269917a7150f04", "pattern": "[file:hashes.'SHA-256' = 'a97f460bfa612f1d406823620d0d25e381f9b980a0497e2775269917a7150f04']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--173d54e9-71fe-40b7-bb6e-fe47f694cd8f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ae93d9327a91e90bf7744c6ce0eb4affb3acb62a5d1b2dafd645cba9af28d795", "pattern": "[file:hashes.'SHA-256' = 'ae93d9327a91e90bf7744c6ce0eb4affb3acb62a5d1b2dafd645cba9af28d795']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f86671b5-2b89-4d28-9f62-f4f2cb921e01", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b90ef1d21523eeffbca17181ccccf269bca3840786fcbf5c73218c6e1d6a51a9", "pattern": "[file:hashes.'SHA-256' = 'b90ef1d21523eeffbca17181ccccf269bca3840786fcbf5c73218c6e1d6a51a9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4930d8e-3899-4200-baba-31a6b9a6ccf5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bb4856a66bf7e0de18522e35798c0a8734179c1aab21ed2ad6821aaa99e1cb4c", "pattern": "[file:hashes.'SHA-256' = 'bb4856a66bf7e0de18522e35798c0a8734179c1aab21ed2ad6821aaa99e1cb4c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04e6ae11-440c-4cac-b893-2f6df6b9d5cc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c7726c166e1947fdbf808a50b75ca7400d56fa6fef2a76cefe314848db22c76c", "pattern": "[file:hashes.'SHA-256' = 'c7726c166e1947fdbf808a50b75ca7400d56fa6fef2a76cefe314848db22c76c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2679aebb-b6a7-42ca-9722-8538aba2a920", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: cf8ebfd98da3025dc09d0b3bbeef874d8f9c4d4ba4937719f0a9a3aa04c81beb", "pattern": "[file:hashes.'SHA-256' = 'cf8ebfd98da3025dc09d0b3bbeef874d8f9c4d4ba4937719f0a9a3aa04c81beb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5084ed2c-c54a-42e2-9613-06db3acf1458", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d418f878fa02729b38b5384bcb3216872a968f5d0c9c77609d8c5aacedb07546", "pattern": "[file:hashes.'SHA-256' = 'd418f878fa02729b38b5384bcb3216872a968f5d0c9c77609d8c5aacedb07546']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03e0daf0-fa7c-4f1a-8588-58f7d62558ae", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e836873479ff558cfb885097e8783356aad1f2d30b69d825b3a71cb7a57cf930", "pattern": "[file:hashes.'SHA-256' = 'e836873479ff558cfb885097e8783356aad1f2d30b69d825b3a71cb7a57cf930']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7de92d4f-53e3-4580-842f-71bf2292fd33", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ed5b920dad5dcd3f9e55828f82a27211a212839c8942531c288535b92df7f453", "pattern": "[file:hashes.'SHA-256' = 'ed5b920dad5dcd3f9e55828f82a27211a212839c8942531c288535b92df7f453']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f46d155a-a313-4849-8794-36542eba3b33", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ffc6c3805bbaef2c4003763fd5fac0ebcccf99a1656f10cf7677f6c2a5d16dbd", "pattern": "[file:hashes.'SHA-256' = 'ffc6c3805bbaef2c4003763fd5fac0ebcccf99a1656f10cf7677f6c2a5d16dbd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f13393c2-90ec-480c-93e2-bfdf138dbc9d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-8217", "pattern": "[vulnerability:name = 'CVE-2025-8217']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Lessons from AWS CodeBuild\u2019s Memory-Dump Incident (CVE-2025-", "url": "https://www.stepsecurity.io/blog/lessons-from-aws-codebuilds-memory-dump-incident-cve-2025-8217" } ], "x_severity": "crit", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee077a90-fe1f-4c77-bd70-eff71da46c8c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ifyouseethisyouareultragay.com", "pattern": "[domain-name:value = 'ifyouseethisyouareultragay.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Supply Chain Security Alert: num2words PyPI Package Shows Si", "url": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a6a761b-5a74-4394-b76b-bd670da7ea15", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: pokerainteasy.su", "pattern": "[domain-name:value = 'pokerainteasy.su']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Supply Chain Security Alert: num2words PyPI Package Shows Si", "url": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c3fd508c-49ae-4cba-b850-95492b1c8361", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 439da8bb9c541d26b0f534b17d75790e252e4d9058561e8907f8690e21cd0616", "pattern": "[file:hashes.'SHA-256' = '439da8bb9c541d26b0f534b17d75790e252e4d9058561e8907f8690e21cd0616']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Supply Chain Security Alert: num2words PyPI Package Shows Si", "url": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c65029ed-ef1d-4c5e-8eb6-b97809d0d0ac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: be917cb379b9622f56a4d5ec93bf00c20cb76c6646e5919690d0f7c09c956de2", "pattern": "[file:hashes.'SHA-256' = 'be917cb379b9622f56a4d5ec93bf00c20cb76c6646e5919690d0f7c09c956de2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Supply Chain Security Alert: num2words PyPI Package Shows Si", "url": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8dce7f8-6059-457a-bbf7-9164eb0f5dbb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c2a7ee6ab9344e1bb13c61dc689d4a946678e0505367cd55c9b43ddee3d461e2", "pattern": "[file:hashes.'SHA-256' = 'c2a7ee6ab9344e1bb13c61dc689d4a946678e0505367cd55c9b43ddee3d461e2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Supply Chain Security Alert: num2words PyPI Package Shows Si", "url": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c356b5e7-a6fb-4759-b8f3-7679cee97ae4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c36ebf96573afcb36bb31590d56e8af49502fb159e00fd4a59336f8a450bec8b", "pattern": "[file:hashes.'SHA-256' = 'c36ebf96573afcb36bb31590d56e8af49502fb159e00fd4a59336f8a450bec8b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Supply Chain Security Alert: num2words PyPI Package Shows Si", "url": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise" } ], "x_severity": "high", "x_sources": [ "StepSecurity" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32c305f8-4e19-45dd-9db0-e87e7993287e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-9995", "pattern": "[vulnerability:name = 'CVE-2018-9995']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-25078 \u2014 D-Link DCS-2530L and DCS-2670L De", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ccb9ca79-92e9-4897-8bf7-3ffd71fe2494", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-25078", "pattern": "[vulnerability:name = 'CVE-2020-25078']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-25078 \u2014 D-Link DCS-2530L and DCS-2670L De", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ecd9a6e-2e17-4aba-8826-a470a4e1663c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-33044", "pattern": "[vulnerability:name = 'CVE-2021-33044']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-25078 \u2014 D-Link DCS-2530L and DCS-2670L De", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2021-33045 \u2014 Dahua IP Camera Authentication By", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1897b187-80ea-446b-ad62-2e6759f849df", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-36260", "pattern": "[vulnerability:name = 'CVE-2021-36260']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-25078 \u2014 D-Link DCS-2530L and DCS-2670L De", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--268ba754-5907-4ad1-812c-ff1d235d3150", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-40799", "pattern": "[vulnerability:name = 'CVE-2022-40799']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-40799 \u2014 D-Link DNR-322L Download of Code ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--47ae55e7-7cda-4738-965a-6849ed191f89", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-2533", "pattern": "[vulnerability:name = 'CVE-2023-2533']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-2533 \u2014 PaperCut NG/MF Cross-Site Request ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--51369789-22d7-4e89-b637-de155e5c664d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-20281", "pattern": "[vulnerability:name = 'CVE-2025-20281']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20337 \u2014 Cisco Identity Services Engine In", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee698e54-6361-4759-965e-e65be2b15f48", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-20282", "pattern": "[vulnerability:name = 'CVE-2025-20282']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20337 \u2014 Cisco Identity Services Engine In", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d5a8cb3b-4f54-4a4e-9c9f-ee830ed312ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-20337", "pattern": "[vulnerability:name = 'CVE-2025-20337']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20337 \u2014 Cisco Identity Services Engine In", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0f33b12-c219-4e24-803e-2e5540f723ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-5777", "pattern": "[vulnerability:name = 'CVE-2025-5777']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-20337 \u2014 Cisco Identity Services Engine In", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-5777 \u2014 Citrix NetScaler ADC and Gateway O", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5744b3ec-511d-4ef0-a206-58c12b0f78f3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-36394", "pattern": "[vulnerability:name = 'CVE-2024-36394']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2775 \u2014 SysAid On-Prem Improper Restrictio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4728a658-0917-4de1-a4e0-bf229c874c04", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-2775", "pattern": "[vulnerability:name = 'CVE-2025-2775']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2775 \u2014 SysAid On-Prem Improper Restrictio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--816579af-d131-4ed3-aa89-2693280c58b1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-2776", "pattern": "[vulnerability:name = 'CVE-2025-2776']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2775 \u2014 SysAid On-Prem Improper Restrictio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10eef280-3d0c-44df-931e-43426340e90d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-2777", "pattern": "[vulnerability:name = 'CVE-2025-2777']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2775 \u2014 SysAid On-Prem Improper Restrictio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2854c28b-a64f-4a3d-8e30-70f983ca7ae5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-49704", "pattern": "[vulnerability:name = 'CVE-2025-49704']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--229dbc41-c014-449b-b6b7-93e974deb1af", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-49706", "pattern": "[vulnerability:name = 'CVE-2025-49706']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c9e5778-26fe-4c8e-bdeb-3634452ecce6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-53770", "pattern": "[vulnerability:name = 'CVE-2025-53770']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec978615-5ba9-46b4-a239-f16864bea641", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-53771", "pattern": "[vulnerability:name = 'CVE-2025-53771']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d00a00c-5beb-4ff9-a5fd-948aa9c82cf1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-54309", "pattern": "[vulnerability:name = 'CVE-2025-54309']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-54309 \u2014 CrushFTP Unprotected Alternate C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a705d9ad-ea18-4f1c-a824-f486795c4111", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-6558", "pattern": "[vulnerability:name = 'CVE-2025-6558']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-6558 \u2014 Google Chromium ANGLE and GPU Impr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b544acf5-4351-4f33-af22-739f3c147920", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bpp.theinnovationfactory.it", "pattern": "[domain-name:value = 'bpp.theinnovationfactory.it']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0cb238b1-268d-4640-b5e9-f040645561aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: c34718cbb4c6.ngrok-free.app", "pattern": "[domain-name:value = 'c34718cbb4c6.ngrok-free.app']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--824aa18e-5d60-4d55-8994-f475212650d1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ice.theinnovationfactory.it", "pattern": "[domain-name:value = 'ice.theinnovationfactory.it']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f5bc3785-3738-40de-b0ef-38a32d5e6950", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: msupdate.updatemicfosoft.com", "pattern": "[domain-name:value = 'msupdate.updatemicfosoft.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e426079-b3cd-42f5-a8a5-3b9ed3d7b8d4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: update.updatemicfosoft.com", "pattern": "[domain-name:value = 'update.updatemicfosoft.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6056f29-b968-4c48-a5fa-678355b45023", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.238.159.149", "pattern": "[ipv4-addr:value = '104.238.159.149']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--278cde28-ab54-4e57-9104-1a024d1ada5b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 107.191.58.76", "pattern": "[ipv4-addr:value = '107.191.58.76']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3313ab66-d021-4587-b3e5-5bd210f2f870", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 128.199.240.182", "pattern": "[ipv4-addr:value = '128.199.240.182']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9721eccb-1b4f-4af8-85b4-cd08180caa0c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 131.226.2.6", "pattern": "[ipv4-addr:value = '131.226.2.6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df8df0c1-8572-4a46-9774-793ce4c409df", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 134.199.202.205", "pattern": "[ipv4-addr:value = '134.199.202.205']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--95c2a009-c3c7-44f1-b57c-ab07f8bccc57", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 139.144.199.41", "pattern": "[ipv4-addr:value = '139.144.199.41']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--88cb3804-5487-4c17-8a06-b82ab929bba4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 145.239.97.206", "pattern": "[ipv4-addr:value = '145.239.97.206']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--447d4169-ec03-47d3-b54f-28dd4d84f177", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 149.28.124.70", "pattern": "[ipv4-addr:value = '149.28.124.70']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ccf55aab-d619-48a1-b1a6-deff8210139c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 149.40.50.15", "pattern": "[ipv4-addr:value = '149.40.50.15']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80fb8d92-a117-4fbc-9ed3-66fb99283c4c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 154.223.19.106", "pattern": "[ipv4-addr:value = '154.223.19.106']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--77c995da-cfae-4f16-ba6a-ca574a972980", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.197.248.131", "pattern": "[ipv4-addr:value = '185.197.248.131']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3cc87d93-aaf9-4b98-8d6d-0bad33821715", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 188.130.206.168", "pattern": "[ipv4-addr:value = '188.130.206.168']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb11fd2f-2fac-4c61-af0d-e71ce342376b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 206.166.251.228", "pattern": "[ipv4-addr:value = '206.166.251.228']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87d5a7d5-6a4e-43e0-b771-15d569911915", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 212.125.27.102", "pattern": "[ipv4-addr:value = '212.125.27.102']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--237d7123-b9d0-4f46-a076-eaab2f1ad8cf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.77.155.170", "pattern": "[ipv4-addr:value = '45.77.155.170']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--24535881-f886-40f4-b59a-e6a419d9998f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.86.231.241", "pattern": "[ipv4-addr:value = '45.86.231.241']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6cf7f892-2e5f-4339-a11b-39abb0712fde", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 51.161.152.26", "pattern": "[ipv4-addr:value = '51.161.152.26']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e28395b8-c274-430f-bf1d-552666da21e2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 64.176.50.109", "pattern": "[ipv4-addr:value = '64.176.50.109']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e60238df-3700-499b-a1a6-f1947fc6f969", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 65.38.121.198", "pattern": "[ipv4-addr:value = '65.38.121.198']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10d82cfd-cf92-41d6-a044-3c35a0ae7650", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 86.48.9.38", "pattern": "[ipv4-addr:value = '86.48.9.38']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d21a2ae2-cb00-4dda-bed6-0c9b598587c6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 89.46.223.88", "pattern": "[ipv4-addr:value = '89.46.223.88']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--69de2153-f5bc-48ff-b2ba-ca113c9ca98f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.132.95.60", "pattern": "[ipv4-addr:value = '91.132.95.60']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6f6aef2-79b6-4827-a5ab-04e1a9a5bada", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.236.230.76", "pattern": "[ipv4-addr:value = '91.236.230.76']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4d16f1f-a1ea-4e59-a5c8-f16b22e5db63", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 92.222.167.88", "pattern": "[ipv4-addr:value = '92.222.167.88']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f44c3123-75ec-49f5-9faa-a5020f2182b1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 95.179.158.42", "pattern": "[ipv4-addr:value = '95.179.158.42']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--36d4f198-f575-420f-8800-852eb0de558e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 96.9.125.147", "pattern": "[ipv4-addr:value = '96.9.125.147']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa0ab048-b8aa-45fa-9bab-12e3ebe7d218", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1eb914c09c873f0a7bcf81475ab0f6bdfaccc6b63bf7e5f2dbf19295106af192", "pattern": "[file:hashes.'SHA-256' = '1eb914c09c873f0a7bcf81475ab0f6bdfaccc6b63bf7e5f2dbf19295106af192']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8512ac1-fc19-4240-b899-3ab644cbec39", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 24480dbe306597da1ba393b6e30d542673066f98826cc07ac4b9033137f37dbf", "pattern": "[file:hashes.'SHA-256' = '24480dbe306597da1ba393b6e30d542673066f98826cc07ac4b9033137f37dbf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--054287da-8097-49b7-a552-fbb41d52caed", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 33067028e35982c7b9fdcfe25eb4029463542451fdff454007832cf953feaf1e", "pattern": "[file:hashes.'SHA-256' = '33067028e35982c7b9fdcfe25eb4029463542451fdff454007832cf953feaf1e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f3cc9ee-bf81-449b-9170-92db8bafe875", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 390665bdd93a656f48c463bb6c11a4d45b7d5444bdd1d1f7a5879b0f6f9aac7e", "pattern": "[file:hashes.'SHA-256' = '390665bdd93a656f48c463bb6c11a4d45b7d5444bdd1d1f7a5879b0f6f9aac7e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb2bb073-65e7-425e-960b-47d7ff9b2ce5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 445a37279d3a229ed18513e85f0c8d861c6f560e0f914a5869df14a74b679b86", "pattern": "[file:hashes.'SHA-256' = '445a37279d3a229ed18513e85f0c8d861c6f560e0f914a5869df14a74b679b86']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c88e999c-0b08-43d9-b158-0821aaa4240c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4a02a72aedc3356d8cb38f01f0e0b9f26ddc5ccb7c0f04a561337cf24aa84030", "pattern": "[file:hashes.'SHA-256' = '4a02a72aedc3356d8cb38f01f0e0b9f26ddc5ccb7c0f04a561337cf24aa84030']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--31b0eff1-cdb9-45f5-a20e-48f7bd291053", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4c1750a14915bf2c0b093c2cb59063912dfa039a2adfe6d26d6914804e2ae928", "pattern": "[file:hashes.'SHA-256' = '4c1750a14915bf2c0b093c2cb59063912dfa039a2adfe6d26d6914804e2ae928']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39d1529a-9800-4e5a-8a66-2f522cf02205", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 567cb8e8c8bd0d909870c656b292b57bcb24eb55a8582b884e0a228e298e7443", "pattern": "[file:hashes.'SHA-256' = '567cb8e8c8bd0d909870c656b292b57bcb24eb55a8582b884e0a228e298e7443']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8e32c4d1-8d20-40e0-b766-7969239039d7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 62881359e75c9e8899c4bc9f452ef9743e68ce467f8b3e4398bebacde9550dea", "pattern": "[file:hashes.'SHA-256' = '62881359e75c9e8899c4bc9f452ef9743e68ce467f8b3e4398bebacde9550dea']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a84835a3-9745-46c5-9cd4-e87014bf97f8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 66af332ce5f93ce21d2fe408dffd49d4ae31e364d6802fff97d95ed593ff3082", "pattern": "[file:hashes.'SHA-256' = '66af332ce5f93ce21d2fe408dffd49d4ae31e364d6802fff97d95ed593ff3082']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--047a48f9-67a5-46b8-8906-ab88de7d8388", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6753b840cec65dfba0d7d326ec768bff2495784c60db6a139f51c5e83349ac4d", "pattern": "[file:hashes.'SHA-256' = '6753b840cec65dfba0d7d326ec768bff2495784c60db6a139f51c5e83349ac4d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--003faed5-5525-4277-959c-dc8e2e09e111", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6b273c2179518dacb1218201fd37ee2492a5e1713be907e69bf7ea56ceca53a5", "pattern": "[file:hashes.'SHA-256' = '6b273c2179518dacb1218201fd37ee2492a5e1713be907e69bf7ea56ceca53a5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--216883ea-fc75-4fb4-90e1-7c0f3c496311", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6f6db63ece791c6dc1054f1e1231b5bbcf6c051a49bad0784569271753e24619", "pattern": "[file:hashes.'SHA-256' = '6f6db63ece791c6dc1054f1e1231b5bbcf6c051a49bad0784569271753e24619']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70ac2baa-6d5e-4b5f-87ae-daff765d3e4f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7ae971e40528d364fa52f3bb5e0660ac25ef63e082e3bbd54f153e27b31eae68", "pattern": "[file:hashes.'SHA-256' = '7ae971e40528d364fa52f3bb5e0660ac25ef63e082e3bbd54f153e27b31eae68']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad890bf4-6ce4-4d66-8289-8c838db14191", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7baf220eb89f2a216fcb2d0e9aa021b2a10324f0641caf8b7a9088e4e45bec95", "pattern": "[file:hashes.'SHA-256' = '7baf220eb89f2a216fcb2d0e9aa021b2a10324f0641caf8b7a9088e4e45bec95']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--98553f3e-ab51-4c47-9987-eaaeab390d53", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 83705c75731e1d590b08f9357bc3b0f04741e92a033618736387512b40dab060", "pattern": "[file:hashes.'SHA-256' = '83705c75731e1d590b08f9357bc3b0f04741e92a033618736387512b40dab060']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9fb12b2-45d8-4559-9f59-d27276ccaaa5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514", "pattern": "[file:hashes.'SHA-256' = '92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--89e460b8-4c33-471c-8cad-239e7ec5e04c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b180ab0a5845ed619939154f67526d2b04d28713fcc1904fbd666275538f431d", "pattern": "[file:hashes.'SHA-256' = 'b180ab0a5845ed619939154f67526d2b04d28713fcc1904fbd666275538f431d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed0313bd-2285-4fa1-a3b6-96546e98c9df", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b39c14becb62aeb55df7fd55c814afbb0d659687d947d917512fe67973100b70", "pattern": "[file:hashes.'SHA-256' = 'b39c14becb62aeb55df7fd55c814afbb0d659687d947d917512fe67973100b70']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c7277e5-8e01-4123-9b2a-3edb3f68aa39", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b5a78616f709859a0d9f830d28ff2f9dbbb2387df1753739407917e96dadf6b0", "pattern": "[file:hashes.'SHA-256' = 'b5a78616f709859a0d9f830d28ff2f9dbbb2387df1753739407917e96dadf6b0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37bb931a-7080-4110-80bb-f46b0c72f9fe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c27b725ff66fdfb11dd6487a3815d1d1eba89d61b0e919e4d06ed3ac6a74fe94", "pattern": "[file:hashes.'SHA-256' = 'c27b725ff66fdfb11dd6487a3815d1d1eba89d61b0e919e4d06ed3ac6a74fe94']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb547764-7e18-4c11-b9bf-f182d827556f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c2c1fec7856e8d49f5d49267e69993837575dbbec99cd702c5be134a85b2c139", "pattern": "[file:hashes.'SHA-256' = 'c2c1fec7856e8d49f5d49267e69993837575dbbec99cd702c5be134a85b2c139']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--742c6b7c-7261-447c-b727-8770246c6894", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441", "pattern": "[file:hashes.'SHA-256' = 'c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Maintainers of ESLint Prettier Plugin Attacked via npm Suppl", "url": "https://snyk.io/blog/maintainers-of-eslint-prettier-plugin-attacked-via-npm-supply-chain-malware/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d72adcb-378b-4ab1-8cf8-e488ed469038", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d6da885c90a5d1fb88d0a3f0b5d9817a82d5772d5510a0773c80ca581ce2486d", "pattern": "[file:hashes.'SHA-256' = 'd6da885c90a5d1fb88d0a3f0b5d9817a82d5772d5510a0773c80ca581ce2486d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d2eb387c-357f-42e6-8d39-2574cbba45f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f54ae00a9bae73da001c4d3d690d26ddf5e8e006b5562f936df472ec5e299441", "pattern": "[file:hashes.'SHA-256' = 'f54ae00a9bae73da001c4d3d690d26ddf5e8e006b5562f936df472ec5e299441']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b467ac1d-056d-4d52-bcfd-d76afcabff50", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fa3a74a6c015c801f5341c02be2cbdfb301c6ed60633d49fc0bc723617741af7", "pattern": "[file:hashes.'SHA-256' = 'fa3a74a6c015c801f5341c02be2cbdfb301c6ed60633d49fc0bc723617741af7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d86fff54-2ffe-451c-a474-d2c742192c49", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ffbc9dfc284b147e07a430fe9471e66c716a84a1f18976474a54bee82605fa9a", "pattern": "[file:hashes.'SHA-256' = 'ffbc9dfc284b147e07a430fe9471e66c716a84a1f18976474a54bee82605fa9a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e53576a-8952-4c50-a818-e1569a9439db", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: angelic.su", "pattern": "[domain-name:value = 'angelic.su']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f8a2d46-ecca-482b-98c0-f397dc3bcc5e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: begalinokotobananinotrippitroppacrocofanclub.su", "pattern": "[domain-name:value = 'begalinokotobananinotrippitroppacrocofanclub.su']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f5f624cf-ec7a-41be-830d-17a1202bcfb0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: lmfao.su", "pattern": "[domain-name:value = 'lmfao.su']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4916d682-e17a-4abe-8adc-01d943abb82f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: m-vn.ws", "pattern": "[domain-name:value = 'm-vn.ws']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--047411b1-d184-4ca0-ba76-6de2654e2822", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: myaunet.su", "pattern": "[domain-name:value = 'myaunet.su']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2530964d-999a-4d5d-9f13-27b0b7d6ed1f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: relay.lmfao.su", "pattern": "[domain-name:value = 'relay.lmfao.su']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb57b80f-ce79-4e28-8411-d705b10bca5b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: solidity.bot", "pattern": "[domain-name:value = 'solidity.bot']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0a0fe138-d5eb-4ff9-a92c-951b45f7b0fc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: staketree.net", "pattern": "[domain-name:value = 'staketree.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d4e38ecb-b26b-4ae2-a25d-360637a429dc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 144.172.112.84", "pattern": "[ipv4-addr:value = '144.172.112.84']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4aeb1694-84bf-4414-adab-d470a1d8082c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 209fb5bb2440ffe1a631dfe3b574229105a33c5153eded023cc77d8e8f81d1de", "pattern": "[file:hashes.'SHA-256' = '209fb5bb2440ffe1a631dfe3b574229105a33c5153eded023cc77d8e8f81d1de']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--016c1367-96cf-4166-ab17-80fec3725e3b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2c471e265409763024cdc33579c84d88d5aaf9aea1911266b875d3b7604a0eeb", "pattern": "[file:hashes.'SHA-256' = '2c471e265409763024cdc33579c84d88d5aaf9aea1911266b875d3b7604a0eeb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--00a9c7f9-5858-42eb-af34-91a74d0af4b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 404dd413f10ccfeea23bfb00b0e403532fa8651bfb456d84b6a16953355a800a", "pattern": "[file:hashes.'SHA-256' = '404dd413f10ccfeea23bfb00b0e403532fa8651bfb456d84b6a16953355a800a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--060f8176-422e-4134-b5e0-acd7b7f9c92c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 70309bf3d2aed946bba51fc3eedb2daa3e8044b60151f0b5c1550831fbc6df17", "pattern": "[file:hashes.'SHA-256' = '70309bf3d2aed946bba51fc3eedb2daa3e8044b60151f0b5c1550831fbc6df17']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--451593f2-d1f2-4bb3-bade-56e816061a9f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 84d4a4c6d7e55e201b20327ca2068992180d9ec08a6827faa4ff3534b96c3d6f", "pattern": "[file:hashes.'SHA-256' = '84d4a4c6d7e55e201b20327ca2068992180d9ec08a6827faa4ff3534b96c3d6f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8f0e01f-c479-4a38-97b1-473431ea7286", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a1eadd41327bd8736e275627d3953944fe7089c032d72a3e429ff18ad0958ada", "pattern": "[file:hashes.'SHA-256' = 'a1eadd41327bd8736e275627d3953944fe7089c032d72a3e429ff18ad0958ada']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4f88cdff-5df3-454c-b22c-9e7cd60b9551", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c3684164933c3f54d5b0b242a8a906a85d633de479079a820bb804c0f73c0f58", "pattern": "[file:hashes.'SHA-256' = 'c3684164933c3f54d5b0b242a8a906a85d633de479079a820bb804c0f73c0f58']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb2ea687-a1ed-4021-9f7c-822dca33bf1d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c5c0228a1e0ba2bb748219325f66acf17078a26165b45728d8e98150377aa068", "pattern": "[file:hashes.'SHA-256' = 'c5c0228a1e0ba2bb748219325f66acf17078a26165b45728d8e98150377aa068']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8522f9b7-6079-4a0e-b1e4-a32cf2bd29fe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ce72b79e324371134db762fe70b8b1789af899d7217461bc3658a6bd84743eb6", "pattern": "[file:hashes.'SHA-256' = 'ce72b79e324371134db762fe70b8b1789af899d7217461bc3658a6bd84743eb6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a8f28b91-7281-48e8-a9a4-873fcef461e2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e0ca66c1a9a68b319b24a7c6b8fdca219dffd802dd4de2d59f602c4d90f40d6c", "pattern": "[file:hashes.'SHA-256' = 'e0ca66c1a9a68b319b24a7c6b8fdca219dffd802dd4de2d59f602c4d90f40d6c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--60c797dd-3152-4ea1-8940-cd7afd092641", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e19d5d8f941b9a98fbb3b65e1e6077fa00d97529e351e455297b0204ec07e9ed", "pattern": "[file:hashes.'SHA-256' = 'e19d5d8f941b9a98fbb3b65e1e6077fa00d97529e351e455297b0204ec07e9ed']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bd1e9f0-63c3-4bb8-a1a3-1d2dd804f9ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: eb5b35057dedb235940b2c41da9e3ae0553969f1c89a16e3f66ba6f6005c6fa8", "pattern": "[file:hashes.'SHA-256' = 'eb5b35057dedb235940b2c41da9e3ae0553969f1c89a16e3f66ba6f6005c6fa8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a09efe41-7a86-4c1b-9a2e-3d428db168c0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f4721f32b8d6eb856364327c21ea3c703f1787cfb4c043f87435a8876d903b2c", "pattern": "[file:hashes.'SHA-256' = 'f4721f32b8d6eb856364327c21ea3c703f1787cfb4c043f87435a8876d903b2c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Cursor IDE Malware Extension Compromise in $500k Crypto Heis", "url": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07809365-64aa-4a1b-ab33-86ec5621a1f9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 141.164.60.10", "pattern": "[ipv4-addr:value = '141.164.60.10']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--961e41e0-a104-47e3-9b15-ff73595107ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-25257", "pattern": "[vulnerability:name = 'CVE-2025-25257']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-25257 \u2014 Fortinet FortiWeb SQL Injection V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3758286-0191-4a73-9619-19e7d3f3302f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-47812", "pattern": "[vulnerability:name = 'CVE-2025-47812']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutrali", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c2170ee-0955-49db-96e2-eaa38994bb72", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: instance-y9tbyl-relay.screenconnect.com", "pattern": "[domain-name:value = 'instance-y9tbyl-relay.screenconnect.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutrali", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18891c2e-6699-4f3b-81f2-17aab232adda", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oooooooo11.screenconnect.com", "pattern": "[domain-name:value = 'oooooooo11.screenconnect.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutrali", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--faa4fe61-d2e0-408f-aa65-f564c8d9026c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.88.141.42", "pattern": "[ipv4-addr:value = '103.88.141.42']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutrali", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ea3852a-2221-4cc1-bb4a-51d196203df6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.70.11.39", "pattern": "[ipv4-addr:value = '146.70.11.39']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutrali", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--393a850b-c910-41d3-9873-dc6b670759cd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 149.248.44.88", "pattern": "[ipv4-addr:value = '149.248.44.88']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutrali", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--108f7a19-bdd8-401a-8480-bce94cda5b97", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.196.9.225", "pattern": "[ipv4-addr:value = '185.196.9.225']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutrali", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6828eb8-daf8-47be-99e9-fd5cdd7d4065", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 223.160.131.104", "pattern": "[ipv4-addr:value = '223.160.131.104']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutrali", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--20fbc198-7dfb-4ffc-ac68-a76e74c0e9d1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c637ec00bd22da4539ec6def89cd9f7196a303d17632b1131a89d65e4f5698f4", "pattern": "[file:hashes.'SHA-256' = 'c637ec00bd22da4539ec6def89cd9f7196a303d17632b1131a89d65e4f5698f4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutrali", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf0946fe-4856-42b8-a234-baa8e7bd8031", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f0fcc638cd93bdd6fb4745d75b491395a7a1b2cb08e0153a2eb417cb2f58d8ac", "pattern": "[file:hashes.'SHA-256' = 'f0fcc638cd93bdd6fb4745d75b491395a7a1b2cb08e0153a2eb417cb2f58d8ac']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutrali", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--84ee630a-60ad-44f5-98e4-6f4e5d095259", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2014-3931", "pattern": "[vulnerability:name = 'CVE-2014-3931']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-3931 \u2014 Multi-Router Looking Glass (MRLG) ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53674a5c-537f-4ed9-ac50-d2b91120e28b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2016-10033", "pattern": "[vulnerability:name = 'CVE-2016-10033']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2016-10033 \u2014 PHPMailer Command Injection Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f0c6520-4f95-4e99-980a-e048a35048a3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2016-10045", "pattern": "[vulnerability:name = 'CVE-2016-10045']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2016-10033 \u2014 PHPMailer Command Injection Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c37cda7b-86f4-43be-a4d0-25cdcabc3ece", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-5418", "pattern": "[vulnerability:name = 'CVE-2019-5418']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2019-5418 \u2014 Rails Ruby on Rails Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a02ed18d-0a0c-4570-be96-03e82b2ad282", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-9621", "pattern": "[vulnerability:name = 'CVE-2019-9621']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2019-9621 \u2014 Synacor Zimbra Collaboration Suite", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b02fcdb4-75c5-41e1-872c-865dff96bf11", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-9670", "pattern": "[vulnerability:name = 'CVE-2019-9670']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2019-9621 \u2014 Synacor Zimbra Collaboration Suite", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--38138210-2e03-478f-b782-07be7fb00e4f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-6554", "pattern": "[vulnerability:name = 'CVE-2025-6554']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-6554 \u2014 Google Chromium V8 Type Confusion ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3419542e-5b1b-4f18-9839-889954c1606e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-48927", "pattern": "[vulnerability:name = 'CVE-2025-48927']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-48928 \u2014 TeleMessage TM SGNL Exposure of C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-48927 \u2014 TeleMessage TM SGNL Initializatio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0b7a2c6-6d53-49ce-bcff-a7d086c7b510", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-48928", "pattern": "[vulnerability:name = 'CVE-2025-48928']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-48928 \u2014 TeleMessage TM SGNL Exposure of C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4aa98de9-c50a-458d-91d9-4f128dac4ff5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-6543", "pattern": "[vulnerability:name = 'CVE-2025-6543']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-6543 \u2014 Citrix NetScaler ADC and Gateway B", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e7f840f-4294-4c16-9f4b-2895759965ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-6693", "pattern": "[vulnerability:name = 'CVE-2019-6693']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2019-6693 \u2014 Fortinet FortiOS Use of Hard-Coded", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53e5266d-3351-43b4-8ae8-76ea46569670", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-26872", "pattern": "[vulnerability:name = 'CVE-2022-26872']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication By", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03f34070-6a3b-4ffa-9f0a-bf742efcffcd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-2827", "pattern": "[vulnerability:name = 'CVE-2022-2827']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication By", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa680575-85e7-4b41-acee-912239a47cc0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-40242", "pattern": "[vulnerability:name = 'CVE-2022-40242']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication By", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8487c2ad-1bae-43c4-9cc2-807f08d26496", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-40258", "pattern": "[vulnerability:name = 'CVE-2022-40258']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication By", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ae68f0e-b825-41ef-86a9-57671395efe2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-40259", "pattern": "[vulnerability:name = 'CVE-2022-40259']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication By", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d4254c91-852a-476c-a6c3-aa49d6b5dc28", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-34329", "pattern": "[vulnerability:name = 'CVE-2023-34329']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication By", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57930729-221f-4ed3-a17e-daa26b9083a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-34330", "pattern": "[vulnerability:name = 'CVE-2023-34330']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication By", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ebe6e256-88d5-49b6-9b9a-64c55c9fff30", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-0769", "pattern": "[vulnerability:name = 'CVE-2024-0769']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-0769 \u2014 D-Link DIR-859 Router Path Traver", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--150c1dce-ea83-411c-a417-dc2c32d9b9ba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-54085", "pattern": "[vulnerability:name = 'CVE-2024-54085']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication By", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8acbeebf-a283-438e-882b-d97624214eb9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-0386", "pattern": "[vulnerability:name = 'CVE-2023-0386']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-0386 \u2014 Linux Kernel Improper Ownership Ma", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f5e0ade-647d-43d3-a88a-9ea253777a74", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-33538", "pattern": "[vulnerability:name = 'CVE-2023-33538']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d7f6e21c-79e0-42a5-a8a5-942b95c99bd0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-43200", "pattern": "[vulnerability:name = 'CVE-2025-43200']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-43200 \u2014 Apple Multiple Products Unspecifi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28372d7c-d1f5-4161-8ead-71f42fb5c88d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bot.ddosvps.cc", "pattern": "[domain-name:value = 'bot.ddosvps.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--846c62dd-b8df-4580-bcd1-dfaeb5cffcdb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cnc.vietdediserver.shop", "pattern": "[domain-name:value = 'cnc.vietdediserver.shop']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85652c03-fdc1-4ef8-85ec-a8772a5b36c8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 51.38.137.113", "pattern": "[ipv4-addr:value = '51.38.137.113']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--beeb252d-9c63-4c58-b98f-4ae2eb236586", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 00078aeeaca54b5d3c1237e964e9f956690b782e4ea160d81edc3c6b44e7f620", "pattern": "[file:hashes.'SHA-256' = '00078aeeaca54b5d3c1237e964e9f956690b782e4ea160d81edc3c6b44e7f620']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14f4994a-5e94-4bbe-aecc-d48a9dc51208", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3fbd2a2e82ceb5e91eadbad02cb45ac618324da9b1895d81ebe7de765dca30e7", "pattern": "[file:hashes.'SHA-256' = '3fbd2a2e82ceb5e91eadbad02cb45ac618324da9b1895d81ebe7de765dca30e7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e51b1339-ba7c-49e3-96c9-f23080d65d55", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4caaa18982cd4056fead54b98d57f9a2a1ddd654cf19a7ba2366dfadbd6033da", "pattern": "[file:hashes.'SHA-256' = '4caaa18982cd4056fead54b98d57f9a2a1ddd654cf19a7ba2366dfadbd6033da']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90bdf0f4-8cf5-4b17-a9b2-a6484105a811", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 534b654531a6a540a144da9545ee343e1046f843d7de4c1091b46c3ee66a508b", "pattern": "[file:hashes.'SHA-256' = '534b654531a6a540a144da9545ee343e1046f843d7de4c1091b46c3ee66a508b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f59b0c2-c72c-48cc-9c46-55dc48c2201f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 56f21f412e898ad9e3ee05d5f44c44d9d7bcb9ecbfbdb9de11b8fa5a637aeef6", "pattern": "[file:hashes.'SHA-256' = '56f21f412e898ad9e3ee05d5f44c44d9d7bcb9ecbfbdb9de11b8fa5a637aeef6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87ba4b39-4752-4981-8681-a42e25084e44", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7bbb21fec19512d932b7a92652ed0c8f0fedea89f34b9d6f267cf39de0eb9b20", "pattern": "[file:hashes.'SHA-256' = '7bbb21fec19512d932b7a92652ed0c8f0fedea89f34b9d6f267cf39de0eb9b20']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e79fae84-a248-46a9-b65e-84ef6d6768cc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 919f292a07a37f163f88527e725406187c8ecc637387ad24853fe49ce4e6ddf4", "pattern": "[file:hashes.'SHA-256' = '919f292a07a37f163f88527e725406187c8ecc637387ad24853fe49ce4e6ddf4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--67a648dd-f639-44ce-9659-1c7a04d867e7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9df711c3aef2bba17b622ddfd955452f8d8eb55899528fbc13d9540c52f13402", "pattern": "[file:hashes.'SHA-256' = '9df711c3aef2bba17b622ddfd955452f8d8eb55899528fbc13d9540c52f13402']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e971e470-6e40-4cbc-b849-6d7696048071", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c321933e4e5970ba7299fe21778dab9398994c22ca0ba0422c6cbc3fbb95ea26", "pattern": "[file:hashes.'SHA-256' = 'c321933e4e5970ba7299fe21778dab9398994c22ca0ba0422c6cbc3fbb95ea26']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0bbd3d7d-92df-47e8-9024-bebf1683b9d4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2014-8361", "pattern": "[vulnerability:name = 'CVE-2014-8361']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--204f4cd3-00ef-4463-9fc7-40a8b69dc083", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2017-17215", "pattern": "[vulnerability:name = 'CVE-2017-17215']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8b3a817e-03ca-4e03-81db-641504344318", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2017-18368", "pattern": "[vulnerability:name = 'CVE-2017-18368']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b164f881-6ec8-4629-bb11-b0fe3130fd6d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-1389", "pattern": "[vulnerability:name = 'CVE-2023-1389']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65f8727e-ec6c-4892-9ebe-4d4e66110ecd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-3721", "pattern": "[vulnerability:name = 'CVE-2024-3721']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--900df0f3-6007-414b-9a6e-d0d32a2e8eeb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24016", "pattern": "[vulnerability:name = 'CVE-2025-24016']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1d4db1e-169b-4ef9-8ba9-7b3f362d4ed3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-33053", "pattern": "[vulnerability:name = 'CVE-2025-33053']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f0a8378-85e4-463a-877f-e73139e3a9b3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cbot.galaxias.cc", "pattern": "[domain-name:value = 'cbot.galaxias.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2cbd16a3-389c-4193-8ca2-348c8cda19ba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cyclingonlineshop.com", "pattern": "[domain-name:value = 'cyclingonlineshop.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--afa647da-3ad4-49c1-bd34-23f4f68b2c07", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: downloadessays.net", "pattern": "[domain-name:value = 'downloadessays.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2ee7bacd-116e-4015-805e-b909e3cc1d1d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: fastfilebackup.com", "pattern": "[domain-name:value = 'fastfilebackup.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9a1ea6a1-73a4-4cdb-a9b5-e8fdb0b9537f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: galaxias.cc", "pattern": "[domain-name:value = 'galaxias.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4389bda5-e7f6-47fb-be3a-f5439d34736d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gestisciweb.com", "pattern": "[domain-name:value = 'gestisciweb.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7559712-5ac6-4fd7-adbf-934aadbde0ac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: healthherofit.com", "pattern": "[domain-name:value = 'healthherofit.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d17dc9d6-9bb9-4f61-a8e0-625b5e663ed5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: joinushealth.com", "pattern": "[domain-name:value = 'joinushealth.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--190830b8-f6f1-4f36-a931-01b5b3e4b09d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: luxuryfitnesslabs.com", "pattern": "[domain-name:value = 'luxuryfitnesslabs.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bfa191fe-52f6-40d3-ab63-1e6f0ad66b04", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: mystartupblog.com", "pattern": "[domain-name:value = 'mystartupblog.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c03a8f3b-48ce-4412-9906-984e0b016139", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: nuklearcnc.duckdns.org", "pattern": "[domain-name:value = 'nuklearcnc.duckdns.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9c85179-b8bf-489a-8ba1-bd972d7a113e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: purvoyage.com", "pattern": "[domain-name:value = 'purvoyage.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14d1639d-27e9-4345-9589-3067ebdea0c3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: radiotimesignal.com", "pattern": "[domain-name:value = 'radiotimesignal.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1bce22bc-2c54-4267-bc21-e173c8c958ad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: roundedbullets.com", "pattern": "[domain-name:value = 'roundedbullets.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bdd45ab7-f1f7-4dcd-b388-5f719a5ade2c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: summerartcamp.net", "pattern": "[domain-name:value = 'summerartcamp.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c062fd1-5991-446c-8a38-a577e7c848b9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: worryfreetransport.com", "pattern": "[domain-name:value = 'worryfreetransport.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8153fd78-a2cb-4dd2-9dd2-bb05aaef6c4b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.168.101.27", "pattern": "[ipv4-addr:value = '104.168.101.27']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c372e5d3-85f5-4d99-ab54-71db14fa4c66", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 176.65.134.62", "pattern": "[ipv4-addr:value = '176.65.134.62']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c00a0638-4871-417a-a41e-c6b3388ce184", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 176.65.142.137", "pattern": "[ipv4-addr:value = '176.65.142.137']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--66ec7ca4-4561-4d00-82c4-f7afb31983f9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 196.251.86.49", "pattern": "[ipv4-addr:value = '196.251.86.49']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ab9c2d8e-52ea-4caf-869e-6979588eee64", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 209.141.34.106", "pattern": "[ipv4-addr:value = '209.141.34.106']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--402e8978-4eff-49b9-8670-c9f91c1be219", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 42.112.26.36", "pattern": "[ipv4-addr:value = '42.112.26.36']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a65aa808-7e25-4409-85ef-ae5d074decf3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 65.222.202.53", "pattern": "[ipv4-addr:value = '65.222.202.53']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96d07c79-d8ae-4346-8d9f-ebeb3d8d70ec", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1d95a44f341435da50878eea1ec0a1aab6ae0ee91644c497378266290a6ef1d8", "pattern": "[file:hashes.'SHA-256' = '1d95a44f341435da50878eea1ec0a1aab6ae0ee91644c497378266290a6ef1d8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5018d97-9c8f-4424-82e9-ad71090beafa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 257c63a9e21b829bb4b9f8b0e352379444b0e573176530107a3e6c279d1919da", "pattern": "[file:hashes.'SHA-256' = '257c63a9e21b829bb4b9f8b0e352379444b0e573176530107a3e6c279d1919da']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--feebb234-6a35-4366-b3ca-25935d090853", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 66a893728a0ac1a7fae39ee134ad4182d674e719219fbf5d9b7cd4fd4f07f535", "pattern": "[file:hashes.'SHA-256' = '66a893728a0ac1a7fae39ee134ad4182d674e719219fbf5d9b7cd4fd4f07f535']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a411f174-5bf1-4afb-a5dd-65b8cae1e4c5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 700b422556f070325b327325e31ddf597f98cc319f29ef8638c7b0508c632cee", "pattern": "[file:hashes.'SHA-256' = '700b422556f070325b327325e31ddf597f98cc319f29ef8638c7b0508c632cee']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--962b5ec0-770f-429a-8345-20fff74761c5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: da3bb6e38b3f4d83e69d31783f00c10ce062abd008e81e983a9bd4317a9482aa", "pattern": "[file:hashes.'SHA-256' = 'da3bb6e38b3f4d83e69d31783f00c10ce062abd008e81e983a9bd4317a9482aa']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3f1dbde-6e6c-4b6e-afec-6d2eb60f6794", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ddce79afe9f67b78e83f6e530c3e03265533eb3f4530e7c89fdc357f7093a80b", "pattern": "[file:hashes.'SHA-256' = 'ddce79afe9f67b78e83f6e530c3e03265533eb3f4530e7c89fdc357f7093a80b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Contr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad4a545-4d92-48ef-afb8-5143340a54ec", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: a.mpk-krakow.pl", "pattern": "[domain-name:value = 'a.mpk-krakow.pl']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-42009 \u2014 RoundCube Webmail Cross-Site Scri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--386e5782-a2bb-4ab6-aacc-586e7c1544ac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: dns.outbound.watchtowr.com", "pattern": "[domain-name:value = 'dns.outbound.watchtowr.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32433 \u2014 Erlang Erlang/OTP SSH Server Miss", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c1e1053-662f-4de8-8e8f-f6d5d971c36d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.103.40.203", "pattern": "[ipv4-addr:value = '146.103.40.203']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32433 \u2014 Erlang Erlang/OTP SSH Server Miss", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1955ef79-f692-4785-90be-fa870cd8acaa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.165.16.71", "pattern": "[ipv4-addr:value = '194.165.16.71']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32433 \u2014 Erlang Erlang/OTP SSH Server Miss", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4053dcf0-73ed-4b66-b959-bba7d4790c8f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 70cea07c972a30597cda7a1d3cd4cd8f75acad75940ca311a5a2033e6a1dd149", "pattern": "[file:hashes.'SHA-256' = '70cea07c972a30597cda7a1d3cd4cd8f75acad75940ca311a5a2033e6a1dd149']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-42009 \u2014 RoundCube Webmail Cross-Site Scri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef9748db-4a49-42cc-9563-23dafdba8435", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-5419", "pattern": "[vulnerability:name = 'CVE-2025-5419']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-5419 \u2014 Google Chromium V8 Out-of-Bounds R", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc390ce2-a5ab-4f41-b756-a134aa696694", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-21479", "pattern": "[vulnerability:name = 'CVE-2025-21479']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21479 \u2014 Qualcomm Multiple Chipsets Incorr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-27038 \u2014 Qualcomm Multiple Chipsets Use-Af", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7ce9980f-f731-417e-900f-df2a6452e9a8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-21480", "pattern": "[vulnerability:name = 'CVE-2025-21480']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21479 \u2014 Qualcomm Multiple Chipsets Incorr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-27038 \u2014 Qualcomm Multiple Chipsets Use-Af", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1896b2e2-7301-441b-8104-0926b5e2391c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-27038", "pattern": "[vulnerability:name = 'CVE-2025-27038']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21479 \u2014 Qualcomm Multiple Chipsets Incorr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-27038 \u2014 Qualcomm Multiple Chipsets Use-Af", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e05789fc-faa2-4960-84f4-56e5d98d7a93", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-32030", "pattern": "[vulnerability:name = 'CVE-2021-32030']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authenticat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68356724-4fea-4331-b670-eda09c6f5343", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-39780", "pattern": "[vulnerability:name = 'CVE-2023-39780']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authenticat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-39780 \u2014 ASUS RT-AX55 Routers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8989f6c4-5b24-4c71-8fdd-c6300b10fa12", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-56145", "pattern": "[vulnerability:name = 'CVE-2024-56145']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-56145 \u2014 Craft CMS Code Injection Vulnerab", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05d2e060-e4c9-4f12-b8b9-c66aee407a41", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-58136", "pattern": "[vulnerability:name = 'CVE-2024-58136']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Ass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-58136 \u2014 Yiiframework Yii Improper Protect", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f659aaca-df1f-4daa-8a02-de6b51c45b48", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-35939", "pattern": "[vulnerability:name = 'CVE-2025-35939']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Ass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--30a09bab-691e-4d67-a6d1-971e782704b0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-3935", "pattern": "[vulnerability:name = 'CVE-2025-3935']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3935 \u2014 ConnectWise ScreenConnect Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--49e327a6-253d-4ee4-8d2b-fef7a4f25d6f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 101.99.91.151", "pattern": "[ipv4-addr:value = '101.99.91.151']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authenticat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-39780 \u2014 ASUS RT-AX55 Routers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14a7b68d-9f23-48d0-8146-85b1f193b906", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 101.99.94.173", "pattern": "[ipv4-addr:value = '101.99.94.173']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authenticat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-39780 \u2014 ASUS RT-AX55 Routers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a3aefad-d638-467c-9c57-c5bbc77f28b7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.106.66.123", "pattern": "[ipv4-addr:value = '103.106.66.123']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Ass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64fad8f1-02ac-4423-a8e8-e5dfa54368fd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.161.32.11", "pattern": "[ipv4-addr:value = '104.161.32.11']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Ass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10b0207d-b700-4c3f-b002-4d3437aa35c1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 111.90.146.237", "pattern": "[ipv4-addr:value = '111.90.146.237']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authenticat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-39780 \u2014 ASUS RT-AX55 Routers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce75a6bc-29c4-4c8a-b607-56f8c4a96b09", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 154.211.22.213", "pattern": "[ipv4-addr:value = '154.211.22.213']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Ass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--75e293ec-6351-4fba-9e52-33864bbd3236", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 172.86.113.137", "pattern": "[ipv4-addr:value = '172.86.113.137']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Ass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dda9b45e-3c33-415a-94c1-4e2169b4824c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.145.208.231", "pattern": "[ipv4-addr:value = '38.145.208.231']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Ass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--63997199-0056-4401-86ef-f3ef56af86f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 79.141.163.179", "pattern": "[ipv4-addr:value = '79.141.163.179']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authenticat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-39780 \u2014 ASUS RT-AX55 Routers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8b8044a0-acfb-4d0b-8585-0d261488d533", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: d8fddbd85e6af76c91bfa17118dbecc6", "pattern": "[file:hashes.MD5 = 'd8fddbd85e6af76c91bfa17118dbecc6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Ass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--991b89fb-10e2-4522-aa3a-d3a563522210", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: e6c3e12f6712719f69f40fb6f06e2b60facd8e61", "pattern": "[file:hashes.'SHA-1' = 'e6c3e12f6712719f69f40fb6f06e2b60facd8e61']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Ass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4f23a598-8dd6-48e0-923d-da4f5acb5126", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: dce988346f98d55b97f7ca7a4c49cef2883b80855a0ecb6371df4063e7ecc40d", "pattern": "[file:hashes.'SHA-256' = 'dce988346f98d55b97f7ca7a4c49cef2883b80855a0ecb6371df4063e7ecc40d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Ass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8c58bb5d-8ab4-4b2d-acd6-9b2f9b0a6540", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-4632", "pattern": "[vulnerability:name = 'CVE-2025-4632']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4632 \u2014 Samsung MagicINFO 9 Server Path Tr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28e0d58e-b6bd-4aa9-8c70-ac2abe626dbe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-12641", "pattern": "[vulnerability:name = 'CVE-2020-12641']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ae90545-ffb7-4e71-9bd8-3af6cc1228e1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-35730", "pattern": "[vulnerability:name = 'CVE-2020-35730']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f07213f3-e694-4dfe-8ec0-0da8fbdcf596", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-44026", "pattern": "[vulnerability:name = 'CVE-2021-44026']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f26dc2dd-c489-41bc-88da-1b22fb966db8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-38950", "pattern": "[vulnerability:name = 'CVE-2023-38950']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-38950 \u2014 ZKTeco BioTime Path Traversal Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe902c82-3a57-49ad-a901-9be61661fd0a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-43770", "pattern": "[vulnerability:name = 'CVE-2023-43770']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b1aa9008-e7e4-4521-b980-4089df152fac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-11182", "pattern": "[vulnerability:name = 'CVE-2024-11182']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d04586d2-17d2-4b04-b33d-4b4a8d461a04", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-27443", "pattern": "[vulnerability:name = 'CVE-2024-27443']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9d9f3afe-6d01-471c-a8e0-85957969187f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-27920", "pattern": "[vulnerability:name = 'CVE-2025-27920']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-27920 \u2014 Srimax Output Messenger Directory", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2740e9fd-da33-4fe4-b58a-52b0a5e0eca6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-35036", "pattern": "[vulnerability:name = 'CVE-2025-35036']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f2cc1a9-d7d2-4728-b3f6-719dbe6660fe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-4427", "pattern": "[vulnerability:name = 'CVE-2025-4427']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8914dc7-2f35-4ee6-917a-55ad2a830b3f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-4428", "pattern": "[vulnerability:name = 'CVE-2025-4428']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23b477c7-a2ce-41fb-87ec-85f5a129574f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: api.wordinfos.com", "pattern": "[domain-name:value = 'api.wordinfos.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-27920 \u2014 Srimax Output Messenger Directory", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--526cacb7-74c3-49c9-ac28-24b66ee6ab97", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: censysinspect.com", "pattern": "[domain-name:value = 'censysinspect.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e3bdc98-9f5e-4b8d-94ee-d8f9536ea0e4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: craft-dev.greenenaftaligallery.com", "pattern": "[domain-name:value = 'craft-dev.greenenaftaligallery.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e10f46fb-12c3-44d7-b0ff-f0302b7d01d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: e-wago.pl", "pattern": "[domain-name:value = 'e-wago.pl']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4483e81d-1acb-46df-8bc1-a2a3e02ab542", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: elektrobohater.pl", "pattern": "[domain-name:value = 'elektrobohater.pl']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--770badd1-4be0-4d45-8f79-29eee777785e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: hfuu.de", "pattern": "[domain-name:value = 'hfuu.de']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80c5a275-bf72-487a-8f90-1b1ae85cb7be", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: hijx.xyz", "pattern": "[domain-name:value = 'hijx.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e123f8e-de33-4adf-8c20-634a1ac46430", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ikses.net", "pattern": "[domain-name:value = 'ikses.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--43bf8986-bd15-4e5e-9ad4-62872c724f54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: jiaw.shop", "pattern": "[domain-name:value = 'jiaw.shop']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--297c4705-57cd-4b5d-99f1-7cdc12c017ae", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: lsjb.digital", "pattern": "[domain-name:value = 'lsjb.digital']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b16f541-fa80-4bc7-ac63-e5da9792936f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ns1.cybertunnel.run", "pattern": "[domain-name:value = 'ns1.cybertunnel.run']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc0e2902-308e-4fea-bd89-3272728f1986", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: raxia.top", "pattern": "[domain-name:value = 'raxia.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--88defef4-e0bb-4932-af29-c469f3034ce1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: rnl.world", "pattern": "[domain-name:value = 'rnl.world']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a919ae5-a73d-4dbf-88e3-6fce6ce0e6f3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sqj.fr", "pattern": "[domain-name:value = 'sqj.fr']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c5b80617-53dc-4273-aa8c-161f2119109f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: tgh24.xyz", "pattern": "[domain-name:value = 'tgh24.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c11b6e9-f9a2-4eff-9898-3b12e30568b1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: tuo.world", "pattern": "[domain-name:value = 'tuo.world']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8c8b20df-faaf-4a21-8db6-b08f6048d890", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: wagodirect.pl", "pattern": "[domain-name:value = 'wagodirect.pl']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba5079e4-6c53-4eab-9ced-d9755d67d168", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 100.26.51.59", "pattern": "[ipv4-addr:value = '100.26.51.59']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca50207f-168a-4b69-89fc-eeecf86d8a08", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.244.88.125", "pattern": "[ipv4-addr:value = '103.244.88.125']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37c696ea-f8bf-44b6-99c9-975ac3a7de79", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 111.90.151.167", "pattern": "[ipv4-addr:value = '111.90.151.167']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6398b6cc-dc7e-4ba6-8b87-279022535c27", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 124.223.202.90", "pattern": "[ipv4-addr:value = '124.223.202.90']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5fdd2a21-b05e-49b9-91cc-aab10d90e1eb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.70.125.79", "pattern": "[ipv4-addr:value = '146.70.125.79']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54ef5b84-b2ee-4203-b25f-aba803aad56f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.70.87.67", "pattern": "[ipv4-addr:value = '146.70.87.67']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64264afe-cfcd-4001-837d-72e2ba66d2d0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 150.241.71.231", "pattern": "[ipv4-addr:value = '150.241.71.231']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee567ace-c714-40c0-b085-930b98136693", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 150.241.97.83", "pattern": "[ipv4-addr:value = '150.241.97.83']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e29a65e5-c903-4c48-87ea-1dc2c65d6841", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.193.125.65", "pattern": "[ipv4-addr:value = '185.193.125.65']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8328c65f-4e00-4132-80b1-ecfcec8fe3c1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.195.237.106", "pattern": "[ipv4-addr:value = '185.195.237.106']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a56b0a24-b943-4e63-92dd-6bcbe8c3b01a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.225.69.223", "pattern": "[ipv4-addr:value = '185.225.69.223']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a2536f0-095a-495a-8022-41249f13a580", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.29.104.152", "pattern": "[ipv4-addr:value = '193.29.104.152']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62d586cb-4552-42d7-a794-befd4e94c60f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 27.25.148.183", "pattern": "[ipv4-addr:value = '27.25.148.183']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10ca59ed-5ba1-47c1-846d-c78306c072d8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 37.219.84.22", "pattern": "[ipv4-addr:value = '37.219.84.22']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf9d2914-ba32-4ca2-b8ad-e9a35a45ca36", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.137.222.24", "pattern": "[ipv4-addr:value = '45.137.222.24']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d198186-4874-476d-82d8-4ec0600b4489", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.38.17.43", "pattern": "[ipv4-addr:value = '45.38.17.43']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71b0257d-0b75-4af7-adc4-6cf7f0bd559b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 47.120.74.19", "pattern": "[ipv4-addr:value = '47.120.74.19']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8402da3e-3226-46e5-8d8d-fe0148b8b4d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 5.181.159.149", "pattern": "[ipv4-addr:value = '5.181.159.149']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e5bf1c5-b676-43a3-91f2-cf626b03b500", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 75.170.92.132", "pattern": "[ipv4-addr:value = '75.170.92.132']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6c93ac2-eea6-4b8a-a3d2-caf83aba6304", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 77.221.158.154", "pattern": "[ipv4-addr:value = '77.221.158.154']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a71a2697-78bc-45ce-817b-ba494edd09c1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 82.132.235.212", "pattern": "[ipv4-addr:value = '82.132.235.212']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2cdbb88c-3173-4051-804f-92000cb32ccb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 83.229.126.234", "pattern": "[ipv4-addr:value = '83.229.126.234']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--778e2509-9dee-4b76-bea0-f1413cc5221e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 88.194.29.21", "pattern": "[ipv4-addr:value = '88.194.29.21']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--047b9da7-a2c4-48cd-bab7-4affbb180fcb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 89.44.9.74", "pattern": "[ipv4-addr:value = '89.44.9.74']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b478c589-39db-40bc-b7e3-5cf5d1a01d3f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.193.19.109", "pattern": "[ipv4-addr:value = '91.193.19.109']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b67538cc-2aec-4e63-abf7-e47eddc1dbb2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.237.124.153", "pattern": "[ipv4-addr:value = '91.237.124.153']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bc5c650-c3a1-401a-9d98-099d48a88063", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.237.124.164", "pattern": "[ipv4-addr:value = '91.237.124.164']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa7e610a-4f84-46bb-ab27-3bc6a8aedf59", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 1078C587FE2B246D618AF74D157F941078477579", "pattern": "[file:hashes.'SHA-1' = '1078C587FE2B246D618AF74D157F941078477579']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--523ba745-d2ad-4d8c-bbd2-94464f2015b2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 19b4df629f5b15e5ff742c70d2c7dc4dac29a7ce", "pattern": "[file:hashes.'SHA-1' = '19b4df629f5b15e5ff742c70d2c7dc4dac29a7ce']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--459a31cd-01de-454e-ac57-cba8e1277833", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 1b1dda5e8e26da568559e0577769697c624df30e", "pattern": "[file:hashes.'SHA-1' = '1b1dda5e8e26da568559e0577769697c624df30e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf3feb00-82e1-4a12-862d-6a5c1869aadd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2664593E2F5DCFDA9AAA1A2DF7C4CE7EEB1EDBB6", "pattern": "[file:hashes.'SHA-1' = '2664593E2F5DCFDA9AAA1A2DF7C4CE7EEB1EDBB6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5522b867-04bf-4d2c-9c11-b4c060f54da1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2bd61ce5bdd258c7dcbef53aedb1b018b8e0ae26", "pattern": "[file:hashes.'SHA-1' = '2bd61ce5bdd258c7dcbef53aedb1b018b8e0ae26']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9ba0998-cf27-4056-ab15-059feefcf6d1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 41FE2EFB38E0C7DD10E6009A68BD26687D6DBF4C", "pattern": "[file:hashes.'SHA-1' = '41FE2EFB38E0C7DD10E6009A68BD26687D6DBF4C']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eed4ce89-0ffe-4226-bc0b-301434abb6a0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 60D592765B0F4E08078D42B2F3DE4F5767F88773", "pattern": "[file:hashes.'SHA-1' = '60D592765B0F4E08078D42B2F3DE4F5767F88773']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--35d99c2a-dcf6-4d0c-a07b-fec40524f146", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 65A8D221B9ECED76B9C17A3E1992DF9B085CECD7", "pattern": "[file:hashes.'SHA-1' = '65A8D221B9ECED76B9C17A3E1992DF9B085CECD7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3dc5b20f-b3e7-4611-9da6-ad81f1c96209", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 6EF845938F064DE39F4BF6450119A0CDBB61378C", "pattern": "[file:hashes.'SHA-1' = '6EF845938F064DE39F4BF6450119A0CDBB61378C']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4fcb9b4b-c75b-4cda-a6b1-8f94dc5cab95", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 8E6C07F38EF920B5154FD081BA252B9295E8184D", "pattern": "[file:hashes.'SHA-1' = '8E6C07F38EF920B5154FD081BA252B9295E8184D']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b60387f4-b691-4347-89bc-3aa7c4ee2c37", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 8EBBBC9EB54E216EFFB437A28B9F2C7C9DA3A0FA", "pattern": "[file:hashes.'SHA-1' = '8EBBBC9EB54E216EFFB437A28B9F2C7C9DA3A0FA']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--572a7e5c-5333-4e6d-8b17-0a37c27ddb94", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: A5948E1E45D50A8DB063D7DFA5B6F6E249F61652", "pattern": "[file:hashes.'SHA-1' = 'A5948E1E45D50A8DB063D7DFA5B6F6E249F61652']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ccf34cc7-953c-4452-a3a4-ce7ef845f818", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: aa2cfeeca6c8e7743ad1a5996fe5ccc3d52e901d", "pattern": "[file:hashes.'SHA-1' = 'aa2cfeeca6c8e7743ad1a5996fe5ccc3d52e901d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa2ba34b-ef96-47b0-a901-a0a2095d50f4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: ac389c8b7f3d2fcf4fd73891f881b12b8343665b", "pattern": "[file:hashes.'SHA-1' = 'ac389c8b7f3d2fcf4fd73891f881b12b8343665b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b0548d3-5f6d-42e8-b56a-b73edbe0db40", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: AD3C590D1C0963D62702445E8108DB025EEBEC70", "pattern": "[file:hashes.'SHA-1' = 'AD3C590D1C0963D62702445E8108DB025EEBEC70']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c929ac7-2c68-4df1-a631-318b30c43490", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: B6C340549700470C651031865C2772D3A4C81310", "pattern": "[file:hashes.'SHA-1' = 'B6C340549700470C651031865C2772D3A4C81310']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33bf6627-7c6f-4ee6-839c-83ec50c8e935", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: dce8faf5fcf5998b6802995914caa988ee1ebd92", "pattern": "[file:hashes.'SHA-1' = 'dce8faf5fcf5998b6802995914caa988ee1ebd92']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7b92f1f-a4fe-4e8e-8040-84bf9fed1311", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: EBF794E421BE60C9532091EB432C1977517D1BE5", "pattern": "[file:hashes.'SHA-1' = 'EBF794E421BE60C9532091EB432C1977517D1BE5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a03ac765-23d3-4921-8496-b40c416ba5de", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: EBF794E421BE60C9532091EB432D1977517D1BE5", "pattern": "[file:hashes.'SHA-1' = 'EBF794E421BE60C9532091EB432D1977517D1BE5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f09e8a28-c316-4bb4-b5f4-0920a0a34b79", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: f780151c151b6cec853a278b4e847ef2af3dbc5d", "pattern": "[file:hashes.'SHA-1' = 'f780151c151b6cec853a278b4e847ef2af3dbc5d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff075b9d-08f9-4cc1-8673-5b8c50783b93", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: F81DE9584F0BF3E55C6CF1B465F00B2671DAA230", "pattern": "[file:hashes.'SHA-1' = 'F81DE9584F0BF3E55C6CF1B465F00B2671DAA230']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0b222f2-077b-4fea-9c53-a2937d11f4b2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: F95F26F1C097D4CA38304ECC692DBAC7424A5E8D", "pattern": "[file:hashes.'SHA-1' = 'F95F26F1C097D4CA38304ECC692DBAC7424A5E8D']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--edc6d59a-ad39-4fa4-99d8-8b2007240179", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 150ccd3b24a1b40630e46300100a3f810aa7a6badeb6806b59ed6ba7bafb7b21", "pattern": "[file:hashes.'SHA-256' = '150ccd3b24a1b40630e46300100a3f810aa7a6badeb6806b59ed6ba7bafb7b21']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8eaf736f-55f7-42cf-a2de-d8aecde4d2a3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1df959e4d2f48c4066fddcb5b3fd00b0b25ae44f350f5f35a86571abb2852e39", "pattern": "[file:hashes.'SHA-256' = '1df959e4d2f48c4066fddcb5b3fd00b0b25ae44f350f5f35a86571abb2852e39']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-27920 \u2014 Srimax Output Messenger Directory", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--43481667-f30b-4735-8946-e666ebb1fdc8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 29ae4fa86329bf6d0955020319b618d4c183d433830187b80979d392bf159768", "pattern": "[file:hashes.'SHA-256' = '29ae4fa86329bf6d0955020319b618d4c183d433830187b80979d392bf159768']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c24a9352-1517-4f96-92b0-bb36c7d8f6a6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2b7b65d6f8815dbe18cabaa20c01be655d8475fc429388a4541eff193596ae63", "pattern": "[file:hashes.'SHA-256' = '2b7b65d6f8815dbe18cabaa20c01be655d8475fc429388a4541eff193596ae63']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-27920 \u2014 Srimax Output Messenger Directory", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--771296d7-e4bc-4527-8a77-b4f8aea996c7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 44c4a0d1826369993d1a2c4fcc00a86bf45723342cfd9f3a8b44b673eee6733a", "pattern": "[file:hashes.'SHA-256' = '44c4a0d1826369993d1a2c4fcc00a86bf45723342cfd9f3a8b44b673eee6733a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--42cefde4-e157-4adb-abf5-18ae601f573f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 64764ffe4b1e4fc5b9fe27b513e02f0392f659c4e033d23a4ba7a3b7f20c6d30", "pattern": "[file:hashes.'SHA-256' = '64764ffe4b1e4fc5b9fe27b513e02f0392f659c4e033d23a4ba7a3b7f20c6d30']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c266edf-bd62-44e4-97cb-3ff724f1251f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7a4e0eb5fbab9709c8f42beb322a5dfefbc4ec5f914938a8862f8e26a31d30a5", "pattern": "[file:hashes.'SHA-256' = '7a4e0eb5fbab9709c8f42beb322a5dfefbc4ec5f914938a8862f8e26a31d30a5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af5b5523-1d26-4cfd-976e-1af6275c3727", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b422645db18e95aa0b4daaf5277417b73322bed306f42385ecfd6d49be26bfab", "pattern": "[file:hashes.'SHA-256' = 'b422645db18e95aa0b4daaf5277417b73322bed306f42385ecfd6d49be26bfab']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c1c178c0-12d4-411e-b7a4-f7c2ff33237e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f34db4ea8ec3c2cbe53fde3d73229ccaa2a9e7168cd96d9a49bf89adef5ab47c", "pattern": "[file:hashes.'SHA-256' = 'f34db4ea8ec3c2cbe53fde3d73229ccaa2a9e7168cd96d9a49bf89adef5ab47c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EP", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9ffe457-0c21-4268-a4e9-45d46f497322", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-12987", "pattern": "[vulnerability:name = 'CVE-2024-12987']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aae3d99a-57a8-4974-8b5d-e99af859c1b4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-31324", "pattern": "[vulnerability:name = 'CVE-2025-31324']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0f66035-be5e-4a94-bb51-4abdad830fee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-42999", "pattern": "[vulnerability:name = 'CVE-2025-42999']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11d4c031-07b1-45ed-877a-8a8032d6e765", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: dvrhelper.anondns.net", "pattern": "[domain-name:value = 'dvrhelper.anondns.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be621a1-80b4-4c1b-a32d-856dad501be6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: miraisucks.anondns.net", "pattern": "[domain-name:value = 'miraisucks.anondns.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6df5959-3693-4565-a602-37a1b3cf107c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: rustbot.anondns.net", "pattern": "[domain-name:value = 'rustbot.anondns.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b19c17e-9e14-43e8-85d4-4bfc4688b636", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: techsupport.anondns.net", "pattern": "[domain-name:value = 'techsupport.anondns.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55713202-a929-4ad3-923d-e39130b9f162", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.207.14.236", "pattern": "[ipv4-addr:value = '103.207.14.236']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aea939d0-ecfa-4dae-b5fe-e7db26ffcf83", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 134.122.26.60", "pattern": "[ipv4-addr:value = '134.122.26.60']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0b8081f-ae3a-4639-889e-86181a8ab9cd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 137.184.197.225", "pattern": "[ipv4-addr:value = '137.184.197.225']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39bf9d98-1686-48cd-b062-8ffd7e7b7174", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 142.111.152.19", "pattern": "[ipv4-addr:value = '142.111.152.19']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d7221866-6e8a-42d6-8ff7-170d7468ffb5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 142.111.152.20", "pattern": "[ipv4-addr:value = '142.111.152.20']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4360088a-23c5-4a06-9195-6ca6b297c650", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 143.198.173.194", "pattern": "[ipv4-addr:value = '143.198.173.194']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3440ba43-9a88-4207-9e49-068b52b27eea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 15.204.56.106", "pattern": "[ipv4-addr:value = '15.204.56.106']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--907ecb11-f59e-451f-853a-484928e0e39d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 159.89.93.5", "pattern": "[ipv4-addr:value = '159.89.93.5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73c121b4-ab9b-4b61-ad1c-575d76b79c2a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 167.99.11.36", "pattern": "[ipv4-addr:value = '167.99.11.36']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac7d9077-3597-4c98-a73c-2676a832dc66", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.42.116.200", "pattern": "[ipv4-addr:value = '192.42.116.200']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85a04a6f-c0df-456e-801c-b844fe892970", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 199.101.196.85", "pattern": "[ipv4-addr:value = '199.101.196.85']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc46f96f-ffc9-494a-a4fe-b547ef233598", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 212.30.36.171", "pattern": "[ipv4-addr:value = '212.30.36.171']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--77a797f0-709b-4cd9-8263-10d9effebe14", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 212.30.36.173", "pattern": "[ipv4-addr:value = '212.30.36.173']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--117fd9ab-f1b1-4051-9a05-3d52bdad2367", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 212.30.36.175", "pattern": "[ipv4-addr:value = '212.30.36.175']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d756608f-9bc5-43ec-a3fc-611e7cc2bbde", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 216.73.161.15", "pattern": "[ipv4-addr:value = '216.73.161.15']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef13420e-fe3c-4594-a17c-09e85577e29f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 216.73.161.8", "pattern": "[ipv4-addr:value = '216.73.161.8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0dcb3987-7c33-433d-95e0-4782e15f2182", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 23.95.123.5", "pattern": "[ipv4-addr:value = '23.95.123.5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f162cb5-ae08-4989-ac9a-b13c61a3918e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 43.247.135.53", "pattern": "[ipv4-addr:value = '43.247.135.53']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc13c421-aaf9-4bfe-8246-387358046bba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 5.255.125.150", "pattern": "[ipv4-addr:value = '5.255.125.150']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39f3824b-b8b8-47ee-858f-8f7bffbec587", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 50.114.94.55", "pattern": "[ipv4-addr:value = '50.114.94.55']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06bf63e2-5a9b-443e-9b3e-db3e2eaf0a43", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 50.114.94.56", "pattern": "[ipv4-addr:value = '50.114.94.56']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34d2fb0b-30f2-4095-ba90-99d7238650cf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 50.114.94.57", "pattern": "[ipv4-addr:value = '50.114.94.57']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bbd4156b-bb92-41c0-9fea-88605c7c6870", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 50.114.94.68", "pattern": "[ipv4-addr:value = '50.114.94.68']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--662ac654-188b-4564-998d-904d6b4d761e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 50.114.94.72", "pattern": "[ipv4-addr:value = '50.114.94.72']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8e972315-be68-452e-a946-e7a25544e76a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 63.135.161.220", "pattern": "[ipv4-addr:value = '63.135.161.220']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--77090bd9-0271-4788-968a-3c137d831e6b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 63.135.161.223", "pattern": "[ipv4-addr:value = '63.135.161.223']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33b3885f-e70a-4523-9c98-9d56d783c87a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 63.135.161.224", "pattern": "[ipv4-addr:value = '63.135.161.224']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b77c4ad-4faf-4414-ac59-c04f8c065a5d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 66.63.187.69", "pattern": "[ipv4-addr:value = '66.63.187.69']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--feda813e-120b-41f9-8858-e9c3a4ef760d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 85.239.54.153", "pattern": "[ipv4-addr:value = '85.239.54.153']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df67dc74-5f36-46b1-b224-b0863cb483ac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 89.187.164.96", "pattern": "[ipv4-addr:value = '89.187.164.96']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c05f2587-36b6-459b-836d-e6767cc7876e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.193.19.36", "pattern": "[ipv4-addr:value = '91.193.19.36']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aaf8c96d-b62a-4599-ac27-912624dc0147", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.218.50.174", "pattern": "[ipv4-addr:value = '91.218.50.174']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2064debb-fa5e-432e-8c09-09602d9f7352", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 272b2fc48f6cbbf105cbe961b163de99e761b31d", "pattern": "[file:hashes.'SHA-1' = '272b2fc48f6cbbf105cbe961b163de99e761b31d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8308a22-22fc-4cd8-918b-3fe7a0769ad2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 925f6bc2a3fb5bb15a434f5f42196d49f36459e3", "pattern": "[file:hashes.'SHA-1' = '925f6bc2a3fb5bb15a434f5f42196d49f36459e3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8bee865-ae70-4c46-911b-d294d7c3eef4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 114b460012412411363c9a3ab0246e48a584ce86fc6c0b7855495ec531dd05a1", "pattern": "[file:hashes.'SHA-256' = '114b460012412411363c9a3ab0246e48a584ce86fc6c0b7855495ec531dd05a1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cd31075b-7833-4e71-8b4f-d9439f05510a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 15c9d7a63fa419305d7f2710b63f71cc38178973c0ccf6d437ce8b6feeca4ee1", "pattern": "[file:hashes.'SHA-256' = '15c9d7a63fa419305d7f2710b63f71cc38178973c0ccf6d437ce8b6feeca4ee1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c309777-195a-4f7e-93e8-e48b91ba97ab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1697fd5230f7f09a7b43fee1a1693013ed98beeb7a182cd3f0393d93dd1b7576", "pattern": "[file:hashes.'SHA-256' = '1697fd5230f7f09a7b43fee1a1693013ed98beeb7a182cd3f0393d93dd1b7576']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--044005b6-1a1b-43e3-b812-f44d5fa8d4fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 427399864232c6c099f183704b23bff241c7e0de642e9eec66cc56890e8a6304", "pattern": "[file:hashes.'SHA-256' = '427399864232c6c099f183704b23bff241c7e0de642e9eec66cc56890e8a6304']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cd3f6eb6-cb49-4122-a204-d7e26c97499e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 44a526f20c592fd95b4f7d61974c6f87701e33776b68a5d0b44ccd2fa3f48c5d", "pattern": "[file:hashes.'SHA-256' = '44a526f20c592fd95b4f7d61974c6f87701e33776b68a5d0b44ccd2fa3f48c5d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8e8eab91-8990-40bc-ac6b-9c7a5b3ec320", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4c9e60cc73e87da4cadc51523690d67549de4902e880974bfacf7f1a8dc40d7d", "pattern": "[file:hashes.'SHA-256' = '4c9e60cc73e87da4cadc51523690d67549de4902e880974bfacf7f1a8dc40d7d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--81dd2853-c0ce-4796-aff4-7e4bbbe8c96c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4f0ba25183ecb79a0721037a0ff9452fa8c19448f82943deca01b36555f2cc99", "pattern": "[file:hashes.'SHA-256' = '4f0ba25183ecb79a0721037a0ff9452fa8c19448f82943deca01b36555f2cc99']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8e0fd96-fef7-4792-bf70-cc613f55d7d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5dc90cbb0f69f283ccf52a2a79b3dfe94ee8b3474cf6474cfcbe9f66f245a55d", "pattern": "[file:hashes.'SHA-256' = '5dc90cbb0f69f283ccf52a2a79b3dfe94ee8b3474cf6474cfcbe9f66f245a55d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54760df2-b285-4279-b3ed-d428db5d4187", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9a9b5bdeb1f23736ceffba623c8950d627a791a0b40c4d44ae2f80e02a43955d", "pattern": "[file:hashes.'SHA-256' = '9a9b5bdeb1f23736ceffba623c8950d627a791a0b40c4d44ae2f80e02a43955d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91bf9a5f-7915-4de6-9589-f8723d96dd92", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9e660ce74e1bdb0a75293758200b03efd5f807e7896665addb684e0ffb53afd2", "pattern": "[file:hashes.'SHA-256' = '9e660ce74e1bdb0a75293758200b03efd5f807e7896665addb684e0ffb53afd2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6adcf262-e0d2-4630-a0aa-9c3260ebe94f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9f098920613bd0390d6485936256a67ae310b633124cfbf503936904e69a81bf", "pattern": "[file:hashes.'SHA-256' = '9f098920613bd0390d6485936256a67ae310b633124cfbf503936904e69a81bf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d681fe7-7413-449c-a4f8-e41f22bff0ea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b3e4c4018f2d18ec93a62f59b5f7341321aff70d08812a4839b762ad3ade74ee", "pattern": "[file:hashes.'SHA-256' = 'b3e4c4018f2d18ec93a62f59b5f7341321aff70d08812a4839b762ad3ade74ee']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcf3a9df-99a6-44e5-a672-1210831c68ca", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b68e2d852ad157fc01da34e11aa24a5ab30845b706d7827b8119a3e648ce2cf1", "pattern": "[file:hashes.'SHA-256' = 'b68e2d852ad157fc01da34e11aa24a5ab30845b706d7827b8119a3e648ce2cf1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8a7cde6-95df-4930-b502-580eac676635", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b910e77ee686d7d6769fab8cb8f9b17a4609c4e164bb4ed80d9717d9ddad364f", "pattern": "[file:hashes.'SHA-256' = 'b910e77ee686d7d6769fab8cb8f9b17a4609c4e164bb4ed80d9717d9ddad364f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d3b6521c-79ae-45a8-b520-990e0d62227f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c0abb19b3a72bd2785e8b567e82300423da672a463eefdeda6dd60872ff0e072", "pattern": "[file:hashes.'SHA-256' = 'c0abb19b3a72bd2785e8b567e82300423da672a463eefdeda6dd60872ff0e072']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1927987a-637a-4518-8cde-9a6edbbe4cc0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: dae8dae748be54ba0d5785ab27b1fdf42b7e66c48ab19177d4981bcc032cfb1c", "pattern": "[file:hashes.'SHA-256' = 'dae8dae748be54ba0d5785ab27b1fdf42b7e66c48ab19177d4981bcc032cfb1c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4df88bbe-b237-47ef-a386-7f2d6c75c07c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e547306d6dee4b5b2b6ce3e989b9713a5c21ebe3fefa0f5c1a1ea37cec37e20f", "pattern": "[file:hashes.'SHA-256' = 'e547306d6dee4b5b2b6ce3e989b9713a5c21ebe3fefa0f5c1a1ea37cec37e20f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--661c1354-b6fc-4f8c-9cdf-14f10ede6a1c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ec9e77f1185f644462305184cf8afcf5d12c7eb524a2d3f4090a658a198c20ce", "pattern": "[file:hashes.'SHA-256' = 'ec9e77f1185f644462305184cf8afcf5d12c7eb524a2d3f4090a658a198c20ce']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f4fc742-8bba-4e95-9f41-469feb00f4dc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: efb0153047b08aa1876e1e4e97a082f6cb05af75479e1e9069b77d98473a11f4", "pattern": "[file:hashes.'SHA-256' = 'efb0153047b08aa1876e1e4e97a082f6cb05af75479e1e9069b77d98473a11f4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--669bf4f3-c6ac-45ef-96e7-9b0c201f5c20", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-32756", "pattern": "[vulnerability:name = 'CVE-2025-32756']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5544796d-cb5a-4d8d-8d5c-14dd7cf01d54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 156.236.76.90", "pattern": "[ipv4-addr:value = '156.236.76.90']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f377aefc-5537-49f6-9ba4-4d53df517a25", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 198.105.127.124", "pattern": "[ipv4-addr:value = '198.105.127.124']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6615160e-151d-4022-8ba6-2b10ec93c17c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 218.187.69.244", "pattern": "[ipv4-addr:value = '218.187.69.244']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ac4f88a-8ab0-4181-a7cc-7ba17df9f793", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 218.187.69.59", "pattern": "[ipv4-addr:value = '218.187.69.59']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02f15a75-2e09-467e-8665-b9ba4d190606", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 43.228.217.173", "pattern": "[ipv4-addr:value = '43.228.217.173']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6de5b64-7345-4283-9ec2-e522b8da4222", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 43.228.217.82", "pattern": "[ipv4-addr:value = '43.228.217.82']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e1ac2b6-bb6e-4486-9d7d-f8b0acf2b284", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 2c8834a52faee8d87cff7cd09c4fb946", "pattern": "[file:hashes.MD5 = '2c8834a52faee8d87cff7cd09c4fb946']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--faeb72da-37f7-4245-8ae0-11f18d20d3ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 364929c45703a84347064e2d5de45bcd", "pattern": "[file:hashes.MD5 = '364929c45703a84347064e2d5de45bcd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6592aacd-8c72-478f-b717-d0f74b227abe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 4410352e110f82eabc0bf160bec41d21", "pattern": "[file:hashes.MD5 = '4410352e110f82eabc0bf160bec41d21']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d13fbca2-7dfb-4653-a60a-3325adc94081", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 489821c38f429a21e1ea821f8460e590", "pattern": "[file:hashes.MD5 = '489821c38f429a21e1ea821f8460e590']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--89fd8321-1cd1-4e13-b784-c9c5f10eb38c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: ebce43017d2cb316ea45e08374de7315", "pattern": "[file:hashes.MD5 = 'ebce43017d2cb316ea45e08374de7315']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c366b99-d2df-4bba-b473-933d61c2f9fa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-30397", "pattern": "[vulnerability:name = 'CVE-2025-30397']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-30397 \u2014 Microsoft Windows Scripting Engin", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4992de68-2050-4451-9a53-6a8b43cad1d8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-30400", "pattern": "[vulnerability:name = 'CVE-2025-30400']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-30400 \u2014 Microsoft Windows DWM Core Librar", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9e83d8e-2938-48ea-88d9-f84638a53331", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-32706", "pattern": "[vulnerability:name = 'CVE-2025-32706']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32706 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4f0d5836-1e04-437b-9d66-1642210a97a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-32709", "pattern": "[vulnerability:name = 'CVE-2025-32709']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-32709 \u2014 Microsoft Windows Ancillary Funct", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2bbdac78-f53c-4236-aea3-b54226238915", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-47729", "pattern": "[vulnerability:name = 'CVE-2025-47729']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-47729 \u2014 TeleMessage TM SGNL Hidden Functi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fbd22683-56cf-4046-8412-f1dfd3ecada4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-11120", "pattern": "[vulnerability:name = 'CVE-2024-11120']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de11796d-2eaa-4095-bd6d-6457853f3190", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-6047", "pattern": "[vulnerability:name = 'CVE-2024-6047']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9b19feb2-4a64-44cf-ac8d-601ad0aafc57", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: connect.antiwifi.dev", "pattern": "[domain-name:value = 'connect.antiwifi.dev']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f5eb8888-9217-474f-a528-cc15bd295a12", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 176.65.144.232", "pattern": "[ipv4-addr:value = '176.65.144.232']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72b5e4af-2f79-4c7f-b3ef-dcf346fde403", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 176.65.144.253", "pattern": "[ipv4-addr:value = '176.65.144.253']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3b49044-947f-4f0d-ba10-f9414be31fa5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 198.23.212.246", "pattern": "[ipv4-addr:value = '198.23.212.246']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d866dbb9-c5e6-4b09-8413-a8d29fd01307", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 209.141.44.28", "pattern": "[ipv4-addr:value = '209.141.44.28']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a615915e-5b47-48dc-b7b1-a26f854c769f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 51.38.137.114", "pattern": "[ipv4-addr:value = '51.38.137.114']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79c1597a-fa5d-492e-8eec-a40b81816d3c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 11c0447f524d0fcb3be2cd0fbd23eb2cc2045f374b70c9c029708a9f2f4a4114", "pattern": "[file:hashes.'SHA-256' = '11c0447f524d0fcb3be2cd0fbd23eb2cc2045f374b70c9c029708a9f2f4a4114']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3aafe003-8da0-4247-ab93-97686e753b31", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f05247a2322e212513ee08b2e8513f4c764bde7b30831736dfc927097baf6714", "pattern": "[file:hashes.'SHA-256' = 'f05247a2322e212513ee08b2e8513f4c764bde7b30831736dfc927097baf6714']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c305dae1-5bac-40cc-a13c-64f81f268a94", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-27363", "pattern": "[vulnerability:name = 'CVE-2025-27363']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-27363 \u2014 FreeType Out-of-Bounds Write Vuln", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a7e6fcee-1d64-466c-b79f-39e16b14fcfb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-3248", "pattern": "[vulnerability:name = 'CVE-2025-3248']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9cf5ca19-5ab2-4294-b57e-3b1d81ace72a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 80.66.75.121", "pattern": "[ipv4-addr:value = '80.66.75.121']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b67d33b8-db4e-44c6-b7e5-3493b5e8b312", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 002f3b2c632e0be6cbc3fdf8afcd0432ffe36604ba1ba84923cadaa147418187", "pattern": "[file:hashes.'SHA-256' = '002f3b2c632e0be6cbc3fdf8afcd0432ffe36604ba1ba84923cadaa147418187']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e817f6e4-c77b-4ce2-bc06-e9a75f58953f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 03d2c37f4dfc6410c7c669f44750120b456e18c939b6110c15e08c7223167afd", "pattern": "[file:hashes.'SHA-256' = '03d2c37f4dfc6410c7c669f44750120b456e18c939b6110c15e08c7223167afd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b8759e8-67d8-47c2-83b9-66c7e71c581c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 08cf20e54c634f21d8708573eef7fde4dbd5d3cd270d2cb8790e3fe1f42eccec", "pattern": "[file:hashes.'SHA-256' = '08cf20e54c634f21d8708573eef7fde4dbd5d3cd270d2cb8790e3fe1f42eccec']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6616ddf0-08f4-4aca-9fa5-56289838a186", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 31d0aa4214717ae4f52621af6d693c4f0e733cc65e971d207203a8c4bef7bf17", "pattern": "[file:hashes.'SHA-256' = '31d0aa4214717ae4f52621af6d693c4f0e733cc65e971d207203a8c4bef7bf17']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05a21a44-6760-4e93-96a6-81d7418bac4e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6dd0464dd0ecde4bb5a769c802d11ab4b36bbe0dd4f0f44144121762737a6be0", "pattern": "[file:hashes.'SHA-256' = '6dd0464dd0ecde4bb5a769c802d11ab4b36bbe0dd4f0f44144121762737a6be0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f35ab4f-21d6-4804-98ee-79f4f5c33c42", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9850eb26d8cbef3358da4df154e054759a062116c2aa82de9a69a8589f0dce49", "pattern": "[file:hashes.'SHA-256' = '9850eb26d8cbef3358da4df154e054759a062116c2aa82de9a69a8589f0dce49']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07d2b566-4bff-451c-a90d-b08a2d854f6e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 99b59e53010d58f47d332b683eb8a40df0e0eacef86390bca249a708e47d9bad", "pattern": "[file:hashes.'SHA-256' = '99b59e53010d58f47d332b683eb8a40df0e0eacef86390bca249a708e47d9bad']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b79ffb3-272e-471d-a21b-c30141955bd3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9f48ec760c350ee44ec7f08cc20f23f2166647052ee20b1192f94c31c3e9a392", "pattern": "[file:hashes.'SHA-256' = '9f48ec760c350ee44ec7f08cc20f23f2166647052ee20b1192f94c31c3e9a392']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8db568c0-b33d-42a2-8051-2224a5b90336", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a42f8428aa75c180c2f89fbb8b1e44307c2390ed0ebf5af10015131b5494f9e1", "pattern": "[file:hashes.'SHA-256' = 'a42f8428aa75c180c2f89fbb8b1e44307c2390ed0ebf5af10015131b5494f9e1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--24f0f0d9-747d-4114-9899-c24127cd5a55", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a6cf8124e9b4558aacc7ddfa24b440454b904b937929be203ed088b1040d1b36", "pattern": "[file:hashes.'SHA-256' = 'a6cf8124e9b4558aacc7ddfa24b440454b904b937929be203ed088b1040d1b36']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--26d67025-4cf3-4999-9231-743538bb78b6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ab0f9774ca88994091db0ae328d98f45034f653bd34e4f5e85679a972d3a039c", "pattern": "[file:hashes.'SHA-256' = 'ab0f9774ca88994091db0ae328d98f45034f653bd34e4f5e85679a972d3a039c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--183f0ccc-48b0-4680-b057-eef4be964cf6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: abb0c4ad31f013df5037593574be3207a4c1e066a96e58ce243aaf2ef0fc0e4d", "pattern": "[file:hashes.'SHA-256' = 'abb0c4ad31f013df5037593574be3207a4c1e066a96e58ce243aaf2ef0fc0e4d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f001bbe-f5d9-4790-a0c8-5604bd808715", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c2bcdd6e3cc82c4c4db6aaf8018b8484407a3e3fce8f60828d2087b2568ecca4", "pattern": "[file:hashes.'SHA-256' = 'c2bcdd6e3cc82c4c4db6aaf8018b8484407a3e3fce8f60828d2087b2568ecca4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80786307-33db-49eb-9740-0a34dc1d478d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c462a09db1a74dc3d8ed199edca97de87b6ed25c2273c4a3afe811ed0c1c8b1d", "pattern": "[file:hashes.'SHA-256' = 'c462a09db1a74dc3d8ed199edca97de87b6ed25c2273c4a3afe811ed0c1c8b1d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--162d58b3-b52d-4f17-a3f2-40f69eb5d9ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ccb02dce1bca9c3869e1e1d1774764e82206026378d1250aed324f1b7f9b1f11", "pattern": "[file:hashes.'SHA-256' = 'ccb02dce1bca9c3869e1e1d1774764e82206026378d1250aed324f1b7f9b1f11']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e404e10-6743-413b-a850-9df2082b3064", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: df9e9006a566a4fe30eaa48459ec236d90fd628f7587da9e4a6a76d14f0e9c98", "pattern": "[file:hashes.'SHA-256' = 'df9e9006a566a4fe30eaa48459ec236d90fd628f7587da9e4a6a76d14f0e9c98']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4aabef68-9ee6-41b9-a4f0-9331ab169530", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ec52f75268b2f04b84a85e08d56581316bd5ccfeb977e002eb43270fe713f307", "pattern": "[file:hashes.'SHA-256' = 'ec52f75268b2f04b84a85e08d56581316bd5ccfeb977e002eb43270fe713f307']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--846e2284-0b6a-4dc1-ae50-50e9a55f4634", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ee84591092a971c965b4e88cc5d6e8c2f07773b3bee1486f3a52483ee72a2b3b", "pattern": "[file:hashes.'SHA-256' = 'ee84591092a971c965b4e88cc5d6e8c2f07773b3bee1486f3a52483ee72a2b3b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25342e9f-c239-46b0-bf8d-bffea54556f6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f73b554e6aa7095cfc79cdb687204d99533aeda73309106ba6cc9428ff57bd1e", "pattern": "[file:hashes.'SHA-256' = 'f73b554e6aa7095cfc79cdb687204d99533aeda73309106ba6cc9428ff57bd1e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ebb0daad-ef8d-4ba1-919a-8bf1c202d7a4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-4990", "pattern": "[vulnerability:name = 'CVE-2024-4990']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-58136 \u2014 Yiiframework Yii Improper Protect", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac401f91-3579-45fe-847d-a986055653a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-34028", "pattern": "[vulnerability:name = 'CVE-2025-34028']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-34028 \u2014 Commvault Command Center Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44ca2013-faf4-4c17-bf38-d610a4cf8f3a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-44221", "pattern": "[vulnerability:name = 'CVE-2023-44221']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38475 \u2014 Apache HTTP Server Improper Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-44221 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c378754-5848-42a9-b674-7fd8ad32f804", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38475", "pattern": "[vulnerability:name = 'CVE-2024-38475']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38475 \u2014 Apache HTTP Server Improper Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-44221 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6758fdc-da3b-4fc7-87cf-428e3735e4c7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-40766", "pattern": "[vulnerability:name = 'CVE-2024-40766']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-44221 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13782d76-c179-40f1-a469-70fd2f2d773f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: aaa.ki6zmfw3ps8q14rfbfczfq5qkhq8e12q.oastify.com", "pattern": "[domain-name:value = 'aaa.ki6zmfw3ps8q14rfbfczfq5qkhq8e12q.oastify.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ea8b503-2c8c-4ea9-8321-843787a553b1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: d-69b.pages.dev", "pattern": "[domain-name:value = 'd-69b.pages.dev']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--233ef6c9-f7d1-43c3-9415-25193144da17", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: data.hs285.top", "pattern": "[domain-name:value = 'data.hs285.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1786593-0ac8-4a8f-8e4d-1712e817400a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ocr-freespace.oss-cn-beijing.aliyuncs.com", "pattern": "[domain-name:value = 'ocr-freespace.oss-cn-beijing.aliyuncs.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0754bac2-5eec-4083-902e-e8500c0942ba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: overseas-recognized-athens-oakland.trycloudflare.com", "pattern": "[domain-name:value = 'overseas-recognized-athens-oakland.trycloudflare.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8891625-e01e-4ecf-8513-653ce0c95045", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sentinelones.com", "pattern": "[domain-name:value = 'sentinelones.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13cc1e45-6892-4b4c-bf06-98ea8c072815", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 101.99.91.107", "pattern": "[ipv4-addr:value = '101.99.91.107']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b1b27b14-0786-448b-9c51-2e17afe20f1d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.207.14.195", "pattern": "[ipv4-addr:value = '103.207.14.195']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--19676c29-582d-44d4-a91c-6a8f8ba79a28", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.30.76.206", "pattern": "[ipv4-addr:value = '103.30.76.206']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac0e25c0-0c41-4b49-b6c9-3a36415c2ba6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 107.173.135.116", "pattern": "[ipv4-addr:value = '107.173.135.116']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9cd47dd-d0b3-4b25-9bfb-fb9764dc2b95", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 107.175.77.118", "pattern": "[ipv4-addr:value = '107.175.77.118']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--42c2ff47-a310-4422-adff-7897fff811ec", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 108.171.195.163", "pattern": "[ipv4-addr:value = '108.171.195.163']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--46485c33-f7e4-432c-8178-f1e3a1450b8f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 13.232.191.219", "pattern": "[ipv4-addr:value = '13.232.191.219']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2861f96-5da4-4c69-8e6d-0d52361451c3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 138.197.40.133", "pattern": "[ipv4-addr:value = '138.197.40.133']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db04a958-b2ac-48bf-be71-4091f09a2023", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 138.68.61.82", "pattern": "[ipv4-addr:value = '138.68.61.82']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04cb646a-0731-46bf-bf88-1e76683acaa1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 15.188.246.198", "pattern": "[ipv4-addr:value = '15.188.246.198']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--21dc55f8-e861-4442-b18a-86cabcedc3bc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 158.247.224.100", "pattern": "[ipv4-addr:value = '158.247.224.100']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--399cb492-c9ca-422e-a629-0ec23d05ab43", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 159.65.34.242", "pattern": "[ipv4-addr:value = '159.65.34.242']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6c32f4d-75d8-4eaa-a339-df8641072970", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 188.166.87.88", "pattern": "[ipv4-addr:value = '188.166.87.88']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9de9c101-7d90-4376-8656-257db752c793", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.243.115.175", "pattern": "[ipv4-addr:value = '192.243.115.175']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1472a7b-cfb1-4f2d-884e-3c366bc09897", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.3.153.18", "pattern": "[ipv4-addr:value = '192.3.153.18']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f750997-3c91-4a40-beab-0d13aba898aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 205.169.39.55", "pattern": "[ipv4-addr:value = '205.169.39.55']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c13e739b-bb25-430e-be15-fd3b6e23e6d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 206.188.197.52", "pattern": "[ipv4-addr:value = '206.188.197.52']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f732d7f1-3824-483d-a18a-aa8aca25637a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 223.184.254.150", "pattern": "[ipv4-addr:value = '223.184.254.150']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc3dd57c-f2fb-4689-a892-4be39b87c6b5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 3.125.102.39", "pattern": "[ipv4-addr:value = '3.125.102.39']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0528adb-1d25-4166-b759-3059b51bcf5f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 31.192.107.157", "pattern": "[ipv4-addr:value = '31.192.107.157']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2d7a8f3-2d34-416f-95b3-4c8b054cda05", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.155.222.14", "pattern": "[ipv4-addr:value = '45.155.222.14']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54664a43-c445-4f42-a3a4-55af7aee98f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.76.93.60", "pattern": "[ipv4-addr:value = '45.76.93.60']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c6a55ea-81ca-4287-9aeb-c28f6f4a802b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 47.97.42.177", "pattern": "[ipv4-addr:value = '47.97.42.177']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545d31b4-dace-4a48-b861-caa898f61b31", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 51.79.66.183", "pattern": "[ipv4-addr:value = '51.79.66.183']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d62b44b-238e-46b7-aa87-e72cc3694e7b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 65.49.235.210", "pattern": "[ipv4-addr:value = '65.49.235.210']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d01464d-9184-4556-a3f5-443b1e9ee663", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 85.106.113.168", "pattern": "[ipv4-addr:value = '85.106.113.168']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1364ec6-6226-4b9e-8e0f-06b1ef882bae", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 00920e109f16fe61092e70fca68a5219ade6d42b427e895202f628b467a3d22e", "pattern": "[file:hashes.'SHA-256' = '00920e109f16fe61092e70fca68a5219ade6d42b427e895202f628b467a3d22e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76ae4e51-25a4-4b8b-95c7-0d3e64198a08", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0c2c8280701706e0772cb9be83502096e94ad4d9c21d576db0bc627e1e84b579", "pattern": "[file:hashes.'SHA-256' = '0c2c8280701706e0772cb9be83502096e94ad4d9c21d576db0bc627e1e84b579']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb3c658c-cf1d-4226-ad3d-4a908bc1bbd3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1abf922a8228fd439a72cfddf1ed08ea09b59eaa4ae5eeba1d322d5f3e3c97e8", "pattern": "[file:hashes.'SHA-256' = '1abf922a8228fd439a72cfddf1ed08ea09b59eaa4ae5eeba1d322d5f3e3c97e8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--315eec1b-77d7-4103-a3d3-95132b71d5a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2dcbb4138f836bb5d7bc7d8101d3004848c541df6af997246d4b2a252f29d51a", "pattern": "[file:hashes.'SHA-256' = '2dcbb4138f836bb5d7bc7d8101d3004848c541df6af997246d4b2a252f29d51a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d12d3ee8-ad4d-4a7f-aad3-a806b6425ae7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2e6f348f8296f4e062c397d2f3708ca6fdeab2c71edfd130b2ca4c935e53c0d3", "pattern": "[file:hashes.'SHA-256' = '2e6f348f8296f4e062c397d2f3708ca6fdeab2c71edfd130b2ca4c935e53c0d3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--40baa3c6-dcc4-4047-a35f-7962ce6ac4f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3f14dc65cc9e35989857dc1ec4bb1179ab05457f2238e917b698edb4c57ae7ce", "pattern": "[file:hashes.'SHA-256' = '3f14dc65cc9e35989857dc1ec4bb1179ab05457f2238e917b698edb4c57ae7ce']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c3e5f36-dc86-4db3-aefd-362a9d4eff99", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3f5fd4b23126cb21d1007b479954af619a16b0963a51f45cc32a8611e8e845b5", "pattern": "[file:hashes.'SHA-256' = '3f5fd4b23126cb21d1007b479954af619a16b0963a51f45cc32a8611e8e845b5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a04ed378-231d-4da3-9c33-f4d54fc77c3a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 427877aadd89f427e1815007998d9bb88309c548951a92a6e4064df001e327c2", "pattern": "[file:hashes.'SHA-256' = '427877aadd89f427e1815007998d9bb88309c548951a92a6e4064df001e327c2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e3671863-9bc6-41b4-8684-180d37894390", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 47ff0ae9220a09bfad2a2fb1e2fa2c8ffe5e9cb0466646e2a940ac2e0cf55d04", "pattern": "[file:hashes.'SHA-256' = '47ff0ae9220a09bfad2a2fb1e2fa2c8ffe5e9cb0466646e2a940ac2e0cf55d04']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7284782-636f-49e0-90df-fa8d09c3b1b3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4b17beee8c2d94cf8e40efc100651d70d046f5c14a027cf97d845dc839e423f9", "pattern": "[file:hashes.'SHA-256' = '4b17beee8c2d94cf8e40efc100651d70d046f5c14a027cf97d845dc839e423f9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd69d888-4f56-4f46-9c58-8ce7eb9e677d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5919f2eab8a826d7ba84e6c413626f5d11ed412d7df0d3ab864f31d3a8db3763", "pattern": "[file:hashes.'SHA-256' = '5919f2eab8a826d7ba84e6c413626f5d11ed412d7df0d3ab864f31d3a8db3763']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--31c23d9f-7933-46e5-b089-4c0a71cc56c3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 598b38f44564565e0e76aa604f915ad88a20a8d5b5827151e681c8866b7ea8b0", "pattern": "[file:hashes.'SHA-256' = '598b38f44564565e0e76aa604f915ad88a20a8d5b5827151e681c8866b7ea8b0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec80d087-0010-441a-a4fe-7a5a868a1d59", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5a8ddc779dcf124fe5692d15be44346fb6d742322acb0eb3c6b4e90f581c5f9e", "pattern": "[file:hashes.'SHA-256' = '5a8ddc779dcf124fe5692d15be44346fb6d742322acb0eb3c6b4e90f581c5f9e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9b86b32-208f-4ffa-8a93-185dd3e9ea94", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5e24b41a0bd076ec2b4e49e66daac94396c6180d00a45bcd7f4342a385fa1eed", "pattern": "[file:hashes.'SHA-256' = '5e24b41a0bd076ec2b4e49e66daac94396c6180d00a45bcd7f4342a385fa1eed']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d007b62-5df0-41c5-8390-77dbedbed923", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5f3d1f17033d85b85f3bd5ae55cb720e53b31f1679d52986c8d635fd1ce0c08a", "pattern": "[file:hashes.'SHA-256' = '5f3d1f17033d85b85f3bd5ae55cb720e53b31f1679d52986c8d635fd1ce0c08a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7fa1e548-d0e5-430a-a894-0847bd74fe33", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 63aa0c6890ec5c16b872fb6d070556447cd707dfba185d32a2c10c008dbdbcdd", "pattern": "[file:hashes.'SHA-256' = '63aa0c6890ec5c16b872fb6d070556447cd707dfba185d32a2c10c008dbdbcdd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd9dd67f-a119-4f8a-880f-3d6772859a67", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 69bb809b3fee09ed3ec9138f7566cc867bd6f1e8949b5e3daff21d451c533d75", "pattern": "[file:hashes.'SHA-256' = '69bb809b3fee09ed3ec9138f7566cc867bd6f1e8949b5e3daff21d451c533d75']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97413c4e-2dc1-4bcb-80b6-4d6908732a90", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6c6c984727dc53af110ed08ec8b15092facb924c8ad62e86ec76b52a00a41a40", "pattern": "[file:hashes.'SHA-256' = '6c6c984727dc53af110ed08ec8b15092facb924c8ad62e86ec76b52a00a41a40']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3b3a3b4e-c5ce-42ba-b5c8-5b96ee2a12de", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 888e953538ff668104f838120bc4d801c41adb07027db16281402a62f6ec29ef", "pattern": "[file:hashes.'SHA-256' = '888e953538ff668104f838120bc4d801c41adb07027db16281402a62f6ec29ef']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b19c3fd-2a17-4a26-8454-bcf958b60b7c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 91f66ba1ad49d3062afdcc80e54da0807207d80a1b539edcdbd6e1bf99e7a2ca", "pattern": "[file:hashes.'SHA-256' = '91f66ba1ad49d3062afdcc80e54da0807207d80a1b539edcdbd6e1bf99e7a2ca']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--84501950-f699-4a05-98dd-0d0cca01150f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9fb57a4c6576a98003de6bf441e4306f72c83f783630286758f5b468abaa105d", "pattern": "[file:hashes.'SHA-256' = '9fb57a4c6576a98003de6bf441e4306f72c83f783630286758f5b468abaa105d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ba2c59e-b2ae-4232-8d35-33395d76b3ab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a114b52c146bd11558cc7c48c3ee679ca5ca55cf2c9cc33616956a6e6229f110", "pattern": "[file:hashes.'SHA-256' = 'a114b52c146bd11558cc7c48c3ee679ca5ca55cf2c9cc33616956a6e6229f110']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af6cbbd8-690e-4a77-bd98-4e337de5ef43", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b8e56de3792dbd0f4239b54cfaad7ece3bd42affa4fbbdd7668492de548b5df8", "pattern": "[file:hashes.'SHA-256' = 'b8e56de3792dbd0f4239b54cfaad7ece3bd42affa4fbbdd7668492de548b5df8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eaa8e1d6-2140-418f-b07a-3ce7d33f70ec", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b9533ce8e428f16f3d0e1946f19a6f756ff11a532d0b7e61ae402837f46c678e", "pattern": "[file:hashes.'SHA-256' = 'b9533ce8e428f16f3d0e1946f19a6f756ff11a532d0b7e61ae402837f46c678e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ee0019e-e3fc-4f18-b95b-fa1e9531980a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b9ef95ca541d3e05a6285411005f5fee15495251041f78e715234b09d019b92c", "pattern": "[file:hashes.'SHA-256' = 'b9ef95ca541d3e05a6285411005f5fee15495251041f78e715234b09d019b92c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--624ce7e3-fe64-41d5-9fca-cc6db54f352c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c71da1dfea145798f881afd73b597336d87f18f8fd8f9a7f524c6749a5c664e4", "pattern": "[file:hashes.'SHA-256' = 'c71da1dfea145798f881afd73b597336d87f18f8fd8f9a7f524c6749a5c664e4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545f03a8-87c7-4131-9fe3-d59ca4b7d0a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c7b9ae61046eed01651a72afe7a31de088056f1c1430b368b1acda0b58299e28", "pattern": "[file:hashes.'SHA-256' = 'c7b9ae61046eed01651a72afe7a31de088056f1c1430b368b1acda0b58299e28']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7171394e-21ae-42ea-87f1-183ebc20b4ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: df492597eb412c94155a7f437f593aed89cfec2f1f149eb65174c6201be69049", "pattern": "[file:hashes.'SHA-256' = 'df492597eb412c94155a7f437f593aed89cfec2f1f149eb65174c6201be69049']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3dab322-697a-4fc2-b58a-512613d8a534", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f92d0cf4d577c68aa615797d1704f40b14810d98b48834b241dd5c9963e113ec", "pattern": "[file:hashes.'SHA-256' = 'f92d0cf4d577c68aa615797d1704f40b14810d98b48834b241dd5c9963e113ec']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File U", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b94a91f9-1461-4875-aa38-806d4f559d54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-1976", "pattern": "[vulnerability:name = 'CVE-2025-1976']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-1976 \u2014 Broadcom Brocade Fabric OS Code In", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bac21630-458a-4509-bf07-64da4bd3091f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-3928", "pattern": "[vulnerability:name = 'CVE-2025-3928']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13280653-6c38-49f4-b380-77c416a6e588", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-42599", "pattern": "[vulnerability:name = 'CVE-2025-42599']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-42599 \u2014 Qualitia Active! Mail Stack-Based", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--74101d19-372d-412b-958e-7d29f7c06433", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 108.6.189.53", "pattern": "[ipv4-addr:value = '108.6.189.53']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a36654d5-81af-41d8-b4f0-2519c100dbee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 108.69.148.100", "pattern": "[ipv4-addr:value = '108.69.148.100']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2482c51-ed87-4e86-8fd4-84bd627652eb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 128.92.80.210", "pattern": "[ipv4-addr:value = '128.92.80.210']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1efd919e-fe00-4710-bff2-a2d7d2bfab4f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 159.242.42.20", "pattern": "[ipv4-addr:value = '159.242.42.20']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83c44fab-8b55-4e78-b1df-060f0b803e0a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 184.153.42.129", "pattern": "[ipv4-addr:value = '184.153.42.129']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3c60698-b9ae-45d9-bc78-29ffa83c3ea4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-43451", "pattern": "[vulnerability:name = 'CVE-2024-43451']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-43451 \u2014 Microsoft Windows NTLMv2 Hash Dis", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ddac9d3-898f-4fab-bfa5-ff905e51a267", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24054", "pattern": "[vulnerability:name = 'CVE-2025-24054']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0c77f3e0-faec-404a-9fd4-167ea8e7a555", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-31200", "pattern": "[vulnerability:name = 'CVE-2025-31200']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31201 \u2014 Apple Multiple Products Arbitrary", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-31200 \u2014 Apple Multiple Products Memory Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10de102b-c138-4045-a051-13e3cddea16b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-31201", "pattern": "[vulnerability:name = 'CVE-2025-31201']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31201 \u2014 Apple Multiple Products Arbitrary", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-31200 \u2014 Apple Multiple Products Memory Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0a3e422-7efb-4a0c-91ee-a1e8094e72a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 159.196.128.120", "pattern": "[ipv4-addr:value = '159.196.128.120']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--24b54154-353d-4bc1-8d5c-8f1581f34222", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.127.179.157", "pattern": "[ipv4-addr:value = '194.127.179.157']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a51804a-ffda-4852-be2b-4523a9eda39c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 054784f1a398a35e0c5242cbfa164df0c277da73", "pattern": "[file:hashes.'SHA-1' = '054784f1a398a35e0c5242cbfa164df0c277da73']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--36eb5dbb-d4c0-457c-94ef-ce96f30cd407", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 5e42c6d12f6b51364b6bfb170f4306c5ce608b4f", "pattern": "[file:hashes.'SHA-1' = '5e42c6d12f6b51364b6bfb170f4306c5ce608b4f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8b62c4aa-0217-45b5-8e3d-18d4bf155d78", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 76e93c97ffdb5adb509c966bca22e12c4508dcaa", "pattern": "[file:hashes.'SHA-1' = '76e93c97ffdb5adb509c966bca22e12c4508dcaa']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6791c009-605d-4b56-864e-5cf5619ffd5b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 7a43c177a582c777e258246f0ba818f9e73a69ab", "pattern": "[file:hashes.'SHA-1' = '7a43c177a582c777e258246f0ba818f9e73a69ab']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f196b71c-f831-4229-a1e5-c833b5737403", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 7dd0131dd4660be562bc869675772e58a1e3ac8e", "pattern": "[file:hashes.'SHA-1' = '7dd0131dd4660be562bc869675772e58a1e3ac8e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1e38d6d-ff77-4ecb-85a4-9e4139804e40", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 84132ae00239e15b50c1a20126000eed29388100", "pattern": "[file:hashes.'SHA-1' = '84132ae00239e15b50c1a20126000eed29388100']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da2cce08-0dc0-4077-9cf3-8dfd3b8e6028", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 9ca72d969d7c5494a30e996324c6c0fcb72ae1ae", "pattern": "[file:hashes.'SHA-1' = '9ca72d969d7c5494a30e996324c6c0fcb72ae1ae']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Discl", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--730f4bcb-b17d-4b7e-bfd2-a5cc62783286", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-20035", "pattern": "[vulnerability:name = 'CVE-2021-20035']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d71d9315-1e16-41d8-9515-bf718f727768", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-20038", "pattern": "[vulnerability:name = 'CVE-2021-20038']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--185ac587-768b-4a3a-95a6-c990563bb3ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-20039", "pattern": "[vulnerability:name = 'CVE-2021-20039']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce260ac8-f51b-4183-97f8-98cfbc7882e7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-32819", "pattern": "[vulnerability:name = 'CVE-2025-32819']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d5c95a8-8dc8-4053-8a57-180a980ed5ae", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.149.176.230", "pattern": "[ipv4-addr:value = '193.149.176.230']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--558ca494-4530-4cd4-a3a0-1ea4eb7e9782", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.149.180.50", "pattern": "[ipv4-addr:value = '193.149.180.50']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c44bfa91-ab5f-4b64-9cd0-2e6d3cc842e0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 64.52.80.80", "pattern": "[ipv4-addr:value = '64.52.80.80']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9d6ee6a-1b4b-4e2b-a393-386d5a120b9f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 6de26d211966262e59359d0e2a67d473", "pattern": "[file:hashes.MD5 = '6de26d211966262e59359d0e2a67d473']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e93357a1-fd9b-44f1-b648-15a96c33a11f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: b28d57269fe4cd90d1650bde5e905611", "pattern": "[file:hashes.MD5 = 'b28d57269fe4cd90d1650bde5e905611']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa42356d-04cb-40b8-a96b-9a77717fa811", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: d5a070acac1debaf0889d0d48c10e149", "pattern": "[file:hashes.MD5 = 'd5a070acac1debaf0889d0d48c10e149']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de55fad5-0a21-4c66-97b1-4b5e9a7961f8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: f0e0db06ca665907770e2202957d3ecc", "pattern": "[file:hashes.MD5 = 'f0e0db06ca665907770e2202957d3ecc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96fd0298-c7fc-49e6-b143-8e1f8ac00f66", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-50302", "pattern": "[vulnerability:name = 'CVE-2024-50302']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-53150 \u2014 Linux Kernel Out-of-Bounds Read V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50302 \u2014 Linux Kernel Use of Uninitialized", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-53104 \u2014 Linux Kernel Out-of-Bounds Write ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c71655ac-d2f2-4872-b376-52c9a39f101d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-53104", "pattern": "[vulnerability:name = 'CVE-2024-53104']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-53150 \u2014 Linux Kernel Out-of-Bounds Read V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-53104 \u2014 Linux Kernel Out-of-Bounds Write ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b1ea43b-7a84-412e-a2d9-e4c0c5fee784", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-53150", "pattern": "[vulnerability:name = 'CVE-2024-53150']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-53150 \u2014 Linux Kernel Out-of-Bounds Read V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d09efbe-f80d-4299-bdf7-7e97c4b9a03d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-53197", "pattern": "[vulnerability:name = 'CVE-2024-53197']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-53150 \u2014 Linux Kernel Out-of-Bounds Read V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-53104 \u2014 Linux Kernel Out-of-Bounds Write ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b29ab777-6135-4156-81c7-649462b537ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-29824", "pattern": "[vulnerability:name = 'CVE-2025-29824']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1452e335-ab29-483f-9f6b-5c6cdec62321", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion", "pattern": "[domain-name:value = 'jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d57b8bf8-f94c-46a7-8d35-22c02563e546", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: rtb.mftadsrvr.com", "pattern": "[domain-name:value = 'rtb.mftadsrvr.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90430ba1-51e0-4cba-80b6-b9d0caa85822", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: uyhi3ypdkfeymyf5v35pbk3pz7st3zamsbjzf47jiqbcm3zmikpwf3qd.onion", "pattern": "[domain-name:value = 'uyhi3ypdkfeymyf5v35pbk3pz7st3zamsbjzf47jiqbcm3zmikpwf3qd.onion']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39ac2729-99cf-4bd6-a9dc-ebf564ea5bf9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.21.16.1", "pattern": "[ipv4-addr:value = '104.21.16.1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1137a39-f57d-46b8-abe9-a171f222b30f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.21.48.1", "pattern": "[ipv4-addr:value = '104.21.48.1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6aa493ec-15c8-4152-be65-f47242a7ddea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 165.227.7.206", "pattern": "[ipv4-addr:value = '165.227.7.206']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1dc8a38c-dce5-471c-8c1d-bb7d7c136759", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 2.58.56.16", "pattern": "[ipv4-addr:value = '2.58.56.16']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56453180-da0d-49f7-86ea-e9f304ce3e07", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.84.107.76", "pattern": "[ipv4-addr:value = '45.84.107.76']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e79aae3e-ff13-40e5-b2aa-7b036d4fda29", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 293b455b5b7e1c2063a8781f3c169cf8ef2b1d06e6b7a086b7b44f37f55729bd", "pattern": "[file:hashes.'SHA-256' = '293b455b5b7e1c2063a8781f3c169cf8ef2b1d06e6b7a086b7b44f37f55729bd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1dcf8de1-512f-482f-ba32-6ee8db3acc4e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 30981d4082b58704d12a376c3cbb12fecb8a36c2bce64666315e26aef21e75c2", "pattern": "[file:hashes.'SHA-256' = '30981d4082b58704d12a376c3cbb12fecb8a36c2bce64666315e26aef21e75c2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5ad29f1-19ce-44ac-a8cd-4f0deabf79e7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 430d1364d0d0a60facd9b73e674faddf63a8f77649cd10ba855df7e49189980b", "pattern": "[file:hashes.'SHA-256' = '430d1364d0d0a60facd9b73e674faddf63a8f77649cd10ba855df7e49189980b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7d1f5a-9923-4b49-8b6c-5cb09a06629c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 48b006cb17e75ecdb707dc40dd654f449b94abe49f97a808b35cabca1c5fabbf", "pattern": "[file:hashes.'SHA-256' = '48b006cb17e75ecdb707dc40dd654f449b94abe49f97a808b35cabca1c5fabbf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cbe89985-f78f-4913-a39f-5af4c86d75d7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6030c4381b8b5d5c5734341292316723a89f1bdbd2d10bb67c4d06b1242afd05", "pattern": "[file:hashes.'SHA-256' = '6030c4381b8b5d5c5734341292316723a89f1bdbd2d10bb67c4d06b1242afd05']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2925153d-3d69-4800-a008-cc1f5eaae50e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6d7374b4f977f689389c7155192b5db70ee44a7645625ecf8163c00da8828388", "pattern": "[file:hashes.'SHA-256' = '6d7374b4f977f689389c7155192b5db70ee44a7645625ecf8163c00da8828388']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--146bd9d2-6183-485f-b2c8-51f8cfa37703", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 858efe4f9037e5efebadaaa70aa8ad096f7244c4c4aeade72c51ddad23d05bfe", "pattern": "[file:hashes.'SHA-256' = '858efe4f9037e5efebadaaa70aa8ad096f7244c4c4aeade72c51ddad23d05bfe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b777a8a-dfd5-404e-bef1-d189793c6e97", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9c21adbcb2888daf14ef55c4fa1f41eaa6cbfbe20d85c3e1da61a96a53ba18f9", "pattern": "[file:hashes.'SHA-256' = '9c21adbcb2888daf14ef55c4fa1f41eaa6cbfbe20d85c3e1da61a96a53ba18f9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6447fdd4-a76e-454c-97c4-b73e969241ba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: af260c172baffd0e8b2671fd0c84e607ac9b2c8beb57df43cf5df6e103cbb7ad", "pattern": "[file:hashes.'SHA-256' = 'af260c172baffd0e8b2671fd0c84e607ac9b2c8beb57df43cf5df6e103cbb7ad']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9f0d40ed-f14b-4be4-82c2-d921724e9369", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b2cba01ae6707ce694073018d948f82340b9c41fb2b2bc49769f9a0be37071e1", "pattern": "[file:hashes.'SHA-256' = 'b2cba01ae6707ce694073018d948f82340b9c41fb2b2bc49769f9a0be37071e1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--099f537b-6406-4691-ab87-dc5dab698ec6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b3ee068bf282575ac7eb715dd779254889e0b8a55aba2b7a1700fc8aa4dcb1da", "pattern": "[file:hashes.'SHA-256' = 'b3ee068bf282575ac7eb715dd779254889e0b8a55aba2b7a1700fc8aa4dcb1da']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d5ac926a-5e4d-42bb-b9f7-2da7be56ae79", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-4040", "pattern": "[vulnerability:name = 'CVE-2024-4040']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6c100f7-9450-4488-bbe4-7a59a1b8d193", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-2825", "pattern": "[vulnerability:name = 'CVE-2025-2825']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8825a039-8863-4fcc-a667-0a431558bc8e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-31161", "pattern": "[vulnerability:name = 'CVE-2025-31161']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4385588-51a2-4573-81fb-97233cc7168c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 143.244.47.67", "pattern": "[ipv4-addr:value = '143.244.47.67']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bbd433c2-efe6-459d-9cab-9059049c6d38", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.70.166.201", "pattern": "[ipv4-addr:value = '146.70.166.201']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9264cdd4-152d-425b-944c-c40cf43c0f6f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 172.235.144.67", "pattern": "[ipv4-addr:value = '172.235.144.67']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb064e67-ed40-48b5-a3ea-335663afdc07", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0b8e76eb315bc522af3cec74749a85e8f55cfed720976892d6610cfc89d84f69", "pattern": "[file:hashes.'SHA-256' = '0b8e76eb315bc522af3cec74749a85e8f55cfed720976892d6610cfc89d84f69']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c923558-86fa-4d7a-bf7d-e2ee150103e6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 85a1bfebf2a5973ebecd6e5a58c8fab18edfead2c1680ec1e9cce902924c347e", "pattern": "[file:hashes.'SHA-256' = '85a1bfebf2a5973ebecd6e5a58c8fab18edfead2c1680ec1e9cce902924c347e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--46334415-93ca-4fe5-aab8-89d664be4522", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9036c92c3ca73cb6ec2da25035322554319288fd2f6db906413011873ad7e281", "pattern": "[file:hashes.'SHA-256' = '9036c92c3ca73cb6ec2da25035322554319288fd2f6db906413011873ad7e281']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04fe80c1-187b-4e7b-b37e-2e2052ad750f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: be6cb5f80b33b9e97622d278a86a99e67b78ccab0b3e554b8430ae5969bcfc0e", "pattern": "[file:hashes.'SHA-256' = 'be6cb5f80b33b9e97622d278a86a99e67b78ccab0b3e554b8430ae5969bcfc0e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--69c4ba12-c748-4be0-95fd-ca448831ebc8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ee6d24410a8cf31d672d2a47466b76ad287c7ba016d3711490f0f607b1dc0be3", "pattern": "[file:hashes.'SHA-256' = 'ee6d24410a8cf31d672d2a47466b76ad287c7ba016d3711490f0f607b1dc0be3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6977771d-52f3-422a-9895-042fec81a99d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f7c8be827f3bd98b30c5a8d23c1af77f3d0324a9ebcd90104134fc1971751ff7", "pattern": "[file:hashes.'SHA-256' = 'f7c8be827f3bd98b30c5a8d23c1af77f3d0324a9ebcd90104134fc1971751ff7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7aa08e1-c745-4746-a36a-df1866d0fc17", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-22457", "pattern": "[vulnerability:name = 'CVE-2025-22457']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--875fd923-94c6-4748-8565-c8f844d8e35c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 10659b392e7f5b30b375b94cae4fdca0", "pattern": "[file:hashes.MD5 = '10659b392e7f5b30b375b94cae4fdca0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ada261fe-2ca0-4374-ad84-f5ad048c69f0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 4628a501088c31f53b5c9ddf6788e835", "pattern": "[file:hashes.MD5 = '4628a501088c31f53b5c9ddf6788e835']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a34403d9-7bcb-493d-8dab-cc6ece52da0e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 6e01ef1367ea81994578526b3bd331d6", "pattern": "[file:hashes.MD5 = '6e01ef1367ea81994578526b3bd331d6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87308342-b246-4124-9885-a9b7268e695f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: ce2b6a554ae46b5eb7d79ca5e7f440da", "pattern": "[file:hashes.MD5 = 'ce2b6a554ae46b5eb7d79ca5e7f440da']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fdd5f6ad-a1bb-4ffc-8044-9068f4252df6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: e5192258c27e712c7acf80303e68980b", "pattern": "[file:hashes.MD5 = 'e5192258c27e712c7acf80303e68980b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e9c5f99-9b94-46e2-8a06-eeec673b9622", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24813", "pattern": "[vulnerability:name = 'CVE-2025-24813']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7230964-6056-4a8f-a10d-3d87e4e838b3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 140.143.182.115", "pattern": "[ipv4-addr:value = '140.143.182.115']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e3e5818-fc65-4d99-bc0b-df3893e5a8a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 176.65.138.172", "pattern": "[ipv4-addr:value = '176.65.138.172']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d7f1f62-155c-461c-b4f2-99b8b82073dc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 188.213.161.98", "pattern": "[ipv4-addr:value = '188.213.161.98']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb3f03d2-553c-48ab-b51b-88fff9c141fe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 196.240.54.120", "pattern": "[ipv4-addr:value = '196.240.54.120']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc2007d3-edee-4685-bb60-1131f4fe6b64", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 203.160.68.24", "pattern": "[ipv4-addr:value = '203.160.68.24']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c962d6ca-bb93-41e9-a2b4-0b3b0214e067", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.126.114.186", "pattern": "[ipv4-addr:value = '38.126.114.186']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73351abe-6a4f-4b12-8c96-5402705ac1f8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-0305", "pattern": "[vulnerability:name = 'CVE-2024-0305']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20439 \u2014 Cisco Smart Licensing Utility Sta", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--24300467-b79e-445b-bff7-a55e8f9b644d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-20439", "pattern": "[vulnerability:name = 'CVE-2024-20439']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20439 \u2014 Cisco Smart Licensing Utility Sta", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25f3a474-2bb5-4e75-948a-74e29bf7d726", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-20440", "pattern": "[vulnerability:name = 'CVE-2024-20440']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20439 \u2014 Cisco Smart Licensing Utility Sta", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--085f8658-5be4-4d7a-b302-382c36546aa5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-6473", "pattern": "[vulnerability:name = 'CVE-2024-6473']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6d135cf-e5bd-42c5-bbd1-30625f4e8bdc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-2783", "pattern": "[vulnerability:name = 'CVE-2025-2783']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37ab8ad2-4397-4977-9551-4c7b9fb95cbc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-2857", "pattern": "[vulnerability:name = 'CVE-2025-2857']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef28a619-d321-427a-862f-a98907327754", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bus-pod-tenant.global.ssl.fastly.net", "pattern": "[domain-name:value = 'bus-pod-tenant.global.ssl.fastly.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--907e4684-7f82-4d44-aa30-0aa3736c8adf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: e-library.wiki", "pattern": "[domain-name:value = 'e-library.wiki']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b884b92-2d8d-4880-bde3-153e42aeac3a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: perf-service-clients2.global.ssl.fastly.net", "pattern": "[domain-name:value = 'perf-service-clients2.global.ssl.fastly.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--74f220cc-5b7a-439e-8e7e-cc30b3d9d962", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: status-portal-api.global.ssl.fastly.net", "pattern": "[domain-name:value = 'status-portal-api.global.ssl.fastly.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b891921a-be6f-4e56-8452-6cd2e2b63f03", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 33bb0678af6011481845d7ce9643cedc", "pattern": "[file:hashes.MD5 = '33bb0678af6011481845d7ce9643cedc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f975645-3dcd-43d0-9feb-4797401c5d20", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 35869e8760928407d2789c7f115b7f83", "pattern": "[file:hashes.MD5 = '35869e8760928407d2789c7f115b7f83']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8a2db4f-3b71-4025-8f70-1afb7c7426ad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 7d3a30dbf4fd3edaf4dde35ccb5cf926", "pattern": "[file:hashes.MD5 = '7d3a30dbf4fd3edaf4dde35ccb5cf926']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e904b21c-1535-4365-b9c4-d5a032e47a4c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 3650c1ac97bd5674e1e3bfa9b26008644edacfed", "pattern": "[file:hashes.'SHA-1' = '3650c1ac97bd5674e1e3bfa9b26008644edacfed']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--091d2299-6a02-431d-aee2-4bee3ce6cd86", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 8390e2ebdd0db5d1a950b2c9984a5f429805d48c", "pattern": "[file:hashes.'SHA-1' = '8390e2ebdd0db5d1a950b2c9984a5f429805d48c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97370464-a0eb-4f39-a1c3-00ac521c3fac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: c25275228c6da54cf578fa72c9f49697e5309694", "pattern": "[file:hashes.'SHA-1' = 'c25275228c6da54cf578fa72c9f49697e5309694']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed5fd3ad-6dc3-4e5b-8551-d8f0ce7d8d47", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 07d272b607f082305ce7b1987bfa17dc967ab45c8cd89699bcdced34ea94e126", "pattern": "[file:hashes.'SHA-256' = '07d272b607f082305ce7b1987bfa17dc967ab45c8cd89699bcdced34ea94e126']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--01e95281-f496-49df-8894-309c42c9ea50", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2e39800df1cafbebfa22b437744d80f1b38111b471fa3eb42f2214a5ac7e1f13", "pattern": "[file:hashes.'SHA-256' = '2e39800df1cafbebfa22b437744d80f1b38111b471fa3eb42f2214a5ac7e1f13']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5298df6f-f023-4565-b3de-62c03f1e66c7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 388a8af43039f5f16a0673a6e342fa6ae2402e63ba7569d20d9ba4894dc0ba59", "pattern": "[file:hashes.'SHA-256' = '388a8af43039f5f16a0673a6e342fa6ae2402e63ba7569d20d9ba4894dc0ba59']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escap", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bcf5e0cf-4bf7-49f0-979e-7aed1f34d93f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-9874", "pattern": "[vulnerability:name = 'CVE-2019-9874']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2019-9875 \u2014 Sitecore CMS and Experience Platfo", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d487bf1-5b1d-4571-b05f-7d75c9109a6b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-9875", "pattern": "[vulnerability:name = 'CVE-2019-9875']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2019-9875 \u2014 Sitecore CMS and Experience Platfo", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dedb51b1-7c76-48a3-845e-a7ec7542c22a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 3c6d5c14e71ff37a0a341c6fdc3e71cefbc85ba0", "pattern": "[file:hashes.'SHA-1' = '3c6d5c14e71ff37a0a341c6fdc3e71cefbc85ba0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-30154 \u2014 reviewdog/action-setup GitHub Act", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32984b3c-c5cf-4f06-a4ca-5aaa791075a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2017-12637", "pattern": "[vulnerability:name = 'CVE-2017-12637']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2017-12637 \u2014 SAP NetWeaver Directory Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0586572-136d-40ac-a945-a8915a60dff8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-48248", "pattern": "[vulnerability:name = 'CVE-2024-48248']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-48248 \u2014 NAKIVO Backup and Replication Abs", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--197dedbe-d592-4b86-87d5-b91cb5455ca6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-1316", "pattern": "[vulnerability:name = 'CVE-2025-1316']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-1316 \u2014 Edimax IC-7100 IP Camera OS Comman", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6532cf40-4c00-4635-b671-366d76aed246", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24472", "pattern": "[vulnerability:name = 'CVE-2025-24472']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f23755a-e756-4a32-80bb-11bf38d376bf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 109.248.160.118", "pattern": "[ipv4-addr:value = '109.248.160.118']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5207f9a8-4e25-4901-8067-8a063f5486c0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 149.22.94.37", "pattern": "[ipv4-addr:value = '149.22.94.37']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--853c42b4-2ac3-4046-83dd-4987d0986264", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 155.133.4.175", "pattern": "[ipv4-addr:value = '155.133.4.175']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ff49210-d683-47e9-a1ae-d6a4043f2a25", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 158.255.215.126", "pattern": "[ipv4-addr:value = '158.255.215.126']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dab72264-e7af-45fa-bcb0-582b5d9969cc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 170.130.55.164", "pattern": "[ipv4-addr:value = '170.130.55.164']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb35a985-97d4-4af1-86fc-d861334d477b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 176.53.147.5", "pattern": "[ipv4-addr:value = '176.53.147.5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--758684ed-831a-4cb1-97d3-494945f7e487", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.147.124.10", "pattern": "[ipv4-addr:value = '185.147.124.10']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7318ebf1-1921-469f-b4d7-876cfd791a3c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.147.124.31", "pattern": "[ipv4-addr:value = '185.147.124.31']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8a5c27fb-5d19-4cc8-b387-96d0b971586f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.147.124.34", "pattern": "[ipv4-addr:value = '185.147.124.34']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--93ffad63-d5c5-4486-b53a-735c3e2b247b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.147.124.55", "pattern": "[ipv4-addr:value = '185.147.124.55']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7c6fe42-16e9-4588-85b1-3cf448653f31", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.224.0.201", "pattern": "[ipv4-addr:value = '185.224.0.201']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eacdf9e9-a0d0-4273-894e-449a3f16e085", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.95.159.43", "pattern": "[ipv4-addr:value = '185.95.159.43']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6befd088-f870-448c-8858-fb4bf8d09ced", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.248.155.218", "pattern": "[ipv4-addr:value = '192.248.155.218']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b89eb94-975b-4ddb-a813-568c59ea7160", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.143.1.65", "pattern": "[ipv4-addr:value = '193.143.1.65']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--355d26c9-4d53-4149-b55a-0756d9f98667", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 213.176.64.114", "pattern": "[ipv4-addr:value = '213.176.64.114']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6872a145-e86a-4f32-9f38-e148c1090788", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 217.144.189.35", "pattern": "[ipv4-addr:value = '217.144.189.35']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3cf62d75-e0cb-4eca-b686-2267cdd1d7da", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.15.17.67", "pattern": "[ipv4-addr:value = '45.15.17.67']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cfc0dcd3-11fe-4936-b08d-589cd6945889", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.55.158.47", "pattern": "[ipv4-addr:value = '45.55.158.47']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c831845d-1cfd-4d00-8d98-0d0f60b6dcf5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 5.181.171.133", "pattern": "[ipv4-addr:value = '5.181.171.133']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aea5a81c-24c1-487f-900b-3ee2952328ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 57.69.19.70", "pattern": "[ipv4-addr:value = '57.69.19.70']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--26af7454-df4a-441d-96a6-530cbf7a680b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 80.64.30.237", "pattern": "[ipv4-addr:value = '80.64.30.237']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--750497f3-5151-4d8b-88a8-4664be50e227", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 80.66.88.90", "pattern": "[ipv4-addr:value = '80.66.88.90']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2a5d7fa-df78-4e1c-b68e-f54a70618e43", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 87.249.138.47", "pattern": "[ipv4-addr:value = '87.249.138.47']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ffc2b21-96e8-4e7f-991b-8018bb8ae32b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 89.248.192.55", "pattern": "[ipv4-addr:value = '89.248.192.55']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--998426a2-b5ed-4189-bfd6-a922b6d31d63", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 94.154.35.208", "pattern": "[ipv4-addr:value = '94.154.35.208']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc6502e0-e889-4e44-9acf-b5734c90887e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 94.156.177.187", "pattern": "[ipv4-addr:value = '94.156.177.187']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--12f6819f-deb6-45af-93fa-a518aa99e66f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 94.156.227.208", "pattern": "[ipv4-addr:value = '94.156.227.208']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1bfd146-614f-46cb-b8a3-b9ef442633fc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 95.179.234.4", "pattern": "[ipv4-addr:value = '95.179.234.4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f01fff89-c5be-445a-b805-074ef531e69b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 95.217.78.122", "pattern": "[ipv4-addr:value = '95.217.78.122']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--12a95020-90b7-4b22-84a3-1029fef37708", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 96.31.67.39", "pattern": "[ipv4-addr:value = '96.31.67.39']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0eee7a2c-89e9-4eab-afe6-62c04d121a82", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 782c3c463809cd818dadad736f076c36cdea01d8c4efed094d78661ba0a57045", "pattern": "[file:hashes.'SHA-256' = '782c3c463809cd818dadad736f076c36cdea01d8c4efed094d78661ba0a57045']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fafe93b1-4134-4e0d-b72c-e99d3c7a9988", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 813ad8caa4dcbd814c1ee9ea28040d74338e79e76beae92bedc8a47b402dedc2", "pattern": "[file:hashes.'SHA-256' = '813ad8caa4dcbd814c1ee9ea28040d74338e79e76beae92bedc8a47b402dedc2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f816627-d2bc-49dc-bd89-f0cf74159a06", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2", "pattern": "[file:hashes.'SHA-256' = '917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1233d38c-3309-4abe-b9d4-5ce7892d3013", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c994b132b2a264b8cf1d47b2f432fe6bda631b994ec7dcddf5650113f4a5a404", "pattern": "[file:hashes.'SHA-256' = 'c994b132b2a264b8cf1d47b2f432fe6bda631b994ec7dcddf5650113f4a5a404']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3b6c6829-5579-4bab-9fc8-068d3fb169dc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d9938ac4346d03a07f8ce8b57436e75ba5e936372b9bfd0386f18f6d56902c88", "pattern": "[file:hashes.'SHA-256' = 'd9938ac4346d03a07f8ce8b57436e75ba5e936372b9bfd0386f18f6d56902c88']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94c3a3b4-b8f2-4e37-bc05-ecf7704480a0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f383bca7e763b9a76e64489f1e2e54c44e1fd24094e9f3a28d4b45b5ec88b513", "pattern": "[file:hashes.'SHA-256' = 'f383bca7e763b9a76e64489f1e2e54c44e1fd24094e9f3a28d4b45b5ec88b513']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e8e1b8d-ac3d-4ab0-9eb8-cbf2f1a27fa1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-21590", "pattern": "[vulnerability:name = 'CVE-2025-21590']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5d5b392-a3a9-487b-ac35-df76a093688e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24201", "pattern": "[vulnerability:name = 'CVE-2025-24201']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24201 \u2014 Apple Multiple Products WebKit Ou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e61b71c-b80d-4c3e-b13a-f3b51069d34f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 101.100.182.122", "pattern": "[ipv4-addr:value = '101.100.182.122']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--19eaa920-5eae-4e6f-908d-c2bf3d6f0432", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 116.88.34.184", "pattern": "[ipv4-addr:value = '116.88.34.184']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f114ba8a-5039-4301-9123-97e6dedddf52", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 118.189.188.122", "pattern": "[ipv4-addr:value = '118.189.188.122']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1499696d-a6e0-4f79-989b-d0eb5ed1c9ea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 129.126.109.50", "pattern": "[ipv4-addr:value = '129.126.109.50']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--439aff8a-eda1-42e3-b6c2-b2825284b710", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 158.140.135.244", "pattern": "[ipv4-addr:value = '158.140.135.244']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7f60b46-3d10-4e49-b4b4-deaffdc02223", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 223.25.78.136", "pattern": "[ipv4-addr:value = '223.25.78.136']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--74e81794-1985-4c83-8765-dbcf647b561d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.77.39.28", "pattern": "[ipv4-addr:value = '45.77.39.28']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a0344855-421f-4ffb-9d95-d350ff7ea2e4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 8.222.225.8", "pattern": "[ipv4-addr:value = '8.222.225.8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0971d146-f9cc-44f6-bcda-69b6c5bd552f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 2c89a18944d3a895bd6432415546635e", "pattern": "[file:hashes.MD5 = '2c89a18944d3a895bd6432415546635e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--66ff5da1-cccb-4542-865f-aa4ae20ab881", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 3243e04afe18cc5e1230d49011e19899", "pattern": "[file:hashes.MD5 = '3243e04afe18cc5e1230d49011e19899']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7be1e8e4-6f6e-49d0-ab74-66535280062a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 5724d76f832ce8061f74b0e9f1dcad90", "pattern": "[file:hashes.MD5 = '5724d76f832ce8061f74b0e9f1dcad90']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f9ae542-c607-4810-89f9-57a26b1affe4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 8023d01ffb7a38b582f0d598afb974ee", "pattern": "[file:hashes.MD5 = '8023d01ffb7a38b582f0d598afb974ee']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17cebb82-aab7-47e6-9a27-13b207979347", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: aac5d83d296df81c9259c9a533a8423a", "pattern": "[file:hashes.MD5 = 'aac5d83d296df81c9259c9a533a8423a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96dcae4a-3f57-4353-a72e-2be8d66f7c90", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: b9e4784fa0e6283ce6e2094426a02fce", "pattern": "[file:hashes.MD5 = 'b9e4784fa0e6283ce6e2094426a02fce']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28b7a36f-6747-4539-88ca-e98f3c480bb7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: bf80c96089d37b8571b5de7cab14dd9f", "pattern": "[file:hashes.MD5 = 'bf80c96089d37b8571b5de7cab14dd9f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d215cf4d-b690-46eb-8233-781d29a1e15b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: e7622d983d22e749b3658600df00296d", "pattern": "[file:hashes.MD5 = 'e7622d983d22e749b3658600df00296d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f36dcfa-3c63-4e7a-a425-eb6cf25e9135", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 01735bb47a933ae9ec470e6be737d8f646a8ec66", "pattern": "[file:hashes.'SHA-1' = '01735bb47a933ae9ec470e6be737d8f646a8ec66']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bac76368-bed8-46d0-a4d1-1f5250637d92", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 06a1f879da398c00522649171526dc968f769093", "pattern": "[file:hashes.'SHA-1' = '06a1f879da398c00522649171526dc968f769093']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37b9ae6b-5e0e-4ad9-a464-cd8f9bb857b2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 1a6d07da7e77a5706dd8af899ebe4daa74bbbe91", "pattern": "[file:hashes.'SHA-1' = '1a6d07da7e77a5706dd8af899ebe4daa74bbbe91']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e08175b-dc9d-4940-98d7-b725a15e71ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2e9215a203e908483d04dfc0328651d79d35b54f", "pattern": "[file:hashes.'SHA-1' = '2e9215a203e908483d04dfc0328651d79d35b54f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4afecfe2-d205-4bcd-afa5-b2525e4e13c7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 50520639cf77df0c15cc95076fac901e3d04b708", "pattern": "[file:hashes.'SHA-1' = '50520639cf77df0c15cc95076fac901e3d04b708']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--21e00c17-1892-454f-b556-9d499e300a14", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: cec327e51b79cf11b3eeffebf1be8ac0d66e9529", "pattern": "[file:hashes.'SHA-1' = 'cec327e51b79cf11b3eeffebf1be8ac0d66e9529']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b398c57-6809-4cdf-acad-6b59d0612bd0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: cf7af504ef0796d91207e41815187a793d430d85", "pattern": "[file:hashes.'SHA-1' = 'cf7af504ef0796d91207e41815187a793d430d85']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--27269b19-efa0-482e-9506-c5c82132ea83", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: f8697b400059d4d5082eee2d269735aa8ea2df9a", "pattern": "[file:hashes.'SHA-1' = 'f8697b400059d4d5082eee2d269735aa8ea2df9a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8e5576c1-261f-4926-a145-092214ff935c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3751997cfcb038e6b658e9180bc7cce28a3c25dbb892b661bcd1065723f11f7e", "pattern": "[file:hashes.'SHA-256' = '3751997cfcb038e6b658e9180bc7cce28a3c25dbb892b661bcd1065723f11f7e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4646c19-2454-4ef0-bac1-c9b5dce8bd16", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5995aaff5a047565c0d7fe3c80fa354c40e7e8c3e7d4df292316c8472d4ac67a", "pattern": "[file:hashes.'SHA-256' = '5995aaff5a047565c0d7fe3c80fa354c40e7e8c3e7d4df292316c8472d4ac67a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23f780d8-cc4d-4116-a1e8-769f88442eae", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5bef7608d66112315eefff354dae42f49178b7498f994a728ae6203a8a59f5a2", "pattern": "[file:hashes.'SHA-256' = '5bef7608d66112315eefff354dae42f49178b7498f994a728ae6203a8a59f5a2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f9a8012-1120-4aa0-88ad-de7635bef8c3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 905b18d5df58bd6c16930e318d9574a2ad793ec993ad2f68bca813574e3d854b", "pattern": "[file:hashes.'SHA-256' = '905b18d5df58bd6c16930e318d9574a2ad793ec993ad2f68bca813574e3d854b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b759cd51-783a-48b4-8dd8-8f659f35752e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 98380ec6bf4e03d3ff490cdc6c48c37714450930e4adf82e6e14d244d8373888", "pattern": "[file:hashes.'SHA-256' = '98380ec6bf4e03d3ff490cdc6c48c37714450930e4adf82e6e14d244d8373888']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1c886f1-99b2-4822-bdff-f280cca9d068", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c0ec15e08b4fb3730c5695fb7b4a6b85f7fe341282ad469e4e141c40ead310c3", "pattern": "[file:hashes.'SHA-256' = 'c0ec15e08b4fb3730c5695fb7b4a6b85f7fe341282ad469e4e141c40ead310c3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8a24b91b-088c-482b-8fe5-f3638d2c4021", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e1de05a2832437ab70d36c4c05b43c4a57f856289224bbd41182deea978400ed", "pattern": "[file:hashes.'SHA-256' = 'e1de05a2832437ab70d36c4c05b43c4a57f856289224bbd41182deea978400ed']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d7b100aa-4a6a-45a5-92be-471b0efdb538", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-22869", "pattern": "[vulnerability:name = 'CVE-2025-22869']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Snyk Helps Secure the Golang Bento Project", "url": "https://snyk.io/blog/snyk-helps-secure-the-golang-bento-project/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85c5669c-0cbe-4b7d-b136-eb1d8b712805", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24983", "pattern": "[vulnerability:name = 'CVE-2025-24983']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24983 \u2014 Microsoft Windows Win32k Use-Afte", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da445074-5a13-4c41-a380-f3e0cc839bbd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24984", "pattern": "[vulnerability:name = 'CVE-2025-24984']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24991 \u2014 Microsoft Windows NTFS Out-Of-Bou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--93b3afe9-5fca-4a64-bd4e-09e5085f63bd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24985", "pattern": "[vulnerability:name = 'CVE-2025-24985']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24985 \u2014 Microsoft Windows Fast FAT File S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--38168cd6-4850-43c3-ade3-b25efcfb0048", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24993", "pattern": "[vulnerability:name = 'CVE-2025-24993']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24993 \u2014 Microsoft Windows NTFS Heap-Based", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9b140025-98bc-49da-8962-bc2a2aa55afc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-26633", "pattern": "[vulnerability:name = 'CVE-2025-26633']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-26633 \u2014 Microsoft Windows Management Cons", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--346bc804-1161-44fe-b2a7-3b8bc4f81c48", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: belaysolutions.link", "pattern": "[domain-name:value = 'belaysolutions.link']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-26633 \u2014 Microsoft Windows Management Cons", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--93c9a344-5261-448a-9934-a3c976a3d963", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.246.147.17", "pattern": "[ipv4-addr:value = '103.246.147.17']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-26633 \u2014 Microsoft Windows Management Cons", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d9eab05-850a-456b-9c89-49f70c57b783", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 82.115.223.182", "pattern": "[ipv4-addr:value = '82.115.223.182']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-26633 \u2014 Microsoft Windows Management Cons", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--60c711a8-bc14-46a1-91b1-c9d7197f3b70", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bad43a1c8ba1dacf3daf82bc30a0673f9bc2675ea6cdedd34624ffc933b959f4", "pattern": "[file:hashes.'SHA-256' = 'bad43a1c8ba1dacf3daf82bc30a0673f9bc2675ea6cdedd34624ffc933b959f4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-26633 \u2014 Microsoft Windows Management Cons", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd16e5be-ba07-45f4-899d-1b14c072e1ae", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2017-9248", "pattern": "[vulnerability:name = 'CVE-2017-9248']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--671714b7-cafc-49d7-b117-98f6f46b30cd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-18935", "pattern": "[vulnerability:name = 'CVE-2019-18935']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2728cfe-3ead-4c16-a945-6b8ce2474e92", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-13161", "pattern": "[vulnerability:name = 'CVE-2024-13161']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-13161 \u2014 Ivanti Endpoint Manager (EPM) Abs", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07cc5e27-82ea-4c1a-9beb-154c9d88e950", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-57968", "pattern": "[vulnerability:name = 'CVE-2024-57968']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91257948-5153-483f-bf23-60c7a45b0281", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-25181", "pattern": "[vulnerability:name = 'CVE-2025-25181']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--183b42a0-0945-463f-b76f-5dc696da1e75", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: hivnd.com", "pattern": "[domain-name:value = 'hivnd.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b02b1873-15db-4b8e-969e-5aaae8a03361", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: object.fm", "pattern": "[domain-name:value = 'object.fm']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4816d68a-a719-46f9-9be4-9f090b30d775", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: paycashs.com", "pattern": "[domain-name:value = 'paycashs.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4967e5da-5f45-4a51-8d42-ce7868fcf908", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sexadult.com", "pattern": "[domain-name:value = 'sexadult.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a373f198-3047-4f49-9faa-be23e289e516", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: xegroups.com", "pattern": "[domain-name:value = 'xegroups.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25b1c9ab-1c91-4498-9952-b4c2e4fc2cda", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: xework.com", "pattern": "[domain-name:value = 'xework.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--641a6c9d-e438-4fd6-bde9-49209ee6c410", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 123.20.29.193", "pattern": "[ipv4-addr:value = '123.20.29.193']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f44957f7-e24a-46b1-b608-54f41e284422", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 171.227.250.249", "pattern": "[ipv4-addr:value = '171.227.250.249']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--414b4866-7f29-4746-a752-1e0584dda2d1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 222.253.102.94", "pattern": "[ipv4-addr:value = '222.253.102.94']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--659f411a-7c70-46ad-9a27-a377e6dea345", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 339a79457a8cf3504312d394be3ece98", "pattern": "[file:hashes.MD5 = '339a79457a8cf3504312d394be3ece98']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71224254-d95f-43bc-8ed7-a2247bd35f1b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 457d7e3a708d1b5c6a8d449e52064985", "pattern": "[file:hashes.MD5 = '457d7e3a708d1b5c6a8d449e52064985']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3085a5f6-b707-44bd-8ddb-b7d0d480be4f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 7a9b5c3bb7dab0857ee2c2d71758eca3", "pattern": "[file:hashes.MD5 = '7a9b5c3bb7dab0857ee2c2d71758eca3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1324cb58-807c-40ab-8961-f768bddabe4d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 7abb73b7844f2308d9c62954e6e8b7fc", "pattern": "[file:hashes.MD5 = '7abb73b7844f2308d9c62954e6e8b7fc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb2bba6d-176c-42d9-961b-f508087c97a7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 7b5b7d96006fec70c2091e90fbf02b99", "pattern": "[file:hashes.MD5 = '7b5b7d96006fec70c2091e90fbf02b99']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb183d64-09a1-44b5-bbe1-f576af2327a0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 032dd95a1299f37aaa76318945e030eb7da94da9", "pattern": "[file:hashes.'SHA-1' = '032dd95a1299f37aaa76318945e030eb7da94da9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d5b10899-a94f-4e33-8c31-3402c2f5d51c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 16db01fe25b0c09e18d13f38c88a4ead5d10e323", "pattern": "[file:hashes.'SHA-1' = '16db01fe25b0c09e18d13f38c88a4ead5d10e323']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--afcb67ae-d751-49dc-bf73-a98da3859efa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 84e7f4ff1f93a4297c2e2c4e54f14edb18396b60", "pattern": "[file:hashes.'SHA-1' = '84e7f4ff1f93a4297c2e2c4e54f14edb18396b60']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6736b44-267a-4ec1-9e03-46eda46518cc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 9e928a26aa3c0e6eb8e709fc55ea12dcf7e02ff9", "pattern": "[file:hashes.'SHA-1' = '9e928a26aa3c0e6eb8e709fc55ea12dcf7e02ff9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f37a7a9b-2d6b-4de8-84c2-060cc1707ab0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: ede5ddb97b98d80440553b23dfc19fdb4adc7499", "pattern": "[file:hashes.'SHA-1' = 'ede5ddb97b98d80440553b23dfc19fdb4adc7499']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6da00e08-625c-407b-a300-f7740c581cdc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 013ccea1d7fc2aa2d660e900f87a3192f5cb73768710ef2eb9016f81df8e5c70", "pattern": "[file:hashes.'SHA-256' = '013ccea1d7fc2aa2d660e900f87a3192f5cb73768710ef2eb9016f81df8e5c70']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c147747a-03ff-4355-8f5a-f1e03adfa265", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 322f8cd560d5e10e93af3ea6d3505c8de213f549e6627c3ef4664ed92ba55f56", "pattern": "[file:hashes.'SHA-256' = '322f8cd560d5e10e93af3ea6d3505c8de213f549e6627c3ef4664ed92ba55f56']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b56be26a-cffc-4870-8eae-59b4f4f6798a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 38b2d52dc471587fb65ef99c64cb3f69470ddfdaa184a256aecb26edeff3553a", "pattern": "[file:hashes.'SHA-256' = '38b2d52dc471587fb65ef99c64cb3f69470ddfdaa184a256aecb26edeff3553a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5791ded4-21d5-4ff2-8204-0bb3437fcb76", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 680b7e8ec8204975c5026bcbaf70f7e9620eacdd7bf72e5476d17266b4a7d316", "pattern": "[file:hashes.'SHA-256' = '680b7e8ec8204975c5026bcbaf70f7e9620eacdd7bf72e5476d17266b4a7d316']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8593f30-c7f2-441c-8710-4deb47c90ae3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 884c394c7b3eb757ae57050ac2e6a75385a361555e8e4272de1a3cf24746eec7", "pattern": "[file:hashes.'SHA-256' = '884c394c7b3eb757ae57050ac2e6a75385a361555e8e4272de1a3cf24746eec7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e53e4465-bbef-4b34-bc94-e7358a55ba62", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c564acd69efa62a5037931090bf70a6506419fdf59ec52f8d1ab0b15d861cc67", "pattern": "[file:hashes.'SHA-256' = 'c564acd69efa62a5037931090bf70a6506419fdf59ec52f8d1ab0b15d861cc67']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted F", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--818eece4-65cf-46a0-8823-4766628c0d8b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-22224", "pattern": "[vulnerability:name = 'CVE-2025-22224']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22225 \u2014 VMware ESXi Arbitrary Write Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTO", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9fbe504f-532c-4cf9-9810-f3c06fa2b27f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-22225", "pattern": "[vulnerability:name = 'CVE-2025-22225']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22225 \u2014 VMware ESXi Arbitrary Write Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d543e23-300d-4703-aba7-cd4ab197dc51", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-22226", "pattern": "[vulnerability:name = 'CVE-2025-22226']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22226 \u2014 VMware ESXi, Workstation, and Fus", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-22225 \u2014 VMware ESXi Arbitrary Write Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2de9dded-44c9-42f0-931f-6562c4f93668", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2bc5d02774ac1778be22cace51f9e35fe7b53378f8d70143bf646b68d2c0f94c", "pattern": "[file:hashes.'SHA-256' = '2bc5d02774ac1778be22cace51f9e35fe7b53378f8d70143bf646b68d2c0f94c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTO", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3cffe6fc-5f8f-4e8b-91bb-81696a43fcdf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 37972a232ac6d8c402ac4531430967c1fd458b74a52d6d1990688d88956791a7", "pattern": "[file:hashes.'SHA-256' = '37972a232ac6d8c402ac4531430967c1fd458b74a52d6d1990688d88956791a7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTO", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5ad34b8-f7f2-44d9-891a-932e0ef22e50", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4614346fc1ff74f057d189db45aa7dc25d6e7f3d9b68c287a409a53c86dca25e", "pattern": "[file:hashes.'SHA-256' = '4614346fc1ff74f057d189db45aa7dc25d6e7f3d9b68c287a409a53c86dca25e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTO", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--88533591-5924-40c4-a2a6-4a5d1a2464c6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c3f8da7599468c11782c2332497b9e5013d98a1030034243dfed0cf072469c89", "pattern": "[file:hashes.'SHA-256' = 'c3f8da7599468c11782c2332497b9e5013d98a1030034243dfed0cf072469c89']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTO", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9d5bddf4-1e93-4bbd-bfa9-1a3bc0ac1f74", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: dc5b8f7c6a8a6764de3309279e3b6412c23e6af1d7a8631c65b80027444d62bb", "pattern": "[file:hashes.'SHA-256' = 'dc5b8f7c6a8a6764de3309279e3b6412c23e6af1d7a8631c65b80027444d62bb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTO", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--434c04f5-73ab-4376-9242-fb313e01a49f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-8639", "pattern": "[vulnerability:name = 'CVE-2018-8639']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-8639 \u2014 Microsoft Windows Win32k Improper ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55da885b-2c82-4c6f-8916-eba7e119c74d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-43769", "pattern": "[vulnerability:name = 'CVE-2022-43769']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-43769 \u2014 Hitachi Vantara Pentaho BA Server", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c144a1d1-4870-43f2-b6c1-13f688489ddf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-20118", "pattern": "[vulnerability:name = 'CVE-2023-20118']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--337887c1-edee-4251-b216-ad2d445fdcbe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-4885", "pattern": "[vulnerability:name = 'CVE-2024-4885']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-4885 \u2014 Progress WhatsUp Gold Path Travers", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0cca4cf-492c-4401-ba9c-ab2aaca59485", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: aipricadd.top", "pattern": "[domain-name:value = 'aipricadd.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f55d4a0-4e57-4242-84ae-8e80fe48a069", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: asustordownload.com", "pattern": "[domain-name:value = 'asustordownload.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--832fe0a1-1b78-427d-8f7e-abf1fcda1269", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: centrequ.cc", "pattern": "[domain-name:value = 'centrequ.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2426b5c-63a7-4d0c-98b5-e13b155e4c29", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: durianlink.cc", "pattern": "[domain-name:value = 'durianlink.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0affdf25-4aa1-4d66-bd6b-ef14e53095a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: firebasesafer.top", "pattern": "[domain-name:value = 'firebasesafer.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5987ac78-5614-4771-acc6-5aa6203ae014", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gardensc.cc", "pattern": "[domain-name:value = 'gardensc.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06bba30f-637e-4b29-b01e-b0654418cbf0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: headached.cc", "pattern": "[domain-name:value = 'headached.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6209b1b3-789f-4eea-8287-7ee44e3ba22f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: hitchil.cc", "pattern": "[domain-name:value = 'hitchil.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6108a4b0-bef0-42dc-957a-1c0ae0985fef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: icecreand.cc", "pattern": "[domain-name:value = 'icecreand.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fdccd618-b064-4aaa-8938-5945e1c7cc3e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: landim.cc", "pattern": "[domain-name:value = 'landim.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3dd6e1e7-a941-45dc-91ae-e9acc381aa70", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: largeroofs.top", "pattern": "[domain-name:value = 'largeroofs.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aab0d80d-93f0-4e97-b276-c262d1c85fb9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: logchim.cc", "pattern": "[domain-name:value = 'logchim.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b523395-2be4-4fbc-aa79-6a5b2997e039", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: longlog.cc", "pattern": "[domain-name:value = 'longlog.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72f0ad81-665e-43f2-a1b9-1707f1d4295f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: nternetd.cc", "pattern": "[domain-name:value = 'nternetd.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4cbaf399-bb42-4fc7-bcac-5208bd10f972", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: siotherlentsearsitech.shop", "pattern": "[domain-name:value = 'siotherlentsearsitech.shop']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34bad68f-f507-4602-9d4b-fd9fbdf6bc34", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ssofhoseuegsgrfnu.ru", "pattern": "[domain-name:value = 'ssofhoseuegsgrfnu.ru']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a9205ef-60f5-4129-ac12-b8adc7145c8c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: suiteiol.cc", "pattern": "[domain-name:value = 'suiteiol.cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c90bd6b7-205e-4e60-9764-2622937f9f38", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 101.99.91.239", "pattern": "[ipv4-addr:value = '101.99.91.239']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ccdb4660-0928-4333-bed7-7122589d7638", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 119.8.186.227", "pattern": "[ipv4-addr:value = '119.8.186.227']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73de969c-2799-44d8-bc54-841ad072b4f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 122.8.183.181", "pattern": "[ipv4-addr:value = '122.8.183.181']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ecf2cd5-6708-4ae3-bc0e-edcf58413ed4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 159.138.119.99", "pattern": "[ipv4-addr:value = '159.138.119.99']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af8884a1-c2b6-4594-9c5a-7112f8ace7df", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 195.123.212.54", "pattern": "[ipv4-addr:value = '195.123.212.54']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--937041f3-9595-4da2-bfad-b020d7571837", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 43.129.205.244", "pattern": "[ipv4-addr:value = '43.129.205.244']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3394b37-c613-468a-953f-3bbc790c2aac", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 121969d72f8e6f09ad93cf17500c479c452e230e27e7b157d5c9336dff15b6ef", "pattern": "[file:hashes.'SHA-256' = '121969d72f8e6f09ad93cf17500c479c452e230e27e7b157d5c9336dff15b6ef']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--50bdf62a-5a0b-466e-814d-d8d0b6c1157a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 13cd040a7f488e937b1b234d71a0126b7bc74367bf6538b6961c476f5d620d13", "pattern": "[file:hashes.'SHA-256' = '13cd040a7f488e937b1b234d71a0126b7bc74367bf6538b6961c476f5d620d13']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cd2d38f8-8ac1-43ef-a37c-d9faed52a79a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1ca7262f91d517853a0551b14abb0306c4e3567e41b1e82a018f0aac718e499e", "pattern": "[file:hashes.'SHA-256' = '1ca7262f91d517853a0551b14abb0306c4e3567e41b1e82a018f0aac718e499e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83e225c2-9a12-4862-9b78-9189b3bcb240", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 464f29d5f496b4acffc455330f00adb34ab920c66ca1908eee262339d6946bcd", "pattern": "[file:hashes.'SHA-256' = '464f29d5f496b4acffc455330f00adb34ab920c66ca1908eee262339d6946bcd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--861e8266-a821-4bb3-97d9-8a002ae02336", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 932b2545bd6e3ad74b82ca2199944edecf9c92ad3f75fce0d07e04ab084824d5", "pattern": "[file:hashes.'SHA-256' = '932b2545bd6e3ad74b82ca2199944edecf9c92ad3f75fce0d07e04ab084824d5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--29fee4e6-05bd-4641-be6e-4a668164bd5b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: eda7cc5e1781c681afe99bf513fcaf5ae86afbf1d84dfd23aa563b1a043cbba8", "pattern": "[file:hashes.'SHA-256' = 'eda7cc5e1781c681afe99bf513fcaf5ae86afbf1d84dfd23aa563b1a043cbba8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Ro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7605fce-b4a1-438b-8780-f73e303ad74a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-34192", "pattern": "[vulnerability:name = 'CVE-2023-34192']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-34192 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--817f61ac-77c9-4d51-85f0-63b331c6e3fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-49035", "pattern": "[vulnerability:name = 'CVE-2024-49035']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49035 \u2014 Microsoft Partner Center Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--927d8b10-88f4-4e93-9d10-8dd1c419e657", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2017-3066", "pattern": "[vulnerability:name = 'CVE-2017-3066']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2017-3066 \u2014 Adobe ColdFusion Deserialization V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a1a0594-b598-43e9-9452-6d3c26ff8e0f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-20953", "pattern": "[vulnerability:name = 'CVE-2024-20953']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20953 \u2014 Oracle Agile Product Lifecycle Ma", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f20870d-a1b9-428d-b614-ecaa3d466ec4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24989", "pattern": "[vulnerability:name = 'CVE-2025-24989']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24989 \u2014 Microsoft Power Pages Improper Ac", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--426a684c-d5f1-4b2f-a6d2-0e0fdfc64e10", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-24439", "pattern": "[vulnerability:name = 'CVE-2022-24439']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Snyk\u2019s Fetch the Flag CTF is More Than Just a CTF", "url": "https://snyk.io/blog/snyks-fetch-the-flag-ctf/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6608d289-7543-41d2-a395-d068755c9ce1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-33891", "pattern": "[vulnerability:name = 'CVE-2022-33891']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Snyk\u2019s Fetch the Flag CTF is More Than Just a CTF", "url": "https://snyk.io/blog/snyks-fetch-the-flag-ctf/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68c3d52c-e4a6-4076-9f81-cbf5324aa135", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-40267", "pattern": "[vulnerability:name = 'CVE-2023-40267']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Snyk\u2019s Fetch the Flag CTF is More Than Just a CTF", "url": "https://snyk.io/blog/snyks-fetch-the-flag-ctf/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ea176b0-a2c0-457d-a397-b5c9e8713502", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-9474", "pattern": "[vulnerability:name = 'CVE-2024-9474']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0111 \u2014 Palo Alto Networks PAN-OS File Rea", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-0108 \u2014 Palo Alto Networks PAN-OS Authenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76ec56c5-4787-4445-9907-59b28f0baa4f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-0108", "pattern": "[vulnerability:name = 'CVE-2025-0108']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0111 \u2014 Palo Alto Networks PAN-OS File Rea", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-0108 \u2014 Palo Alto Networks PAN-OS Authenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--477ca813-396b-43ef-9a4a-0f0ab4300b28", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-0111", "pattern": "[vulnerability:name = 'CVE-2025-0111']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0111 \u2014 Palo Alto Networks PAN-OS File Rea", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2025-0108 \u2014 Palo Alto Networks PAN-OS Authenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ba638de-0b00-4a8f-b65b-c3d38e8f9cbd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-23209", "pattern": "[vulnerability:name = 'CVE-2025-23209']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-23209 \u2014 Craft CMS Code Injection Vulnerab", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b6a4bc9-ee4a-41c5-8d5d-a6705c4d24c1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-53704", "pattern": "[vulnerability:name = 'CVE-2024-53704']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-53704 \u2014 SonicWall SonicOS SSLVPN Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a904ba08-44b8-4b3c-b838-df9b2814e077", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-57727", "pattern": "[vulnerability:name = 'CVE-2024-57727']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-57727 \u2014 SimpleHelp Path Traversal Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a2c6d02-3fac-4357-bfb3-1e5268618747", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-10561", "pattern": "[vulnerability:name = 'CVE-2018-10561']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6509f3f5-06ef-49eb-a15a-41dc88ddbc5e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-10562", "pattern": "[vulnerability:name = 'CVE-2018-10562']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f22255b-b94b-425b-8b3d-e4153992cbce", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-17532", "pattern": "[vulnerability:name = 'CVE-2018-17532']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d6b4a0a-abb6-4c1f-95a3-fd29970cb478", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-31137", "pattern": "[vulnerability:name = 'CVE-2022-31137']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c544cfbc-ee12-4e73-8e5b-3f0e85f34f92", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-26801", "pattern": "[vulnerability:name = 'CVE-2023-26801']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb1b5ed8-3615-4257-bef9-09a84bace9bd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-41710", "pattern": "[vulnerability:name = 'CVE-2024-41710']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4fd71e6-52ee-472a-af4a-2d5d8ea6a6a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24200", "pattern": "[vulnerability:name = 'CVE-2025-24200']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24200 \u2014 Apple iOS and iPadOS Incorrect Au", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fba1702b-c4a1-4c63-a11d-f61a2d3c0f59", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: GO-2025-3451", "pattern": "[vulnerability:name = 'GO-2025-3451']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Do not pass GO - Malicious Package Alert", "url": "https://snyk.io/blog/go-malicious-package-alert/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--60bab92f-5a1b-42c2-b1d8-0e59d1a71a89", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cardiacpure.ru", "pattern": "[domain-name:value = 'cardiacpure.ru']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76790f49-9d60-45a9-92fe-adc3c92a1ee4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: eye-network.ru", "pattern": "[domain-name:value = 'eye-network.ru']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b705cba-80b3-43e9-8064-265878f63b05", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: fuerer-net.ru", "pattern": "[domain-name:value = 'fuerer-net.ru']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c91dbf09-74d3-4bbe-a04a-3a6b9f4785e2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: github.com/boltdb-go/bolt", "pattern": "[domain-name:value = 'github.com/boltdb-go/bolt']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Do not pass GO - Malicious Package Alert", "url": "https://snyk.io/blog/go-malicious-package-alert/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a3dbaa65-884b-4991-a4a4-179d75dbd7ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: intenseapi.com", "pattern": "[domain-name:value = 'intenseapi.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--81f6c1d6-e1b9-45b6-94ed-d2c01be75ae7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 49.12.198.231", "pattern": "[ipv4-addr:value = '49.12.198.231']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Do not pass GO - Malicious Package Alert", "url": "https://snyk.io/blog/go-malicious-package-alert/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3a63187d-2935-42f9-876c-1f9645abc94f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.92.243.233", "pattern": "[ipv4-addr:value = '91.92.243.233']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68082c80-3dd0-45ee-825e-17bec0e78875", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e06c3f5c32aaa422e66056290eb566065afe2ce611fe019f3ba804af939ac1a3", "pattern": "[file:hashes.'SHA-256' = 'e06c3f5c32aaa422e66056290eb566065afe2ce611fe019f3ba804af939ac1a3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injecti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d8323449-022c-4900-87eb-0dd3a10b46fe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-40890", "pattern": "[vulnerability:name = 'CVE-2024-40890']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40891 \u2014 Zyxel DSL CPE OS Command Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d5a1310b-af0e-4cd9-ad21-9d6cd31fd463", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-40891", "pattern": "[vulnerability:name = 'CVE-2024-40891']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40891 \u2014 Zyxel DSL CPE OS Command Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7607c403-723c-40b3-b0fc-f35208263098", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-0890", "pattern": "[vulnerability:name = 'CVE-2025-0890']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40891 \u2014 Zyxel DSL CPE OS Command Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7d25e7b7-a82f-4c6d-8e62-9fe1bde9bc4e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-21391", "pattern": "[vulnerability:name = 'CVE-2025-21391']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21391 \u2014 Microsoft Windows Storage Link Fo", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cb64045b-f9af-4294-8929-9e0e076a318e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-21418", "pattern": "[vulnerability:name = 'CVE-2025-21418']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21418 \u2014 Microsoft Windows Ancillary Funct", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--46201290-cff2-4577-9d06-d03bc7aa6c14", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-0994", "pattern": "[vulnerability:name = 'CVE-2025-0994']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ea08082-1067-455b-85ba-7bda3bab72b6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cdn.lgaircon.xyz", "pattern": "[domain-name:value = 'cdn.lgaircon.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0cf7d54e-3469-40a4-961b-52540f3905f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cdn.phototagx.com", "pattern": "[domain-name:value = 'cdn.phototagx.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8e7a19b-9afd-433e-90e5-156204d208da", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: lgaircon.xyz", "pattern": "[domain-name:value = 'lgaircon.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7cb6edd9-cb8f-4d2a-8c26-60672737eaef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: www.roomako.com", "pattern": "[domain-name:value = 'www.roomako.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4bc30ab4-ea96-4cdf-bdd4-8bdf712df3d9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.210.239.172", "pattern": "[ipv4-addr:value = '192.210.239.172']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a8094a4b-0cd3-41d2-b41b-7099c48762b9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 14ed3878b6623c287283a8a80020f68e1cb6bfc37b236f33a95f3a64c4f4611f", "pattern": "[file:hashes.'SHA-256' = '14ed3878b6623c287283a8a80020f68e1cb6bfc37b236f33a95f3a64c4f4611f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--173a5ee5-a04f-4220-8268-1b6c8294248b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1c38e3cda8ac6d79d9da40834367697a209c6b07e6b3ab93b3a4f375b161a901", "pattern": "[file:hashes.'SHA-256' = '1c38e3cda8ac6d79d9da40834367697a209c6b07e6b3ab93b3a4f375b161a901']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7ee4fcbb-85ef-444c-9161-558d9aca02af", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1de72c03927bcd2810ce98205ff871ef1ebf4344fba187e126e50caa1e43250b", "pattern": "[file:hashes.'SHA-256' = '1de72c03927bcd2810ce98205ff871ef1ebf4344fba187e126e50caa1e43250b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df04d200-4607-4e73-824d-2a7f2b468da8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4ffc33bdc8527a2e8cb87e49cdc16c3b1480dfc135e507d552f581a67d1850a9", "pattern": "[file:hashes.'SHA-256' = '4ffc33bdc8527a2e8cb87e49cdc16c3b1480dfc135e507d552f581a67d1850a9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e615894-3bde-4d02-a4e9-5670650acae2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c02d50d0eb3974818091b8dd91a8bbb8cdefd94d4568a4aea8e1dcdd8869f738", "pattern": "[file:hashes.'SHA-256' = 'c02d50d0eb3974818091b8dd91a8bbb8cdefd94d4568a4aea8e1dcdd8869f738']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16489588-0719-480e-893d-bf9f9aed4976", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-15069", "pattern": "[vulnerability:name = 'CVE-2020-15069']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-15069 \u2014 Sophos XG Firewall Buffer Overflo", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b42cc693-75e2-4f32-a204-2cd113d1387b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-29574", "pattern": "[vulnerability:name = 'CVE-2020-29574']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-29574 \u2014 CyberoamOS (CROS) SQL Injection V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--784af1aa-44b0-4754-a192-e2334d29291d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-23748", "pattern": "[vulnerability:name = 'CVE-2022-23748']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-23748 \u2014 Dante Discovery Process Control V", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9da3c9a-cab0-499d-87e3-c8230cb46ddb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-21413", "pattern": "[vulnerability:name = 'CVE-2024-21413']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-21413 \u2014 Microsoft Outlook Improper Input ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--48863588-10b5-4cf9-bd4e-8d51f6ec8876", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-0411", "pattern": "[vulnerability:name = 'CVE-2025-0411']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0411 \u2014 7-Zip Mark of the Web Bypass Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3ebe680-d9a2-4925-b430-968e274e7b95", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7786501e3666c1a5071c9c5e5a019e2bc86a1f169d469cc4bfef2fe339aaf384", "pattern": "[file:hashes.'SHA-256' = '7786501e3666c1a5071c9c5e5a019e2bc86a1f169d469cc4bfef2fe339aaf384']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0411 \u2014 7-Zip Mark of the Web Bypass Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b02fab3f-076e-4f0d-8a5b-1223f34469fe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 84ab6c3e1f2dc98cf4d5b8b739237570416bb82e2edaf078e9868663553c5412", "pattern": "[file:hashes.'SHA-256' = '84ab6c3e1f2dc98cf4d5b8b739237570416bb82e2edaf078e9868663553c5412']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0411 \u2014 7-Zip Mark of the Web Bypass Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee9b053b-d3c1-41f6-b291-45bbcf763fc5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-19410", "pattern": "[vulnerability:name = 'CVE-2018-19410']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-19410 \u2014 Paessler PRTG Network Monitor Loc", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b179a0fa-4c7f-4262-ba9f-46df46099f31", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-9276", "pattern": "[vulnerability:name = 'CVE-2018-9276']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-9276 \u2014 Paessler PRTG Network Monitor OS C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3c05700-67fc-44da-811e-014b97d3dd75", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-29059", "pattern": "[vulnerability:name = 'CVE-2024-29059']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-29059 \u2014 Microsoft .NET Framework Informat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e781300-77cd-42fe-b8be-0b7507253cbb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-45195", "pattern": "[vulnerability:name = 'CVE-2024-45195']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-45195 \u2014 Apache OFBiz Forced Browsing Vuln", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--495a8e46-8091-4515-bc35-9de93438853c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-24085", "pattern": "[vulnerability:name = 'CVE-2025-24085']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-24085 \u2014 Apple Multiple Products Use-After", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e25b933-cb3d-4d49-9311-80955abad728", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-23006", "pattern": "[vulnerability:name = 'CVE-2025-23006']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-23006 \u2014 SonicWall SMA1000 Appliances Dese", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--125bf8c0-aaa8-4164-be5f-b8b119eb2946", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-11023", "pattern": "[vulnerability:name = 'CVE-2020-11023']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-11023 \u2014 JQuery Cross-Site Scripting (XSS)", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--47b2651d-20de-4763-b02a-b42d856b6fd9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-50603", "pattern": "[vulnerability:name = 'CVE-2024-50603']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b10d6a5-c0f7-4507-9018-203e2eafb591", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 107.172.43.186", "pattern": "[ipv4-addr:value = '107.172.43.186']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bd0d0c69-6a28-409c-b021-e2d3dbaa8cbe", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 172.104.60.176", "pattern": "[ipv4-addr:value = '172.104.60.176']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1b1f735-7c6a-427c-9bd8-f0ff65bff202", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 83.222.191.91", "pattern": "[ipv4-addr:value = '83.222.191.91']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--476d8576-ef4a-4865-95ab-089e477ee9ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.188.254.21", "pattern": "[ipv4-addr:value = '91.188.254.21']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--179f2a41-df64-42f2-932f-21748c59f77f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 1ce0c293f2042b677cd55a393913ec052eded4b9", "pattern": "[file:hashes.'SHA-1' = '1ce0c293f2042b677cd55a393913ec052eded4b9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3cecf01a-d925-49c9-836d-5a63adcee18d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 41d589a077038048c4b120494719c905e71485ba", "pattern": "[file:hashes.'SHA-1' = '41d589a077038048c4b120494719c905e71485ba']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7802d22f-ece7-418a-a609-f2855b26bb60", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 68d88d1918676c87dcd39c7581c3910a9eb94882", "pattern": "[file:hashes.'SHA-1' = '68d88d1918676c87dcd39c7581c3910a9eb94882']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7271e468-99be-418d-a539-fb56491edfd5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: c4f63a3a6cb6b8aae133bd4c5ac6f2fc9020c349", "pattern": "[file:hashes.'SHA-1' = 'c4f63a3a6cb6b8aae133bd4c5ac6f2fc9020c349']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1613b562-07d4-4588-bd03-f02df5f5db8c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: c63f646edfddb4232afa5618e3fac4eee1b4b115", "pattern": "[file:hashes.'SHA-1' = 'c63f646edfddb4232afa5618e3fac4eee1b4b115']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a7bfbd4f-37af-46cb-a7f0-582e5b356a82", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: e10e750115bf2ae29a8ce8f9fa14e09e66534a15", "pattern": "[file:hashes.'SHA-1' = 'e10e750115bf2ae29a8ce8f9fa14e09e66534a15']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d87f4150-d14d-4dfc-9e45-deb25c435421", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-21333", "pattern": "[vulnerability:name = 'CVE-2025-21333']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-21335 \u2014 Microsoft Windows Hyper-V NT Kern", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5642d96d-8001-4f72-8226-1dbb00e52ca7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 137.184.65.71", "pattern": "[ipv4-addr:value = '137.184.65.71']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef76cc85-fc3f-4326-9a59-1349e086efdb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 157.245.3.251", "pattern": "[ipv4-addr:value = '157.245.3.251']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7400000c-3b02-419c-85da-bd297f3a3fd9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 167.71.245.10", "pattern": "[ipv4-addr:value = '167.71.245.10']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e97be582-9f97-478b-a124-bfe7523ae8f4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 23.27.140.65", "pattern": "[ipv4-addr:value = '23.27.140.65']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1b8ff65b-2600-4047-a848-c575bc9003ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 31.192.107.165", "pattern": "[ipv4-addr:value = '31.192.107.165']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac6d4a5d-325c-45ee-b724-ac542b1a69cf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 37.19.196.65", "pattern": "[ipv4-addr:value = '37.19.196.65']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--afcfe3b3-fe54-4401-8f26-17b1624dfd96", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 64.190.113.25", "pattern": "[ipv4-addr:value = '64.190.113.25']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcaf9bcf-82f9-4b0d-b416-7db346089e23", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 66.135.27.178", "pattern": "[ipv4-addr:value = '66.135.27.178']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy A", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--95525656-179c-4c66-8033-3ff5f397c4c7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-41265", "pattern": "[vulnerability:name = 'CVE-2023-41265']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--272d8db1-3298-482a-a93b-fd425252a00a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-41266", "pattern": "[vulnerability:name = 'CVE-2023-41266']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f32abe85-2319-438f-838f-b114654c8255", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-48365", "pattern": "[vulnerability:name = 'CVE-2023-48365']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3c86b2f2-9580-4baf-aaf3-5964b68c522b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-12356", "pattern": "[vulnerability:name = 'CVE-2024-12356']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12686 \u2014 BeyondTrust Privileged Remote Acc", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-12356 \u2014 BeyondTrust Privileged Remote Acc", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18e01be7-3918-4f00-a058-66c0e8bb8f4f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-12686", "pattern": "[vulnerability:name = 'CVE-2024-12686']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-12686 \u2014 BeyondTrust Privileged Remote Acc", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-12356 \u2014 BeyondTrust Privileged Remote Acc", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--889fc7ab-697f-406e-b7bf-b3e5679edd6a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: q983.requestcatcher.com", "pattern": "[domain-name:value = 'q983.requestcatcher.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7ca7d16d-e18c-4230-9be7-3499b984a5a6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: zohoservice.net", "pattern": "[domain-name:value = 'zohoservice.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b1f75b6-d5a2-4af7-9ba9-dfa2d8222562", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 144.172.122.30", "pattern": "[ipv4-addr:value = '144.172.122.30']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58bf09e1-03c7-4ad4-80ae-6943cc036443", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 216.107.136.46", "pattern": "[ipv4-addr:value = '216.107.136.46']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8e85080d-abaa-4e3a-b6e1-82eb4229f239", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.61.147.176", "pattern": "[ipv4-addr:value = '45.61.147.176']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56ec4256-4abd-4b7a-80d2-2b7c6884102b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 94.156.71.115", "pattern": "[ipv4-addr:value = '94.156.71.115']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnera", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ffa1075-3797-4d09-ba12-f1fd8c0fd5f8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-0282", "pattern": "[vulnerability:name = 'CVE-2025-0282']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7cda8ac6-e604-429c-b13a-7f9fb01dfb7a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2025-0283", "pattern": "[vulnerability:name = 'CVE-2025-0283']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee391ca7-85ea-47d0-b492-ce9d3d7b2ff9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 61bb586dc4e047ab081ef6ca65684e48", "pattern": "[file:hashes.MD5 = '61bb586dc4e047ab081ef6ca65684e48']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b43c2746-f5e8-431f-9f89-5aa669ae0155", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: a638fd203ddb540d0484d8e00490df06", "pattern": "[file:hashes.MD5 = 'a638fd203ddb540d0484d8e00490df06']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a8ec2ed-ab89-4a3b-af1e-70d1959719e0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: d18e5425ecd9608ecb992606b974e15d", "pattern": "[file:hashes.MD5 = 'd18e5425ecd9608ecb992606b974e15d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cd9641e5-14b4-43c1-8547-d31053a958f5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: e7d24813535f74187db31d4114f607a1", "pattern": "[file:hashes.MD5 = 'e7d24813535f74187db31d4114f607a1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4be2d86-183b-43e9-b7b9-a27eca63a246", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-2555", "pattern": "[vulnerability:name = 'CVE-2020-2555']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-2883 \u2014 Oracle WebLogic Server Unspecified", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--365b7295-c60c-46b6-b032-8f51087c3ed8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-2883", "pattern": "[vulnerability:name = 'CVE-2020-2883']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-2883 \u2014 Oracle WebLogic Server Unspecified", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--afa2c4e5-b92b-44b3-8778-9f3923d5a56b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-41713", "pattern": "[vulnerability:name = 'CVE-2024-41713']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55550 \u2014 Mitel MiCollab Path Traversal Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b2658cd-c4c3-42b2-80a2-c4255fcb8ec6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-55550", "pattern": "[vulnerability:name = 'CVE-2024-55550']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55550 \u2014 Mitel MiCollab Path Traversal Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a355587-62d7-4005-b7d1-e9818cff77a8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-3393", "pattern": "[vulnerability:name = 'CVE-2024-3393']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-3393 \u2014 Palo Alto Networks PAN-OS Maliciou", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e578b0dd-274a-4e96-958a-1220a9bc20ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-0688", "pattern": "[vulnerability:name = 'CVE-2020-0688']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4fdb182e-217b-47e9-aaa5-b3a848a2c274", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-44207", "pattern": "[vulnerability:name = 'CVE-2021-44207']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28ce5029-7b92-4366-8b1f-93c1eea745de", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-44228", "pattern": "[vulnerability:name = 'CVE-2021-44228']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "The persistent threat: Why major vulnerabilities like Log4Sh", "url": "https://snyk.io/blog/log4shell-spring4shell-threat/" } ], "x_severity": "crit", "x_sources": [ "CISA KEV", "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54dac7f6-8301-454b-a4c2-27185d626619", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: afdentry.workstation.eu.org", "pattern": "[domain-name:value = 'afdentry.workstation.eu.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e995b6a4-46be-4e61-b44a-6b58ec8cf49a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cdn.ns.time12.cf", "pattern": "[domain-name:value = 'cdn.ns.time12.cf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ea77ee8-d18a-4566-a734-32f213a48072", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: east.winsproxy.com", "pattern": "[domain-name:value = 'east.winsproxy.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d1d37ee-bf49-490e-8174-73d4e4422846", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ns1.entrydns.eu.org", "pattern": "[domain-name:value = 'ns1.entrydns.eu.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4bed16d-8678-481f-a89b-70a2e7ea309b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: subnet.milli-seconds.com", "pattern": "[domain-name:value = 'subnet.milli-seconds.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6e3da7d-6e95-417d-b61d-9fc1ea389722", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: work.queryip.cf", "pattern": "[domain-name:value = 'work.queryip.cf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--186ae205-301b-4dc9-81b7-893f362c6898", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: work.viewdns.ml", "pattern": "[domain-name:value = 'work.viewdns.ml']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c0ef4a3-9cbf-4124-9230-80abc5c12655", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 107.172.210.69", "pattern": "[ipv4-addr:value = '107.172.210.69']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--227dfc10-8d1a-4cfb-a223-86bbcb969b3d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 149.28.15.152", "pattern": "[ipv4-addr:value = '149.28.15.152']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83029fcf-1ef6-45c6-a859-2be72a223703", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 172.104.206.48", "pattern": "[ipv4-addr:value = '172.104.206.48']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f072a3cf-e064-4ebc-b735-8138c16c563d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 18.118.56.237", "pattern": "[ipv4-addr:value = '18.118.56.237']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b5129ec-311a-4164-a888-6b3c6feea29d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.118.167.40", "pattern": "[ipv4-addr:value = '185.118.167.40']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--142339c3-018f-4003-945f-2cb278f3673a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.156.98.12", "pattern": "[ipv4-addr:value = '194.156.98.12']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34f6e5b5-1861-4c3f-ad1c-974faa6bce38", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.195.125.121", "pattern": "[ipv4-addr:value = '194.195.125.121']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6d92d4a-45cc-4918-a81c-87b456439e80", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 20.121.42.11", "pattern": "[ipv4-addr:value = '20.121.42.11']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--20dfc133-3717-4535-bfa8-937c54cdfa6b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 34.139.13.46", "pattern": "[ipv4-addr:value = '34.139.13.46']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--704a129b-1fb9-4540-89c5-26ee189480e9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.153.231.31", "pattern": "[ipv4-addr:value = '45.153.231.31']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13d8fe8c-55a1-40a2-a736-90ac3f4434fa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.84.1.181", "pattern": "[ipv4-addr:value = '45.84.1.181']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef119cc5-ad3a-4859-b31c-6206b7f621a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 54.248.110.45", "pattern": "[ipv4-addr:value = '54.248.110.45']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b417ecd8-c119-4ca7-aea3-618b9b882461", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 54.80.67.241", "pattern": "[ipv4-addr:value = '54.80.67.241']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9d19a828-dd13-493e-a700-38b201bdaaea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 67.205.132.162", "pattern": "[ipv4-addr:value = '67.205.132.162']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--508e2add-d2a7-46f8-b7cf-a58b75220e43", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 143278845a3f5276a1dd5860e7488313", "pattern": "[file:hashes.MD5 = '143278845a3f5276a1dd5860e7488313']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a453d7e9-8fb8-4b7f-a6c1-6f25e89c55b4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 49f1daea8a115dd6fce51a1328d863cf", "pattern": "[file:hashes.MD5 = '49f1daea8a115dd6fce51a1328d863cf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97a479b6-b4de-4dc4-bad0-a9a2a9e29f43", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 900ca3ee85dfc109baeed4888ccb5d39", "pattern": "[file:hashes.MD5 = '900ca3ee85dfc109baeed4888ccb5d39']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da327d36-6119-4c2a-a44f-b9c8cd87318a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: b108b28138b93ec4822e165b82e41c7a", "pattern": "[file:hashes.MD5 = 'b108b28138b93ec4822e165b82e41c7a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b21a533-7571-465f-b9d1-182af32a0234", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: b82456963d04f44e83442b6393face47", "pattern": "[file:hashes.MD5 = 'b82456963d04f44e83442b6393face47']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de275460-619c-45c2-9503-bcd0928548a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 355b3ff61db44d18003537be8496eb03536e300f", "pattern": "[file:hashes.'SHA-1' = '355b3ff61db44d18003537be8496eb03536e300f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--52db501f-9c41-476d-9667-0e7b8b9198a4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 6f6b51e6c88e5252a2a117ca1cfb57934930166b", "pattern": "[file:hashes.'SHA-1' = '6f6b51e6c88e5252a2a117ca1cfb57934930166b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d2109da2-0d3e-4245-b80e-fa817934a8d5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 7056b044f97e3e349e3e0183311bb44b0bc3464f", "pattern": "[file:hashes.'SHA-1' = '7056b044f97e3e349e3e0183311bb44b0bc3464f']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba2d43c6-6ec1-4f64-94c8-921410bea297", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 996aa691bbc1250b571a2f5423a5d5e2da8317e6", "pattern": "[file:hashes.'SHA-1' = '996aa691bbc1250b571a2f5423a5d5e2da8317e6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d636bedf-a166-4251-9868-fa5fd4d808ed", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: e85427af661fe5e853c8c9398dc46ddde50e2241", "pattern": "[file:hashes.'SHA-1' = 'e85427af661fe5e853c8c9398dc46ddde50e2241']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ac77c8a-9580-4772-9b07-256013e41444", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 062a7399100454c7a523a938293bef7ddb0bc10636fd402be5f9797d8cc3c57e", "pattern": "[file:hashes.'SHA-256' = '062a7399100454c7a523a938293bef7ddb0bc10636fd402be5f9797d8cc3c57e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9accf2fa-5905-4cdc-bce9-cea48db67a0f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a4647fcb35c79f26354c34452e4a03a1e4e338a80b2c29db97bba4088a208ad0", "pattern": "[file:hashes.'SHA-256' = 'a4647fcb35c79f26354c34452e4a03a1e4e338a80b2c29db97bba4088a208ad0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6005294-7926-45d6-8b12-d4bfd4fd44f5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d7e8cc6c19ceebf0e125c9f18b50167c0ee65294b3fce179fdab560e3e8e0192", "pattern": "[file:hashes.'SHA-256' = 'd7e8cc6c19ceebf0e125c9f18b50167c0ee65294b3fce179fdab560e3e8e0192']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b4e3636-159c-45cb-9989-e0098686d006", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e024ccc4c72eb5813cc2b6db7975e4750337a1cc619d7339b21fdbb32d93fd85", "pattern": "[file:hashes.'SHA-256' = 'e024ccc4c72eb5813cc2b6db7975e4750337a1cc619d7339b21fdbb32d93fd85']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2a1433e-52d0-43c5-8728-9c6414e0e373", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ebf28e56ae5873102b51da2cc49cbbe43192ca2f318c4dfc874448d9b85ebd00", "pattern": "[file:hashes.'SHA-256' = 'ebf28e56ae5873102b51da2cc49cbbe43192ca2f318c4dfc874448d9b85ebd00']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of H", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8fad95d-6a18-4998-8e9f-b20de947c3be", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2011-5325", "pattern": "[vulnerability:name = 'CVE-2011-5325']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-23227 \u2014 NUUO NVRmini2 Devices Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--975c9d3d-e172-45b1-aa9e-c5060d0a9872", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-14933", "pattern": "[vulnerability:name = 'CVE-2018-14933']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-14933 \u2014 NUUO NVRmini Devices OS Command I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--09f3869a-b482-429b-943a-c715bc4f3b97", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-11001", "pattern": "[vulnerability:name = 'CVE-2019-11001']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2019-11001 \u2014 Reolink Multiple IP Cameras OS Co", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a3cc998-fbe9-4774-a76f-0bc2ae16c4ce", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-40407", "pattern": "[vulnerability:name = 'CVE-2021-40407']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-40407 \u2014 Reolink RLC-410W IP Camera OS Com", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba7ce9cd-19b4-49fd-9db6-6a02437ff7d8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-23227", "pattern": "[vulnerability:name = 'CVE-2022-23227']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-23227 \u2014 NUUO NVRmini2 Devices Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a7504f98-76c4-4fe4-b31a-a0082587a1bd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-50623", "pattern": "[vulnerability:name = 'CVE-2024-50623']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d689c1b-f16f-4ef8-814d-89ac914e75f8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-55956", "pattern": "[vulnerability:name = 'CVE-2024-55956']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a401ae93-e69b-4008-bcd9-3f2e286f2517", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 176.123.10.115", "pattern": "[ipv4-addr:value = '176.123.10.115']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aba41d72-2104-4eea-adb9-69aa33a41e69", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 176.123.5.126", "pattern": "[ipv4-addr:value = '176.123.5.126']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--563ffcd9-ee7d-4984-9da4-cda247401f57", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 181.214.147.164", "pattern": "[ipv4-addr:value = '181.214.147.164']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14c944fb-7b89-4980-b23b-614e822ee151", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.162.128.133", "pattern": "[ipv4-addr:value = '185.162.128.133']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b9d2c15-0a36-47c6-922f-dc9a9998bbf7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.163.204.137", "pattern": "[ipv4-addr:value = '185.163.204.137']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d298b658-168b-4d45-bbaf-be2d0cd116c8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.181.230.103", "pattern": "[ipv4-addr:value = '185.181.230.103']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0cf522e-4b2c-4f8e-9783-f0ec9d6b1374", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.119.99.42", "pattern": "[ipv4-addr:value = '192.119.99.42']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef4a3bc3-fae8-43f8-9da5-6626e5f6a0ed", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 209.127.12.38", "pattern": "[ipv4-addr:value = '209.127.12.38']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0936d36f-6e45-467a-8dac-6f0aa34a3085", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.182.189.102", "pattern": "[ipv4-addr:value = '45.182.189.102']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3850b4ce-ad8c-48df-b77f-e3ab852d6653", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 5.149.249.226", "pattern": "[ipv4-addr:value = '5.149.249.226']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--be17377a-c2b9-4546-9c17-68a658f1a1aa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 89.248.172.139", "pattern": "[ipv4-addr:value = '89.248.172.139']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenti", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestrict", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--38f8a39b-2599-4d51-9f75-7752f2c0dbd8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-26347", "pattern": "[vulnerability:name = 'CVE-2023-26347']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8979d4f-3fc1-4e94-a7db-9ad062b604a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-26359", "pattern": "[vulnerability:name = 'CVE-2023-26359']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--634bd8b6-6a58-4f5a-9cc6-6afb0471ca0d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-29298", "pattern": "[vulnerability:name = 'CVE-2023-29298']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f340ed3e-992d-42a4-8f60-29f3980e772f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-29300", "pattern": "[vulnerability:name = 'CVE-2023-29300']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c45d72f3-d7fe-4ee8-8b61-b84a41712b2d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-38203", "pattern": "[vulnerability:name = 'CVE-2023-38203']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9d5d4eaa-cc40-4cdf-8da7-5c50be9c4ded", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-38204", "pattern": "[vulnerability:name = 'CVE-2023-38204']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57f2b880-8b4a-42c1-b08a-630c3ea056e9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-38205", "pattern": "[vulnerability:name = 'CVE-2023-38205']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e4ee294-220e-4cb9-8993-8a3231f35c2b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-44352", "pattern": "[vulnerability:name = 'CVE-2023-44352']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b39537d5-638a-4498-9fb5-3c3c691cc4f8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-44353", "pattern": "[vulnerability:name = 'CVE-2023-44353']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3430a696-586f-497a-abe8-5228db93f629", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-20767", "pattern": "[vulnerability:name = 'CVE-2024-20767']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a785c639-19b7-4066-8009-3da4cee31c39", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-35250", "pattern": "[vulnerability:name = 'CVE-2024-35250']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-35250 \u2014 Microsoft Windows Kernel-Mode Dri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de82405a-8fdf-4d7f-8c0c-be9a2431d68b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oast.fun", "pattern": "[domain-name:value = 'oast.fun']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7af8ad1-aef6-4fe3-8fe5-f37d13ce47ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oast.live", "pattern": "[domain-name:value = 'oast.live']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f27bd52c-2edd-4079-a28d-b744746ab111", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oast.me", "pattern": "[domain-name:value = 'oast.me']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0a25b84-67bb-4e1e-ab8a-2cc5d01a8279", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oast.online", "pattern": "[domain-name:value = 'oast.online']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--545901a0-1a11-474d-a9b9-504baed05d07", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oast.pro", "pattern": "[domain-name:value = 'oast.pro']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0405a234-78c3-43f4-82f1-e2884de44127", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oast.site", "pattern": "[domain-name:value = 'oast.site']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bf2b1b5-6885-4709-a5f7-020f09014c64", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 134.122.136.119", "pattern": "[ipv4-addr:value = '134.122.136.119']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1cdf7823-5bb5-44c8-ade7-a45d1d30252a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 134.122.136.96", "pattern": "[ipv4-addr:value = '134.122.136.96']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--be94640f-999f-46ba-b3b1-f2a335b2e019", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 172.81.132.99", "pattern": "[ipv4-addr:value = '172.81.132.99']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e38760a4-88c7-4c4b-9c2f-b828827b95a8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 23.234.85.20", "pattern": "[ipv4-addr:value = '23.234.85.20']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bdd38a7-7ddd-44e2-bc5b-5c4f88449cad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.225.206.87", "pattern": "[ipv4-addr:value = '38.225.206.87']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7098d9ca-1c2e-49ba-9ad2-a2a61052cd56", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.225.206.88", "pattern": "[ipv4-addr:value = '38.225.206.88']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a8807a2b-774b-42b8-8e10-b6f760a75bfb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: connect.consrensys.com", "pattern": "[domain-name:value = 'connect.consrensys.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--29aeb8df-b967-4286-836f-9bf86e2631a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: webhook.site/1e6c12e8-aaeb-4349-98ad-a7196e632c5a", "pattern": "[domain-name:value = 'webhook.site/1e6c12e8-aaeb-4349-98ad-a7196e632c5a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8af00f39-7194-46a5-a938-8a65ef825ca3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: webhook.site/ecd706a0-f207-4df2-b639-d326ef3c2fe1", "pattern": "[domain-name:value = 'webhook.site/ecd706a0-f207-4df2-b639-d326ef3c2fe1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--298f8ceb-2266-47d3-963e-5790b8c5c52b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 059beed5bcdfea16c05b4d45560c97abfd4af3de", "pattern": "[file:hashes.'SHA-1' = '059beed5bcdfea16c05b4d45560c97abfd4af3de']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--84d0e935-53d1-4186-a66f-66117dde553d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 62b6532384bdd9b96af5ac684d87f52efb48f7de", "pattern": "[file:hashes.'SHA-1' = '62b6532384bdd9b96af5ac684d87f52efb48f7de']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5c84be2-f51c-4960-b74d-dcf6b11a3b23", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 7c6136cf4e857582c2f086673359be94e7e4b702", "pattern": "[file:hashes.'SHA-1' = '7c6136cf4e857582c2f086673359be94e7e4b702']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e99500bc-6c4f-4b76-be76-c7a66ed5ca49", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 96f496ac5c64f3c884676dd99d6edbe7fa596255", "pattern": "[file:hashes.'SHA-1' = '96f496ac5c64f3c884676dd99d6edbe7fa596255']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--600cf470-ae0a-453e-b286-ae0b5de2372b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: a1f1e3ede7c7e6ae650a294630214ce7fa596255", "pattern": "[file:hashes.'SHA-1' = 'a1f1e3ede7c7e6ae650a294630214ce7fa596255']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cbc31efe-8461-437f-8e00-f071c935ab11", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: bea3060707e6f3fec47aa2af64ea2e774b56e9f5", "pattern": "[file:hashes.'SHA-1' = 'bea3060707e6f3fec47aa2af64ea2e774b56e9f5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34ed9418-2ac3-4b84-8238-5be9e41fbcea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: dd0577b10e73792f2b2315af63b872fe4123ec9c", "pattern": "[file:hashes.'SHA-1' = 'dd0577b10e73792f2b2315af63b872fe4123ec9c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1be1a423-9123-4660-bf03-7f8a675717a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: ee304a92a9e68e7923d7a37a370c7556ac596250", "pattern": "[file:hashes.'SHA-1' = 'ee304a92a9e68e7923d7a37a370c7556ac596250']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6107938c-a662-468c-82d3-8cbd0b06d719", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 15bcffd83cda47082acb081eaf7270a38c497b3a2bc6e917582bda8a5b0f7bab", "pattern": "[file:hashes.'SHA-256' = '15bcffd83cda47082acb081eaf7270a38c497b3a2bc6e917582bda8a5b0f7bab']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32b7536f-9a4c-475d-a038-e3e692336836", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4347625838a5cb0e9d29f3ec76ed8365b31b281103b716952bf64d37cf309785", "pattern": "[file:hashes.'SHA-256' = '4347625838a5cb0e9d29f3ec76ed8365b31b281103b716952bf64d37cf309785']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0f8e12b9-9d5a-4863-a247-38d7c21fe8e3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6a9d121f538cad60cabd9369a951ec4405a081c664311a90537f0a7a61b0f3e5", "pattern": "[file:hashes.'SHA-256' = '6a9d121f538cad60cabd9369a951ec4405a081c664311a90537f0a7a61b0f3e5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--775bd7ad-5a41-4c8c-9a22-5d465aa94c94", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b0e1ae6d73d656b203514f498b59cbcf29f067edf6fbd3803a3de7d21960848d", "pattern": "[file:hashes.'SHA-256' = 'b0e1ae6d73d656b203514f498b59cbcf29f067edf6fbd3803a3de7d21960848d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e54a373-212e-48de-915d-e56e1b25c8b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b6ea1681855ec2f73c643ea2acfcf7ae084a9648f888d4bd1e3e119ec15c3495", "pattern": "[file:hashes.'SHA-256' = 'b6ea1681855ec2f73c643ea2acfcf7ae084a9648f888d4bd1e3e119ec15c3495']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee7273fc-b74a-4e85-8bd1-4b4eea574670", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c9c3401536fd9a0b6012aec9169d2c1fc1368b7073503384cfc0b38c47b1d7e1", "pattern": "[file:hashes.'SHA-256' = 'c9c3401536fd9a0b6012aec9169d2c1fc1368b7073503384cfc0b38c47b1d7e1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c53ebfe6-c3e0-4460-a5ef-f83024fafda8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e9d538203ac43e9df11b68803470c116b7bb02881cd06175b0edfc4438d4d1a2", "pattern": "[file:hashes.'SHA-256' = 'e9d538203ac43e9df11b68803470c116b7bb02881cd06175b0edfc4438d4d1a2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04a32c44-7962-4853-af8b-730393d93cb3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ec12cd32729e8abea5258478731e70ccc5a7c6c4847dde78488b8dd0b91b8555", "pattern": "[file:hashes.'SHA-256' = 'ec12cd32729e8abea5258478731e70ccc5a7c6c4847dde78488b8dd0b91b8555']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c74125af-c828-4c27-8745-978f9fea041d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f08d47cb3e1e848b5607ac44baedf1754b201b6b90dfc527d6cefab1dd2d2c23", "pattern": "[file:hashes.'SHA-256' = 'f08d47cb3e1e848b5607ac44baedf1754b201b6b90dfc527d6cefab1dd2d2c23']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Ultralytics AI Pwn Request Supply Chain Attack", "url": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a6dc2af-a21b-4462-9d83-e34c7bc1f6c3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-49138", "pattern": "[vulnerability:name = 'CVE-2024-49138']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49138 \u2014 Microsoft Windows Common Log File", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--98ba651d-a91d-47b9-ba3a-91077bb703de", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-51378", "pattern": "[vulnerability:name = 'CVE-2024-51378']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-51378 \u2014 CyberPanel Incorrect Default Perm", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-51567 \u2014 CyberPanel Incorrect Default Perm", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07e3a0cf-5cdf-4054-9c8e-bbd58ac6a6f5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-27997", "pattern": "[vulnerability:name = 'CVE-2023-27997']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-45727 \u2014 North Grid Proself Improper Restr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--979611ae-a872-4ee1-9ef2-49e34394b214", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-28461", "pattern": "[vulnerability:name = 'CVE-2023-28461']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-45727 \u2014 North Grid Proself Improper Restr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2023-28461 \u2014 Array Networks AG and vxAG ArrayO", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--20975b87-c779-417d-a7e4-454395be3a0c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-45727", "pattern": "[vulnerability:name = 'CVE-2023-45727']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-45727 \u2014 North Grid Proself Improper Restr", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--89e6c2fc-2ba6-47b2-91e0-7ec45d504386", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-11667", "pattern": "[vulnerability:name = 'CVE-2024-11667']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b23216e7-91aa-4723-a0e4-6546f17bcc54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-11680", "pattern": "[vulnerability:name = 'CVE-2024-11680']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11680 \u2014 ProjectSend Improper Authenticati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3719a9aa-5b5d-40c0-93bd-4c83b0500892", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-42057", "pattern": "[vulnerability:name = 'CVE-2024-42057']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64eccb75-2380-4f06-a221-8ac89a86d253", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0bfe25de8c46834e9a7c216f99057d855e272eafafdfef98a6012cecbbdcfabf", "pattern": "[file:hashes.'SHA-256' = '0bfe25de8c46834e9a7c216f99057d855e272eafafdfef98a6012cecbbdcfabf']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07f25ba8-2e17-4f26-8bfe-b83acab2dd98", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2621c5c7e1c12560c6062fdf2eeeb815de4ce3856376022a1a9f8421b4bae8e1", "pattern": "[file:hashes.'SHA-256' = '2621c5c7e1c12560c6062fdf2eeeb815de4ce3856376022a1a9f8421b4bae8e1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3c08fedf-2316-40b9-ad74-2d233793549b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2b15e09b98bc2835a4430c4560d3f5b25011141c9efa4331f66e9a707e2a23c0", "pattern": "[file:hashes.'SHA-256' = '2b15e09b98bc2835a4430c4560d3f5b25011141c9efa4331f66e9a707e2a23c0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1f7b52a-dd90-45e8-adf0-c7eb54c202a8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e", "pattern": "[file:hashes.'SHA-256' = '3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c7f35bb-f11b-47d2-b36d-ac441dcb9c2d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 47635e2cf9d41cab4b73f2a37e6a59a7de29428b75a7b4481205aee4330d4d19", "pattern": "[file:hashes.'SHA-256' = '47635e2cf9d41cab4b73f2a37e6a59a7de29428b75a7b4481205aee4330d4d19']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--15c62c1e-0401-4a6f-a79b-0b966faa09fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 67aea3de7ab23b72e02347cbf6514f28fb726d313e62934b5de6d154215ee733", "pattern": "[file:hashes.'SHA-256' = '67aea3de7ab23b72e02347cbf6514f28fb726d313e62934b5de6d154215ee733']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1fde5687-315b-4751-9713-58e25d9521fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6ef9a0b6301d737763f6c59ae6d5b3be4cf38941a69517be0f069d0a35f394dd", "pattern": "[file:hashes.'SHA-256' = '6ef9a0b6301d737763f6c59ae6d5b3be4cf38941a69517be0f069d0a35f394dd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aec39899-076d-4d50-ad9e-62db16bb74e2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7731d73e048a351205615821b90ed4f2507abc65acf4d6fe30ecdb211f0b0872", "pattern": "[file:hashes.'SHA-256' = '7731d73e048a351205615821b90ed4f2507abc65acf4d6fe30ecdb211f0b0872']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ef9ab0d-8554-449d-8725-95bf5aae816e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7", "pattern": "[file:hashes.'SHA-256' = '7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6cd54ec-f62f-493f-8e8d-ab9df195c0a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9ab19741ac36e198fb2fd912620bf320aa7fdeeeb8d4a9e956f3eb3d2092c92c", "pattern": "[file:hashes.'SHA-256' = '9ab19741ac36e198fb2fd912620bf320aa7fdeeeb8d4a9e956f3eb3d2092c92c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5172b40d-527d-43e8-babf-9f2d9c4acde4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea", "pattern": "[file:hashes.'SHA-256' = 'cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4edfbe3a-2760-4682-837e-3c2be8267906", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ccd78d3eba6c53959835c6407d81262d3094e8d06bf2712fefa4b04baadd4bfe", "pattern": "[file:hashes.'SHA-256' = 'ccd78d3eba6c53959835c6407d81262d3094e8d06bf2712fefa4b04baadd4bfe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Tra", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac872d27-76c4-4e4d-bfa3-30f74c8231f2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-21287", "pattern": "[vulnerability:name = 'CVE-2024-21287']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-21287 \u2014 Oracle Agile Product Lifecycle Ma", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1191301-e340-4501-832b-92cbaa4bf3e8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-44308", "pattern": "[vulnerability:name = 'CVE-2024-44308']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-44309 \u2014 Apple Multiple Products Cross-Sit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-44308 \u2014 Apple Multiple Products Code Exec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1b3f28e-c377-4f3f-8c78-9cad4d23452d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-44309", "pattern": "[vulnerability:name = 'CVE-2024-44309']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-44309 \u2014 Apple Multiple Products Cross-Sit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-44308 \u2014 Apple Multiple Products Code Exec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ba444bf-de11-4215-bc55-634f7a7a7cb9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38812", "pattern": "[vulnerability:name = 'CVE-2024-38812']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38813 \u2014 VMware vCenter Server Privilege E", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-38812 \u2014 VMware vCenter Server Heap-Based ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5fe02ed2-7287-4e85-be60-7bdbf7244c91", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38813", "pattern": "[vulnerability:name = 'CVE-2024-38813']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38813 \u2014 VMware vCenter Server Privilege E", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3550208d-89b8-4bdd-ab93-71686d7f6897", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-0012", "pattern": "[vulnerability:name = 'CVE-2024-0012']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ca097a9-0813-4026-a212-35d32ac6e9d0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-1212", "pattern": "[vulnerability:name = 'CVE-2024-1212']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-1212 \u2014 Progress Kemp LoadMaster OS Comman", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02b9579d-735e-450e-aa27-c8a9543e9873", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.112.106.17", "pattern": "[ipv4-addr:value = '103.112.106.17']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd32f3fc-7602-459a-af39-4fb7c04ade8a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.28.208.123", "pattern": "[ipv4-addr:value = '104.28.208.123']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bc63a0c-f727-4c41-a50e-971a3eef6e7b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.28.240.123", "pattern": "[ipv4-addr:value = '104.28.240.123']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7252576f-05d6-44ab-a3f4-95ee3fc734b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.146", "pattern": "[ipv4-addr:value = '136.144.17.146']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc12455d-e10c-49dc-9cc8-90e28f0a4298", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.149", "pattern": "[ipv4-addr:value = '136.144.17.149']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7484c7f-1cf4-4e86-aebf-2921d10853b9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.154", "pattern": "[ipv4-addr:value = '136.144.17.154']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--198fd68e-9371-45c9-b213-3e50273c0889", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.158", "pattern": "[ipv4-addr:value = '136.144.17.158']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--343be689-f6a8-437c-9f73-839dcb2fefca", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.161", "pattern": "[ipv4-addr:value = '136.144.17.161']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aca982e1-500b-43fb-8007-e3e6c2acf7dc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.164", "pattern": "[ipv4-addr:value = '136.144.17.164']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--002c8293-0639-4086-bff1-0eba0ea1b955", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.166", "pattern": "[ipv4-addr:value = '136.144.17.166']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--74701a87-cf43-47e4-a24c-3ad06791ff51", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.167", "pattern": "[ipv4-addr:value = '136.144.17.167']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6452ef0b-4319-42d9-ab82-162e17759896", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.170", "pattern": "[ipv4-addr:value = '136.144.17.170']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6e12864-0a98-4b3a-ab84-978d53a61282", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.176", "pattern": "[ipv4-addr:value = '136.144.17.176']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b60c9dd7-9807-4324-a9c8-6d08d044d436", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.177", "pattern": "[ipv4-addr:value = '136.144.17.177']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34a84518-04dc-4468-a152-b4276f8817d5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.178", "pattern": "[ipv4-addr:value = '136.144.17.178']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--837e4f68-f77e-47c0-b35c-fe75310d63bb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 136.144.17.180", "pattern": "[ipv4-addr:value = '136.144.17.180']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--754c7186-baa4-4330-a58c-56c8b10e7333", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 173.239.218.248", "pattern": "[ipv4-addr:value = '173.239.218.248']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9de7ce8-38e9-4602-b2cb-8abdc085caaf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 173.239.218.251", "pattern": "[ipv4-addr:value = '173.239.218.251']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7006cb4-25a4-45a5-ab0d-06e8c938cbd5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 182.78.17.137", "pattern": "[ipv4-addr:value = '182.78.17.137']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--15f78361-4393-4e89-87c4-1f7bf34baa9b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 209.200.246.173", "pattern": "[ipv4-addr:value = '209.200.246.173']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13dd788b-382c-4971-b175-13eb5da25a85", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 209.200.246.184", "pattern": "[ipv4-addr:value = '209.200.246.184']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c25bada8-3f83-442f-aa55-d11215ba94c1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 216.73.160.186", "pattern": "[ipv4-addr:value = '216.73.160.186']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e3b0e75-96ee-410c-a813-c6e37f839b94", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 216.73.162.69", "pattern": "[ipv4-addr:value = '216.73.162.69']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e13b45d9-1542-4bf4-84ff-ed56ba8eb2dd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 216.73.162.71", "pattern": "[ipv4-addr:value = '216.73.162.71']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b43aa884-88e7-428e-80a2-8722121d565c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 216.73.162.73", "pattern": "[ipv4-addr:value = '216.73.162.73']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68d8b9a7-a250-4e58-883d-5dd94074b7b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 216.73.162.74", "pattern": "[ipv4-addr:value = '216.73.162.74']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6698eea8-d5e3-47bc-ab22-b54cfcfb73b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.32.110.123", "pattern": "[ipv4-addr:value = '45.32.110.123']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5ea9e1-584c-4af1-b0a5-443870789558", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.208.197.167", "pattern": "[ipv4-addr:value = '91.208.197.167']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--476596d0-ada6-4647-8a17-95d7f232f1a4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3c5f9034c86cb1952aa5bb07b4f77ce7d8bb5cc9fe5c029a32c72adc7e814668", "pattern": "[file:hashes.'SHA-256' = '3c5f9034c86cb1952aa5bb07b4f77ce7d8bb5cc9fe5c029a32c72adc7e814668']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Manageme", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d32b1095-1977-4c83-827a-7a838b9727f5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-5910", "pattern": "[vulnerability:name = 'CVE-2024-5910']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-5910 \u2014 Palo Alto Networks Expedition Miss", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--caaaf09f-4805-4e43-9238-d4b69167cf9d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-9463", "pattern": "[vulnerability:name = 'CVE-2024-9463']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a80e42f2-004e-4f25-b6b1-1a06e42a58e4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-9464", "pattern": "[vulnerability:name = 'CVE-2024-9464']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-5910 \u2014 Palo Alto Networks Expedition Miss", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf9a7022-b2db-4aaa-ab31-977a6a9595f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-9465", "pattern": "[vulnerability:name = 'CVE-2024-9465']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-5910 \u2014 Palo Alto Networks Expedition Miss", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bd37453-6c31-4dfd-90c9-48b47a7ecd5a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-9466", "pattern": "[vulnerability:name = 'CVE-2024-9466']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-5910 \u2014 Palo Alto Networks Expedition Miss", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59bc19e8-f0e3-4b49-bf5d-fb5dfb9bc8dd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-9467", "pattern": "[vulnerability:name = 'CVE-2024-9467']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0597aca9-239d-40b7-9e28-24058424c9bc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2014-2120", "pattern": "[vulnerability:name = 'CVE-2014-2120']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-2120 \u2014 Cisco Adaptive Security Appliance ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae7556f7-10b1-49c8-acaa-81165e062f41", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-26086", "pattern": "[vulnerability:name = 'CVE-2021-26086']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-26086 \u2014 Atlassian Jira Server and Data Ce", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--956db7a3-5e96-496a-b96e-19389fecee65", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-41277", "pattern": "[vulnerability:name = 'CVE-2021-41277']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-41277 \u2014 Metabase GeoJSON API Local File I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d53f6a6-9c97-4459-92d0-d9bfaf42a70a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-49039", "pattern": "[vulnerability:name = 'CVE-2024-49039']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d53b9ac-0f79-49ea-8256-8a23615053e8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-9680", "pattern": "[vulnerability:name = 'CVE-2024-9680']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a77cfdfc-5ba2-4d12-a480-c4a42f9d58c8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: 1drv.us.com", "pattern": "[domain-name:value = '1drv.us.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eca15607-5aa3-43fb-bcf4-62345dbd3e4c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: correctiv.sbs", "pattern": "[domain-name:value = 'correctiv.sbs']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee16732d-b9cc-4f46-9d5c-011a843cd517", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cwise.store", "pattern": "[domain-name:value = 'cwise.store']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45c4f11e-5eec-45cd-8538-310e8a98c6f0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: devolredir.com", "pattern": "[domain-name:value = 'devolredir.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8eebac2b-7261-4228-becb-4be867f76dc5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: doc.osvita-kp.gov.ua", "pattern": "[domain-name:value = 'doc.osvita-kp.gov.ua']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-43451 \u2014 Microsoft Windows NTLMv2 Hash Dis", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1701f77d-036e-49ed-9101-a940381a5f25", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: economistjournal.cloud", "pattern": "[domain-name:value = 'economistjournal.cloud']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b10a4bea-12d6-46ad-9a29-3b294392bb14", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: journalctd.live", "pattern": "[domain-name:value = 'journalctd.live']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a3d66e2d-35f9-4260-8b4b-60fe096ef698", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: osvita-kp.gov.ua", "pattern": "[domain-name:value = 'osvita-kp.gov.ua']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-43451 \u2014 Microsoft Windows NTLMv2 Hash Dis", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2390113-f040-4a80-8baa-650d1ef68403", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: redirconnectwise.cloud", "pattern": "[domain-name:value = 'redirconnectwise.cloud']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39bdf4f9-cacc-41f6-8b35-791a8daf5ddf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: redircorrectiv.com", "pattern": "[domain-name:value = 'redircorrectiv.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d5df0d3-9370-4b07-8d44-794463a0ffe2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: redjournal.cloud", "pattern": "[domain-name:value = 'redjournal.cloud']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3529115c-2287-4696-ae2c-a2cd7234f21a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 147.45.78.102", "pattern": "[ipv4-addr:value = '147.45.78.102']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f81fcb6-1f17-4385-8999-39377b7ec52e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 176.124.206.88", "pattern": "[ipv4-addr:value = '176.124.206.88']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ada0549b-9921-4133-be03-2f5e5e16c218", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 178.236.246.241", "pattern": "[ipv4-addr:value = '178.236.246.241']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--815b83d7-3d4b-44db-98d2-7dbba770f575", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.87.189.171", "pattern": "[ipv4-addr:value = '194.87.189.171']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8d762c3-a598-47ec-aacc-478ebdcda5e3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.87.189.19", "pattern": "[ipv4-addr:value = '194.87.189.19']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9b995d1a-a6b5-4774-9848-bf5251e7809f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.138.74.238", "pattern": "[ipv4-addr:value = '45.138.74.238']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--882ce92c-f661-47b9-bf15-7c7a34d2dea8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 46.226.163.67", "pattern": "[ipv4-addr:value = '46.226.163.67']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--48fbc4ac-713e-4b43-9bfc-d71abe887b54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 62.60.237.116", "pattern": "[ipv4-addr:value = '62.60.237.116']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c607ef4-71f0-42b9-977b-a4dfc5d98921", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 62.60.237.38", "pattern": "[ipv4-addr:value = '62.60.237.38']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--058a66a9-b257-4b00-9c58-5d06ac242e2f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 62.60.238.81", "pattern": "[ipv4-addr:value = '62.60.238.81']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e86828a9-cdec-4a32-b557-2b37c99f33d7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 92.42.96.30", "pattern": "[ipv4-addr:value = '92.42.96.30']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-43451 \u2014 Microsoft Windows NTLMv2 Hash Dis", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1e1abb60-d934-4449-91da-d366432f1597", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 21918cfd17b378eb4152910f1246d2446f9b5b11", "pattern": "[file:hashes.'SHA-1' = '21918cfd17b378eb4152910f1246d2446f9b5b11']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--467340b1-bfaf-4d69-b05c-7c127c931c0f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 703a25f053e356eb6ece4d16a048344c55dc89fd", "pattern": "[file:hashes.'SHA-1' = '703a25f053e356eb6ece4d16a048344c55dc89fd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd98960d-5142-432f-8ce0-50d98dcd15a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: a4aad0e2ac1ee0c8dd25968fa4631805689757b6", "pattern": "[file:hashes.'SHA-1' = 'a4aad0e2ac1ee0c8dd25968fa4631805689757b6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--611a102a-fec2-438a-a9dc-5a704ba7c528", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: a9d445b77f6f4e90c29e385264d4b1b95947add5", "pattern": "[file:hashes.'SHA-1' = 'a9d445b77f6f4e90c29e385264d4b1b95947add5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--35c4a0db-7604-4aa6-a842-32c84eadac19", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: abb54c4751f97a9fc1c9598fed1ec9fb9e6b1db6", "pattern": "[file:hashes.'SHA-1' = 'abb54c4751f97a9fc1c9598fed1ec9fb9e6b1db6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13be1d3f-df98-4a86-b624-0eb1415aaa06", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: ca6f8966a3b2640f49b19434ba8c21832e77a031", "pattern": "[file:hashes.'SHA-1' = 'ca6f8966a3b2640f49b19434ba8c21832e77a031']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--124e1042-a18a-407f-a162-7f34e9285557", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-16278", "pattern": "[vulnerability:name = 'CVE-2019-16278']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2019-16278 \u2014 Nostromo nhttpd Directory Travers", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73521339-fdb4-4126-9066-3ed2223fd4b4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-43093", "pattern": "[vulnerability:name = 'CVE-2024-43093']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-43093 \u2014 Android Framework Privilege Escal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d97bbaa7-5134-4200-ab51-0cfc2bdaf65a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-51567", "pattern": "[vulnerability:name = 'CVE-2024-51567']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-51567 \u2014 CyberPanel Incorrect Default Perm", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--be15f460-b41d-4f70-8fa3-166e929b0cad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-51568", "pattern": "[vulnerability:name = 'CVE-2024-51568']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-51567 \u2014 CyberPanel Incorrect Default Perm", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--109cd48a-19dc-4464-a98b-c640969b5235", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-8956", "pattern": "[vulnerability:name = 'CVE-2024-8956']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8956 \u2014 PTZOptics PT30X-SDI/NDI Cameras Au", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1fd05f6-d76c-4411-a5ff-0a42d017714c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-8957", "pattern": "[vulnerability:name = 'CVE-2024-8957']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8956 \u2014 PTZOptics PT30X-SDI/NDI Cameras Au", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6038d81-4fd9-492f-bd2e-ecd1237671f5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 209.141.35.56", "pattern": "[ipv4-addr:value = '209.141.35.56']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8956 \u2014 PTZOptics PT30X-SDI/NDI Cameras Au", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db7c7f02-d64f-4992-94f1-85f1287d4da8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.128.232.229", "pattern": "[ipv4-addr:value = '45.128.232.229']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8956 \u2014 PTZOptics PT30X-SDI/NDI Cameras Au", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7dfc7f34-bfe4-4ef5-a9b9-77a5cf908856", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-20481", "pattern": "[vulnerability:name = 'CVE-2024-20481']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-20481 \u2014 Cisco ASA and FTD Denial-of-Servi", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e194ab4-9f33-433a-a37c-2dd22d490d5e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-37383", "pattern": "[vulnerability:name = 'CVE-2024-37383']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-37383 \u2014 RoundCube Webmail Cross-Site Scri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1748712c-dcd7-4d0e-b92b-b60909a13ceb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: libcdn.org", "pattern": "[domain-name:value = 'libcdn.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-37383 \u2014 RoundCube Webmail Cross-Site Scri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f32496bb-e546-49b8-b802-cfd2d2407806", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: rcm.codes", "pattern": "[domain-name:value = 'rcm.codes']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-37383 \u2014 RoundCube Webmail Cross-Site Scri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3f721e2-5ab2-40a5-aae7-03a2e084476f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-47575", "pattern": "[vulnerability:name = 'CVE-2024-47575']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--01025fb2-0cca-4f8b-81bc-3694e34a0569", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.238.141.143", "pattern": "[ipv4-addr:value = '104.238.141.143']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1cf0e493-0e41-4a5b-b360-3403a9ec7edf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 142.93.177.233", "pattern": "[ipv4-addr:value = '142.93.177.233']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af91b574-7b9a-483f-bef4-d15bd3d7eb6c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 158.247.199.37", "pattern": "[ipv4-addr:value = '158.247.199.37']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3ae86168-c081-487b-a057-6d4913d53f03", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 172.232.167.68", "pattern": "[ipv4-addr:value = '172.232.167.68']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9594dde5-9c8f-4a68-b74b-ad5837fb8cd1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 195.85.114.78", "pattern": "[ipv4-addr:value = '195.85.114.78']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80391101-1789-4320-ab87-4d8925a8e12a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 198.199.122.22", "pattern": "[ipv4-addr:value = '198.199.122.22']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7df24509-b29f-4fba-9b31-5752cd0f9aaa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.32.41.202", "pattern": "[ipv4-addr:value = '45.32.41.202']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8110522-6d46-4bab-9e25-bb5a3dd5bb2a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.32.63.2", "pattern": "[ipv4-addr:value = '45.32.63.2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9d1dcb1f-0b15-4265-8c74-0a86fa9209f2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 80.66.196.199", "pattern": "[ipv4-addr:value = '80.66.196.199']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02bb1273-f631-4e5f-8efa-b8d2988c566d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 9dcfab171580b52deae8703157012674", "pattern": "[file:hashes.MD5 = '9dcfab171580b52deae8703157012674']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9117bed-934d-48df-85d9-ada263596945", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38094", "pattern": "[vulnerability:name = 'CVE-2024-38094']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a596d4ad-f688-4e86-81eb-582e0090d5b6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 18.195.61.200", "pattern": "[ipv4-addr:value = '18.195.61.200']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5706ca9-e43f-4a99-b998-414ee276f3dd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 54.255.89.118", "pattern": "[ipv4-addr:value = '54.255.89.118']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1e7d8a53-f177-4743-84f9-b0d892ffdfcf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1beec8cecd28fdf9f7e0fc5fb9226b360934086ded84f69e3d542d1362e3fdf3", "pattern": "[file:hashes.'SHA-256' = '1beec8cecd28fdf9f7e0fc5fb9226b360934086ded84f69e3d542d1362e3fdf3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--048d1282-d02b-40cb-9057-b74586d89e0a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1", "pattern": "[file:hashes.'SHA-256' = '61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--78ed72e1-e5be-499b-bf22-c7bf6451588f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6ce228240458563d73c1c3cbbd04ef15cb7c5badacc78ce331848f5431b406cc", "pattern": "[file:hashes.'SHA-256' = '6ce228240458563d73c1c3cbbd04ef15cb7c5badacc78ce331848f5431b406cc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb748b42-8016-4109-890c-d8ecc3fa8ca4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 95cc0b082fcfc366a7de8030a6325c099d8012533a3234edbdf555df082413c7", "pattern": "[file:hashes.'SHA-256' = '95cc0b082fcfc366a7de8030a6325c099d8012533a3234edbdf555df082413c7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--635ea281-793d-47c1-9c30-3b5b78917b35", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: acb5de5a69c06b7501f86c0522d10fefa9c34776c7535e937e946c6abfc9bbc6", "pattern": "[file:hashes.'SHA-256' = 'acb5de5a69c06b7501f86c0522d10fefa9c34776c7535e937e946c6abfc9bbc6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03e0a7a8-35de-4655-8e83-def8541b021e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d18aa84b7bf0efde9c6b5db2a38ab1ec9484c59c5284c0bd080f5197bf9388b0", "pattern": "[file:hashes.'SHA-256' = 'd18aa84b7bf0efde9c6b5db2a38ab1ec9484c59c5284c0bd080f5197bf9388b0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ff9d89f-d617-484f-8c11-ddb8ebf9e69e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d3a6ed07bd3b52c62411132d060560f9c0c88ce183851f16b632a99b4d4e7581", "pattern": "[file:hashes.'SHA-256' = 'd3a6ed07bd3b52c62411132d060560f9c0c88ce183851f16b632a99b4d4e7581']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ac68e8c-44ff-4468-813a-22ffa6d1526d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e451287843b3927c6046eaabd3e22b929bc1f445eec23a73b1398b115d02e4fb", "pattern": "[file:hashes.'SHA-256' = 'e451287843b3927c6046eaabd3e22b929bc1f445eec23a73b1398b115d02e4fb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc6370c7-b218-479b-8f07-cc11b8775173", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f618b09c0908119399d14f80fc868b002b987006f7c76adbcec1ac11b9208940", "pattern": "[file:hashes.'SHA-256' = 'f618b09c0908119399d14f80fc868b002b987006f7c76adbcec1ac11b9208940']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserializat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c39abc86-22bc-4540-bc03-6fca670f8e62", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-9537", "pattern": "[vulnerability:name = 'CVE-2024-9537']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9537 \u2014 ScienceLogic SL1 Unspecified Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71521d36-fbe2-4114-9cf5-6663369a91c2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-40711", "pattern": "[vulnerability:name = 'CVE-2024-40711']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40711 \u2014 Veeam Backup and Replication Dese", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--74ef75f0-e8fc-4e77-917a-35084a7fd8bd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-35232", "pattern": "[vulnerability:name = 'CVE-2021-35232']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-28987 \u2014 SolarWinds Web Help Desk Hardcode", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--acb7156d-8100-4f1d-88f5-b7360f11b912", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-28987", "pattern": "[vulnerability:name = 'CVE-2024-28987']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-28987 \u2014 SolarWinds Web Help Desk Hardcode", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32a24508-9d48-455a-866a-caafe65f6b22", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-30088", "pattern": "[vulnerability:name = 'CVE-2024-30088']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-30088 \u2014 Microsoft Windows Kernel TOCTOU R", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa38b78b-6e49-4f96-aa92-a8e4d8eab942", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-23113", "pattern": "[vulnerability:name = 'CVE-2024-23113']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10b65add-87b8-4faf-a0ac-8ae99a36d3fa", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-29824", "pattern": "[vulnerability:name = 'CVE-2024-29824']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-29824 \u2014 Ivanti Endpoint Manager (EPM) SQL", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ffd1f6d-3c66-47a4-bde3-a2e2a861e2d2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-8190", "pattern": "[vulnerability:name = 'CVE-2024-8190']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f40a407e-b24f-4687-ae27-20b144cc6511", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-8963", "pattern": "[vulnerability:name = 'CVE-2024-8963']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5994fce2-7108-4210-9425-b0f5f0863fb9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-9379", "pattern": "[vulnerability:name = 'CVE-2024-9379']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--89af20b4-3d61-4a09-96b4-5eedb009727f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-9380", "pattern": "[vulnerability:name = 'CVE-2024-9380']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b1cb8d4-c680-4fc7-b6a8-17063d9f882a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: 189f31ed7d.ipv6.bypass.eu.org", "pattern": "[domain-name:value = '189f31ed7d.ipv6.bypass.eu.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--00e051c5-cffb-4533-92ca-ff2a172257c7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: apiv5.serverbks.xyz", "pattern": "[domain-name:value = 'apiv5.serverbks.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e552b57a-212b-4799-8f35-a2fac564012d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: c67f045c2f.ipv6.1433.eu.org", "pattern": "[domain-name:value = 'c67f045c2f.ipv6.1433.eu.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--340956ad-8e83-4ed8-a6b6-2dc7f9836be9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: iowxuintgredogzgblrsmr2cx2e471bor.oast.fun", "pattern": "[domain-name:value = 'iowxuintgredogzgblrsmr2cx2e471bor.oast.fun']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d42d414-9136-48b3-9383-70e74e2b9fb0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 156.234.193.18", "pattern": "[ipv4-addr:value = '156.234.193.18']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c0572fe-64f3-494c-8c56-beba8b66d9c6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.189.100.197", "pattern": "[ipv4-addr:value = '193.189.100.197']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d3b26de0-bc2c-4c9a-91f5-b4f819f93789", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 206.189.156.69", "pattern": "[ipv4-addr:value = '206.189.156.69']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3a4b765b-ebba-4605-991d-6f3c405fde34", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 208.105.190.170", "pattern": "[ipv4-addr:value = '208.105.190.170']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7fa1f2a7-57b5-4d84-ae1e-e32c541f792c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 216.131.75.52", "pattern": "[ipv4-addr:value = '216.131.75.52']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--99dec379-7499-4b9e-82db-0c58bfdc6a2a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 23.236.66.97", "pattern": "[ipv4-addr:value = '23.236.66.97']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6dfccf1-275e-4f57-bb16-5a758982fd43", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 24.166.100.255", "pattern": "[ipv4-addr:value = '24.166.100.255']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8b600e81-30c8-4b95-b3ba-6e6288498b19", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 3.248.33.252", "pattern": "[ipv4-addr:value = '3.248.33.252']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--046329d9-7c09-4176-9eba-64b33164f71d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.207.159.76", "pattern": "[ipv4-addr:value = '38.207.159.76']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45e52a16-47fe-4374-b673-e8f574b0c2c4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.61.136.189", "pattern": "[ipv4-addr:value = '45.61.136.189']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f002814-5c1c-4d59-9934-707bd3a5bfa0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 51.91.79.17", "pattern": "[ipv4-addr:value = '51.91.79.17']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--676c61bd-3e95-4fe9-ad07-213c04bead97", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 67.217.228.92", "pattern": "[ipv4-addr:value = '67.217.228.92']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2686ae0-b00e-4bdb-ae0d-04047dc3decb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 69.49.88.235", "pattern": "[ipv4-addr:value = '69.49.88.235']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9091dde-38e8-4327-a5a0-0be9eea4aad8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 74.62.81.162", "pattern": "[ipv4-addr:value = '74.62.81.162']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b43035b6-bac0-40c7-966f-22f77b9b0be6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 64efc1aad330ea9d98c0c705e16cd4b3af7e74f8", "pattern": "[file:hashes.'SHA-1' = '64efc1aad330ea9d98c0c705e16cd4b3af7e74f8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--536b11b8-aac4-4a1f-8efb-c1e9f8f9c235", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: beb723a5f20a1a2c4375f9aa250d968d55155689", "pattern": "[file:hashes.'SHA-1' = 'beb723a5f20a1a2c4375f9aa250d968d55155689']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a674c0c5-fdb1-48e4-80df-5c4c7a658d4b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6edd7b3123de985846a805931ca8ee5f6f7ed7b160144aa0e066967bc7c0423a", "pattern": "[file:hashes.'SHA-256' = '6edd7b3123de985846a805931ca8ee5f6f7ed7b160144aa0e066967bc7c0423a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa510217-6a57-4e2e-884e-5658553342ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8d016d02f8fbe25dce76481a90dd0b48630ce9e74e8c31ba007cf133e48b8526", "pattern": "[file:hashes.'SHA-256' = '8d016d02f8fbe25dce76481a90dd0b48630ce9e74e8c31ba007cf133e48b8526']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4bc206d1-f259-494b-8605-5d97134dc4a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d57a2cac394a778e19ce9b926f2e0a71936510798f30d20f207f2a49b49ce7b1", "pattern": "[file:hashes.'SHA-256' = 'd57a2cac394a778e19ce9b926f2e0a71936510798f30d20f207f2a49b49ce7b1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73ba5b34-de71-4bee-a4b6-5ed2009bb5a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38112", "pattern": "[vulnerability:name = 'CVE-2024-38112']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-43573 \u2014 Microsoft Windows MSHTML Platform", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-43461 \u2014 Microsoft Windows MSHTML Platform", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-38112 \u2014 Microsoft Windows MSHTML Platform", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7501dc9-9689-46df-b62b-e75fecad1dce", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-43047", "pattern": "[vulnerability:name = 'CVE-2024-43047']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-43047 \u2014 Qualcomm Multiple Chipsets Use-Af", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--99785318-fbe3-49d7-9e26-1c6f786bcff6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-43461", "pattern": "[vulnerability:name = 'CVE-2024-43461']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-43573 \u2014 Microsoft Windows MSHTML Platform", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-43461 \u2014 Microsoft Windows MSHTML Platform", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--15631628-df27-421e-97b7-588b6e644883", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-43572", "pattern": "[vulnerability:name = 'CVE-2024-43572']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-43572 \u2014 Microsoft Windows Management Cons", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3597578a-e4c2-43fa-9d61-831719ccfd40", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-43573", "pattern": "[vulnerability:name = 'CVE-2024-43573']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-43573 \u2014 Microsoft Windows MSHTML Platform", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e10f9e9-1a85-4cea-8f49-49d1ddf35beb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-45519", "pattern": "[vulnerability:name = 'CVE-2024-45519']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-45519 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9d2e084-5fe1-4cbe-927e-f9ddec41749a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 79.124.49.86", "pattern": "[ipv4-addr:value = '79.124.49.86']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-45519 \u2014 Synacor Zimbra Collaboration Suit", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--762c54e7-505b-4194-95a7-2b0a3369408b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-0344", "pattern": "[vulnerability:name = 'CVE-2019-0344']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2019-0344 \u2014 SAP Commerce Cloud Deserialization", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e341b1c1-d138-48bf-a19e-0f4fbaacbbc3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-14472", "pattern": "[vulnerability:name = 'CVE-2020-14472']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aca37967-137f-4954-8ae7-8466b182eaad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-14993", "pattern": "[vulnerability:name = 'CVE-2020-14993']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--080e9ebe-e6c3-4b0c-967d-5d5b99d35c4e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-15415", "pattern": "[vulnerability:name = 'CVE-2020-15415']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--51a000ac-7211-42c3-8e04-4a3c118ea0ea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-19664", "pattern": "[vulnerability:name = 'CVE-2020-19664']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--847dcfb0-6d14-491f-9d5a-bf00955bbc78", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-8515", "pattern": "[vulnerability:name = 'CVE-2020-8515']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--606718a9-2b0d-4f7d-b633-9eea348e56f7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-42911", "pattern": "[vulnerability:name = 'CVE-2021-42911']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--407c73a9-5999-4aa1-9063-26c48d37252c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-43118", "pattern": "[vulnerability:name = 'CVE-2021-43118']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a13d7b4-5b71-42ab-9686-d9d21e500d49", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-1162", "pattern": "[vulnerability:name = 'CVE-2023-1162']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1a159ce5-d88d-4f51-8374-603b3fd71a28", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-24229", "pattern": "[vulnerability:name = 'CVE-2023-24229']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a360a1ab-bad3-4f22-b676-d53265ff2454", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-25280", "pattern": "[vulnerability:name = 'CVE-2023-25280']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c30269da-4ec2-4d30-9a17-40a501409006", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-41592", "pattern": "[vulnerability:name = 'CVE-2024-41592']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d5307f9-fd87-4675-b6a5-127694905f5d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: zvub.us", "pattern": "[domain-name:value = 'zvub.us']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8eb57a9-67bb-491f-b9bb-8106b879beb8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.225.74.251", "pattern": "[ipv4-addr:value = '185.225.74.251']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8610472-8363-415f-ad91-ddda6fcfeb57", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.44.81.114", "pattern": "[ipv4-addr:value = '185.44.81.114']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--188114c6-b87d-4749-ac3d-5da61cc99d0a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.32.162.189", "pattern": "[ipv4-addr:value = '193.32.162.189']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91118fa9-f0bb-458e-a2e1-84cee03257a5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0d404a27c2f511ea7f4adb8aa150f787b2b1ff36c1b67923d6d1c90179033915", "pattern": "[file:hashes.'SHA-256' = '0d404a27c2f511ea7f4adb8aa150f787b2b1ff36c1b67923d6d1c90179033915']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a124fdfb-f4ab-4c23-b8ae-c4e7a994656f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2d0c8ab6c71743af8667c7318a6d8e16c144ace8df59a681a0a7d48affc05599", "pattern": "[file:hashes.'SHA-256' = '2d0c8ab6c71743af8667c7318a6d8e16c144ace8df59a681a0a7d48affc05599']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7ef3e8b2-91b5-421b-92c6-8bc407b893ca", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 366ddbaa36791cdb99cf7104b0914a258f0c373a94f6cf869f946c7799d5e2c6", "pattern": "[file:hashes.'SHA-256' = '366ddbaa36791cdb99cf7104b0914a258f0c373a94f6cf869f946c7799d5e2c6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--35632438-38be-4d44-ac98-7b6f08043250", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3f427eda4d4e18fb192d585fca1490389a1b5f796f88e7ebf3eceec51018ef4d", "pattern": "[file:hashes.'SHA-256' = '3f427eda4d4e18fb192d585fca1490389a1b5f796f88e7ebf3eceec51018ef4d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c366cfb-741d-4f88-b942-feeb480fa3a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 413e977ae7d359e2ea7fe32db73fa007ee97ee1e9e3c3f0b4163b100b3ec87c2", "pattern": "[file:hashes.'SHA-256' = '413e977ae7d359e2ea7fe32db73fa007ee97ee1e9e3c3f0b4163b100b3ec87c2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e7816ea-aac4-443d-8e06-4395b3eba2f9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 461f59a84ccb4805c4bbd37093df6e8791cdf1151b2746c46678dfe9f89ac79d", "pattern": "[file:hashes.'SHA-256' = '461f59a84ccb4805c4bbd37093df6e8791cdf1151b2746c46678dfe9f89ac79d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba31a9ac-a696-4819-a9b7-a291d7e52401", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4cb8c90d1e1b2d725c2c1366700f11584f5697c9ef50d79e00f7dd2008e989a0", "pattern": "[file:hashes.'SHA-256' = '4cb8c90d1e1b2d725c2c1366700f11584f5697c9ef50d79e00f7dd2008e989a0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e11e380-d2bc-4298-a475-171ddd9d6956", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4f53eb7fbfa5b68cad3a0850b570cbbcb2d4864e62b5bf0492b54bde2bdbe44b", "pattern": "[file:hashes.'SHA-256' = '4f53eb7fbfa5b68cad3a0850b570cbbcb2d4864e62b5bf0492b54bde2bdbe44b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--22c51645-bc0c-4c65-b030-64d466435858", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 888f4a852642ce70197f77e213456ea2b3cfca4a592b94647827ca45adf2a5b8", "pattern": "[file:hashes.'SHA-256' = '888f4a852642ce70197f77e213456ea2b3cfca4a592b94647827ca45adf2a5b8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da88e258-0039-4ce1-8e3f-61c0469b8283", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: aaf446e4e7bfc05a33c8d9e5acf56b1c7e95f2d919b98151ff2db327c333f089", "pattern": "[file:hashes.'SHA-256' = 'aaf446e4e7bfc05a33c8d9e5acf56b1c7e95f2d919b98151ff2db327c333f089']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d585e19-af7d-438a-bd9c-4c73dcd6ebeb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: aed078d3e65b5ff4dd4067ae30da5f3a96c87ec23ec5be44fc85b543c179b777", "pattern": "[file:hashes.'SHA-256' = 'aed078d3e65b5ff4dd4067ae30da5f3a96c87ec23ec5be44fc85b543c179b777']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c21a954-6505-4a4d-a3b1-322aac2f5e6b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b43a8a56c10ba17ddd6fa9a8ce10ab264c6495b82a38620e9d54d66ec8677b0c", "pattern": "[file:hashes.'SHA-256' = 'b43a8a56c10ba17ddd6fa9a8ce10ab264c6495b82a38620e9d54d66ec8677b0c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--621ef69d-fde6-4792-92dd-521b0f15bce9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b45142a2d59d16991a38ea0a112078a6ce42c9e2ee28a74fb2ce7e1edf15dce3", "pattern": "[file:hashes.'SHA-256' = 'b45142a2d59d16991a38ea0a112078a6ce42c9e2ee28a74fb2ce7e1edf15dce3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aab13fa8-7064-41f6-9cc1-67b1cac4e056", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: eca42235a41dbd60615d91d564c91933b9903af2ef3f8356ec4cfff2880a2f19", "pattern": "[file:hashes.'SHA-256' = 'eca42235a41dbd60615d91d564c91933b9903af2ef3f8356ec4cfff2880a2f19']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1e929f9a-7c9f-4388-8cd9-e28a2b14883e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-47076", "pattern": "[vulnerability:name = 'CVE-2024-47076']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Zero-day RCE vulnerability found in CUPS - Common UNIX Print", "url": "https://snyk.io/blog/zero-day-rce-in-cups-vulnerability-sept-2024/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86f4a5ed-8cbb-4024-ab73-be5a8a7a949b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-47175", "pattern": "[vulnerability:name = 'CVE-2024-47175']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Zero-day RCE vulnerability found in CUPS - Common UNIX Print", "url": "https://snyk.io/blog/zero-day-rce-in-cups-vulnerability-sept-2024/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4a1a3d8-dbcf-4630-90cf-6be36670af78", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-47176", "pattern": "[vulnerability:name = 'CVE-2024-47176']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Zero-day RCE vulnerability found in CUPS - Common UNIX Print", "url": "https://snyk.io/blog/zero-day-rce-in-cups-vulnerability-sept-2024/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--114f4f73-f99f-4126-9891-0a104b04c576", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-47177", "pattern": "[vulnerability:name = 'CVE-2024-47177']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Zero-day RCE vulnerability found in CUPS - Common UNIX Print", "url": "https://snyk.io/blog/zero-day-rce-in-cups-vulnerability-sept-2024/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14f98182-b4e0-4794-8f3f-921dfcbfa720", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-7593", "pattern": "[vulnerability:name = 'CVE-2024-7593']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7593 \u2014 Ivanti Virtual Traffic Manager Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a65ee66-041a-4496-a96f-f6f15a3d2958", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: test.vip8025.mom", "pattern": "[domain-name:value = 'test.vip8025.mom']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4802ca0-79e4-4976-8dea-02e94e1b40ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: vip8806.mom", "pattern": "[domain-name:value = 'vip8806.mom']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96522c99-39b8-4b7d-98de-0d6f8ec3db67", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: www.vip8025.mom", "pattern": "[domain-name:value = 'www.vip8025.mom']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--35d0c743-be28-4331-99f0-ad16806b25e7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 156.251.172.80", "pattern": "[ipv4-addr:value = '156.251.172.80']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9d544175-2451-4cd0-8648-6079b072b877", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 195.133.52.87", "pattern": "[ipv4-addr:value = '195.133.52.87']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4dff6897-7668-4d2f-aa7c-e5e858508020", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 8.218.239.22", "pattern": "[ipv4-addr:value = '8.218.239.22']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b28df81-b42c-491f-a291-e59e40d4cc6d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 074739c7ccdee5baef649b7f7cb53668109be8f7e016294b66a5d1469803e42b", "pattern": "[file:hashes.'SHA-256' = '074739c7ccdee5baef649b7f7cb53668109be8f7e016294b66a5d1469803e42b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca1ba20a-e9a8-4a18-a355-97135e704c6f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4c86e8c21451074a52cc8d60a262c683aaf4cb6b2634fea8efdd866ea2dbd3aa", "pattern": "[file:hashes.'SHA-256' = '4c86e8c21451074a52cc8d60a262c683aaf4cb6b2634fea8efdd866ea2dbd3aa']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9acaef6-7f9a-4b13-823d-b21d880f3d8d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 61928ff36c5d8983853ec2f411860b97231729f047527434d3b2db8bf0b42d25", "pattern": "[file:hashes.'SHA-256' = '61928ff36c5d8983853ec2f411860b97231729f047527434d3b2db8bf0b42d25']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--110221cf-fd39-4932-9d6a-c4ca8978cc0c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7798b45ffc488356f7253805dc9c8d2210552bee39db9082f772185430360574", "pattern": "[file:hashes.'SHA-256' = '7798b45ffc488356f7253805dc9c8d2210552bee39db9082f772185430360574']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0c7cef5e-b63b-4164-a923-35ce7a402a08", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9f97997581f513166aae47b3664ca23c4f4ea90c24916874ff82891e2cd6e01e", "pattern": "[file:hashes.'SHA-256' = '9f97997581f513166aae47b3664ca23c4f4ea90c24916874ff82891e2cd6e01e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e9f9b34-d608-45c1-ba81-bf04a8a6693f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: af3f4ece0d98999077cef265c1af9610b96cb7cf3264c115cc6c210cdd9636fe", "pattern": "[file:hashes.'SHA-256' = 'af3f4ece0d98999077cef265c1af9610b96cb7cf3264c115cc6c210cdd9636fe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--940e2a2e-d1a8-473a-ae77-c24c8773051b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c64bd109100aac96eba627ca94c1161c8329378e3e8c75a1763c26b70c921891", "pattern": "[file:hashes.'SHA-256' = 'c64bd109100aac96eba627ca94c1161c8329378e3e8c75a1763c26b70c921891']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06cd25c2-4943-4a07-97c1-1d2dcba2ff0f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: cae96b72244855a3d98a42bb3f65daab1cd06e9be638553e2ebf1f8a66b5cc8a", "pattern": "[file:hashes.'SHA-256' = 'cae96b72244855a3d98a42bb3f65daab1cd06e9be638553e2ebf1f8a66b5cc8a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7c8fcd2-0f7f-4dbe-91c5-8cdca8f11427", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2019-1068", "pattern": "[vulnerability:name = 'CVE-2019-1068']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-0618 \u2014 Microsoft SQL Server Reporting Ser", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d9e43b5-ea89-4736-a979-183e7e0a5fa4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-0618", "pattern": "[vulnerability:name = 'CVE-2020-0618']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-0618 \u2014 Microsoft SQL Server Reporting Ser", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6612eb5-3d5d-4d0a-ab31-cd16eaac8e41", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-14644", "pattern": "[vulnerability:name = 'CVE-2020-14644']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-14644 \u2014 Oracle WebLogic Server Remote Cod", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2022-21445 \u2014 Oracle ADF Faces Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e139053-3ce7-44cb-938a-c06858262e6f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-21445", "pattern": "[vulnerability:name = 'CVE-2022-21445']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-21445 \u2014 Oracle ADF Faces Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17b70188-69dd-4463-98a7-c53ead14d655", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-21497", "pattern": "[vulnerability:name = 'CVE-2022-21497']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-21445 \u2014 Oracle ADF Faces Deserialization ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f647080a-7d68-46a7-a28d-8c9432f087a7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-27348", "pattern": "[vulnerability:name = 'CVE-2024-27348']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-27348 \u2014 Apache HugeGraph-Server Improper ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bba1126c-f9c0-4e48-bd9d-91779e7d49f0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2013-0643", "pattern": "[vulnerability:name = 'CVE-2013-0643']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-0643 \u2014 Adobe Flash Player Incorrect Defau", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e62792ad-7aab-4534-ba5c-55773e7280e3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2013-0648", "pattern": "[vulnerability:name = 'CVE-2013-0648']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2013-0648 \u2014 Adobe Flash Player Code Execution ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2013-0643 \u2014 Adobe Flash Player Incorrect Defau", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf6c12ee-3af8-4343-93ad-112126b8f6ab", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2014-0502", "pattern": "[vulnerability:name = 'CVE-2014-0502']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--41a01007-9a1f-4e85-83c4-3b734a254022", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: adservice.no-ip.org", "pattern": "[domain-name:value = 'adservice.no-ip.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff51a5c4-b70c-46a3-b7d8-348aacee0fe2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: giftserv.hopto.org", "pattern": "[domain-name:value = 'giftserv.hopto.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--114a6d86-c2d2-4723-ad05-e5fb4c68a2a8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: ids.ns01.us", "pattern": "[domain-name:value = 'ids.ns01.us']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcf71b37-741d-49c2-a309-df190edff33d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: java.ns1.name", "pattern": "[domain-name:value = 'java.ns1.name']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ce3eee8-d8aa-4421-bd52-04664eeac239", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: static.5ljob.net", "pattern": "[domain-name:value = 'static.5ljob.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a58ac268-f59f-466c-a19e-6b68b08525bc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: wmi.ns01.us", "pattern": "[domain-name:value = 'wmi.ns01.us']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aebde624-f598-4af1-961b-1a576d6b1fb9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.246.246.103", "pattern": "[ipv4-addr:value = '103.246.246.103']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17f7e124-983e-41ed-abd8-9d5ad6b25cd8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 192.74.246.219", "pattern": "[ipv4-addr:value = '192.74.246.219']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0d35401-47e6-4942-964b-d789bfba20cf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.183.224.75", "pattern": "[ipv4-addr:value = '194.183.224.75']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--934222cd-2c63-4c3a-b589-a9c9f80c8f51", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 74.126.177.68", "pattern": "[ipv4-addr:value = '74.126.177.68']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e844697e-4e85-4f21-960c-1f11095303c9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9d4a89cdefc71e9bfadc7566d2d9d9d2bdf7dc2847df4fcbf01e0a342ab5eead", "pattern": "[file:hashes.'SHA-256' = '9d4a89cdefc71e9bfadc7566d2d9d9d2bdf7dc2847df4fcbf01e0a342ab5eead']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vul", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--329456c9-2da6-44e3-bb5f-f2655a144e65", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-6670", "pattern": "[vulnerability:name = 'CVE-2024-6670']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8f271ac-eec2-47e2-a6a4-d7dddf8cb123", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-6671", "pattern": "[vulnerability:name = 'CVE-2024-6671']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f26aeea0-a62a-433f-8b11-4e734d281c6e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 8c69830a50fb85d8a794fa46643493b2", "pattern": "[file:hashes.MD5 = '8c69830a50fb85d8a794fa46643493b2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6d129f3-8755-4676-86c6-a24c9539cd53", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: bbcf7a68f4164a9f5f5cb2d9f30d9790", "pattern": "[file:hashes.MD5 = 'bbcf7a68f4164a9f5f5cb2d9f30d9790']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34e7e267-ab7c-435f-bc3c-65d061e51a55", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0", "pattern": "[file:hashes.'SHA-256' = 'c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injectio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4518189-5bb1-441f-96b5-ddcca4581f0a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6edd7b3123de985846a805931ca8ee5f5f7ed7b160144aa0e066967bc7c0423a", "pattern": "[file:hashes.'SHA-256' = '6edd7b3123de985846a805931ca8ee5f5f7ed7b160144aa0e066967bc7c0423a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--efa4601d-c283-4f6d-9853-b092303649dc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38014", "pattern": "[vulnerability:name = 'CVE-2024-38014']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38014 \u2014 Microsoft Windows Installer Impro", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a8408457-5138-472d-9413-ff103045c54d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38217", "pattern": "[vulnerability:name = 'CVE-2024-38217']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38217 \u2014 Microsoft Windows Mark of the Web", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a510d93-1a60-4daf-b1e8-f17da87121de", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 11dadc71018027c7e005a70c306532e5ea7abdc389964cbc85cf3b79f97f6b44", "pattern": "[file:hashes.'SHA-256' = '11dadc71018027c7e005a70c306532e5ea7abdc389964cbc85cf3b79f97f6b44']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38217 \u2014 Microsoft Windows Mark of the Web", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7316db2b-eaef-4d5e-8d44-91bb3284c586", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4e213bd0a127f1bb24c4c0d971c2727097b04eed9c6e62a57110d168ccc3ba10", "pattern": "[file:hashes.'SHA-256' = '4e213bd0a127f1bb24c4c0d971c2727097b04eed9c6e62a57110d168ccc3ba10']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38217 \u2014 Microsoft Windows Mark of the Web", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04f29eb6-f9f3-4841-a0a6-9e3ebfb067ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ba35b8b4346b79b8bb4f97360025cb6befaf501b03149a3b5fef8f07bdf265c7", "pattern": "[file:hashes.'SHA-256' = 'ba35b8b4346b79b8bb4f97360025cb6befaf501b03149a3b5fef8f07bdf265c7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38217 \u2014 Microsoft Windows Mark of the Web", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b51898cf-9cfb-4bb9-bd97-b668f76aff7d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2016-3714", "pattern": "[vulnerability:name = 'CVE-2016-3714']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2016-3714 \u2014 ImageMagick Improper Input Validat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9d6d69b7-9643-4f38-8c97-ddff97e3b3a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2017-1000253", "pattern": "[vulnerability:name = 'CVE-2017-1000253']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2017-1000253 \u2014 Linux Kernel PIE Stack Buffer C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f16bfb93-8063-4532-9714-181d3a983cf7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.194.11.34", "pattern": "[ipv4-addr:value = '104.194.11.34']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53814c90-f0ff-4d9f-9e91-de6677850031", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 107.155.93.154", "pattern": "[ipv4-addr:value = '107.155.93.154']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3858690b-8507-4f5a-9a14-e40b1eb99df1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 107.175.102.58", "pattern": "[ipv4-addr:value = '107.175.102.58']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da788dc6-ed8f-4181-987b-70daf637bcd0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 144.168.41.74", "pattern": "[ipv4-addr:value = '144.168.41.74']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9e1694c-6045-4b31-8a09-b1f10f3028fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 155.117.117.34", "pattern": "[ipv4-addr:value = '155.117.117.34']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ffb06a5b-e414-4faf-8f07-77c8ce502f1d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 162.210.196.101", "pattern": "[ipv4-addr:value = '162.210.196.101']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b680ae3d-4e88-478d-ab6b-f73592f4d6f6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.174.100.199", "pattern": "[ipv4-addr:value = '185.174.100.199']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d8f3e6db-6bf3-4715-89f6-a0ed51457103", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.181.230.108", "pattern": "[ipv4-addr:value = '185.181.230.108']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--351e411a-9b3d-4cb6-a0b7-811f0470e14f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.33.86.2", "pattern": "[ipv4-addr:value = '185.33.86.2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aaa81e8c-5587-4f8a-beb6-d45415113921", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.163.194.7", "pattern": "[ipv4-addr:value = '193.163.194.7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1660d2b9-136d-46e1-85b4-eacb6ab20483", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.239.236.149", "pattern": "[ipv4-addr:value = '193.239.236.149']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d1150af3-586b-4abd-bf15-fc641596dfb5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.29.63.226", "pattern": "[ipv4-addr:value = '193.29.63.226']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4289690d-d3bb-40a1-b153-cc0afc585fea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 194.33.45.194", "pattern": "[ipv4-addr:value = '194.33.45.194']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65f53380-c779-4d3f-9402-cf560ddd6671", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 206.168.190.143", "pattern": "[ipv4-addr:value = '206.168.190.143']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--49b86fcf-1f80-49a0-a198-fe4481e60298", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 207.188.6.17", "pattern": "[ipv4-addr:value = '207.188.6.17']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c249b8-694f-4117-8ad4-17f855d516e1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 23.94.54.125", "pattern": "[ipv4-addr:value = '23.94.54.125']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--969b96f4-4f7e-4d6c-978b-a72d1e891160", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 31.222.247.64", "pattern": "[ipv4-addr:value = '31.222.247.64']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--678bc4e4-7c7d-416f-9343-c288bb63dfec", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.114.123.167", "pattern": "[ipv4-addr:value = '38.114.123.167']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4505a82-5388-415a-a6fc-e51a275c1bbd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 38.114.123.229", "pattern": "[ipv4-addr:value = '38.114.123.229']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6150f65-3985-4b79-8da7-1c07f1d65ca7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.55.76.210", "pattern": "[ipv4-addr:value = '45.55.76.210']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a93bb954-19ea-4816-9e79-915fedf9ddf7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.56.163.58", "pattern": "[ipv4-addr:value = '45.56.163.58']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5c428d6-29c9-4a16-8d51-666334902d52", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.66.249.93", "pattern": "[ipv4-addr:value = '45.66.249.93']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c3cb0ab-9db1-44ba-9ecb-5d0c1adee98c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 62.76.147.106", "pattern": "[ipv4-addr:value = '62.76.147.106']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97619413-ce22-4a61-8342-8300f51cf913", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 77.247.126.239", "pattern": "[ipv4-addr:value = '77.247.126.239']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0c072cb1-4137-446e-b9a1-62db55a33a9c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 79.141.160.33", "pattern": "[ipv4-addr:value = '79.141.160.33']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72f21734-434e-430e-ab4c-cf80f518edcf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 79.141.173.235", "pattern": "[ipv4-addr:value = '79.141.173.235']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--723a1277-0e96-4b8c-9fca-fb0c50e52da7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 83.229.17.123", "pattern": "[ipv4-addr:value = '83.229.17.123']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--95bbf0a7-5a23-46f9-831e-c3a26efc7a81", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 83.229.17.135", "pattern": "[ipv4-addr:value = '83.229.17.135']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4417fc64-c03f-4a8d-81d2-f697ac3e9545", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 83.229.17.148", "pattern": "[ipv4-addr:value = '83.229.17.148']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--36f34d1d-c33b-4d49-ad43-2af980b048a9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.191.214.170", "pattern": "[ipv4-addr:value = '91.191.214.170']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0ecdaa3-1ac8-487f-9135-358789b08ac5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-0568", "pattern": "[vulnerability:name = 'CVE-2023-0568']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What you should know about PHP code security", "url": "https://snyk.io/blog/php-code-security/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--47e288a3-d7e2-4890-bc4d-c72bf63f20f5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-0662", "pattern": "[vulnerability:name = 'CVE-2023-0662']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What you should know about PHP code security", "url": "https://snyk.io/blog/php-code-security/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--26ec094b-1a50-4102-b5b2-8ddc2e286c67", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-3823", "pattern": "[vulnerability:name = 'CVE-2023-3823']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "What you should know about PHP code security", "url": "https://snyk.io/blog/php-code-security/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8c67bb4-d044-4b3b-b00f-4419decd583a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-20124", "pattern": "[vulnerability:name = 'CVE-2021-20124']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-20124 \u2014 Draytek VigorConnect Path Travers", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a216656b-171c-406b-997c-c38d7be38421", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-7262", "pattern": "[vulnerability:name = 'CVE-2024-7262']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--201026e4-6bec-444e-9b1c-1cce9693a327", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-7263", "pattern": "[vulnerability:name = 'CVE-2024-7263']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec692d4f-3222-464e-9b7e-93ee3399dbe9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: rammenale.com", "pattern": "[domain-name:value = 'rammenale.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--52d065c5-bce9-4613-bc33-f220dbe69ff7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 131.153.206.231", "pattern": "[ipv4-addr:value = '131.153.206.231']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1cb7a79e-e1a9-48e0-ac84-83712e9a8492", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 162.222.214.48", "pattern": "[ipv4-addr:value = '162.222.214.48']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b1a251b-2ce7-4610-a111-d8e6c67cd943", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 9f88234068d7abad65979eb1df63efb5", "pattern": "[file:hashes.MD5 = '9f88234068d7abad65979eb1df63efb5']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3740b142-6bcf-44c1-9a19-8ed05221dd43", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: b14ef85a60ac71c669cc960bdf580144", "pattern": "[file:hashes.MD5 = 'b14ef85a60ac71c669cc960bdf580144']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2b8285b-7320-430d-ad2d-13b951ca569d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 08906644b0ef1ee6478c45a6e0dd28533a9efc29", "pattern": "[file:hashes.'SHA-1' = '08906644b0ef1ee6478c45a6e0dd28533a9efc29']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--620b2f35-5dc0-4f50-8cd1-78806fdb9268", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 7509b4c506c01627c1a4c396161d07277f044ac6", "pattern": "[file:hashes.'SHA-1' = '7509b4c506c01627c1a4c396161d07277f044ac6']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4cd8e416-0eda-4870-9d42-2d33e43de10d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 6174276f94219bc386bdc628ca18eaec261998b7bd03077562fe93c268b42446", "pattern": "[file:hashes.'SHA-256' = '6174276f94219bc386bdc628ca18eaec261998b7bd03077562fe93c268b42446']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0797974-8524-4946-a1a1-77509c045aa5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 861911e953e6fd0a015b3a91a7528a388a535c83f4b9a5cf7366b8209d2f00c3", "pattern": "[file:hashes.'SHA-256' = '861911e953e6fd0a015b3a91a7528a388a535c83f4b9a5cf7366b8209d2f00c3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fde6b3fe-7752-4dd9-95db-df776f047029", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-22965", "pattern": "[vulnerability:name = 'CVE-2022-22965']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "The persistent threat: Why major vulnerabilities like Log4Sh", "url": "https://snyk.io/blog/log4shell-spring4shell-threat/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3e42891-802c-429e-b8c6-0f0d97b9d6d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-7965", "pattern": "[vulnerability:name = 'CVE-2024-7965']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7965 \u2014 Google Chromium V8 Inappropriate I", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7fc418d2-9b1a-4f9f-ba12-dfb983b8ecd1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-32113", "pattern": "[vulnerability:name = 'CVE-2024-32113']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38856 \u2014 Apache OFBiz Incorrect Authorizat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-32113 \u2014 Apache OFBiz Path Traversal Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ccd00df-4216-4426-81a2-9e7f936c2e69", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-36104", "pattern": "[vulnerability:name = 'CVE-2024-36104']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38856 \u2014 Apache OFBiz Incorrect Authorizat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cb2ab5d3-fec8-4603-ace5-89ee95d9dab6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38856", "pattern": "[vulnerability:name = 'CVE-2024-38856']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38856 \u2014 Apache OFBiz Incorrect Authorizat", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e73584f5-a224-4bb0-8f2b-048f8b745dd0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-21338", "pattern": "[vulnerability:name = 'CVE-2024-21338']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-38193 \u2014 Microsoft Windows Ancillary Funct", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2fe73dc3-92cd-4025-8c8d-52311ae8854e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38106", "pattern": "[vulnerability:name = 'CVE-2024-38106']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb7ae71e-5ad2-459e-8d2d-1576d5620b76", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38193", "pattern": "[vulnerability:name = 'CVE-2024-38193']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-38193 \u2014 Microsoft Windows Ancillary Funct", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ec16ab9-f273-485a-a6e5-fbe9dd931f52", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-7971", "pattern": "[vulnerability:name = 'CVE-2024-7971']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0fe7da23-8acd-48bd-a308-2060a1295a55", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: voyagorclub.space", "pattern": "[domain-name:value = 'voyagorclub.space']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6fabb20e-c053-4078-9924-121e2ec1427d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: weinsteinfrog.com", "pattern": "[domain-name:value = 'weinsteinfrog.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f016f72d-0350-4fd6-a46b-085b737cbd35", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-39717", "pattern": "[vulnerability:name = 'CVE-2024-39717']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-39717 \u2014 Versa Director Dangerous File Typ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f35a5240-0114-4481-afd1-7cf1e70e414d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4bcedac20a75e8f8833f4725adfc87577c32990c3783bf6c743f14599a176c37", "pattern": "[file:hashes.'SHA-256' = '4bcedac20a75e8f8833f4725adfc87577c32990c3783bf6c743f14599a176c37']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-39717 \u2014 Versa Director Dangerous File Typ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80306b33-9d12-44d1-b91e-731f2de0cc38", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-31196", "pattern": "[vulnerability:name = 'CVE-2021-31196']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-31196 \u2014 Microsoft Exchange Server Informa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e17c137-921f-4f79-8098-21c121e72660", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-33045", "pattern": "[vulnerability:name = 'CVE-2021-33045']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2021-33045 \u2014 Dahua IP Camera Authentication By", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90ddea5c-7645-4ebc-9937-5f546de8b0e3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-0185", "pattern": "[vulnerability:name = 'CVE-2022-0185']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-0185 \u2014 Linux Kernel Heap-Based Buffer Ove", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--afb4d5a4-a824-4a72-a49a-2002ebb71933", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-23897", "pattern": "[vulnerability:name = 'CVE-2024-23897']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23897 \u2014 Jenkins Command Line Interface (C", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8162c674-c692-4a41-b78f-e93216f3e73e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-28986", "pattern": "[vulnerability:name = 'CVE-2024-28986']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-28986 \u2014 SolarWinds Web Help Desk Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9491ebc5-dc67-4fb9-9dd6-6f04fccab4ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-1380", "pattern": "[vulnerability:name = 'CVE-2020-1380']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38178 \u2014 Microsoft Windows Scripting Engin", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2ab37c65-63a6-4f5e-ac45-f8a02ad64f54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-41128", "pattern": "[vulnerability:name = 'CVE-2022-41128']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38178 \u2014 Microsoft Windows Scripting Engin", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d392ced-164f-44c6-b1ba-33b02f505637", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-36025", "pattern": "[vulnerability:name = 'CVE-2023-36025']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5242065a-0eef-47d5-972a-e8543c7ec8b4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-21412", "pattern": "[vulnerability:name = 'CVE-2024-21412']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9d4bd503-74d2-4db6-804e-496d95cc5299", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-29988", "pattern": "[vulnerability:name = 'CVE-2024-29988']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2fee479f-fb94-4b1b-934a-600ccec2f117", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38107", "pattern": "[vulnerability:name = 'CVE-2024-38107']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38107 \u2014 Microsoft Windows Power Dependenc", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0aeb1450-d58d-4ee6-b16d-ab7498cbcc03", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38178", "pattern": "[vulnerability:name = 'CVE-2024-38178']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38178 \u2014 Microsoft Windows Scripting Engin", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c859b72c-209d-4b45-800d-73a3a36ae68e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38189", "pattern": "[vulnerability:name = 'CVE-2024-38189']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38189 \u2014 Microsoft Project Remote Code Exe", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--331c9045-930a-4ecf-8180-d02e47d031cb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38213", "pattern": "[vulnerability:name = 'CVE-2024-38213']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee5945c0-a253-4359-937e-3dbe23ad23d8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: e11bb2478930d0b5f6c473464f2a2b6e", "pattern": "[file:hashes.MD5 = 'e11bb2478930d0b5f6c473464f2a2b6e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38178 \u2014 Microsoft Windows Scripting Engin", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9061247f-573b-4bd9-8dac-961f6435d30f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1277b7f12af65d3590f7e06672413698255214dfab3bdf7668d5846577c00368", "pattern": "[file:hashes.'SHA-256' = '1277b7f12af65d3590f7e06672413698255214dfab3bdf7668d5846577c00368']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f736e0c-88d9-49ca-997c-0bf114006341", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 49bef5b4b64221297f90380092f6eba6014d81f6f517e82e42f4906087b20d19", "pattern": "[file:hashes.'SHA-256' = '49bef5b4b64221297f90380092f6eba6014d81f6f517e82e42f4906087b20d19']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ac82600-7715-4e18-b5f9-d2da47259dee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 736092b71a9686fde43d3c4abd941a6774721b90b17d946c9d05af19c84df0a4", "pattern": "[file:hashes.'SHA-256' = '736092b71a9686fde43d3c4abd941a6774721b90b17d946c9d05af19c84df0a4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38178 \u2014 Microsoft Windows Scripting Engin", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--342998ce-1f60-4085-bd95-7a76e050a286", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: bb2f8dff11bd99bcfbc0544d29a5e690701fc242c8188e68192371768bec6f7d", "pattern": "[file:hashes.'SHA-256' = 'bb2f8dff11bd99bcfbc0544d29a5e690701fc242c8188e68192371768bec6f7d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Sec", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe15d848-286a-4654-baca-3857f539b45f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-36971", "pattern": "[vulnerability:name = 'CVE-2024-36971']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36971 \u2014 Android Kernel Remote Code Execut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4749ce9f-cf07-43ec-b9aa-1900afef9a89", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2018-0824", "pattern": "[vulnerability:name = 'CVE-2018-0824']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--43a69832-4e6b-4541-9a64-346686945a53", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: w2.chatgptsfit.com", "pattern": "[domain-name:value = 'w2.chatgptsfit.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--470ea91a-ddba-431d-b846-f8603bd8b7c3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.56.114.69", "pattern": "[ipv4-addr:value = '103.56.114.69']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f709931d-250a-426b-9893-b932220b59c4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 103.96.131.84", "pattern": "[ipv4-addr:value = '103.96.131.84']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4627e9f8-7cff-4bbc-9c11-67eb3318b348", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.85.76.10", "pattern": "[ipv4-addr:value = '45.85.76.10']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65e33abd-7536-4c99-9f59-c912168de1a4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 45.85.76.18", "pattern": "[ipv4-addr:value = '45.85.76.18']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d2a29f6d-c8bc-4e85-816c-453fff982e43", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 58.64.204.145", "pattern": "[ipv4-addr:value = '58.64.204.145']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d80f6481-bb4c-45cb-b434-cb7768e542dc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 027443e516eabfc15ebf76a954c2c61e", "pattern": "[file:hashes.MD5 = '027443e516eabfc15ebf76a954c2c61e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--655a0975-ad5b-46cc-9a4c-3f0f87543eba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 1647a2c92fc799bd83b0ee33c98ad187", "pattern": "[file:hashes.MD5 = '1647a2c92fc799bd83b0ee33c98ad187']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f11810c5-98a6-4fac-a86e-fc07cbd6e031", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 2c66bf055c6349408bf00ec3925cb678", "pattern": "[file:hashes.MD5 = '2c66bf055c6349408bf00ec3925cb678']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d349688-ac15-4e0d-a552-82d3da3ac267", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 549d5b936e77f1067feb4e395f6f7b61", "pattern": "[file:hashes.MD5 = '549d5b936e77f1067feb4e395f6f7b61']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58f113fe-9ba6-4b3c-bc5f-b416b8e71d33", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 623ac8801fb147ddc30c563f743441e0", "pattern": "[file:hashes.MD5 = '623ac8801fb147ddc30c563f743441e0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5aec31ed-f861-4a92-b2df-f6d5720db6f3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 9ccb2f877777f3db8b1cb58440168ebd", "pattern": "[file:hashes.MD5 = '9ccb2f877777f3db8b1cb58440168ebd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4713a893-a11b-4a2c-8fb9-f6985fe941a1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: b39d28b5dc1770ece081b96a561511a0", "pattern": "[file:hashes.MD5 = 'b39d28b5dc1770ece081b96a561511a0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0676a82a-9a05-4791-976a-dc1a0449f50e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: ccdcad8c74aac5c706cbad7e7ce085d1", "pattern": "[file:hashes.MD5 = 'ccdcad8c74aac5c706cbad7e7ce085d1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--874c5d8e-603d-4412-add5-dc15c09bf757", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 03501f7b4f398c682d1de2dc0c503e17f0212afe", "pattern": "[file:hashes.'SHA-1' = '03501f7b4f398c682d1de2dc0c503e17f0212afe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--819984d6-36f8-4fa4-900d-25e3417c2f9b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2634e0eec33e7fbf734f1a13b023ab8952fe6f03", "pattern": "[file:hashes.'SHA-1' = '2634e0eec33e7fbf734f1a13b023ab8952fe6f03']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34508c8d-bbc3-4f31-aa09-b57d30eec4fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2adc28beb14583064d63819b3619794d58734d69", "pattern": "[file:hashes.'SHA-1' = '2adc28beb14583064d63819b3619794d58734d69']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6883e0b2-614b-4751-81e7-693aa83e7033", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 4826fe7edbbfe546253c168e0f652e1500bb70bc", "pattern": "[file:hashes.'SHA-1' = '4826fe7edbbfe546253c168e0f652e1500bb70bc']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53fc61fc-a699-49a9-923e-8de0ca77b0fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 884c36c7f146a4ac8941b8227a150daaf9b95dc7", "pattern": "[file:hashes.'SHA-1' = '884c36c7f146a4ac8941b8227a150daaf9b95dc7']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f6db22e-f492-4d2f-805b-8898de50b33e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: d594fb3a164a8adc678086c52d2422e7c9272ebe", "pattern": "[file:hashes.'SHA-1' = 'd594fb3a164a8adc678086c52d2422e7c9272ebe']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2bc5d2-5e41-447d-ba0f-d63cd8d00be8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: d8d7922a550db6afd661b74eaa97c8f59c76cf21", "pattern": "[file:hashes.'SHA-1' = 'd8d7922a550db6afd661b74eaa97c8f59c76cf21']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b800f892-a09b-4c6d-a7d3-29d9fde371ed", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: f6aae5d8deaa50cbec0503e8219ea5ba0f26db8b", "pattern": "[file:hashes.'SHA-1' = 'f6aae5d8deaa50cbec0503e8219ea5ba0f26db8b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8a46262-f418-4905-80e5-d42de267ca24", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 087c475a1b5b36b7939f5ff12dc711ba591dd2c4227ccaa28d322425ef4d0d4c", "pattern": "[file:hashes.'SHA-256' = '087c475a1b5b36b7939f5ff12dc711ba591dd2c4227ccaa28d322425ef4d0d4c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e5e827e-75e6-426c-922a-2dfa6ee1c3e4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0ff80e4db32d1d45a0c2afdfd7a1be961c0fbd9d43613a22a989f9024cc1b1e9", "pattern": "[file:hashes.'SHA-256' = '0ff80e4db32d1d45a0c2afdfd7a1be961c0fbd9d43613a22a989f9024cc1b1e9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b2c0ab1-c556-4ec3-98e0-06e72de98b6a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2149d481b863bec2240ffb64c68f7fb437458885c903a7b0c21aa44f88a69d86", "pattern": "[file:hashes.'SHA-256' = '2149d481b863bec2240ffb64c68f7fb437458885c903a7b0c21aa44f88a69d86']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--35afcf29-6d34-4828-b053-acda546390a4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2e46fcadacfe9e2a63cfc18d95d5870de8b3414462bf14ba9e7c517678f235c9", "pattern": "[file:hashes.'SHA-256' = '2e46fcadacfe9e2a63cfc18d95d5870de8b3414462bf14ba9e7c517678f235c9']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ffe98670-b1c9-4fb8-a015-b110ba7187d9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd", "pattern": "[file:hashes.'SHA-256' = '386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3b7b140f-50b4-4cd5-ac51-836600dd218a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 756ceb563d9283df1fd03252aee9e9621cd2cc7ddb45f596e16660fed1dd6442", "pattern": "[file:hashes.'SHA-256' = '756ceb563d9283df1fd03252aee9e9621cd2cc7ddb45f596e16660fed1dd6442']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cbe0399b-1494-446a-84b4-607d4a129f89", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9dc827fb1c2e3c12ee39aa5ccf3b31f64051e0cdda9d2ac54caee6b235f52640", "pattern": "[file:hashes.'SHA-256' = '9dc827fb1c2e3c12ee39aa5ccf3b31f64051e0cdda9d2ac54caee6b235f52640']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9dc0611-101e-42ee-9163-618af436096c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: abb2fe1f67a48b931258e47531884ca5502cec73996e686ca82eeba536258f67", "pattern": "[file:hashes.'SHA-256' = 'abb2fe1f67a48b931258e47531884ca5502cec73996e686ca82eeba536258f67']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d63831e-bfdb-420f-a8ac-a772f513975a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: eba3138d0f3d2385b55b08d8886b1018834d194440691d33d612402ba8a11d28", "pattern": "[file:hashes.'SHA-256' = 'eba3138d0f3d2385b55b08d8886b1018834d194440691d33d612402ba8a11d28']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserial", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0eba2d3-577a-4821-a1e7-8fb2b3887ab6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-24762", "pattern": "[vulnerability:name = 'CVE-2024-24762']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "A denial of service Regex breaks FastAPI security", "url": "https://snyk.io/blog/dos-regex-breaks-fastapi-security/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0e25890-f5d9-47f2-80a2-52a3c381541a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-28252", "pattern": "[vulnerability:name = 'CVE-2023-28252']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-37085 \u2014 VMware ESXi Authentication Bypass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4753f41a-504b-4263-b394-566284b3f959", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-37085", "pattern": "[vulnerability:name = 'CVE-2024-37085']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-37085 \u2014 VMware ESXi Authentication Bypass", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b7731f9-8318-4fce-aaaf-79ed7915d2e2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-45249", "pattern": "[vulnerability:name = 'CVE-2023-45249']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2023-45249 \u2014 Acronis Cyber Infrastructure (ACI", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3c4b32d-3d27-4b48-8b22-169c38a29052", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-4879", "pattern": "[vulnerability:name = 'CVE-2024-4879']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-5217 \u2014 ServiceNow Incomplete List of Disa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-4879 \u2014 ServiceNow Improper Input Validati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b5711c4-34a0-4d37-becc-7f2cf9b4e491", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-5178", "pattern": "[vulnerability:name = 'CVE-2024-5178']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-5217 \u2014 ServiceNow Incomplete List of Disa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-4879 \u2014 ServiceNow Improper Input Validati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90537d4f-2c7d-4a7a-9384-80ad6247830f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-5217", "pattern": "[vulnerability:name = 'CVE-2024-5217']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-5217 \u2014 ServiceNow Incomplete List of Disa", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "source_name": "CISA KEV: CVE-2024-4879 \u2014 ServiceNow Improper Input Validati", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--818543ad-b25d-4d5e-9863-8c9577247a16", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2012-4792", "pattern": "[vulnerability:name = 'CVE-2012-4792']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2012-4792 \u2014 Microsoft Internet Explorer Use-Af", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61158532-c249-4d02-a4ff-5378540fe467", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-39891", "pattern": "[vulnerability:name = 'CVE-2024-39891']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-39891 \u2014 Twilio Authy Information Disclosu", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--beedee31-311b-47a9-a4bf-22c81b9b4d94", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 48d56ec320ecf6c54a87a7540cf21340", "pattern": "[file:hashes.MD5 = '48d56ec320ecf6c54a87a7540cf21340']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2012-4792 \u2014 Microsoft Internet Explorer Use-Af", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c596eb8d-76dd-4e96-a758-37203ba4f8ce", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2b9f1a858bb8cc18dc1e2184a872c183c327d3d4", "pattern": "[file:hashes.'SHA-1' = '2b9f1a858bb8cc18dc1e2184a872c183c327d3d4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2012-4792 \u2014 Microsoft Internet Explorer Use-Af", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7508261-f533-4011-92c0-97503592ba7f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: ac335a4894485859d2cfd24b816f6929831c1e844164ceb2f90cbab5fa671965", "pattern": "[file:hashes.'SHA-256' = 'ac335a4894485859d2cfd24b816f6929831c1e844164ceb2f90cbab5fa671965']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2012-4792 \u2014 Microsoft Internet Explorer Use-Af", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--806e3c08-baba-4716-b75d-cec26709e598", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-22948", "pattern": "[vulnerability:name = 'CVE-2022-22948']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-22948 \u2014 VMware vCenter Server Incorrect D", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7aca2684-fe1b-4c42-bf85-1bb0e69a19fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-20867", "pattern": "[vulnerability:name = 'CVE-2023-20867']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-22948 \u2014 VMware vCenter Server Incorrect D", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db155473-d6ed-456c-9b3b-3082267c89d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-28995", "pattern": "[vulnerability:name = 'CVE-2024-28995']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-28995 \u2014 SolarWinds Serv-U Path Traversal ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b018b372-13d2-426b-8013-f069e181f617", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-2961", "pattern": "[vulnerability:name = 'CVE-2024-2961']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--93865314-5130-4cba-ad5d-bbdc286db511", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-34102", "pattern": "[vulnerability:name = 'CVE-2024-34102']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6c88c75-89b6-4dc5-938c-1f9a1cb059b8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: analytisgroup.com", "pattern": "[domain-name:value = 'analytisgroup.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f49abe1e-30f3-4dcf-9346-ae430f6b6873", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: analytisweb.com", "pattern": "[domain-name:value = 'analytisweb.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--487bf0d1-64ba-41d2-9a62-7da656cdbbc5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bingforce.org", "pattern": "[domain-name:value = 'bingforce.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90a9bbac-7157-4bd1-9513-846261308f2f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bystats.io", "pattern": "[domain-name:value = 'bystats.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f55adc98-7cbc-4039-bbd3-290d2ca2db7f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cdnstatics.net", "pattern": "[domain-name:value = 'cdnstatics.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--855783a0-cac2-4cc4-bcae-f473bf64d750", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: chartismart.com", "pattern": "[domain-name:value = 'chartismart.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3ab95593-d6a2-4359-bd72-b73b90f25391", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: codecarawan.com", "pattern": "[domain-name:value = 'codecarawan.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59f0d68c-89e8-4bb5-a663-1c2dbf918079", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: creativeslim.com", "pattern": "[domain-name:value = 'creativeslim.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--705c4c6d-e04c-44a4-88eb-4103f2217b71", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: creatls.com", "pattern": "[domain-name:value = 'creatls.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--671b806c-7e82-41a9-95bd-ef4cfef0fbc4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: desynlabtech.com", "pattern": "[domain-name:value = 'desynlabtech.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af12656f-40b4-43b5-8ed4-64e35adaf054", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: easttrack.net", "pattern": "[domain-name:value = 'easttrack.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54cd1d87-3487-473e-9f4d-ab4c2e2149d5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: foptimize.net", "pattern": "[domain-name:value = 'foptimize.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59a7783f-7e5f-4e62-92ee-0474af5e1b94", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gearplace.net", "pattern": "[domain-name:value = 'gearplace.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5eefd586-af5b-4f35-bb2b-2b9aae75d737", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: getstylify.com", "pattern": "[domain-name:value = 'getstylify.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1d3b627-9488-4ce2-b7fd-f6569199a306", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: graphiqsw.com", "pattern": "[domain-name:value = 'graphiqsw.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cdf79e1d-67e9-4486-8605-a37b5a08cf19", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: happyllfe.online", "pattern": "[domain-name:value = 'happyllfe.online']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68b59c00-3dfd-4cdf-8fe9-cf4675431ee6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: horlzonhub.com", "pattern": "[domain-name:value = 'horlzonhub.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83aabe68-e13b-4772-bd58-9288320d0de6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: iconstaff.top", "pattern": "[domain-name:value = 'iconstaff.top']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d3c98359-18db-4ef8-8c09-14e04d546558", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: infiniboosts.com", "pattern": "[domain-name:value = 'infiniboosts.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7caf961-5bd5-4e52-8f2b-05339b11c7ea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: jquerypackageus.com", "pattern": "[domain-name:value = 'jquerypackageus.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e31e620a-723c-45d7-b993-4ce2dbae9ce7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: jstatic201.com", "pattern": "[domain-name:value = 'jstatic201.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3c5532ed-cbe6-4949-9097-6e99f7a53cd4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: marketiqhub.com", "pattern": "[domain-name:value = 'marketiqhub.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cfa92920-619b-480a-8adc-d9bb49f6f62d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: novastraem.com", "pattern": "[domain-name:value = 'novastraem.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d794b7c4-a53e-42ee-89b9-f1c0b3cfd6d2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: quantunnquest.com", "pattern": "[domain-name:value = 'quantunnquest.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--505aefc4-9e07-41d3-b8d4-e6aba3fa5f48", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: radlantroots.com", "pattern": "[domain-name:value = 'radlantroots.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39f70bb8-8959-44ff-ba65-d1d248675ea8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sellerstat.site", "pattern": "[domain-name:value = 'sellerstat.site']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70e40bdc-8ec0-44c8-bc68-91dea40fc68b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sellifypro.com", "pattern": "[domain-name:value = 'sellifypro.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c4f9f7d-1b16-4a58-a1bb-80a5f006f5dd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: statspots.com", "pattern": "[domain-name:value = 'statspots.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d1865cdf-fe1c-4c39-ab05-4d60cb958b5d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: techtnee.com", "pattern": "[domain-name:value = 'techtnee.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff8744c2-152b-4885-a9f0-6d076f540d02", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: trendgurupro.com", "pattern": "[domain-name:value = 'trendgurupro.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--917baa23-b152-496e-969b-7332929657d9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 104.36.229.32", "pattern": "[ipv4-addr:value = '104.36.229.32']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc7d032d-00ee-4c9a-a5ae-89b076b4d7ad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 106.14.40.200", "pattern": "[ipv4-addr:value = '106.14.40.200']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ca32eed-72bd-4aad-ab96-5ca65a4f9ecf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 120.245.64.189", "pattern": "[ipv4-addr:value = '120.245.64.189']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-28995 \u2014 SolarWinds Serv-U Path Traversal ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2997144c-a1f1-4e0c-8748-b3ee4f0240a2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 141.98.81.24", "pattern": "[ipv4-addr:value = '141.98.81.24']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e68a9664-8a0b-444a-8e8e-4e25822c641a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 141.98.82.3", "pattern": "[ipv4-addr:value = '141.98.82.3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4bbc652-d921-406f-b44d-934e99613253", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 146.190.165.100", "pattern": "[ipv4-addr:value = '146.190.165.100']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcebd62d-193a-4726-80fd-f509edf24b88", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 15.204.207.175", "pattern": "[ipv4-addr:value = '15.204.207.175']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb327c26-2d5c-460f-8a30-917e01669a54", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 157.230.230.193", "pattern": "[ipv4-addr:value = '157.230.230.193']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7dbcce8-9233-44d6-b209-c8b7967e33b9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 159.223.136.255", "pattern": "[ipv4-addr:value = '159.223.136.255']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3cd5a031-ca3b-44c2-a75b-e212ff68d810", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 172.104.28.240", "pattern": "[ipv4-addr:value = '172.104.28.240']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39f1a8a5-8f24-4dcb-9933-24230188b16a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 173.255.242.28", "pattern": "[ipv4-addr:value = '173.255.242.28']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb06c3cc-abdc-41a5-853b-570386c3d9e2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 184.31.15.39", "pattern": "[ipv4-addr:value = '184.31.15.39']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53598f9f-5a25-4d51-ba23-0f71f4f21f38", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 184.31.15.70", "pattern": "[ipv4-addr:value = '184.31.15.70']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e3d46c4b-4480-4c4b-885c-5acd85e505ea", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.175.225.116", "pattern": "[ipv4-addr:value = '185.175.225.116']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e75e8f3b-82ac-49d4-8eb9-2c999f09f4ef", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.193.126.86", "pattern": "[ipv4-addr:value = '185.193.126.86']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6d52fd3-d3b0-471e-88bb-e462ce46572f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.196.10.2", "pattern": "[ipv4-addr:value = '185.196.10.2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-28995 \u2014 SolarWinds Serv-U Path Traversal ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7f9001a-3715-4697-94cb-10414d9765d0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.233.128.167", "pattern": "[ipv4-addr:value = '193.233.128.167']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f8ec7e3-4435-4155-a602-d250186d6679", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.233.129.150", "pattern": "[ipv4-addr:value = '193.233.129.150']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cd999b82-8a13-4f1d-b6d4-4c8a1e8ab7d0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.233.130.84", "pattern": "[ipv4-addr:value = '193.233.130.84']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc0b1462-cc2b-4f35-b64a-3d6aa8e123db", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.233.216.201", "pattern": "[ipv4-addr:value = '193.233.216.201']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--38a598ce-6bef-43a3-a6ca-7fc10125af02", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 193.233.217.12", "pattern": "[ipv4-addr:value = '193.233.217.12']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a66cae62-77ec-4d51-8145-727f1cb2e1d0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 217.182.199.126", "pattern": "[ipv4-addr:value = '217.182.199.126']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f63c8ad-9192-4638-af1b-79849a2a34ca", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 221.4.215.215", "pattern": "[ipv4-addr:value = '221.4.215.215']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-28995 \u2014 SolarWinds Serv-U Path Traversal ", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94b62924-2535-48f4-bd07-d75feee9501f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 31.134.11.12", "pattern": "[ipv4-addr:value = '31.134.11.12']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6196e297-7063-4a3b-80b0-585c141fe242", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 31.134.11.69", "pattern": "[ipv4-addr:value = '31.134.11.69']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17f18a3a-537c-479e-896a-ccb2de99325c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 31.134.13.106", "pattern": "[ipv4-addr:value = '31.134.13.106']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a101b7e-4f1e-451b-a2c7-53f785466000", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 37.9.41.91", "pattern": "[ipv4-addr:value = '37.9.41.91']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcde62f1-7e63-4569-b812-b836e04ea3d9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 37.9.42.158", "pattern": "[ipv4-addr:value = '37.9.42.158']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd135e7a-f3e3-44aa-9a8b-16f51ae1fccc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 85.239.43.38", "pattern": "[ipv4-addr:value = '85.239.43.38']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b0accd5-f0c2-4910-a809-a5053ac2ab88", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 89.110.84.168", "pattern": "[ipv4-addr:value = '89.110.84.168']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4dea088-b6f9-48a6-b271-01ba5d6fcd12", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.92.243.104", "pattern": "[ipv4-addr:value = '91.92.243.104']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d1a623c-f01f-4487-ab2e-59641d604dde", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 91.92.247.205", "pattern": "[ipv4-addr:value = '91.92.247.205']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0164db47-dc62-48f5-a548-1b0b89954f7c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 92.112.184.102", "pattern": "[ipv4-addr:value = '92.112.184.102']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open S", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16d829b5-20c5-479d-ad47-3535d78f59d6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2016-5195", "pattern": "[vulnerability:name = 'CVE-2016-5195']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd280717-58d6-4be9-bd8b-d123f42f6a1f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-36401", "pattern": "[vulnerability:name = 'CVE-2024-36401']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6caa340b-c3dc-4aa5-af0b-0f8290051ad8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: 1.download765.online", "pattern": "[domain-name:value = '1.download765.online']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f504323-9851-4440-9626-db9986256870", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: 9527527.xyz", "pattern": "[domain-name:value = '9527527.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53cfd057-61f2-44f9-b172-67a1d237b9ae", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bots.gxz.me", "pattern": "[domain-name:value = 'bots.gxz.me']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71f85d07-b84e-438d-9c86-8d86a80cea67", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: gsdasdfadfs.9527527.xyz", "pattern": "[domain-name:value = 'gsdasdfadfs.9527527.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03bdc7c0-2a82-4106-bb8f-9887cd892d14", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: oss.17ww.vip", "pattern": "[domain-name:value = 'oss.17ww.vip']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8857ec21-0467-485c-a2bf-fd82c8fca8ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: repositorylinux.com", "pattern": "[domain-name:value = 'repositorylinux.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1b01f174-fced-4a01-a428-211b59e6a0b5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: sdfasdfsf.9527527.xyz", "pattern": "[domain-name:value = 'sdfasdfsf.9527527.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--557748ec-5fe5-4c6c-980a-04a0760e322d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: secure.systemupdatecdn.de", "pattern": "[domain-name:value = 'secure.systemupdatecdn.de']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca277ba-c207-4b6b-a90d-b00eff001248", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: trcpay.xyz", "pattern": "[domain-name:value = 'trcpay.xyz']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3afebaa7-30b5-427d-abe5-9177be32ac94", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 112.133.194.254", "pattern": "[ipv4-addr:value = '112.133.194.254']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d2887e3c-c7d8-4271-962d-f0a4528f97d1", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 181.214.58.14", "pattern": "[ipv4-addr:value = '181.214.58.14']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b685aab2-3887-4011-837a-d329389b65f3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 188.214.27.50", "pattern": "[ipv4-addr:value = '188.214.27.50']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ba2b41b-8200-4155-96b0-7c8875eff5f9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 209.146.124.181", "pattern": "[ipv4-addr:value = '209.146.124.181']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c096aba0-024f-4bf2-9e85-88d21011b3d9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 47.253.46.11", "pattern": "[ipv4-addr:value = '47.253.46.11']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c54a3647-12a7-424b-a210-70c6905241e6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 95.85.93.196", "pattern": "[ipv4-addr:value = '95.85.93.196']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f79418c-a909-49a9-9ec2-99bc2b7bcb85", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1588bee7db42495ba7e6e34d217e6b82c5ab93f27c1eea68435cbb9e7792f9be", "pattern": "[file:hashes.'SHA-256' = '1588bee7db42495ba7e6e34d217e6b82c5ab93f27c1eea68435cbb9e7792f9be']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3def93b0-5671-4898-9626-e0bcb1e9f83d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 1af8e068aa7377f0055640af581a412aa9d7288c912a93dd0d739657af0079fb", "pattern": "[file:hashes.'SHA-256' = '1af8e068aa7377f0055640af581a412aa9d7288c912a93dd0d739657af0079fb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1022d88a-071b-4ef8-b365-774ed65992f3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 20d97f144bf7b1662a13ac537715126b9b2f68eff46a4a09234743ae236f0177", "pattern": "[file:hashes.'SHA-256' = '20d97f144bf7b1662a13ac537715126b9b2f68eff46a4a09234743ae236f0177']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8efd9bfe-9838-4795-b48d-9add1ae3a5ff", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3c73ebc7a85accc65c9ee5bf151f70b990e5a12f27a843ca21c0f9d9a10fd17d", "pattern": "[file:hashes.'SHA-256' = '3c73ebc7a85accc65c9ee5bf151f70b990e5a12f27a843ca21c0f9d9a10fd17d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aafa8957-6590-4f77-b304-4f9f2dc0a11c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 50b7e615b8cdc45486b6ed1c1c081c7a92c262edb84318fa864531dcab753f82", "pattern": "[file:hashes.'SHA-256' = '50b7e615b8cdc45486b6ed1c1c081c7a92c262edb84318fa864531dcab753f82']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--335078f0-f414-4762-8121-f48b7a1ffb38", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 53994a35a57970dea48e97009f65ad045b69a83234b771b106446211376a6866", "pattern": "[file:hashes.'SHA-256' = '53994a35a57970dea48e97009f65ad045b69a83234b771b106446211376a6866']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--84f4566c-e828-4c80-803a-0369fcd9c333", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5cc7e35254347f705422800bfb7fe29c6002e2537f6bac0ff996a720dfb5f48e", "pattern": "[file:hashes.'SHA-256' = '5cc7e35254347f705422800bfb7fe29c6002e2537f6bac0ff996a720dfb5f48e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76836808-5077-4ba2-b916-859503c992f4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 7194ec436231c2a383ffc7c75eef4f5b5a952c18fa176ffd0830667835a80533", "pattern": "[file:hashes.'SHA-256' = '7194ec436231c2a383ffc7c75eef4f5b5a952c18fa176ffd0830667835a80533']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d8d1d28-a7fe-412c-8e66-2ddc64d90a9c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 79c9532fb6ef2742e207498bfe2b2ee09aa9773376ac0e56085083aab17b98be", "pattern": "[file:hashes.'SHA-256' = '79c9532fb6ef2742e207498bfe2b2ee09aa9773376ac0e56085083aab17b98be']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--134e4ae9-b165-4792-81d0-46d43bb94090", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 83fb74bb852bbd722e6ebc4e249e49cb4bb4194493a26d62d4bfcdfca2998412", "pattern": "[file:hashes.'SHA-256' = '83fb74bb852bbd722e6ebc4e249e49cb4bb4194493a26d62d4bfcdfca2998412']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64485058-a640-42f7-9b2c-fbfbe101c331", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 8d3440301bc94ed83cdafb69e4b0166d3a0020eb4f38e9fa159c2f13f14b2d29", "pattern": "[file:hashes.'SHA-256' = '8d3440301bc94ed83cdafb69e4b0166d3a0020eb4f38e9fa159c2f13f14b2d29']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8ff00de-2140-4004-b533-0f4c5313e6e3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 96cf27a66b629d2b19708c6887441a8422b40dc0e9e7c5c0f2212efe0b6b3323", "pattern": "[file:hashes.'SHA-256' = '96cf27a66b629d2b19708c6887441a8422b40dc0e9e7c5c0f2212efe0b6b3323']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0771acf1-89e3-4910-8306-7630243dd85f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 994b924b00fb56e12a6a987c4cdf65dd05a221c47b5fc0a7a2babf1f05c2ed38", "pattern": "[file:hashes.'SHA-256' = '994b924b00fb56e12a6a987c4cdf65dd05a221c47b5fc0a7a2babf1f05c2ed38']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7a2e4f98-73eb-4378-b68f-dae287012656", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9bf642a7e14f0a0b0a784f00a0d1cf590ac60ae5ae378d29d435519f4d9dbf2b", "pattern": "[file:hashes.'SHA-256' = '9bf642a7e14f0a0b0a784f00a0d1cf590ac60ae5ae378d29d435519f4d9dbf2b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7bead4b-2fb1-47b2-81d1-dfcbe360e399", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a13a979f4ca57450528bb6cd7aa2bf47d2eea211053eb1a14b8c4a44fd661831", "pattern": "[file:hashes.'SHA-256' = 'a13a979f4ca57450528bb6cd7aa2bf47d2eea211053eb1a14b8c4a44fd661831']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d04aa788-0865-4537-a9a0-99fdb85c1b22", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a9e7b5284182d3881c865895ee6e0fb03273eec3dcbf4bfc82dd2b069245beae", "pattern": "[file:hashes.'SHA-256' = 'a9e7b5284182d3881c865895ee6e0fb03273eec3dcbf4bfc82dd2b069245beae']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3c8021a7-d34c-472b-b26b-fbc5d5adedde", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: addccd0ecb643251af2e79e878b19a8e9c8f1c87302e732ef057cdba821f4b30", "pattern": "[file:hashes.'SHA-256' = 'addccd0ecb643251af2e79e878b19a8e9c8f1c87302e732ef057cdba821f4b30']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1463a07-1aa8-4e40-bc85-61fa754c649c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b3a015b6650ec9800fa878ff9a5f732013806c8dcb0e7069515dae0dd380fda4", "pattern": "[file:hashes.'SHA-256' = 'b3a015b6650ec9800fa878ff9a5f732013806c8dcb0e7069515dae0dd380fda4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--313c9296-c0fc-46c2-9b9c-92fd01ffe78f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b60d7fb66caf103a04e81fb89dbb05111b4b0ef513f3769c8e0a8106ab01a075", "pattern": "[file:hashes.'SHA-256' = 'b60d7fb66caf103a04e81fb89dbb05111b4b0ef513f3769c8e0a8106ab01a075']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c076589-fdd2-4576-bf89-20bf07a5f2ee", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b67ab1b9b66fdc2c4ed1689698a54a347c2bdd6eaff87039ae337675243670d8", "pattern": "[file:hashes.'SHA-256' = 'b67ab1b9b66fdc2c4ed1689698a54a347c2bdd6eaff87039ae337675243670d8']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--00005a80-ec6a-41bf-994e-28353e26b57c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b80e9466b7bb42959c29546b8c052e67fcaa0f591857617457d5d28348bd8860", "pattern": "[file:hashes.'SHA-256' = 'b80e9466b7bb42959c29546b8c052e67fcaa0f591857617457d5d28348bd8860']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d69a68c-e62f-43c1-8907-4d5410a3b857", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c226744b40e8f5d2cf95b4fb2537ff00e222ecc2d24c5096ecfadb14b4a47f97", "pattern": "[file:hashes.'SHA-256' = 'c226744b40e8f5d2cf95b4fb2537ff00e222ecc2d24c5096ecfadb14b4a47f97']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--17a18ad5-3eef-464e-bde1-e068e5594c14", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: c3101b0b74d76a95ba91b6cc4945657e928d2dac8fdf926ffbf09031d46e9186", "pattern": "[file:hashes.'SHA-256' = 'c3101b0b74d76a95ba91b6cc4945657e928d2dac8fdf926ffbf09031d46e9186']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5550466c-b7fb-4558-966d-7fca08786871", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d9dfe98b5fba09e17dbe29dfeb8deb7d777d4a3b0d670914691ed360b916116a", "pattern": "[file:hashes.'SHA-256' = 'd9dfe98b5fba09e17dbe29dfeb8deb7d777d4a3b0d670914691ed360b916116a']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e410843-e918-4299-933e-d2069c4b6111", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: d9e8b390f8e2e8a6c2308c723a6a812f59c055ecad4e9098a120e5c4c65d3905", "pattern": "[file:hashes.'SHA-256' = 'd9e8b390f8e2e8a6c2308c723a6a812f59c055ecad4e9098a120e5c4c65d3905']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc3f3b0b-42b4-4783-8858-9fe3a25b196b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: e8b0f5a952f07c83c4d67809ac0715c7164d518323d8038542e84aab8456db43", "pattern": "[file:hashes.'SHA-256' = 'e8b0f5a952f07c83c4d67809ac0715c7164d518323d8038542e84aab8456db43']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2044239e-04dc-4e94-9bb3-91d8e9f01531", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f3d3572ef96c9c59e137425ca6804e1b86b7f8b57210a3724d567017460774de", "pattern": "[file:hashes.'SHA-256' = 'f3d3572ef96c9c59e137425ca6804e1b86b7f8b57210a3724d567017460774de']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--46ccca4e-0e44-43e0-87dc-611d47d5aeb3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: f7b97677b6387c1f02d429e98868bf6973a8dec14dfee2516a27e885d6b1c780", "pattern": "[file:hashes.'SHA-256' = 'f7b97677b6387c1f02d429e98868bf6973a8dec14dfee2516a27e885d6b1c780']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6314194-8406-4836-a579-011af21a9ee2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: fabbb4611fb9df5d8f208d9353be0b73c3942fe78903da096cbfe2f47c9e3566", "pattern": "[file:hashes.'SHA-256' = 'fabbb4611fb9df5d8f208d9353be0b73c3942fe78903da096cbfe2f47c9e3566']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Inj", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--797441ea-ccbf-4522-ba78-2b65f3a679e8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-23692", "pattern": "[vulnerability:name = 'CVE-2024-23692']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0443916-afc2-43bc-90ac-0807a93b954e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38080", "pattern": "[vulnerability:name = 'CVE-2024-38080']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-38080 \u2014 Microsoft Windows Hyper-V Privile", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7ac9f18-d36f-4c7b-bf67-8254f2189c35", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: support.firewallsupportservers.com", "pattern": "[domain-name:value = 'support.firewallsupportservers.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7a7021f-b7ea-4db1-ba83-b58dbd433139", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 121.204.249.123", "pattern": "[ipv4-addr:value = '121.204.249.123']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2dceaec-f70a-4c25-8a9e-14008e0b55da", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 154.201.87.185", "pattern": "[ipv4-addr:value = '154.201.87.185']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0a718566-276d-4e2c-ab13-a31d2b5854fb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 164.155.205.99", "pattern": "[ipv4-addr:value = '164.155.205.99']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--21cc8887-ab22-4da7-a43d-2c3deb21e5a4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 185.173.93.167", "pattern": "[ipv4-addr:value = '185.173.93.167']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--41d2f23b-9556-48b8-90b5-b322c9ae5a70", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 188.116.22.65", "pattern": "[ipv4-addr:value = '188.116.22.65']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5f5f15c-e6fb-4184-a0c3-a839b45a21ed", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 4383b1ea54a59d27e5e6b3122b3dadb2", "pattern": "[file:hashes.MD5 = '4383b1ea54a59d27e5e6b3122b3dadb2']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16e462c2-6a6e-4a58-80ed-d827557fd5ba", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 6adaeb6543955559c05a9de8f92d1e1d", "pattern": "[file:hashes.MD5 = '6adaeb6543955559c05a9de8f92d1e1d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2764f33-c793-4773-a424-d5714bc9d9bb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 77970a04551636cc409e90d39bbea931", "pattern": "[file:hashes.MD5 = '77970a04551636cc409e90d39bbea931']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de4050c8-abec-473b-9c36-065e1fa32801", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 8f0071027d513867feb3eb8943ccaf05", "pattern": "[file:hashes.MD5 = '8f0071027d513867feb3eb8943ccaf05']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--371ed511-af36-47d4-9562-aba7b5fe26db", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: ce7dc5df5568a79affa540aa86b24773", "pattern": "[file:hashes.MD5 = 'ce7dc5df5568a79affa540aa86b24773']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1843459f-9bda-492e-893b-0febaddeb3cd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 084b7e9e001bcfd1f2ad8adb6f39d08e5aadae4b", "pattern": "[file:hashes.'SHA-1' = '084b7e9e001bcfd1f2ad8adb6f39d08e5aadae4b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05f45759-d295-4053-b5f9-726e07a057fc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 0e267e5ef7b91bf1ef7c8af40bd6fd7f8330ea36", "pattern": "[file:hashes.'SHA-1' = '0e267e5ef7b91bf1ef7c8af40bd6fd7f8330ea36']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ddb8145-a723-4788-becd-b5edc6aafc6d", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 0ed613fc7f6f592098ff679b321196274b814abd", "pattern": "[file:hashes.'SHA-1' = '0ed613fc7f6f592098ff679b321196274b814abd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b0bb00c-fb16-40ab-b152-accf4b2f120c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 86f163a248e2a9eb2209881351029ce2bbcc5b58", "pattern": "[file:hashes.'SHA-1' = '86f163a248e2a9eb2209881351029ce2bbcc5b58']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a97d026f-856f-487a-9a33-fabbbf0dce70", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: be42f6a567b193884333d0668b94f7635c08dc00", "pattern": "[file:hashes.'SHA-1' = 'be42f6a567b193884333d0668b94f7635c08dc00']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db33fed5-edf9-431b-a74a-55c8fdf51dda", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 0af21e5bdeaf84c33c172a1170987cca478c2b3e13a3de5653f724f36e278ee4", "pattern": "[file:hashes.'SHA-256' = '0af21e5bdeaf84c33c172a1170987cca478c2b3e13a3de5653f724f36e278ee4']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2856a91e-f792-475d-ae0e-408b764de22f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 29b27b5757f1503d348acef5201f65ce6726fdc5c3e84c8ee87c2c933cb41066", "pattern": "[file:hashes.'SHA-256' = '29b27b5757f1503d348acef5201f65ce6726fdc5c3e84c8ee87c2c933cb41066']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c5089b7e-3f51-443b-8fc8-d3aeb654215e", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5d37696feee100ac78d5221669f96b006c851f54c1f36f44fab2e6b71c6498b1", "pattern": "[file:hashes.'SHA-256' = '5d37696feee100ac78d5221669f96b006c851f54c1f36f44fab2e6b71c6498b1']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8c666472-9ad5-4a6c-93e1-fced4e9e0096", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 69fe95d13e04c1e919980b8aa8e98e04e3c266d15589c074ae2bb8d9027d5a01", "pattern": "[file:hashes.'SHA-256' = '69fe95d13e04c1e919980b8aa8e98e04e3c266d15589c074ae2bb8d9027d5a01']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79c9e4f9-86e7-4bfc-8e28-44c19242e145", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: cbb265cfae15aa0f39bc67447aa82fc3ac40be6f9239a111e21e1532295eb4ed", "pattern": "[file:hashes.'SHA-256' = 'cbb265cfae15aa0f39bc67447aa82fc3ac40be6f9239a111e21e1532295eb4ed']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28dbcfc0-71fd-4ae8-88e7-ea97e0f0128b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2020-13965", "pattern": "[vulnerability:name = 'CVE-2020-13965']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2020-13965 \u2014 Roundcube Webmail Cross-Site Scri", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb594a5d-bd45-4556-80f4-dae73d7eb89c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-24816", "pattern": "[vulnerability:name = 'CVE-2022-24816']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-24816 \u2014 OSGeo GeoServer JAI-EXT Code Inje", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--19bb1996-c8c3-4ee3-9d33-d93d4ba8012a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-2586", "pattern": "[vulnerability:name = 'CVE-2022-2586']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2022-2586 \u2014 Linux Kernel Use-After-Free Vulner", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d9242bd-dec4-4d47-894c-5e10bc98b9bf", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-38526", "pattern": "[vulnerability:name = 'CVE-2024-38526']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3fb58c72-870a-4ed3-a279-6014c917f073", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: 5f52353c.u.fn03.vip", "pattern": "[domain-name:value = '5f52353c.u.fn03.vip']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7932983-df4e-40cf-8350-f69ff5c34a9b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bootcdn.net", "pattern": "[domain-name:value = 'bootcdn.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2810186-6433-400e-b468-2349cea22205", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: bootcss.com", "pattern": "[domain-name:value = 'bootcss.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a85e12b2-67d9-4208-8379-a501de7a4fad", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cdn.polyfill.io", "pattern": "[domain-name:value = 'cdn.polyfill.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--930b9b6f-f127-4865-b47d-4d62af553a62", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cdn.polyfill.io.bsclink.cn", "pattern": "[domain-name:value = 'cdn.polyfill.io.bsclink.cn']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d212d018-76fe-4eb2-abcb-5d6357893eae", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: googie-anaiytics.com", "pattern": "[domain-name:value = 'googie-anaiytics.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ae6600b-deee-41ab-9932-1534ac655ee6", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: kuurza.com", "pattern": "[domain-name:value = 'kuurza.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7cf34a3-5758-4a74-840f-f5502bbad342", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: newcrbpc.com", "pattern": "[domain-name:value = 'newcrbpc.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8b6735e2-f0d6-457e-a151-c74eb0d4ec19", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: polyfill.com", "pattern": "[domain-name:value = 'polyfill.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c01e27fc-8c3b-4a35-b183-1948467031a8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: polyfill.io", "pattern": "[domain-name:value = 'polyfill.io']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80c02b9a-b647-4785-a1b5-bbc061014ed9", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: polyfill.io.bsclink.cn", "pattern": "[domain-name:value = 'polyfill.io.bsclink.cn']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4fe4a9e0-0545-48d4-a198-1c63d5ce3af5", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: polyfill.site", "pattern": "[domain-name:value = 'polyfill.site']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2eab3265-c1bb-4a57-af8a-6a81fd28875f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: polyfillcache.com", "pattern": "[domain-name:value = 'polyfillcache.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10f0ffba-8f2d-4a38-9b2a-50b5192695ed", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: staticfile.net", "pattern": "[domain-name:value = 'staticfile.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a6897d5-26b3-4d4a-bf47-d42129a63157", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: staticfile.org", "pattern": "[domain-name:value = 'staticfile.org']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--872d50b3-2709-482f-b794-2bfb56183585", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: union.macoms.la", "pattern": "[domain-name:value = 'union.macoms.la']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32148408-5fdd-4bdc-b9f3-787e6fe6528a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: unionadjs.com", "pattern": "[domain-name:value = 'unionadjs.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe907167-fa76-49f8-9895-80a099932e03", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: w9.vty70.net", "pattern": "[domain-name:value = 'w9.vty70.net']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28d19cd5-c4f6-46a7-9495-9dd73ae1bb4c", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: wildcard.polyfill.io.bsclink.cn", "pattern": "[domain-name:value = 'wildcard.polyfill.io.bsclink.cn']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e2ea4d7-961e-41bd-b628-cddda677cb04", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: xhsbpza.com", "pattern": "[domain-name:value = 'xhsbpza.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Polyfill supply chain attack embeds malware in JavaScript CD", "url": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c04dbcc-9ae2-4965-920e-dd66d8abf805", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-1800", "pattern": "[vulnerability:name = 'CVE-2024-1800']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-4358 \u2014 Progress Telerik Report Server Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59e1abe0-a2da-415e-9319-d3ddb9f699db", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-26169", "pattern": "[vulnerability:name = 'CVE-2024-26169']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94dda049-2640-42d7-ac9c-6fb0a1e78433", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-32896", "pattern": "[vulnerability:name = 'CVE-2024-32896']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-32896 \u2014 Android Pixel Privilege Escalatio", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--82f57b7f-3b97-40e5-9a0e-562f6eac85df", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-4358", "pattern": "[vulnerability:name = 'CVE-2024-4358']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-4358 \u2014 Progress Telerik Report Server Aut", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e98012d9-e874-4177-9924-b2fe896c2c81", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: 1984cd0bf7b20c5bef58338f80e4e65e", "pattern": "[file:hashes.MD5 = '1984cd0bf7b20c5bef58338f80e4e65e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70c755af-f11b-4667-b89e-25b858773c28", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: acaf01f83da439915027c3e2e900c8dd", "pattern": "[file:hashes.MD5 = 'acaf01f83da439915027c3e2e900c8dd']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85436e88-b9dc-4860-9462-645c8f28f867", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: f17918862a190afd4649b2a6b4a34b5c", "pattern": "[file:hashes.MD5 = 'f17918862a190afd4649b2a6b4a34b5c']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d6d6831-3d23-4229-9239-889e8841d3b7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "MD5: ff217dab57393592c6767de1c6a999eb", "pattern": "[file:hashes.MD5 = 'ff217dab57393592c6767de1c6a999eb']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3ca7fd73-8a69-4910-b576-b8901c789324", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 2861b4e463fa89e05f2d7d629fae5140cef49843", "pattern": "[file:hashes.'SHA-1' = '2861b4e463fa89e05f2d7d629fae5140cef49843']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79db9ca1-b272-48d2-8988-29a4cd7a6dfd", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 4ea121b4b45bab1e17fae11c8cce30241f5f8a75", "pattern": "[file:hashes.'SHA-1' = '4ea121b4b45bab1e17fae11c8cce30241f5f8a75']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1906c0ae-4fbb-43d3-9b82-99a2d06e8735", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: b4b5963c62c07c2adcee093571afd0e9e765de3b", "pattern": "[file:hashes.'SHA-1' = 'b4b5963c62c07c2adcee093571afd0e9e765de3b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac5f98a3-9eb0-4a90-b784-fe3f39da1322", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: cc580c52f4263803255d65dfb6ab208be7f4a534", "pattern": "[file:hashes.'SHA-1' = 'cc580c52f4263803255d65dfb6ab208be7f4a534']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--65f761c3-9811-47b9-a7b1-a505811273a4", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 2408be22f6184cdccec7a34e2e79711ff4957e42f1ed7b7ad63f914d37dba625", "pattern": "[file:hashes.'SHA-256' = '2408be22f6184cdccec7a34e2e79711ff4957e42f1ed7b7ad63f914d37dba625']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d5971666-f716-4fee-aa89-8fcb66474664", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 3b3bd81232f517ba6d65c7838c205b301b0f27572fcfef9e5b86dd30a1d55a0d", "pattern": "[file:hashes.'SHA-256' = '3b3bd81232f517ba6d65c7838c205b301b0f27572fcfef9e5b86dd30a1d55a0d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af862c32-0ea0-4a38-9947-b6d8fd5ed229", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 4aae231fb5357c0647483181aeae47956ac66e42b6b134f5b90da76d8ec0ac63", "pattern": "[file:hashes.'SHA-256' = '4aae231fb5357c0647483181aeae47956ac66e42b6b134f5b90da76d8ec0ac63']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8c373369-2d6b-4c61-85f1-745131e16828", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: a31e075bd5a2652917f91714fea4d272816c028d7734b36c84899cd583181b3d", "pattern": "[file:hashes.'SHA-256' = 'a31e075bd5a2652917f91714fea4d272816c028d7734b36c84899cd583181b3d']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac00dcdc-922d-432a-8c58-9b85f5972d47", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b0903921e666ca3ffd45100a38c11d7e5c53ab38646715eafc6d1851ad41b92e", "pattern": "[file:hashes.'SHA-256' = 'b0903921e666ca3ffd45100a38c11d7e5c53ab38646715eafc6d1851ad41b92e']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2000cec0-3873-4887-9dd3-8cfd644c7696", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: b73a7e25d224778172e394426c98b86215087d815296c71a3f76f738c720c1b0", "pattern": "[file:hashes.'SHA-256' = 'b73a7e25d224778172e394426c98b86215087d815296c71a3f76f738c720c1b0']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96368aa5-8a07-4b64-a008-88957f2bba11", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2012-1823", "pattern": "[vulnerability:name = 'CVE-2012-1823']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4386174d-31ba-4e4b-b9fb-8f4bd43e1e53", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-4577", "pattern": "[vulnerability:name = 'CVE-2024-4577']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8fecc0ec-72f9-4899-b62e-cc62cdc7c807", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 178.16.55.224", "pattern": "[ipv4-addr:value = '178.16.55.224']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--541d1a71-2004-4e38-8ee3-acf598c5bbca", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "IPV4: 88.218.76.13", "pattern": "[ipv4-addr:value = '88.218.76.13']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--576586a8-edbb-446f-b87f-ed4d4767f1a3", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 5a2b9ddddea96f21d905036761ab27627bd6db4f5973b006f1e39d4acb04a618", "pattern": "[file:hashes.'SHA-256' = '5a2b9ddddea96f21d905036761ab27627bd6db4f5973b006f1e39d4acb04a618']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de6e0987-78fe-4122-859f-1f76e50fe59b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 95279881525d4ed4ce25777bb967ab87659e7f72235b76f9530456b48a00bac3", "pattern": "[file:hashes.'SHA-256' = '95279881525d4ed4ce25777bb967ab87659e7f72235b76f9530456b48a00bac3']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8de9149-243f-4dec-a4fc-98f4a2db35f2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA256: 9562ad2c173b107a2baa7a4986825b52e881a935deb4356bf8b80b1ec6d41c53", "pattern": "[file:hashes.'SHA-256' = '9562ad2c173b107a2baa7a4986825b52e881a935deb4356bf8b80b1ec6d41c53']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulne", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "x_severity": "crit", "x_sources": [ "CISA KEV" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba95c9d7-57a4-49ef-a322-fd27ab860e41", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-45288", "pattern": "[vulnerability:name = 'CVE-2023-45288']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "url": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4fe3743-71ab-4575-bbe2-b6bb57a0df00", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-24549", "pattern": "[vulnerability:name = 'CVE-2024-24549']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "url": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f44d58a-8c81-41c0-bb2f-f53f7705b374", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-2653", "pattern": "[vulnerability:name = 'CVE-2024-2653']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "url": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c26c121-7f6a-4321-a3ad-bee7f4fbae74", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-27316", "pattern": "[vulnerability:name = 'CVE-2024-27316']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "url": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45687ab3-42e9-421e-91da-dbe18c5b22f8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-2758", "pattern": "[vulnerability:name = 'CVE-2024-2758']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "url": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a7fb4472-25a1-4399-9c50-4ab426f4640f", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-27919", "pattern": "[vulnerability:name = 'CVE-2024-27919']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "url": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8597fc6e-87a9-426d-b6ad-239d74449327", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-27983", "pattern": "[vulnerability:name = 'CVE-2024-27983']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "url": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6def0243-0d51-4687-89ca-c9cac1248f37", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-28182", "pattern": "[vulnerability:name = 'CVE-2024-28182']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "url": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2fcba3d3-2389-4da6-a26f-dafaf30de417", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-30255", "pattern": "[vulnerability:name = 'CVE-2024-30255']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "url": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8281f0ff-9877-4c7c-b958-3f5415d99c65", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-31309", "pattern": "[vulnerability:name = 'CVE-2024-31309']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "url": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ad72266-cf8e-42a7-841b-a35aef572659", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-1597", "pattern": "[vulnerability:name = 'CVE-2024-1597']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Snyk users don't have to worry about NVD delays", "url": "https://snyk.io/blog/snyk-users-dont-have-to-worry-about-nvd-delays/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d44d6e76-63ea-48fa-bf06-563d77260579", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-22243", "pattern": "[vulnerability:name = 'CVE-2024-22243']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Snyk users don't have to worry about NVD delays", "url": "https://snyk.io/blog/snyk-users-dont-have-to-worry-about-nvd-delays/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e977e95f-49b2-4063-ae19-28211bac0436", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2024-22195", "pattern": "[vulnerability:name = 'CVE-2024-22195']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Understanding and mitigating the Jinja2 XSS vulnerability (C", "url": "https://snyk.io/blog/jinja2-xss-vulnerability/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e200a374-5d18-40bb-9e54-6ee1651f2196", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-50164", "pattern": "[vulnerability:name = 'CVE-2023-50164']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Krampus delivers an end-of-year Struts vulnerability", "url": "https://snyk.io/blog/struts-path-traversal-vulnerability/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76dafca8-97cb-4c33-b30a-ff45a78dbf04", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-21708", "pattern": "[vulnerability:name = 'CVE-2021-21708']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Vulnerability disclosure: Which comes first, the security bu", "url": "https://snyk.io/blog/vulnerability-disclosure-php-use-after-free/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4f5b9a04-9a79-45b6-a58b-ac8631892466", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-28368", "pattern": "[vulnerability:name = 'CVE-2022-28368']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Vulnerability disclosure: Which comes first, the security bu", "url": "https://snyk.io/blog/vulnerability-disclosure-php-use-after-free/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b392ad5-3704-46d2-8c43-2572840b61c0", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-5654", "pattern": "[vulnerability:name = 'CVE-2023-5654']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploring WebExtension security vulnerabilities in React Dev", "url": "https://snyk.io/blog/webextension-security-vulnerabilities-react-developer-tools-vue-js/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5558685-d17b-4dd8-b704-b4aaee1c5752", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-5718", "pattern": "[vulnerability:name = 'CVE-2023-5718']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Exploring WebExtension security vulnerabilities in React Dev", "url": "https://snyk.io/blog/webextension-security-vulnerabilities-react-developer-tools-vue-js/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61785bce-4915-49c8-81b2-9e9bf15fa3a7", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: us-east-2.compute.internal", "pattern": "[domain-name:value = 'us-east-2.compute.internal']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Real-time threat protection with Snyk and SentinelOne", "url": "https://snyk.io/blog/snyk-sentinelone-built-time-runtime-solution/" } ], "x_severity": "med", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce01a838-059d-4f80-b6b1-57ddf930d115", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "SHA1: 8656c04d40b0b3900721ddf26ea43c5f5f646b7b", "pattern": "[file:hashes.'SHA-1' = '8656c04d40b0b3900721ddf26ea43c5f5f646b7b']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Real-time threat protection with Snyk and SentinelOne", "url": "https://snyk.io/blog/snyk-sentinelone-built-time-runtime-solution/" } ], "x_severity": "med", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d1ccdc71-1cf0-4314-80ca-dd0f42e4b185", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-46133", "pattern": "[vulnerability:name = 'CVE-2023-46133']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Weak Hash vulnerability discovered in crypto-js and crypto-e", "url": "https://snyk.io/blog/weak-hash-vulnerability-crypto-js-crypto-es/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f4069e59-bd6e-4412-b7ea-8b28cf1fa08b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-46233", "pattern": "[vulnerability:name = 'CVE-2023-46233']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Weak Hash vulnerability discovered in crypto-js and crypto-e", "url": "https://snyk.io/blog/weak-hash-vulnerability-crypto-js-crypto-es/" } ], "x_severity": "crit", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b45c4059-5681-4b15-ad1a-9bb16453069b", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2021-23369", "pattern": "[vulnerability:name = 'CVE-2021-23369']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Adding Snyk security to Jira and Bitbucket Cloud", "url": "https://snyk.io/blog/adding-snyk-security-jira-bitbucket-cloud/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a91a9105-728c-49a2-a12d-6d1a5726784a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-24785", "pattern": "[vulnerability:name = 'CVE-2022-24785']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Adding Snyk security to Jira and Bitbucket Cloud", "url": "https://snyk.io/blog/adding-snyk-security-jira-bitbucket-cloud/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25dde3f7-2541-4119-97d0-973715e9f7fc", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-44487", "pattern": "[vulnerability:name = 'CVE-2023-44487']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Find and fix HTTP/2 rapid reset zero-day vulnerability CVE-2", "url": "https://snyk.io/blog/find-fix-http-2-rapid-reset-zero-day-vulnerability-cve-2023-44487/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14cbada7-bb4e-472d-a54a-1ed029d33d64", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-38545", "pattern": "[vulnerability:name = 'CVE-2023-38545']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "High severity vulnerability found in libcurl and curl (CVE-2", "url": "https://snyk.io/blog/curl-high-severity-vulnerability-oct-2023/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16a74a0e-86ef-4fa2-816e-288a56339e1a", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-38546", "pattern": "[vulnerability:name = 'CVE-2023-38546']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "High severity vulnerability found in libcurl and curl (CVE-2", "url": "https://snyk.io/blog/curl-high-severity-vulnerability-oct-2023/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0da84c03-9442-40ab-b675-3f67507f7835", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-41061", "pattern": "[vulnerability:name = 'CVE-2023-41061']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Critical WebP 0-day security CVE-2023-4863 impacts wider sof", "url": "https://snyk.io/blog/critical-webp-0-day-cve-2023-4863/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0e3ec82-230a-4c5f-8b63-02c1db2d8acb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-41064", "pattern": "[vulnerability:name = 'CVE-2023-41064']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Critical WebP 0-day security CVE-2023-4863 impacts wider sof", "url": "https://snyk.io/blog/critical-webp-0-day-cve-2023-4863/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df80c436-f9d3-4ce5-9008-7d859cd98267", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-4863", "pattern": "[vulnerability:name = 'CVE-2023-4863']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Critical WebP 0-day security CVE-2023-4863 impacts wider sof", "url": "https://snyk.io/blog/critical-webp-0-day-cve-2023-4863/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cbde079f-0940-414e-a81e-969880cc1df8", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2023-5129", "pattern": "[vulnerability:name = 'CVE-2023-5129']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Critical WebP 0-day security CVE-2023-4863 impacts wider sof", "url": "https://snyk.io/blog/critical-webp-0-day-cve-2023-4863/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0812c99a-3b35-4946-b110-b16709b4a8bb", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-229", "pattern": "[vulnerability:name = 'CVE-2022-229']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Manage security issues in Jira with Snyk Security in Jira Cl", "url": "https://snyk.io/blog/snyk-security-in-jira-cloud/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ce7f109-cb69-4333-880d-c210977c30c2", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-22967", "pattern": "[vulnerability:name = 'CVE-2022-22967']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "Manage security issues in Jira with Snyk Security in Jira Cl", "url": "https://snyk.io/blog/snyk-security-in-jira-cloud/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3e931ac-eab6-450f-9210-10e79936c2de", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "DOMAIN: cdn.devlooped.com", "pattern": "[domain-name:value = 'cdn.devlooped.com']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": ".NET developers alert: Moq NuGET package exfiltrates user em", "url": "https://snyk.io/blog/moq-package-exfiltrates-user-emails/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc506bcf-3dcb-4e04-90cc-baf7ed4e6383", "created": "2026-06-15T01:48:51Z", "modified": "2026-06-15T01:48:51Z", "name": "CVE: CVE-2022-1471", "pattern": "[vulnerability:name = 'CVE-2022-1471']", "pattern_type": "stix", "valid_from": "2026-06-15T01:48:51Z", "labels": [ "malicious-activity" ], "external_references": [ { "source_name": "SnakeYaml 2.0: Solving the unsafe deserialization vulnerabil", "url": "https://snyk.io/blog/snakeyaml-unsafe-deserialization-vulnerability/" } ], "x_severity": "high", "x_sources": [ "Snyk" ] } ] }